Hi. Earlier today, "Symantec AntiVirus Corporate Edition's Realtime Virus Protection" found a virus, but said that it was unable to quarantine/remove it. I think the first thing I did was to delete my temporary internet files. Next, I opened up Symantec AntiVirus and scanned my entire computer, but no viruses were found. Oh, wait. Before I go on, I'd better say that this post is going to be sort of long. But I'm going to try to tell you everything that I think might be relevant, in the hopes that it might prove useful. However, when I click on the Virus History list, it shows the following information: Filename: shellscript[1].js Virus Name: Downloader.Trojan Virus Type: File Action Taken: Left Alone Status: Infected Scan Type: Realtime Protection Okay, realtime protection failed to remove the virus, and running a computer scan failed to find the virus. Next, I went to Symantec's website and searched for information on the virus. They didn't have any information on "shellscript[1].js". They did have information on "Downloader.Trojan", though, and showed steps for its removal. Those steps were as follows... 1. Disable "System Restore" 2. Update Symantec AntiVirus's virus definitions 3. Restart computer in Safe Mode 4. Run Symantec Antivirus scan, and write down the path/filename for all the files found. Delete them. 5. Update the registry, removing the registry values containing the infected filenames. I only got to step 4, though. ALL of the scans I have done have failed to find any viruses. So, failing to find the virus, I went to Symantec AV's Virus History list, and it showed the current location. So, I copied that location from the list and pasted it into Windows search utility. 24 matches were found, but these were all temporary internet files from Symantec's website. Since I didn't visit Symantec's website until AFTER I got the virus, it didn't seem right that the virus would be located in files that I only got after the virus. But regardless, I did ANOTHER virus scan, this time limiting it to the folder where my virus is supposed to be. Still no positive search results. I don't know what to do. I apparently have a virus, but I can't for the life of me manage to even find it. I don't see any way it could have been deleted. One more thing. When I run Adaware 6.0, it shows exactly one more running process than I had before. But when I go to Windows Task Manager and click on the Processes tab, none of the listed processes are new. I need help. I haven't noticed my computer acting strangely since I got the virus, but that's part of what scares me. I'm sort of worried that it's trying to remain hidden so that it can do some really nefarious deeds without being detected. If anyone knows anything about Downloader.Trojan or shellscript[1].js, please give me some advice on how to get rid of this virus. Thank you.

hi compnoob, most anti-virus software do not have anti-trojan engines, save kapersky labs anti-virus. you will need an anti-trojan to delete the trojan and clean and repair your registry. go to www.thepublicworks.com, scroll down to payware and link to trojan hunter anti-trojan, download free 30 day trial, get the latest defintions, follow the instructions that norton gives right up to number 5, then scan with trojan hunter and delete all files it comes up with, then clean your cache, temp files, history and cookies folders, clean your recycle bin, then reboot into normal mode. in normal mode re enable your system restore. while at the www.publicworks.com, go to security section, and get yourself the free process explorer from sysinternals, and free registry monitor from regprot. all the best, murve

Thanks, murve! I actually ran that Housecall program before you got a chance to reply to me. It didn't find the shellscript[1].js file, but it did find a Trojan called "JS JECT.A." I looked at the path for it, and it was nearly identical to where Symantec was saying that the Shellscript[1].js Trojan was. I also did google searches on both "shellscript[1].js" and "JS JECT.A" and understood almost none of what i read (hence the name compnoob :) ). Funnily enough, I wasn't able to find any information on "shellscript[1].js", but I found a lot of unintelligible (for me) information on "shellscript.js". Now, I don't know if shellscript[1].js is the same thing as shellscript.js. But the documentation on shellscript.js that I was able to understand related it to a process called msits.exe. When I did a google search on "JS JECT.A", I also found that that Trojan is related to a process called msits.exe. Which leads to my question. I've run Symantec Virus Scan numerous times with no results, (minus the initial realtime protection which found the shellscript[1].js trojan). I've run Housecall numerous time, and the only file houisecall found was JS JECT.A (which, based on my limited research and comprehension, appears to be similar to shellscript.js [not shellscript[1].js; I've still found no information on that]). And on your advice, I also got the trial version of Trojan-Hunter, which managed to find another adware Trojan (unfortunately, I didn't remember to take note of its filename, but I remember that it wasn't shellscript[1].js). So... 1) Is shellscript[1].js the same thing as shellscript.js? 2) Is it possible that Symantec would have recognized the Trojan as "shellscript[1].js", while Housecall would have recognized it as "JS JECT.A"? Given the apparent similarities between "shellscript.js" and "JS JECT.A", is it possible that they are actually the same thing? I thank you very much for your information, especially since it did in fact detect an adware Trojan that had previously gone undetected. But I've still been completely unable to find a Trojan on my computer called "shellscript[1].js". And, unless "shellscript.js" is the same thing as "shellscript[1].js", I've been completely unable to find any information on the Trojan that was initially detected. So...what would you recommend that I do? For the moment, should I just keep running virus, adware, and Trojan scanners to be sure that my PC stays clean? Should I look for another Trojan scanner? Since first infection, I've managed to find two Trojans (one of which seems similar to the initial Trojan based on my comprehension of Google searches), but I've been completely unable to find the Trojan with the same filename as what Symantec Realtime Protection initially identified. Am I clean, or do you think "shellscript[1].js" may still be hidden somewhere on my PC?

got the same problem tonight .. - if I find any solutions i will let you know, Any progress on yours ? cheers, Iain

I have a very similar problem. Symantec AntiVirus Corporate Edition's Realtime Virus Protection" found a virus, but said that it was unable to quarantine/remove it. I opened up Symantec AntiVirus and scanned my entire computer, but found nothing. Filename: HP2[1].CHM Virus Name: Downloader.Trojan I went to Symantec's website and followed the steps for removal. Like Compnoob,I only got to step 4 since the scans failed to find any viruses. I got TrojanHunter, as murve suggested, but it also didn't find anything. I did update the rules. I even made it scan exactly in the folder where Symantec AntiVirus said the file was located. Would totally appreciate help!

Have the same damn problem Downloader.trojan C:\Documents and Settings\..\Local Settings\Temporary Internet Files\Content.IE5\KPQFOXQN\shellscript[1].js Help! Seems impossible to find it! Db

One more thing... I have noticed Class3SoftwarePublishers keeps re-adding itself into TempIntFiles; also Content IE5 is impossible to delete... I am trying everything but nothing seems to work to get rid of this! Heeelp!!! Db