"Microsoft(R) JaveScript(R) Console"???

msnerd · Cadet Joined: May 07, 2004 Posts: 1 Location: USA

I hope that this is the right place to post this. My computer is badly infected with the Coolweb highjack Trojan (I know, there's another forum where I can upload a HijackThis log) and I've been using everything (almost) to try to get rid of it permanently, but it keeps coming back.

I've used CWShredder and Ad-Aware (both good at catching files and registry changes, but they apparently don't catch everything), SpyBot Search & Destroy, SpySweeper, WinPatrol, and probably a few other things I can't remember at the moment.

SpySweeper tells me when my browser home page is changed, and WinPatrol tells me when my browser _search_ page is changed and when a new BHO (browser helper object) program or DLL is installed. Usually the DLL name seems random (I never turn up anything when I do a search for it on the Web), but my latest experience was getting this message from WinPatrol:

"WinPatrol New Program Alert - Read Carefully
[No Icon]
Scotty the Windows Watchdog is on patrol and has detected a new Internet Explorer Add-On has been installed on your system.
Do you approve the addition of this IE Helper?
Press YES if this Internet Explorer Add-On is allowed.
Microsoft(R) JavaScript(R) Console
No Description found
Company name not included in this program.
Version:
No Copyright information included."

It's not really a "Microsoft JavaScript Console," of course - doesn't Microsoft use VBScript rather than JavaScript anyway? - but a DLL used by Coolweb. If it hadn't been for WinPatrol, I would never had known of the installation (thwarted by WinPatrol), and if I had seen such a description later of a BHO called "Microsoft JavaScript Console," I might have presumed that it was legit. (After all, if you can't trust Microsoft, who can you trust?) The giveaway, of course, was the lack of any information as to description, company name, version, or copyright.)

I've been working on this Coolweb problem for over a week now, and I'm about ready to throw in the towel and re-install from scratch Windows XP Pro, hardware, software, software updates, documents and other data files, etc. Norton Antivirus (which I update at least once a week) claims that my system is "clean," but it obviously knows nothing about CoolWeb.

WinPatrol is a nice program, by the way, but they seem to have no tech support (not even a user-based forum), unless I'm missing something.

Usually, CWShredder and Ad-Aware find two registry items and five or six files to remove, and they do get removed (I've run both programs in "safe" mode and usually twice to make sure they're gone), but it isn't long before they're back again <sigh>.

Is it worthwhile for me to upload a HijackThis log (in the appropriate forum here) or should I just give up at this point? (I uploaded such a log to a different forum, not one of the ones here, but I never got an answer, so my log - which is fairly long - may be too intimiating.)

Any comments or advice will be appreciated. (For example, is there a good remoal tool that I haven't tried but should?)

msnerd

Mariner · Posted: Fri May 14, 2004 10:08 pm Post subject:

msnerd,

Yes, it is worth putting up a HJT log, certainly if CWShredder is not working for you.

Please proceed as follows after reading these two items:

u]Virus=Read This:[/u] http://www.computercops.biz/postt8864.html
HiJack= Read This: http://www.computercops.biz/postt911.html

Download: HiJack This!

Create and Unzip to a folder not your Desktop or the Temp folder, doubleclick HijackThis.exe, and press "Scan".
Unzip the download (using a piece of software like: Winzip)

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log in a text file, and post it in the CCSP "Spyware - Hijack Related" forum:

http://computercops.biz/forum67.html

Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

*Please, be patient. An expert will examine your log and this does take time. Thank you.*

wampdog · Cadet Joined: May 23, 2004 Posts: 2 Location: USA

I believe I had a somewhat similar problem recently. Thanks for the info.


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 1109 pages served in previous 5 minutes. Page Rendered: 0.473 seconds.