Solved Exploit-Blacole.gq | Could our PC be infected (Still)

[mrirondream]

Hey

I'm looking for anyone who knows a bit more about viruses - specifically a Trojan identified as something like JS/Exploit-Blacole.gq

I was doing a standard virus scan yesterday and my software (Bt Netprotect +) picked up 1 threat, named above.

Some websearches suggested this may be a recent virus, of more than average threat to a PC - so I'm wondering how secure my PC is now? My main question is:

What is the likelyhood that some other elements slipped past my defences?

Since the infection time (not know specifically but thought to be within the past 2 days) I have run
1 x Full scan with Bt Netprotect + [Eliminated a single instance]
1 x Full scan with windows Defendor [Found no further threats]
Several x Quick scans with Bt Netprotect + at varying times [Found no further instances]
This would suggest that my PC is secure, but if the virus is recent and sophisitcated (as reports suggest) how likely is it that something was not detected?

Anyone who knows more about this virus might be able to tell me if it's likely the 1 detected file was all that was downloaded. I'm hoping that the answer is yes: initially you pickup the 1 file, which later goes on to download further malicious files - and that Bt Netprotect effectively killed the horse before it let the army in.




Any further information is appreciated
With Thanks

MID

 

[marsmimar]

I'm not a malware expert, but there are two generally accepted truths.
1. Once a machine gets infected, you can never be 100% sure that 100% of the malware has been found and removed because:
2. No anti-malware product is 100% effective 100% of the time. (If there was such a product we'd all be using it.)

Having said that, it would be a good idea to scan your computer with some additional free tools. The more tools you use and the more scans that come back with "no malware found", the closer to 100% you'll be. Here are some recommendations.

Windows Defender Offline (the media must be created on a malware free machine and the machine must be the same architecture as the infected machine - 32 bit or 64 bit)

Malwarebytes

ESET Online Scanner

HitmanPro (unlimited free scanning but only 30 day license for malware removal)

SuperAntispyware

 

[Borg 386]

Encyclopedia entry: Exploit:JS/Blacole.GQ - Learn more about malware - Microsoft Malware Protection Center

More details are available in the Family description of JS/Blacole

JS/Blacole is a detection for a component of the Blackhole exploit kit - a kit used by attackers to distribute malware. Attackers install the kit onto a server, and then when you visit the compromised server, the kit attempts to exploit various, multiple vulnerabilities on your computer in order to install malware. For example, if you browsed a compromised website containing the exploit pack using a vulnerable computer, malware could be downloaded and installed onto your computer.

Typically, the Blackhole exploit kit attempts to exploit vulnerabilities in applications such as Oracle Java, Sun Java, Adobe Acrobat and Adobe Reader.

For more information on this exploit kit, and steps you can take to avoid being compromised, please see the detailed Blacole description, elsewhere in our encyclopedia.

It would definitely be a good idea to run the tools marsmimar has suggested. Viruses have a nasty habit of bringing in more viruses once a system is compromised. And as marsmimar stated, the only way to be 100% sure you have a clean machine is to do a clean install.

 

[mrirondream]

How do I go about a clean install?

And How can I transfer personal files without compromising any harddrive I connect to my laptop?

 

[Borg 386]

Transferring files from a infected PC always carries the risk of inadvertently bringing a virus over. The first thing you should do is run the above mentioned tools as well as TDSSKiller to insure your machine is as clean as possible.

Then transfer the files to a CDR or USB drive. When you have finished reinstalling windows, make sure that autoplay is disabled on the clean PC, insert the USB/Disk & scan it with the AV you have on your system, as well as the tools marsmimar has recommended.

It's also a good idea to run your files through VirusTotal. This is a site that has multiple AV engines to scan files. (32MB File size limit)

Here is a tutorial on doing a clean install.

http://www.sevenforums.com/tutorials/1649-clean-install-windows-7-a.html

In the future you may wish to make a system image & the next time you are hit by something, you can just restore your PC to the state it was in when the system image was made.

http://www.sevenforums.com/tutorials/663-backup-complete-computer-create-image-backup.html

 

[mrirondream]

I'd like to say thanks for the advice.
We've got a new system now and haven't noticed any problems thus far

fingers crossed!
MID