contant script error messages due to virus

24 Jun 2012

Windows 7 Home Premium 32bit.
contant script error messages due to virus

babylon.exe managed to get on my windows 7 computer. Since then I keep getting script error messages on numerous web pages. I have deleted babylon but think it is still hiding somewhere.
I have followed debugging advice to no avail. I have also restore but am angry that windows 7 prevents me from going back far enough.
Does anyone know if a virus would be responsible and how I can prevent the script errors appearing?
I have followed numerous ideas but nothing is working and wonder if a return to factory settings is the only option left, altho0ugh I dont really want that. Thanks

24 Jun 2012

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit

Hello Mike and welcome to Seven Forums.

Once a virus infects a machine you can never be 100% certain that a removal tool has gotten rid of all traces. So depending on what removal steps you've already taken, I'd suggest using a free tool from Microsoft called Windows Defender Offline. It will start to scan your machine before Windows boots, which is something that most scanners don't do. They have to wait for Windows to boot before they start to work. Create your media from a machine that's not infected.

Windows Defender Offline

Once you've used WDO I'd then suggest using at least a couple more free on-demand scanners since no anti-malware program is 100% effective 100% of the time. (If there was such a thing we'd all be using it.) Some of the recommended free products are Malwarebytes | ESET | Superantispyware | Hitman Pro.

If your additional scans come back clean I'd next recommend you run a System file Checker scan from an elevated command prompt (option two) to rule out any damaged or corrupt system files. If any problems are noted, run the scan 3 times rebooting in between each scan.

SFC /SCANNOW Command - System File Checker

Post back if any of this helped or not. There are other things that can be tried that won't cause you to lose personal data, custom settings, etc. before having to resort to a factory reinstall or a clean install.
24 Jun 2012

Windows 7 Home Premium 32bit.

Hi Marc. Thanks for that. I'll post a thread later on to let you know if I have success
06 Jan 2013

windows 7 Professional 64 bit
Constant Script Error Messages - marsmimar's suggestions

Hello. I have recently developed many very annoying script error messages when on the web. Nothing I have done has gotten rid of them -- I have tried the usual options in IE9, many malware and virus scans, restores to earlier times, etc.. Stopzilla did quarantine two adware infections.

Marsmimar -- thanks for your suggestions. I did the Windows Defender Offline quick and full scans, and the System File Checker scan. All were clean.

You indicated there were other suggestions to try. Would you share these please?

07 Jan 2013
Microsoft MVP

Windows 7 Ultimate 32bit SP1

njkaruna, download AdWareCleaner AdwCleaner Download to your desktop
1.Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
2.Click on Delete button.
3.Confirm each time with OK.
4.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
07 Jan 2013

windows 7 Professional 64 bit
Thank You Jacee

I have done as you suggester Jacee. I had to disable Stopzilla though -- it saw AdwCleaner.exe as a Trojan and quarantined it each time I tried to load it. As a total layperson, it was a bit of a leap of faith to go ahead ....

Here is the log:

# AdwCleaner v2.104 - Logfile created 01/07/2013 at 18:39:07
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : anne - ANNE-PC
# Boot Mode : Normal
# Running from : \\ANNE-PC\Users\anne\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\iWon
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\Software\
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F1794F2-900B-4C81-8146-9234E5CC5BE2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21D9997E-5D2A-4737-BCBA-C958C0590295}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58E64AEE-516A-4DFC-AC38-31C50E8AF0F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F701D7D-C869-41F0-B0E2-8136F02B539C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{65D8E17B-312E-4E12-913B-A841A8631143}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BDA50D2-5597-4C68-A842-9B857FCCDA49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6CA3D0AB-F807-462C-BA7F-E27F07F91E32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F99D2AE-5C90-43C2-A2FE-81DBE512E2FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8997561D-CF0B-42C7-AAE6-78801B3ADC7F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{92580E8C-88F5-4551-9D9E-8147E7EE2C32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A786F51D-B3C7-4F52-91EF-E1A892C2A2AE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8AF87C1-0B1E-494B-AAF0-CECC3FFEDF99}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC4DAE-7794-4E16-9A98-F6001303DCD0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAB77009-B974-48DF-8229-E70CFAA11C69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EBAA6283-B61F-4DDD-9659-56635433A307}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB0C189-5077-4340-9838-AF7B8E792A54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFB4F034-3EB5-48D5-84DD-89BBCF9A182F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9D45087-1CF1-452E-9649-FDFDAC578E03}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF2EBC1C-6579-41DB-91DD-945A1C8DB2D2}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.97
File : C:\Users\anne\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.14] : homepage = "hxxp://",
Deleted [l.1557] : homepage = "hxxp://",
AdwCleaner[S1].txt - [4788 octets] - [07/01/2013 18:39:07]
########## EOF - C:\AdwCleaner[S1].txt - [4848 octets] ##########

So, what do you see here, and is there something that comes next? Thanks very much for your help!!
08 Jan 2013
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Tell me if you're still getting 'script errors' or being redirected.
08 Jan 2013

windows 7 Professional 64 bit
Thanks Jacee

Thanks again Jacee -- you are very kind to be so helpful!

I have done as you suggested and loaded TFC and then rebooted. Unfortunately, I am still getting the script error messages.

Do you have additional suggestions?

09 Jan 2013
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Click Control Panel -> Programs and Features. Tell me What version of Java is installed.
09 Jan 2013

windows 7 Professional 64 bit
Script Errors

Thanks Jacee.

It looks like I installed Java 7, update 10 on 12/18/12. I remember running across an icon on my desktop that was a log of a java fatal error from August. So I went on the Java website to send a "bug report," and as part of that I downloaded Java7, update 10. I have not heard from them, in fact I am not sure it arrived, as my login seemed to fail/stall. Now that I think about it, could that "fatal error" have anything to do with this script error issue? I can paste that log here if you like ....

Thanks Jacee.
