Exploit:js/blacole.lv help!

[Bow]

My PC came down with the bug listed in title and I can not find a way to get rid of it...easy way..
I updated everything, disconectd from the net restarted pc, ran mse, cleaned deleated all eploit:js/blacole.lv, deleted browser history, ran disc clean up, ran mse again, restarted pc pluged back into the net and still have the problem...
Any quick fixes??

Windows is up to date.
MSE up to date.
using IE9

 

[silkstone]

Try the kaspersky rescue disk thingmajig

 

[95Viper]

Fiirst, if you have system restore on... Turn it off. And, it may be a good idea to delete/clean out your java program and file caches.
The Kaspersky Rescue disk is a good recommendation by Silkstone.
Also, get Malwarebytes and boot into SAFE MODE to run it and your other antivirus/malware programs.
Try a few online scanners, too.

And, if you do get it cleaned... Update java/flash/etc. to the latest versions, if you use them.

That java exploit will possibly download other exploits, too.

If you can't clean it out totally, you may need to do a re-install or a recovery (after a disk wipe) from a known clean backup.

Goodluck

 

[Bow]

Thanks for the tips guys. Time to get started

 

[DarkOCean]

Recently i've had a full nest of exploits, luckily malwarebytes seems to solved my problem.
As a side note i'm a mse user and those pests even managed to stop the av and disable the firewall.

 

[Bow]

Nothing is working
Now MSE and Malwarebytes are both telling me I have no virus, but with out a doubt I do

What next????

 

[SaiZo]

Nothing is working
Now MSE and Malwarebytes are both telling me I have no virus, but with out a doubt I do

What next????

Try SUPERAntiSpyware?? Maybe that can help?

 

[DarkOCean]

If nothing works you can always do a fresh install after you make a backup of anything you may need from the os partition.

 

[Tatty_Two]

They may have left some nasties for you, go to search, then select the "date modified" option, put in the date of your attack and let it run, when the list comes up, go through it, if anything looks dodgy or does not look as though it relates to any existing programs/apps check it out in the directy where it lives, I have found a couple in the past that way and deleted them, then re-start without network connection and see how you get on.

 

[scaminatrix]

one word:
Combofix!

Never had a problem it couldn't solve

http://www.bleepingcomputer.com/download/combofix/

 

[Mindweaver]

You need to run Chameleon by Malwarebytes. It will kill any nasties in memory.

 

[Bow]

At this point I rather just pay for something to kill it. I have BF3 plans tonight...lol

 

[Sasqui]

Do you have a second computer? Plug the drive in as a slave and scan it from a clean PC.

 

[silkstone]

If you have sensitive data on the machine and you are still worried, i agree that you should do a complete re-format, just back everything essential up on 2nd hdd. A complete re-install of my system usually takes 1-2hrs and then ongoing for about a week for the smaller, less used stuff.

You just have to remember everything you want to backup. I always forget my game saves

 

[Bow]

Combo fix and chameleon did not work. This sucks.

 

[Mindweaver]

Have you tried Spybot? If you buy the pro version you can user there boot cd.

 

[Bow]

Trying zone alarm

 

[silkstone]

This might help:

http://www.precisesecurity.com/trojan/exploitjsblacole

 

[95Viper]

You can try:
1. Running Ccleaner to remove any junk files and running the registry cleaner a couple of times to remove any leftover reg entries.
2. Open an administrative command prompt and run "sfc /scannow" (put a space between the "c" and "/"). This will check the validity of your windows files and help you to fix any it finds have been compromised.
3. Flush your dns cache, check and clean out your hosts file, check your browser cache and clean it out.
4. You can try autoruns to see if there any misspelled programs in the different groups listed or programs you don't recognize or unsure of, then you can disable or delete them.

Or, what I mentioned before.. Re-install your OS or restore from a known clean backup, if you have one.

Just wondering, what is it doing to make you think it is still there?

 

[Steevo]

"The issue with 0.access or most rootkits now days is that it is a smart rootkit, it loads during boot time, and intercepts all processes to control what can and can't be seen. The only way to remove it successfully since you can't install anti-virus with it running and it prevents the correct use of tddskiller or combofix is to use the batch script tool I made and uploaded or to use a anti-virus with the drive loaded in another secure PC.
http://www.techpowerup.com/forums/sh...ighlight=fixit

Download and get the most current version of TDDS killer to put in the archive.

Copy to a USB stick and then use your recycle bin to launch an explorer window to copy to your C drive and follow the instructions. "


Run this. It works. Simple batch files FTW.

 

[Bow]

Thanks for all the tip guys, so far ZoneAlarm as seemed to work.

 

[Bow]

Just wondering, what is it doing to make you think it is still there?

Programs will not load, crazy commericals and music are playing and I am not connected to the net. Team Speak, Motocast, PCPitstop, all will not work.

I thought Zone Alarm had it fixed but it started up again. ZoneAlarm finds it and says it takes care of it but it still there. Every scan I run.

Tried the steps that Silkstone posted and that did not work.
@95Viper, I am a PC dumbass I don't eve know where to find that stuff.
@Steevo, going to send you a pm.

 

[Steevo]

http://www.techpowerup.com/forums/showpost.php?p=2487854&postcount=1

In case the other link doesn't work.

 

[95Viper]

@95Viper, I am a PC dumbass I don't eve know where to find that stuff.

No, don't ever think that... you are in a process of learning.

I have been working with computers for 40 years in one fashion or another and I still do not know all & learn something new all the time.

In my opinion... that is part of the reason I come to TPU... a great place to learn and to help.

Back on topic:

You/ZoneAlarm/other... either, thought you got it and missed a piece; or, you got it and it's leftovers are affecting you system.
The BlackHole Exploit was nasty and the BlackHole Exploit 2.0 is worse... plus there are a lot of different versions. The main attack is virtually the same, however, the add-ons (or downloads) vary.
Since, you bought ZA, maybe, one of the techs there can help clean out your system.
You can try the ZA forum for help; however, there are a couple of jerks over there that will blow you off and tell you to seek help from support.

You can try this from F-Secure: Easy Clean
Download the file. Right click on it and choose "run as administrator". It may or may not ask you to restart your system... let it.

Also, try this: Do-it-yourself Emsisoft Emergency Kit USB stick
Extract the contents of the Emsisoft Emergency Kit to a USB stick to create your own universal tool for scanning and cleaning infected PCs.


Unless, you want to dig around and fix things (which could take quite a lot of sleuthing and time)... I still recommend, you backup all the data you need to save, and do a complete wipe and re-install.
And, I recommend, either, scheduled or regularly made manual backups in the future.

Edit:

Datum's Complete Internet Repair 1.3.2.1322 may help clean up your internet. Check all the boxes and GO.

You may find this useful in cleaning/fixing your system: Tweaking.com - Windows Repair

You may find this guide of some interest. It mentions a lot of what has been suggested, plus a few more items: MalwareTips.com's "Remove ZeroAccess rootkit (Uninstall Guide)"