Liveupdate.js

[Ch@n]

Glad your issue was sorted out and thanks for posting back

 

[Layback Bear]

First of all I'm happy your computer is working as it should be. I have read all this twice and I'm still confused.
1: What caused the problem?
2: What has been done to make sure it doesn't happen again.
3: Why wouldn't sfc /scan do the same thing that the registry tool did.

 

[theog]

First of all I'm happy your computer is working as it should be. I have read all this twice and I'm still confused.
1: What caused the problem?
2: What has been done to make sure it doesn't happen again.
3: Why wouldn't sfc /scan do the same thing that the registry tool did.

Hope this help>

1) OP installed a program with a virus inside.
2) Norton delete the virus, but did not uninstall the program.

 

[Jacee]

Hi Layback this is a Trojan:

Troj/Drop-FS is a Trojan dropper for the Windows platform.

Troj/Drop-FS attempts to drop a number of files to the <CommonFiles>\ComObject and <Application Data>\AMozilla\AFirefox\Profiles\ff.profile folders, including the following which are detected as Troj/Selite-A:

<CommonFiles>\ComObject\liveupdate.js
<CommonFiles>\ComObject\SP.exe
<CommonFiles>\ComObject\wSock.exe
<CommonFiles>\ComObject\AdvBox32.dll

Troj/Drop-FS attempts to run liveupdate.js, and sets the following registry to run it automatically:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TaskMngr
wscript.exe <CommonFiles>\ComObject\liveupdate.js

Troj/Drop-FS may be downloaded by code exploiting the CVE 2010-1885 vulnerability

 

[shanefromoz]

Very informative Jacee well done.
Microsoft probably should fix this exploit.

 

[Corrine]

Sorry, shanefromoz. It is not an exploit that Microsoft can fix when infected files are downloaded.

 

[shanefromoz]

Im sure they can stop the files getting to that part of the op system.
Like a lock on that file without permission.