Results 1 to 10 of 10
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Bedford UK
    Posts
    14
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Help identifying file MSE identifies as problematic

    I have MSE installed on W7pro 64 desktop.
    During the last week it has started to 'identify items we would like to look at further' and inviting me to send the info to MS for further investigation. Initially I did send it but after a few days I wondered whether something was amiss so I stopped sending it. Running a scan does not identify anything. The files in question are C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/api[1].js
    The quarantine shows occurrences of this file and classes it as dangerous recommending immediate removal.

    I also have malwarebytes pro which does not identify anything amiss. Any body got any contents on this situation.

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts
    I moved this to its own thread. Please do not hijack another thread.

    Joe

  3. The Following User Says Thank You to JoeP517 For This Useful Post:

    peterhb (2016-04-06)

  4. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,203
    Thanks
    49
    Thanked 989 Times in 919 Posts
    Submit the file to an online checker to see if anything is amiss. Apart from that ignore I would those MS messages.

    cheers, Paul

  5. #4
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 406 Times in 378 Posts
    Since the file in question is in the Temporary Internet Files folder, you can safely delete it. In fact, I recommend that you hold your shift key down while deleting it, so that it is permanently deleted.

    Go to the C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/ folder, highlight everything in it, and then while holding the shift key down, delete the entire contents of the folder.

  6. #5
    4 Star Lounger
    Join Date
    Jan 2010
    Location
    Fort McMurray, Alberta, Canada
    Posts
    565
    Thanks
    51
    Thanked 70 Times in 68 Posts
    According to the file name it's a JavaScript Application Programming Interface file. Ummm, OK?

  7. #6
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,492
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Well, I have 1.200+ *.js files on my system drive, from a very quick look, almost all seem to have a fairly descriptive name. The majority aren't directly related to web browsers either, they're for 3rd party applications from companies like Samsung, Apple, Blackmagic Design, as well as default files from MS.

    It's what this particular js script does, or what the fingerprint of it flags up is more important.

  8. #7
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 406 Times in 378 Posts
    Does it really matter what it does? Isn't the main thing to get rid of it?

    Since the only thing found was in the temporary internet files folder, I think he can safely delete the entire contents of that folder and be done with it. That is the easiest way to solve the problem, in my opinion.

    He can rescan afterwards, just to make sure.

  9. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Bedford UK
    Posts
    14
    Thanks
    3
    Thanked 0 Times in 0 Posts
    I have tried deleting the Temp Internet folder and twice now the file in question has returned. Although I haven't had any recurrence in the last five days so I'm hoping I've seen the last of it.

  10. #9
    WS Lounge VIP mrjimphelps's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    3,411
    Thanks
    447
    Thanked 406 Times in 378 Posts
    Sounds like you are visiting a website which is putting this file onto your computer. It could be a website you chose, or one of the many "pass-through" tracking websites that we all pass through on our way from one website to another (e.g. Googleleads, etc).

  11. #10
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,143
    Thanks
    101
    Thanked 580 Times in 464 Posts
    Quote Originally Posted by peterhb
    The files in question are C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/api[1].js
    The quarantine shows occurrences of this file and classes it as dangerous recommending immediate removal.

    I also have malwarebytes pro which does not identify anything amiss. Any body got any contents on this situation.
    If it returns again, try submitting it to reverse.it for free analysis and let us know the results, e.g. the URL for the scan result.

    reverse.it seems to carry out a more in-depth analysis than VirusTotal and the scan results are quite detailed. Have a look at Files in the Submissions menu for examples of analyses of other .js files.

    Hope this helps...

  12. The Following User Says Thank You to Rick Corbett For This Useful Post:

    RockE (2016-04-12)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •