I have the latest update of the McAfee antivirus (August 14, 2012). I see that the program detects and quarantines the JS/Blacole-Redirect.c (trojan) but does not remove the trojan. According to the McAfee website, the McAfee antivirus is supposed to remove the trojan. How do I get McAfee to remove the trojan? At this point, I have 340 detections and the system is still counting. I gather that the McAfee popup advising me of detection will continue until I remove the trojan manually. How do I rid my PC of this trojan?
If it's in quarantine then it's removed from harm's way. You should be able to delete it from the quarantine folder.
Open SecurityCenter by double-clicking the taskbar icon
Click Navigation at top right
Scroll down to Quarantined and Trusted Items
It should be in one of those sections from where it can be deleted.
I am new to the community and hit the wrong reply button. I meant for my reply to go to the following person!
Thank you for your suggestion. I deleted all of the entries [approximately 400, almost of which were related to the JS/Blacole-Redirect.c (trojan)] under the quarantine tab but the McAfee detection popup is still appearing at the rate of one every two minutes. I see that the same file [website-unavailable_com(1).txt] is being detected each time and is being placed under quarantine. Isn't McAfee supposed to remove trojans? Is there some way to remove this trojan? I went to the website (www.cleanpcguide.com/download/) and discovered that there are three tools to be manually applied in sequence. However, I am reluctant to invoke another set of tools from an unknown site. Should I simply try to delete the file called website-unavailable_com(1).txt?
I welcome your thoughts.
Try temporarily disabling System Restore as it could be that they are being detected in restore points, then boot into Safe Mode by tapping F8 repeatedly while booting up and right-click the hard drive in 'Computer' (My Computer in XP) and select scan. All you'll see is activity in the taskbar until it's finished.
Next step if it were me would be to download Stinger and try that, then Malwarebytes Free and try that, both linked in the last clickable link in my signature below.
I followed your advice: I disabled System Restore, booted into Safe Mode, right-clicked on the hard drive in My Computer, and ran a scan. I found no (zero) problems or detections. However, after I rebooted, I saw that McAfee started to return to its normal scanning and the McAfee detection popups, which claimed "Trojan Quarantined" and named "website-unavailable_com.txt" as the offending file, started to appear at the rate of one per minute. I subsequently disabled System Restore and downloaded and ran Stinger, which found no problems. I then downloaded and ran Malwarebytes Free and found three problems, all related to my Registry. After I deleted/repaired these problems, rebooted, and enabled System Restore, I see that McAfee has resumed and it is still producing its "Trojan Quarantined" popups at the rate of one per minute. I have sent a couple of examples from the quarantined area to McAfee, but I doubt that I shall hear anything from McAfee.
Thus, I welcome your thoughts and suggestions about possible next steps. I wonder whether you think that my internet provider (Comcast) is sending this trojan (JS/Blacole-Redirect.c) to me.
Let me know. Thank you. DBNolle
This is a puzzler because it should have been eliminated as per http://home.mcafee.com/virusinfo/virusprofile.aspx?key=1099388
I can only assume that something is not up to date on your machine. Are you totally up to date with all updates, including IE even if you don't use it as a browser?
Either that or you browser home page has some bad code on it or perhaps you have something plugged into the machine that is reloading whatever this is constantly?
I suggest you run Hijackthis and post its log on one of the forums listed in the last link in my signature, see further down, near the end for details and the download.
Thank you for your reflections on this problem and for giving the problem a wider audience.
According to Secunia 3.0, I am up-to-date on everything except two items: Sun Java JRE 1.5.x / 5.x and Python 2.7. The former (Sun Java JRE 1.5.x / 5.x) is apparently linked to an old program (SPSS 14) which I can uninstall while the latter is linked to a relatively new program. I can delete the former (Sun Java JRE 1.5.x / 5.x) because apparently it can not be updated and because it is apparently linked to the old program. If I delete or update the latter (Python 2.7), I shall lose some important functionality on my system because this functionality is linked specifically to Python 2.7.
I am guessing that the Sun Java JRE 1.5.x / 5.x might be the culprit because the trojan is java-based. However, I am disconcerted by the fact that the infected file keeps appearing under C:\Documents and Settings\David B. Nolle\Local Settings\Temporary Internet File\ContentIE5\HR98HNG9\website-unavailable_com.txt. I see that the only thing that changes with each infected file is the subdirectory prior to the file: For example, HR98HNG9 changes to 62Q67JXD. I sense that the trojan is trying to work with my Internet Explorer but McAfee is grabbing it before it can do its damage.
In any event, should I delete/uninstall Sun Java JRE 1.5.x / 5.x as the first step in this process of finding the source of my problem?
Please let me know. Thanks, David