locked
Re: JS/XILOS virus RRS feed

  • Question

  • Good morning all, a couple of days ago LiveOnecare told me I was infected with the JS/XILOS virus. I clicked 'clean'. After the 'clean' I got a new window which said the prog had stopped the virus but needed to scan my comp to clear it. I clicked scan...after the scan I was told nothing was found. This morning I got the exact same note..LiveOneCare had detected this virus again so I'm now going through the same routine as before but as Live OneCare failed to clean it last time I'm not very hopeful of success.

    I've searched for this virus in the 'search' on this page and it says nothing found which surprise me as this virus is clearly logged in the McAfee and Symantec sites.

    Does anyone have any advice on how I might manually clear this virus as my confidence in LiveOneCare is waning.

    Regards

    Bryan

    Tuesday, December 2, 2008 9:50 AM

Answers

All replies

  • I suspect that the virus is either loading from your browser's cache or it has embedded itself into your System Restore points. In any event, since OneCare has not completely eradicated it:

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx  for details.  For international information, see your local subsidiary Support site.

     

    -steve

    Tuesday, December 2, 2008 1:12 PM
    Moderator
  • I'm experiencing the same things with this.  Additionally I'm getting a URL popping into the monitor trying to direct the Explorer to [deleted URL]

    The above URL appears to direct you to different commercial sites each time you try it.

     

    I can't seem to find much about this URL.  I saw a forum post from the UK explaining the same problem.

    Wednesday, December 3, 2008 1:56 PM
  • topsec:

    Please see my previous reply for how to contact support for help. If you aren't using OneCare, you are off topic for this forum.

    -Steve

    Wednesday, December 3, 2008 2:34 PM
    Moderator
  • Stephen, many thanks for the advice on how to contact support. However in my effort to clean my comp' I eventually found myself here   http://www.microsoft.com/security/malwareremove/default.mspx

     

    Despite the fact that Live OneCare, after notifying me of the infection, saying it had stopped the bugs, and telling me to carry out a scan to ensure the infection was cleared at the end of which I was told Live OneCare did not find anything amiss this tool did, 4 items in fact including the JS/XILOS bug, a trojan: win32/cutwail, the vir tool: winnt/cutwail k and something else which I forgot to note which it then, after prompting from me, removed.  This of course begs the question if I am paying Microsoft for Live OneCare why isn't this the standard scan offered with the product as it is obviously much more efficient.

    Delving further I found myself here 

    http://onecare.live.com/site/en-US/center/howsafe.htm?s_cid=mscom_msrt so I used the 'Clean Up'. The report from this tool was brilliant and it really did  good job so one wonders if this is the scan offered with Live One Care simply because this tool appears to be so much better.

     

    Incidentally, these bugs may have come from the Bebo site because the only thing which was done out of our normal use of the internet was my son clicking onto two 'you have a new message from' links which were from people he didn't know but which turned out to be invitations from women to chat on-line. He only went from the notification page to the page where where the message is posted in full so I can only assume this is where the bugs came in. And yes I know this where he went and all he did 'cos I was there because the Bebo stuff comes in on my e-mail.

     

    Bryan

    Thursday, December 4, 2008 10:21 AM
  • Hi, Bryan. The online scanner and the installed scanner are pretty much the same as they use the same engine and signatures, though it is possible that the online version had a newer signature set than the PC did when the infection was contracted and your PC scanned. The PC version checks for updates a few times daily, if you are connected, and not every signature update makes it to release for the client, while the server version will be updated frequently to address the ever changing security threats that are uncovered.

    -steve

    Thursday, December 4, 2008 3:18 PM
    Moderator
  • I had the same issue, but while the OnceCare scan was running a second window opened.  It says "OneCare is cleaning unwanted software".  I figured this was part of the virus scan.  Well, that was 15 hours ago.  The virus scan since completed and removed two instances of the JS/Xilos virus, but this other task is still running.  It doesn't appear to be doing anything - it isn't using much, if any, CPU.  Is it OK to cancel this or should I let it finish?
    Monday, December 22, 2008 11:27 AM
  • I'd kill the task and reboot the PC. If the infection reappears, I'd contact support.
    -steve
    Microsoft MVP Windows Live / Windows Live OneCare Forum Moderator
    Monday, December 22, 2008 1:34 PM
    Moderator
  • The exact same thing happened to me right after I installed 'Advance System Care Professional'.  Not saying it was packaged with the program, but it sure seems strange that the message popped up right after I installed it.

    Wednesday, April 29, 2009 7:15 PM