Results 1 to 10 of 10
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Bedford UK
    Posts
    14
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Help identifying file MSE identifies as problematic

    I have MSE installed on W7pro 64 desktop.
    During the last week it has started to 'identify items we would like to look at further' and inviting me to send the info to MS for further investigation. Initially I did send it but after a few days I wondered whether something was amiss so I stopped sending it. Running a scan does not identify anything. The files in question are C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/api[1].js
    The quarantine shows occurrences of this file and classes it as dangerous recommending immediate removal.

    I also have malwarebytes pro which does not identify anything amiss. Any body got any contents on this situation.

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,786
    Thanks
    5
    Thanked 1,085 Times in 951 Posts
    I moved this to its own thread. Please do not hijack another thread.

    Joe

  3. The Following User Says Thank You to JoeP517 For This Useful Post:

    peterhb (2016-04-06)

  4. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,426
    Thanks
    52
    Thanked 1,025 Times in 953 Posts
    Submit the file to an online checker to see if anything is amiss. Apart from that ignore I would those MS messages.

    cheers, Paul

  5. #4
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,528
    Thanks
    465
    Thanked 412 Times in 384 Posts
    Since the file in question is in the Temporary Internet Files folder, you can safely delete it. In fact, I recommend that you hold your shift key down while deleting it, so that it is permanently deleted.

    Go to the C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/ folder, highlight everything in it, and then while holding the shift key down, delete the entire contents of the folder.

  6. #5
    5 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    615
    Thanks
    62
    Thanked 77 Times in 73 Posts
    According to the file name it's a JavaScript Application Programming Interface file. Ummm, OK?

  7. #6
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,616
    Thanks
    297
    Thanked 597 Times in 496 Posts
    Well, I have 1.200+ *.js files on my system drive, from a very quick look, almost all seem to have a fairly descriptive name. The majority aren't directly related to web browsers either, they're for 3rd party applications from companies like Samsung, Apple, Blackmagic Design, as well as default files from MS.

    It's what this particular js script does, or what the fingerprint of it flags up is more important.

  8. #7
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,528
    Thanks
    465
    Thanked 412 Times in 384 Posts
    Does it really matter what it does? Isn't the main thing to get rid of it?

    Since the only thing found was in the temporary internet files folder, I think he can safely delete the entire contents of that folder and be done with it. That is the easiest way to solve the problem, in my opinion.

    He can rescan afterwards, just to make sure.

  9. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Bedford UK
    Posts
    14
    Thanks
    3
    Thanked 0 Times in 0 Posts
    I have tried deleting the Temp Internet folder and twice now the file in question has returned. Although I haven't had any recurrence in the last five days so I'm hoping I've seen the last of it.

  10. #9
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,528
    Thanks
    465
    Thanked 412 Times in 384 Posts
    Sounds like you are visiting a website which is putting this file onto your computer. It could be a website you chose, or one of the many "pass-through" tracking websites that we all pass through on our way from one website to another (e.g. Googleleads, etc).

  11. #10
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,357
    Thanks
    108
    Thanked 634 Times in 509 Posts
    Quote Originally Posted by peterhb
    The files in question are C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/api[1].js
    The quarantine shows occurrences of this file and classes it as dangerous recommending immediate removal.

    I also have malwarebytes pro which does not identify anything amiss. Any body got any contents on this situation.
    If it returns again, try submitting it to reverse.it for free analysis and let us know the results, e.g. the URL for the scan result.

    reverse.it seems to carry out a more in-depth analysis than VirusTotal and the scan results are quite detailed. Have a look at Files in the Submissions menu for examples of analyses of other .js files.

    Hope this helps...

  12. The Following User Says Thank You to Rick Corbett For This Useful Post:

    RockE (2016-04-12)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •