# [SOLVED] What is JS/Exploit-Blacole.i?



## LeftIsTrembling (Jul 1, 2007)

McAfee found it in a Java cache folder on my computer. It quarantined it.

Should I have anything to worry about, or am I good. It only found it in to locations.

Both locations were in C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\Cache\6.0\45 and C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\Cache\6.0\34.

Both were quarantined. I can't find much information on this specific form "JS/Exploit-Blacole.i"

UPDATE: Running Malwarebytes as well.


----------



## JMPC (Jan 15, 2011)

*Re: What is JS/Exploit-Blacole.i?*

Check to see which versions of Java you have installed. Uninstall any of the older version and either don't install the new one if you don't need Java or install the latest version from Java.com


----------



## LeftIsTrembling (Jul 1, 2007)

*Re: What is JS/Exploit-Blacole.i?*

I have Version 6 Update 31 (1.6.0_31)

So all I should is fully uninstall Java and reinstall it?


----------



## LeftIsTrembling (Jul 1, 2007)

*Re: What is JS/Exploit-Blacole.i?*

I have completely uninstalled Java. Still waiting on the results from the Malwarebytes scan.


----------



## tetonbob (Jan 10, 2005)

*Re: What is JS/Exploit-Blacole.i?*

Clear Java's cache also, or be sure to remove those appdata folders if the uninstall did not remove them.
C:\Users\***\AppData\LocalLow\Sun


JS is Java Script related.

Blacole is related to Black Hole Exploit.

"i" is the latest variant as detected by McAfee.

The MS Malware Encyclopedia does not have an "i" variant, but you can gather enough general info from here to understand what is going on.

Encyclopedia Search Results: JS/Exploit-Blacole.i - Learn more about malware - Microsoft Malware Protection Center


----------



## LeftIsTrembling (Jul 1, 2007)

*Re: What is JS/Exploit-Blacole.i?*

Ok, I will tell McAfee to shred C:\Users\***\AppData\LocalLow\Sun (including the subfolders in it).

Malwarebytes is still running, but it hasn't found anything yet

Is there anything else to do?


----------



## tetonbob (Jan 10, 2005)

*Re: What is JS/Exploit-Blacole.i?*

If McAfee and Malwarebytes do not find anything now, and there are no additional symptoms, you should be fine. You can follow up with an online scan at Eset
ESET :: Get a FREE Online Virus Scan

or run through our malware removal assistance procedures, post some logs and let one of the helpers take a look.

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through *all *the steps, please post the requested logs in the Virus/Trojan/Spyware Help  forum, *not here.*

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


----------



## LeftIsTrembling (Jul 1, 2007)

*Re: What is JS/Exploit-Blacole.i?*

OK. Thanks for the help. After the Malwarebytes is done, I will re-run McAfee and maybe Eset.

If something shows up, I'll follow your post protocol.

Anyways, once again. Thanks for the help.


----------



## tetonbob (Jan 10, 2005)

*Re: What is JS/Exploit-Blacole.i?*

:thumb: Glad to help.


----------



## LeftIsTrembling (Jul 1, 2007)

*Re: What is JS/Exploit-Blacole.i?*

https://community.mcafee.com/message/233083

I made a post on the McAfee end. This is worse than thought...


----------



## tetonbob (Jan 10, 2005)

*Re: What is JS/Exploit-Blacole.i?*

Did you read the links I provided about Black Hole?

It's always a good idea to change passwords anyway, from a known clean computer. 

Before performing any sort of actions as outlined there, I'd have some analysis logs examined as I outlined. 

Just because it was on the machine does not mean the exploit was used.

You may get differing opinions when you post to multiple forums. I'm not going to engage in speculation about how bad it is on your machine without analysis logs. I would NOT fix an MBR without some tool indicating it is infected. That seems irresponsible to me to suggest.

"disable System Restore"

Again, a BAD idea. A dirty restore point is better than none at all. NEVER disable system restore until after you are sure a machine has been cleaned.

If the Java Script was stopped before it was used, then that's the end of it. There's no way to tell from discussion. Analysis logs are required.

Are you experiencing redirected web searches?


----------



## LeftIsTrembling (Jul 1, 2007)

*Re: What is JS/Exploit-Blacole.i?*

I have not been seeing any redirects of that such.

What logs do I look for?


----------



## tetonbob (Jan 10, 2005)

*Re: What is JS/Exploit-Blacole.i?*

See post #7.


----------



## LeftIsTrembling (Jul 1, 2007)

*Re: What is JS/Exploit-Blacole.i?*

I have posted my logs
http://www.techsupportforum.com/for...oit-blacole-i-what-do-636340.html#post3668744


----------

