JS:ScriptIP-Inf [Trj] is a dangerous computer infection that comes in a Java Script file. It can do many bad things to a computer once it gains an access. JS:ScriptIP-Inf [Trj] is a tricky malware that comes into your computer evading your antivirus program. Its not really a solution but. On downloading sites like mediafire. Just refresh/reload. Its kinda annoying to hear the threat detected alert but its no choice XD. I clicked on a link to a news article on Yahoo and my Avast Anti-virus went off saying it aborted a connection with it because it was infected with the above trojan. I scanned with both Avast and Malwarebytes and nothing came up. I would go to the Avast forums but I trust you guys more.


A few days ago while going through our Avast logs I noticed that this trojan (JS:ScriptPE-inf [Trj]) had been blocked a bunch of times without anyone noticing. It seems that Avast detected the trojan trying to get in through an ingame web browser while my son was playing counter strike (motd screen you get when loading a server), but fullscreen mode kept Avast silent. Anyhow, we've done some web searching, and we've learned that it's apparently a keylogger of sorts. Now we're even more paranoid, we haven't seen any signs of weird behaviour, however keyloggers sometimes try to pass off as if everything were normal in order to snatch passcodes. Now everyone's afraid to use the family computer.

We've scanned with Avast (boot time scan), ESET online scan, Malwarebytes, Malwarebytes antirootkit, trendmicro attk and rootkitbuster. Rootkitbuster picked up a hidden file in my firefox cache, and that's all.

I've also updated java some time after the avast notifications.

I'd like to know if there might be an infection and if so, how to deal with it?

Thank you.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.51.2
Run by Casa at 6:27:00 on 2014-02-02
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.51.3082.18.3574.2234 [GMT -5:00]
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
Running Processes
C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
C:Program FilesScarlet.Crush ProductionsbinScpService.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe
C:Program FilesPGP CorporationPGP DesktopRDDService.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:Program FilesMicrosoft Xbox 360 AccessoriesXBoxStat.exe
C:Program FilesAlwil SoftwareAvast5AvastUI.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesSteamSteam.exe
C:Program FilesATI TechnologiesHydraVisionHydraDM.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesCommon FilesSteamSteamService.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k RPCSS
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:Windowssystem32svchost.exe -k imgsvc
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalServicePeerNet
C:WindowsSystem32svchost.exe -k secsvcs
Pseudo HJT Report
uStart Page = hxxp://www.google.com/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:program filesalwil softwareavast5aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:program filesalwil softwareavast5aswWebRepIE.dll
uRun: [Steam] 'c:program filessteamsteam.exe' -silent
uRun: [HydraVisionDesktopManager] 'c:program filesati technologieshydravisionHydraDM.exe'
mRun: [RtHDVCpl] c:program filesrealtekaudiohdaRtHDVCpl.exe -s
mRun: [GrooveMonitor] 'c:program filesmicrosoft officeoffice12GrooveMonitor.exe'
mRun: [ATICustomerCare] 'c:program filesatiaticustomercareATICustomerCare.exe'
mRun: [Adobe ARM] 'c:program filescommon filesadobearm1.0AdobeARM.exe'
mRun: [StartCCC] 'c:program filesati technologiesati.acecore-staticCLIStart.exe' MSRun
mRun: [XboxStat] 'c:program filesmicrosoft xbox 360 accessoriesXboxStat.exe' silentrun
mRun: [AvastUI.exe] 'c:program filesalwil softwareavast5AvastUI.exe' /nogui
mRun: [SunJavaUpdateSched] 'c:program filescommon filesjavajava updatejusched.exe'
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar a Microsoft Excel - c:progra~1micros~2office12EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:program filesmicrosoft officeoffice12ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:windowssystem32PGPlsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer =
TCP: Interfaces{E4FDD680-0B92-43A7-B1CB-5528C2708D20} : DHCPNameServer =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:program filescommon filesskypeSkype4COM.dll
AppInit_DLLs= PGPmapih.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
LSA: Notification Packages = scecli PGPpwflt
FF - ProfilePath - c:userscasaappdataroamingmozillafirefoxprofilesc3zhax9f.default
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:program filesadobereader 11.0readerairnppdf32.dll
FF - plugin: c:program filesbattlelog web plugins2.1.7npesnlaunch.dll
FF - plugin: c:program filesbattlelog web pluginssonar0.70.4npesnsonar.dll
FF - plugin: c:program filesjavajre7bindtpluginnpdeployJava1.dll
FF - plugin: c:program filesjavajre7binplugin2npjp2.dll
FF - plugin: c:program filesmicrosoft silverlight5.1.20125.0npctrlui.dll
FF - plugin: c:program filesubisoftubisoft game launchernpuplaypc.dll
FF - plugin: c:program filesubisoftubisoft game launchernpuplaypchub.dll
FF - plugin: c:windowssystem32macromedflashNPSWF32_12_0_0_43.dll
R0 aswRvrt;avast! Revert;c:windowssystem32driversaswRvrt.sys [2013-8-28 49944]
R0 aswVmm;avast! VM Monitor;c:windowssystem32driversaswVmm.sys [2013-8-28 180248]
R0 pgpfs;PGP File Sharing;c:windowssystem32driversPGPfsfd.sys [2012-6-29 147048]
R0 Pgpwdefs;Pgpwdefs;c:windowssystem32driversPGPwdefs.sys [2012-6-29 14744]
R1 aswSnx;aswSnx;c:windowssystem32driversaswSnx.sys [2011-3-14 775952]
R1 aswSP;aswSP;c:windowssystem32driversaswSP.sys [2010-12-14 410784]
R2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2013-3-28 219136]
R2 aswMonFlt;aswMonFlt;c:windowssystem32driversaswMonFlt.sys [2010-12-14 67824]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast5AvastSvc.exe [2014-1-29 50344]
R2 Ds3Service;SCP DS3 Service;c:program filesscarlet.crush productionsbinScpService.exe [2013-12-9 388352]
R2 PGP RDD Service;PGP RDD Service;c:program filespgp corporationpgp desktopRDDService.exe [2012-6-29 1588488]
R3 aswStm;aswStm;c:windowssystem32driversaswstm.sys [2014-1-9 64168]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:windowssystem32driversAtihdW73.sys [2013-2-14 79872]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:windowssystem32driverse1k6232.sys [2010-4-6 224424]
R3 ScpVBus;Scp Virtual Bus Driver;c:windowssystem32driversScpVBus.sys [2013-12-9 33024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:program filesskypeupdaterUpdater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:windowssystem32driversMijXfilt.sys [2011-11-4 97552]
S3 VMUVC;Vimicro Camera Service VMUVC;c:windowssystem32driversVMUVC.sys [2010-12-14 254720]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:windowssystem32driversvvftUVC.sys [2010-12-14 398720]
Created Last 30
2014-01-31 02:12:03 -------- d-----w- c:windowspss
2014-01-30 23:43:32 -------- d-----w- c:userscasaappdatalocal{9FDBA568-EE58-4AEB-B4FB-6C1C88755A1E}
2014-01-30 11:43:07 -------- d-----w- c:userscasaappdatalocal{BCAC27A8-3AFF-49FF-81AA-ADFC3441B365}
2014-01-30 10:42:50 -------- d-----w- c:programdataMalwarebytes' Anti-Malware (portable)
2014-01-30 10:42:49 107224 ----a-w- c:windowssystem32driversMBAMSwissArmy.sys
2014-01-30 10:42:05 75480 ----a-w- c:windowssystem32driversmbamchameleon.sys
2014-01-29 23:42:42 -------- d-----w- c:userscasaappdatalocal{BE42CCF7-2027-45A9-9100-C94CA4D1D0B0}
2014-01-29 05:01:58 -------- d-----w- c:userscasaappdatalocal{3BB31C76-7E80-4645-8B9F-4F07BE796333}
2014-01-28 17:01:34 -------- d-----w- c:userscasaappdatalocal{D71179BD-4549-4A19-BB28-67C6CFCC7096}
2014-01-27 17:00:57 -------- d-----w- c:userscasaappdatalocal{3A37617A-F82B-442C-BDE4-8F5EBB9BE8A3}
2014-01-26 17:00:21 -------- d-----w- c:userscasaappdatalocal{09061154-9694-4174-B503-2AF694D816BB}
2014-01-26 04:59:57 -------- d-----w- c:userscasaappdatalocal{0FD549F4-B738-4553-91E4-D4E1867637E7}
2014-01-25 16:59:32 -------- d-----w- c:userscasaappdatalocal{26DFD8E7-905E-4075-A8FA-501ED414493A}
2014-01-25 04:59:07 -------- d-----w- c:userscasaappdatalocal{8D5B07C9-948D-46BE-80E3-A7110528AC8D}
2014-01-24 16:58:43 -------- d-----w- c:userscasaappdatalocal{CAA26D2A-9722-414A-A77B-C4BCA479C877}
2014-01-23 16:58:04 -------- d-----w- c:userscasaappdatalocal{037481C2-C906-44D7-ABC0-2A418ED3CAD7}
2014-01-22 15:36:32 -------- d-----w- c:userscasaappdatalocal{9082F407-0AF4-4DD3-9755-DF783B5B1653}
2014-01-22 03:36:07 -------- d-----w- c:userscasaappdatalocal{8211782E-69E1-425E-A991-1211B55AD0C4}
2014-01-21 15:35:43 -------- d-----w- c:userscasaappdatalocal{C9B29278-4DB2-4AAB-B6EC-5C3897B6D046}
2014-01-21 03:35:18 -------- d-----w- c:userscasaappdatalocal{99C55F1E-248C-41AF-A7E8-13D982D7D947}
2014-01-20 15:34:45 -------- d-----w- c:userscasaappdatalocal{AAFABF1C-9B9A-4F9B-81CC-261D5CA81DA9}
2014-01-19 17:03:13 -------- d-----w- c:userscasaappdatalocal{C990B2F1-3A7E-4496-A403-6BF09AEB9EDF}
2014-01-19 06:05:07 -------- d-----w- C:Games
2014-01-19 05:57:44 -------- d-----w- c:program filesNexus Mod Manager
2014-01-19 04:50:48 -------- d-----w- c:userscasaappdatalocal{D2D14E05-A1ED-4C14-B3EC-FA84CF9CA717}
2014-01-18 04:50:11 -------- d-----w- c:userscasaappdatalocal{1CDE3E75-F271-441F-AEA8-5E7636038170}
2014-01-17 16:49:46 -------- d-----w- c:userscasaappdatalocal{9DDA88AB-7309-45EE-AD49-840C5C5EF9AD}
2014-01-17 04:49:21 -------- d-----w- c:userscasaappdatalocal{BDAABD57-FABD-493A-A7ED-B7535D9D1A32}
2014-01-16 16:48:56 -------- d-----w- c:userscasaappdatalocal{D7E0E78E-2C16-4E31-9415-1FBAC1EC6C40}
2014-01-16 14:27:53 22856 ----a-w- c:windowssystem32driversmbam.sys
2014-01-16 14:27:53 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2014-01-16 12:06:45 -------- d-----w- C:BOSS
2014-01-16 04:48:32 -------- d-----w- c:userscasaappdatalocal{123E424E-E418-4762-B9DE-AC41E5BC425C}
2014-01-15 16:48:07 -------- d-----w- c:userscasaappdatalocal{CAC9384C-9AE1-440A-B3AE-3BEBBD64A422}
2014-01-15 04:47:43 -------- d-----w- c:userscasaappdatalocal{27828DD0-9E28-484E-8B0D-121A2D9B4931}
2014-01-14 16:47:19 -------- d-----w- c:userscasaappdatalocal{144CF511-7041-44A5-A3CB-628D79C75366}
2014-01-14 04:46:54 -------- d-----w- c:userscasaappdatalocal{C592396B-8958-4827-A2E1-CD83CA938D89}
2014-01-13 04:46:17 -------- d-----w- c:userscasaappdatalocal{C68BE041-1CA4-4638-92F4-EA7A5CF05D1E}
2014-01-12 16:45:44 -------- d-----w- c:userscasaappdatalocal{E829C925-AE14-431E-8411-79C53ABECE74}
2014-01-11 16:01:23 -------- d-----w- c:userscasaappdatalocal{BB8F28A7-55ED-4D5E-BC59-FBB5E7DC0B46}
2014-01-10 13:05:50 -------- d-----w- c:userscasaappdatalocal{137B6E8E-2B22-49BE-905D-84E7971A839D}
2014-01-10 02:58:08 -------- d-----w- c:program filesCCleaner
2014-01-10 01:35:55 -------- d-----w- c:userscasaappdataroamingAVAST Software
2014-01-10 01:32:13 64168 ----a-w- c:windowssystem32driversaswstm.sys
2014-01-10 01:24:32 -------- d-----w- c:programdataAVAST Software
2014-01-10 01:05:25 -------- d-----w- c:userscasaappdatalocal{7D22B45F-51D1-494B-A8F0-76BAF10132AA}
2014-01-09 13:05:00 -------- d-----w- c:userscasaappdatalocal{5A0017C6-4D95-4F78-9FFF-E55E10B37965}
2014-01-08 03:09:28 -------- d-----w- c:userscasaappdatalocal{DC13B96B-1B0F-404A-A90D-49F8A44AC219}
2014-01-07 15:08:54 -------- d-----w- c:userscasaappdatalocal{21D658DD-F2A0-4CF8-8469-F912D63A2C72}
2014-01-06 16:08:15 -------- d-----w- c:userscasaappdatalocal{AE922A7D-E3BB-4D56-AD7C-B9A9CDAD776E}
2014-01-05 16:07:37 -------- d-----w- c:userscasaappdatalocal{609261FD-F122-4F19-9F84-5BA33D20D617}
2014-01-31 20:46:23 71048 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2014-01-31 20:46:23 692616 ----a-w- c:windowssystem32FlashPlayerApp.exe
2014-01-31 20:39:09 94632 ----a-w- c:windowssystem32WindowsAccessBridge.dll
2014-01-30 01:54:01 775952 ----a-w- c:windowssystem32driversaswSnx.sys
2014-01-30 01:54:01 67824 ----a-w- c:windowssystem32driversaswMonFlt.sys
2014-01-30 01:54:01 43152 ----a-w- c:windowsavastSS.scr
2014-01-10 01:32:06 79720 ----a-w- c:windowssystem32driversaswRdr2.sys
2014-01-10 01:32:06 49944 ----a-w- c:windowssystem32driversaswRvrt.sys
2014-01-10 01:32:06 180248 ----a-w- c:windowssystem32driversaswVmm.sys
2013-12-20 04:38:59 140064 ----a-w- c:windowssystem32driversPnkBstrK.sys
2013-12-20 04:38:52 280856 ----a-w- c:windowssystem32PnkBstrB.xtr
2013-12-20 04:38:52 280856 ----a-w- c:windowssystem32PnkBstrB.exe
2013-12-17 06:03:31 280792 ----a-w- c:windowssystem32PnkBstrB.ex0
2013-11-14 18:02:11 111262 ----a-w- c:windowssystem32PGPlspRollback.reg
FINISH: 6:27:29.11

Starting a couple of weeks ago, I began getting the Avast alert whenever I clicked on a yahoo.com news article headline.

We've safely aborted connection on www.yahoo.com because it was infected with JS:ScriptPE-inf [Trj].

More threats may be lurking!

Details show:

Thread name JS:ScriptPE-inf [Trj]

Severity (minimal sign on the bar scale)

URL https://www.yahoo.com/_td_remote

Process C:Program FilesMozilla Firefoxfirefox.exe

Detected by Web Shield

Status Connection aborted

I don't click the scan button. I just X out of the warning. I have not lost any Yahoo connection and can just proceed with the news story.

I run Avast scans every Saturday, same with Superantispyware. Avast never finds a virus. Superantispyware finds 800-1200 cookies.

I run both only after updating them.

My Windows Update is set to automatic.

I have an NEC LaVie laptop with Japanese OS (I live in Japan).

Windows 7

I never use Internet Explorer. Only Firefox.

My computer is run through a home wifi system, not on any multi-user network.

What is the problem? What can I do?
