c/windows/i386/jscript.dl_ cannot clean trojan from this file

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by marilynnnnn2003, Apr 20, 2006.

  1. marilynnnnn2003

    marilynnnnn2003 Private E-2

    somehow i downloaded the "trojan.small.hr" by going to a site with nine million popups (wouldnt let you in without allowing popups) which i wasnt too worried about, because after visiting, i always can get rid of the crap they would leave on here but i think while clicking them all closed i accidently hit an install button or something. so now media player, java, search, windows update etc. wouldnt work.
    i looked around and everyone is suggesting ewido which i got and it found
    -among nine million other things- "trojan.small.hr" in system32/jscript.dll and c/windows/system/i386/jscript.dl_ . i personally also downloaded the free sophos trial because i remember hearing awhile ago it was pretty good. so with that i went to safemode with command prompt and used their definitions to clean and remove these 2 files. it only removed jscript.dll from system32 after that i installed windows script 5.6 and yay! everything works wonderfully.
    sophos doesnt see anything so i just uninstalled it. -this is my dads and he has avast which i think is crap- after my great triumph -i had been screwing around with this for hours- i ran ewido just to be sure, now system32/jscript.dll doesnt come up anymore, but now its windows/i386/jscript.dl_ thats infected. it cant seem to just clean it so deleting it and reinstalling that script 5.6 thing doesnt help, it keeps coming up in ewido that its infected. i just now ran housecall, and it calls it troj_small.BQE. it also gives no option for cleaning, just deleting. what exactly is this file and how do i clean it off and just reinstall it?
    everything i find while searching around says to install the windows script, regsvr32 jscript.dll, (succeeded by the way) or to reinstall directly from the xp disc. i was wondering if i should even be worried. i was hoping that yes it may be infected, but maybe only with a certain aspect of the trojan? since sophos cleaned the other part and i reinstalled windows script, everything works great.
    one thing that doesnt is tooltip. it always did before. i dont care if it does really, i dont use that thing. lately everything says "Tooltip information is currently unavailable."

    to whoever reads this, thank you for reading through the wholleeeee thing :D
    i hope this is what kind of sys info im supposed to include

    Computer
    Operating System Microsoft Windows XP Home Edition
    OS Service Pack Service Pack 2
    Internet Explorer 6.0.2900.2180

    Motherboard
    CPU Type Unknown, 1944 MHz (9 x 216)
    Motherboard Name Unknown
    Motherboard Chipset Unknown
    System Memory 2048 MB
    BIOS Type Award (10/21/05)
    Communication Port Communications Port (COM1)
    Communication Port ECP Printer Port (LPT1)

    Display
    Video Adapter NVIDIA GeForce 6800 (256 MB)
    Video Adapter NVIDIA GeForce 6800 (256 MB)
    Monitor Default Monitor
    Monitor ViewSonic VX922 [NoDB]

    Multimedia
    Audio Adapter Creative EMU10K2 Audigy Audio Processor

    Storage
    Floppy Drive Floppy disk drive
    Disk Drive ST3120026A (120 GB, 7200 RPM, Ultra-ATA/100)
    Disk Drive WDC WD1500ADFD-00NLR0
    Optical Drive _NEC DVD_RW ND-3540A

    Partitions
    C: (NTFS) 143078 MB (99077 MB free)
    E: (NTFS) 114463 MB (74212 MB free)

    Input
    Keyboard Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Mouse HID-compliant mouse

    Network Adapter NVIDIA nForce Networking Controller - Packet Scheduler

    Peripherals
    Printer HP Color LaserJet 2600n
    USB Device USB Human Interface Device
    USB Device USB Printing Support
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    That's a strange one. Both of those files are actually valid Windows system files. The one with the underscore is just a compressed copy of the one without the underscore. I find it strange that malware would make the compressed for too.

    The one in the i386 folder is not always compresses either. Do you see both jscript.dl_ and jscript.dll in the i386 folder?

    Briefly what is your remaining problem. Is it just that your want to delete the jscript.dl_ file? It should be easy to delete unless you have malware running that is using it. Boot in safe mode and try to delete.

    Attach your Ewido log here. See: HOW TO: Attach Items To Your Post
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds