Yet another "Windows is driving me nuts" thread
#1
The pop up won't stop.

It keeps demanding that I run "Just In Time Debugging" using a windows debugging program.

This auto annoyance has gotten my wife angry, and me disgusted with Bill Gates.

What is this thing?

I have run my anti virus and Malwarebytes, and I looked for the program and found in installed in 2003, when I bought the PC.

How do I get this thing to stop, it interrupts any and all other functions. VS7JIT.EXE

When I find who wrote this script, I may consider mayhem.

Occhi
Cry 'Havoc' and let slip the Men 'O War!
In War, the outcome is never final. --Carl von Clausewitz--
Igitur qui desiderat pacem, praeparet bellum
John 11:35 - consider why.
In Memory of Pete
Reply
#2
You got yourself a bitch of a virus there. My dad had one similar a few months back. I ran MSE, Malwarebytes, and finally CCLeaner. I believe the CCleaner was the one that finally fixed it so you may want to give that a try.

My understanding is that VS7JIT.EXE is used for remote access debugging and you most likely have some sort of infection trying to abuse it.

Good luck, I'll keep my fingers crossed for you.
Reply
#3
If it isn't something masquerading as VS7JIT.EXE, then that is part of the visual studio.net debug kit. It can be including in self executing apps that use the .net framework so you don't need to have the full Visual Studio installed. Office Professional can also end up installing it depending on your selections.

You should actually be able to remove it, from the Add/Remove programs options, though you may have to remove the parent program that installed it (.net framework, visual studio .net runtime, the extra debugging options in MS Office, usually installed with Excel or Publisher).

You could also reboot in safe mode, delete the file (typically in C:\Program Files\Common Files\debug though can be in other sub folders). Check task manage for the process, and kill it, then reboot.

However since it isn't a standard windows file, as mentioned several virus will take the name in which case removal can be trickier. Chesspiece_face mentioned a few utilities http://housecall.trendmicro.com/ can also be quite helpful.
---
It's all just zeroes and ones and duct tape in the end.
Reply
#4
Hi Occhi,

(12-04-2010, 12:07 AM)Occhidiangela Wrote: The pop up won't stop.

It keeps demanding that I run "Just In Time Debugging" using a windows debugging program.

Maybe this blog entry will help you.

If it doesn't, could you be more specific about what happens? When does the pop-up appear - every time you boot the machine, or randomly while you're using it, or when you do a specific action? Since when ist this happening - after you installed something new, or downloaded something, ...?

If it's really malware, you could also try some of the free online scan engines most anti-virus vendors offer. Different detection engines can find different malware. Try googling for "XXX online scanner" with XXX being one of the major AV vendors (kaspersky, avg, symantec, trend micro, ...). If one of them detects something but cannot remove it, post back here with the scan result.

Oh, and if one of the scanners manages to locate a malware file, I'd be very interested to get a copy before you let the AV software remove it. As a malware researcher, I'm always looking for new samples. Smile

-Kylearan
There are two kinds of fools. One says, "This is old, and therefore good." And one says, "This is new, and therefore better." - John Brunner, The Shockwave Rider
Reply
#5
(12-04-2010, 12:07 AM)Occhidiangela Wrote: VS7JIT.EXE

The Virus Total Scanner website allows you to upload a file and it scans it with multiple virus scanners. Last time I used the site it was using forty or so different ones.

Almost all files I've uploaded first produce a message saying that the given file name has already been scanned. I select the option to scan it anew in case the file I have is different from what it has seen before.
"Nothing unreal exists."
-- Kiri-kin-tha
Reply
#6
Thanks. Next time it pops up, I'll try to preserve what I find for Kylearan.

Trendmicro is the anti virus I have.

Will try CCleaner.

Will report results.
Cry 'Havoc' and let slip the Men 'O War!
In War, the outcome is never final. --Carl von Clausewitz--
Igitur qui desiderat pacem, praeparet bellum
John 11:35 - consider why.
In Memory of Pete
Reply
#7
Just In Time debugging is a Windows feature intended to let you attach a debugger to a failed program so that it can be examined before you let it die. This is an alternative to the classic "X has encountered an error and needs to close. We are sorry for the inconvenience" dialog. Assuming that the VS7JIT mentioned is legitimate, this means that you have some buggy program that keeps dying and Windows is offering you a chance to debug it. If you were the author (or a dedicated tester for the author), this would be very handy. As an end user, it is just an annoyance. VS7JIT is not the problem. It is the solution to a problem with some as-yet-unidentified program, which may or may not be malicious. Next time it happens, please put the JIT window aside and grab a full process list. Then dismiss the JIT window as you have done before and collect another list. Compare the two to see which process(es) were present in the first and absent in the second. This may allow us to determine which program keeps dying. A screenshot of the JIT window could also be helpful. It has been a long time since I had anything die on me like that, but I thought that it included text on the window that indicates what died.
Reply
#8
Thanks, VL, as I turned on the PC today and cleared out some old Email, the VS7JIT popped up ... and then I got yet another bogus "microsoft security" alert that isn't the real thing. I am running Trend Micro devices, but I kept getting pop ups.

Trend detected (I am running xp) a file in c _ docs and settings _ network something ... I went to find the directory. It is a hidden directory. Malware bytes scan was finding a few things when I started getting pop ups galore, to include a random porn site in IE. Didn't get a screen capture, as I began the close it clickfest problem. PC turned off. I may turn it on again, and begin to write down the problems. I close stuff in Task Manager, and they open up again rather soon.

I suspect IE is the source of my problem.

It was from there that, when the missus clicked on some image on a medical site, that our troubles began.

Anyway, this is quite the joy.

I was going to buy her a new PC last month, until my son's tuition bill (and other issues) arrived.

I may end up spending a few bucks at the local PC doctor to get this cleaned out if I can't get it further sorted.

What galls me is that Trend Micro (which I get free from work) finds the stuff, but can't seem to keep it off of my machine.

This is new. Had not had a problem for about 18 months with any virus ... I am convinced that the Missus did something that she isn't PC savvy enough to know was significant ... that hasn't helped my troubleshooting.

Oh well.
Cry 'Havoc' and let slip the Men 'O War!
In War, the outcome is never final. --Carl von Clausewitz--
Igitur qui desiderat pacem, praeparet bellum
John 11:35 - consider why.
In Memory of Pete
Reply
#9
Read a report a while ago that you're more likely to get a virus from a trending site than a porn site.
Alea Jacta Est - Caesar
Guild Wars account: Lurker Wyrm
Reply
#10
(12-13-2010, 11:28 PM)Wyrm Wrote: Read a report a while ago that you're more likely to get a virus from a trending site than a porn site.

What is a trending site? Are you reffering to Trend MIcro devices anti virus company or something else?
Cry 'Havoc' and let slip the Men 'O War!
In War, the outcome is never final. --Carl von Clausewitz--
Igitur qui desiderat pacem, praeparet bellum
John 11:35 - consider why.
In Memory of Pete
Reply
#11
Quote:What galls me is that Trend Micro (which I get free from work) finds the stuff, but can't seem to keep it off of my machine.

Maybe try rebooting in safe mode with networking, update Malewarbytes, and rescan. Sounds like your system has been hijacked and won’t let any scanners function. If I have read correctly it is a non-stop popup right? If Trend Micro is catching it but it comes back then the source file has not been quarantined.

Malewarebytes normally catches everything virus scanners miss but needs to be up to date and ran from a safe mode environment.
"Smokey, this is not 'Nam. This is bowling. There are rules."
Reply
#12
Thanks, I'll try that, been up to my arse in alligators at work lately, and now have a day to mess with her old PC.

Got her a new one ... which I was gonna do a few months ago anyway.

Will advise if safe mode helps.

Occhi

(12-14-2010, 03:47 AM)tacdriver Wrote:
Quote:What galls me is that Trend Micro (which I get free from work) finds the stuff, but can't seem to keep it off of my machine.

Maybe try rebooting in safe mode with networking, update Malewarbytes, and rescan. Sounds like your system has been hijacked and won’t let any scanners function. If I have read correctly it is a non-stop popup right? If Trend Micro is catching it but it comes back then the source file has not been quarantined.

Malewarebytes normally catches everything virus scanners miss but needs to be up to date and ran from a safe mode environment.
Cry 'Havoc' and let slip the Men 'O War!
In War, the outcome is never final. --Carl von Clausewitz--
Igitur qui desiderat pacem, praeparet bellum
John 11:35 - consider why.
In Memory of Pete
Reply
#13
(12-13-2010, 10:56 PM)Occhidiangela Wrote: Thanks, VL
vL is the clan tag. Kp is my handle. Wink
(12-13-2010, 10:56 PM)Occhidiangela Wrote: I close stuff in Task Manager, and they open up again rather soon.
There are probably secondary processes spawning it, or it could be a helper file loaded into one of your otherwise legitimate processes. Process Explorer could show you ancestry, which might help. However, it sounds like this system has gone so far rogue that I would not like to spend much time running it. Although unpleasant, my preferred remedy at this point would be to boot to safe mode or an offline environment (difficult for Windows, unfortunately), copy what files you want, then wipe the system and reload it with a base XP image.
(12-13-2010, 10:56 PM)Occhidiangela Wrote: I suspect IE is the source of my problem.
IE is the source of many Windows users' problems. Whenever possible, avoid IE, especially if the user sitting at the console is not a technically minded sort. If IE is unavoidable (and it is for some sites), use the latest version of IE you can get for the host system. I believe IE8 is still usable on XP, though IE9 is planned not to be.
(12-13-2010, 10:56 PM)Occhidiangela Wrote: This is new. Had not had a problem for about 18 months with any virus ... I am convinced that the Missus did something that she isn't PC savvy enough to know was significant ... that hasn't helped my troubleshooting.
Although obviously a bit late now, try to get her to use a non-administrator account whenever possible. That will mitigate the damage that can be done if she gets tricked again.
Reply
#14
I'm just stopping by in this thread to say hi to [vl]Kp.
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)