cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

WScript.exe reading index.dat

Sorry, this may be in the wrong section (I apologize if so) & I also apologize that this seem like a re-post as someone had one here ==> https://community.mcafee.com/thread/20485

However, it went unanswered for roughly 4 years and I've recently been experiencing it.

I downloaded the Process Monitor as someone suggested from that thread, but I haven't installed it yet, should I proceed?

8 Replies
Highlighted

Re: WScript.exe reading index.dat

What product do you have that link aims at an enterprise issue.

Highlighted

Re: WScript.exe reading index.dat

My apologies, this is indeed the wrong section. When I tried creating a new thread (from that enterprise issue link), it seems to have directed me here in Endpoint Security...

Can you please move this to the proper section?

I'm have VSE 8.8, and this was meant to be posted in VSE/Discussions

Re: WScript.exe reading index.dat

Done.Good luck

Highlighted

Re: WScript.exe reading index.dat

Thank you very much Peacekeeper.

I don't know if tis helps, but I downloaded a bunch of programs and ran tests with McAfee disabled. (Malwarebytes, RogueKiller, AdwCleaner, Kaspersky Virus Tool, McShield 2)

I deleted logs for Malwarebytes' Anti-Malware, but I remember it cleaning something like pup.optional.opencandy., and then 2nd time was clean.

I also deleted some AdwCleaner logs, but I've kept the most recent ones.

And then the logs for RogueKiller (I deleted one before the date below, which had the most results)

McShield 2 (for USB just in case) and Kaspersky were clean results.

--------------------------------------------------------------------------------

# AdwCleaner v3.002 - Report created 01/09/2013 at 23:53:44

# Updated 01/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Name - MY-PC

# Running from : I:\Programs\AdwCleaner.exe

# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\hjzp1l4i.default\prefs.js ]

-\\ Google Chrome v29.0.1547.62

[ File : C:\Users\Name\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R15].txt - [1435 octets] - [01/09/2013 23:53:44]

########## EOF - C:\AdwCleaner\AdwCleaner[R15].txt - [1496 octets] ##########

==================================================================

RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Name [Admin rights]

Mode : Scan -- Date : 09/02/2013 00:03:17

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤

[SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 81321771 (C:\Windows\system32\DRIVERS\81321771.sys [7]) -> FOUND

[SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 81321771 (C:\Windows\system32\DRIVERS\81321771.sys [7]) -> FOUND

[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 81321771 (C:\Windows\system32\DRIVERS\81321771.sys [7]) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (localhost:21320) -> FOUND

[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\GPHOTO~1.SCR [7]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 1 ¤¤¤

[Name][SUSP PATH] _uninst_81321771.lnk : C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_81321771.lnk @C:\Users\Name\AppData\Local\Temp\_uninst_81321771.bat [-] -> FOUND

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1    www.007guard.com

127.0.0.1    007guard.com

127.0.0.1    008i.com

127.0.0.1    www.008k.com

127.0.0.1    008k.com

127.0.0.1    www.00hq.com

127.0.0.1    00hq.com

127.0.0.1    010402.com

127.0.0.1    www.032439.com

127.0.0.1    032439.com

127.0.0.1    www.0scan.com

127.0.0.1    0scan.com

127.0.0.1    www.1000gratisproben.com

127.0.0.1    1000gratisproben.com

127.0.0.1    1001namen.com

127.0.0.1    www.1001namen.com

127.0.0.1    100888290cs.com

127.0.0.1    www.100888290cs.com

127.0.0.1    www.100sexlinks.com

127.0.0.1    100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1059GSMP +++++

--- User ---

[MBR] d81af62b84f9232e26b3397e63b35666

[BSP] 068733cfa271e4162a8c576d679718bc : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 935335 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA MK1059GSMP +++++

--- User ---

[MBR] 55bfb0d64d58c600780bcb3ae3caef06

[BSP] 5f18ed01b81868c390d22c4e87f96de6 : MBR Code unknown

Partition table:

0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 30543 Mo

User = LL1 ... OK!

Error reading LL2 ... OK!

Finished : << RKreport[0]_S_09022013_000317.txt >>

---------------------------------------------------------------------------------

RogueKiller V8.6.8 _x64_ [Sep  2 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Name [Admin rights]

Mode : Scan -- Date : 09/02/2013 15:56:46

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 00447832 (C:\Windows\system32\DRIVERS\00447832.sys [7]) -> FOUND

[SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 00447832 (C:\Windows\system32\DRIVERS\00447832.sys [7]) -> FOUND

[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 00447832 (C:\Windows\system32\DRIVERS\00447832.sys [7]) -> FOUND

[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\Windows\GPHOTO~1.SCR [7]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

The rest of the log is the same as 1st one, so, I cut it short.

I hope this info helps.

Message was edited by: iceprincess on 9/2/13 6:51:49 PM CDT
Highlighted

Re: WScript.exe reading index.dat

BTW we mods are comsumer moderators we do not know the enterprise products and only move posts there so enterprise users and Mcafee staff can assist you. Good luck

Oh does or rather did your hosts file have all those sites in it? If so maybe a default hosts file needs to be loaded.

Message was edited by: Peacekeeper on 3/09/13 11:28:00 AM
Highlighted

Re: WScript.exe reading index.dat

Yup, those were added by Spybot S&D

Highlighted

Re: WScript.exe reading index.dat

Ah ok  thanks

Highlighted

Re: WScript.exe reading index.dat

Peacekeeper wrote:

BTW we mods are comsumer moderators we do not know the enterprise products and only move posts there so enterprise users and Mcafee staff can assist you. Good luck

Okay, thanks. I'll wait and see if there's anyone that will help. Hopefully it won't end up like previous thread, 4 years and no real answer.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community