Help identifying file MSE identifies as problematic

Topic

New Reply

I have MSE installed on W7pro 64 desktop.
During the last week it has started to ‘identify items we would like to look at further’ and inviting me to send the info to MS for further investigation. Initially I did send it but after a few days I wondered whether something was amiss so I stopped sending it. Running a scan does not identify anything. The files in question are C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/api[1].js
The quarantine shows occurrences of this file and classes it as dangerous recommending immediate removal.

I also have malwarebytes pro which does not identify anything amiss. Any body got any contents on this situation.

Reply | Quote

Replies

I moved this to its own thread. Please do not hijack another thread.

Joe

--Joe

Reply | Quote

Submit the file to an online checker to see if anything is amiss. Apart from that ignore I would those MS messages.

cheers, Paul

Reply | Quote

Since the file in question is in the Temporary Internet Files folder, you can safely delete it. In fact, I recommend that you hold your shift key down while deleting it, so that it is permanently deleted.

Go to the C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/ folder, highlight everything in it, and then while holding the shift key down, delete the entire contents of the folder.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

According to the file name it’s a JavaScript Application Programming Interface file. Ummm, OK?

Reply | Quote

Well, I have 1.200+ *.js files on my system drive, from a very quick look, almost all seem to have a fairly descriptive name. The majority aren’t directly related to web browsers either, they’re for 3rd party applications from companies like Samsung, Apple, Blackmagic Design, as well as default files from MS.

It’s what this particular js script does, or what the fingerprint of it flags up is more important.

Reply | Quote

Does it really matter what it does? Isn’t the main thing to get rid of it?

Since the only thing found was in the temporary internet files folder, I think he can safely delete the entire contents of that folder and be done with it. That is the easiest way to solve the problem, in my opinion.

He can rescan afterwards, just to make sure.

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

I have tried deleting the Temp Internet folder and twice now the file in question has returned. Although I haven’t had any recurrence in the last five days so I’m hoping I’ve seen the last of it.

Reply | Quote

Sounds like you are visiting a website which is putting this file onto your computer. It could be a website you chose, or one of the many “pass-through” tracking websites that we all pass through on our way from one website to another (e.g. Googleleads, etc).

Group "L" (Linux Mint)
with Windows 10 running in a remote session on my file server

Reply | Quote

The files in question are C:users/myaccount/appdata/local/microsoft/windows/temporary internet files/low/content IE5/9YWZQSZM/api[1].js
The quarantine shows occurrences of this file and classes it as dangerous recommending immediate removal.

I also have malwarebytes pro which does not identify anything amiss. Any body got any contents on this situation.

If it returns again, try submitting it to reverse.it for free analysis and let us know the results, e.g. the URL for the scan result.

reverse.it seems to carry out a more in-depth analysis than VirusTotal and the scan results are quite detailed. Have a look at Files in the Submissions menu for examples of analyses of other .js files.

Hope this helps…

Reply | Quote