Windows Script Host:Cannot find script file "C:/ProgramData/ApplicationData/Java/jre6

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Matthew Tennyson Tucson, Dec 9, 2012.

  1. Matthew Tennyson Tucson

    Matthew Tennyson Tucson Private E-2

    Windows Script Manager can't find it because I blew it out of the godamn airlock!

    He, he, he.

    Short verison, my nephew was visiting for a few months earlier this summer. After he left, I discovered he downloaded and ran a lot of porn and IMVU on my computer plus other junk (can't remember what all he did, and he tried to delete some of it on his own; bottom line, I have no clue what all he did).

    I tried to use the uninstall on everything and thougth I got it all, but then noticed that my CPU was constantly running. I opened task manager and found that java SE was constantly running, using up 25% of my CPU.

    I tracked down what that was, using control panel and CCleaner startup tab. Tried to delete command strings etc. but that didn't work; it would just re-insert itself!

    Found the .js file through a hard-drive search, then just deleted the whole damn thing.

    Now everything on my system seems to be running fine. Java only runs when I want it to, nothing not accessable ... except ...

    On every startup, I get the message from Windows Script Manager. I click the "ok" box for the notice and it goes away. Anoying the crud out of me.

    See attached malware scan logs. I see it right there on the RogueKiller log, but the instructions said not to do anything but get the log, so I didn't try to "fix" it with that program.


    Thanks!!!!!!!!!



    Previous thread:

    http://forums.majorgeeks.com/showthread.php?t=270304
     

    Attached Files:

    Matthew Tennyson Tucson, Dec 9, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Windows Script Host:Cannot find script file "C:/ProgramData/ApplicationData/Java/

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you
    are finished):

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:

    • [RUN][SUSP PATH] HKCU\[...]\Run : imon (wscript.exe "C:\ProgramData\Application Data\Java\jre6\bin\imon.js") -> FOUND
      [RUN][SUSP PATH] HKUS\S-1-5-21-1837679542-2007511198-3304517718-1001[...]\Run : imon (wscript.exe "C:\ProgramData\Application Data\Java\jre6\bin\imon.js") -> FOUND
      Place a checkmark each of these items, leave the others unchecked.
      Now press the Delete button.
      When it is finished, there will be a log on your desktop called: RKreport[2].txt
      Attach RKreport[2].txt to your next message. (How to attach)
      Do not reboot your computer yet.

      Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't
      double click, use right click and select Run As Administrator). This is really HijackThis (select Do a
      system scan only) and select the following lines but DO NOT CLICK FIX until you exit
      all browser sessions including the one you are reading in right now:
      NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.
      After clicking Fix, exit HJT.


      Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT
      ). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once
      you have saved it double click it and allow it to merge with the registry.
      Make sure that you tell me if you receive a success message about adding the above
      to the registry. If you do not get a success message, it definitely did not work.

      Now reboot and re-run RogueKiller and attach the new log. Tell me how things are running now.
     
    TimW, Dec 10, 2012
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds