Anonymous KH
asked on
OAD_Comscore_NoID2.js from secure-ds.serving-sys.com
Dear Experts,
I have a client whose 2 PCs got infected.
When they go to yahoo webpage in Singapore -> Finance -> Currency Converter, there is a pop up at the bottom of the page.
Do you want to open or save OAD_Comscore_NoID2.js from secure-ds.serving-sys.com?
I went into Control Panel, Internet Add-Ons, Registry.
Malware scan also did detect it.
Any idea on how to stop this?
I have a client whose 2 PCs got infected.
When they go to yahoo webpage in Singapore -> Finance -> Currency Converter, there is a pop up at the bottom of the page.
Do you want to open or save OAD_Comscore_NoID2.js from secure-ds.serving-sys.com?
I went into Control Panel, Internet Add-Ons, Registry.
Malware scan also did detect it.
Any idea on how to stop this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
In the registry, those that you mentioned are not found.
ok then try sysinternals autoruns and start hunting.
ASKER
Hi!
I tried the auto run, all looks normal.
Is there anything in particular I should look for or filter?
I typed DBS.serving and random in the filter but nothing is found
Spy hunter needs to be paid but it is not finding anything that needs attention
I tried the auto run, all looks normal.
Is there anything in particular I should look for or filter?
I typed DBS.serving and random in the filter but nothing is found
Spy hunter needs to be paid but it is not finding anything that needs attention
As I said <RANDOM> represents a random name and is not the name of the executable
Download a trial of Hitman Pro https://www.hitmanpro.com/en-us/hmp.aspx and share the results.
Download a trial of Hitman Pro https://www.hitmanpro.com/en-us/hmp.aspx and share the results.
ASKER
I used ESET online scanner also cannot find anything
ASKER
Hi! David,
Is there any software where I can remotely scan the user's PC and input the results here? I do not want to disrupt the user by accessing the PC to do installation and scanning.
Is there any software where I can remotely scan the user's PC and input the results here? I do not want to disrupt the user by accessing the PC to do installation and scanning.
The user is using a compromised computer. All of the tools require administrative access and be run on the affected computer.
When you ran autoruns did you run as an administrator AND did you also check the box to submit files to virustotal?
When you ran autoruns did you run as an administrator AND did you also check the box to submit files to virustotal?
ASKER
Are you talking about under the Autorun Scan options, put a tick against Check VirusTotal.com and put a tick for Submit Unknown Images?
Exactly
ASKER
I did the spyhunter scan and it found nothing.