BleepingComputer.com: Infected With Multiple Viruses

I have an HP laptop that is currently running Windows Vista 32 bit (Home Premium). I have been infected with multiple viruses (I believe from watching videos online). I ran microsoft safety scanner and it removed some adware, but it was only able to partially remove the following:
Exploit:Java/CVE-2008-5353.PG
Exploit:Java/CVE-2008-5353.RC
Exploit:Java/CVE-2009-3867.IZ
Exploit:Java/CVE-2009-3867.KJ
Exploit:Java/CVE-2009-3869.M
Trojan Downloader: Java/Open Connection.LZ

These viruses were not even detected by Norton 360 or Spybot. PLEASE HELP???!!!

This post has been edited by hamluis: 12 April 2011 - 10:20 AM
Reason for edit: Moved from Vista to Am I Infected.

Your scan results indicate a threat(s) was found in the Java cache.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in the JRE. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache manually to ensure everything is cleaned out:

• Clear the Java cache
  
• How to Clear Java Cache in Windows 7
  
• Clear the browser cache in Internet Explorer
  
• Safely Delete the Temporary Internet Files <- for Internet Explorer 8
  
• How to Clear Your Browser's Cache <- for other versions of Internet Explorer, Firefox and different browsers
  
• How to Clean out Windows temporary files
  
• How to Clean out Windows 7 temporary files

Alternatively, you can download and use TFC (Temp File Cleaner) by Old Timer, ATF Cleaner by Atribune for Windows 2000/XP/Vista or Browser-Cleaner.

Also be aware that older versions of Java have vulnerabilities that malicious sites can use to exploit and infect your system. That's why it is important to always use the most current Java Version and remove outdated Java components.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• Drive-by Trojan preying on out-of-date Java installations
  
• Ghosts of Java Haunt Users
  
• Hole in Patch Process

Even Java advises users to always have the latest version of the Java since it contains security updates and improvements to previous versions.

Quote

Why should I upgrade to the latest Java version?
Why should I upgrade to Java 6?

You can verify (test) your JAVA Software Installation & Version here.

This post has been edited by quietman7: 12 April 2011 - 01:24 PM

I followed the instructions given above and then ran Microsoft's safety scanner again. It stated that my computer was still infected with the following items which were unable to be cleaned:

Exploit: Java/CVE-2008-5353.PG
Exploit: Java/CVE-2008-5353.RC
Exploit: Java/CVE-2009-3867.IZ
Exploit: Java/CVE-2009-3867.KJ
Trojan Downloader: Java/OpenConnection.LZ

Thanks for your advice so far and any further advice you can provide would be greatly appreciated!

As I said, these detections are exploits related to malicious Java applets as shown in this example.

Quote

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2008-5353.A

Microsoft provides a list here:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Browse.aspx?L=C&Page=99

Quote

http://www.bitdefender.com/VIRUS-1000645-en--Java.Trojan.Downloader.OpenConnection.AI.html

Did you verify your Java, ensure you have the most current version & remove any older ones?


Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

• Save any unsaved work. TFC will close ALL open programs including your browser!
  
• Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  
• Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  
• TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts, including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  
• Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

-- Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


Please perform a scan with Eset Online Anti-virus Scanner.

• If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  
• Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.[/color][/i]

• Click the green button.
  
• Read the End User License Agreement and check the box:
• Check .
  
• Click the button.
  
• Accept any security warnings from your browser and allow the download/installation of any require files.
  
• Under scan settings, check and check Remove found threats
  
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology
  
  
• Click the Start button.
  
• ESET will install itself, download virus signature database updates, and begin scanning your computer.
  
• The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  If given the option (when threats are found), choose "Quarantine" instead of delete.
  
• When the scan completes, push
  
• Push , and save the file to your desktop as ESETScan.txt.
  
• Push the button, then Finish.
  
• Copy and paste the contents of ESETScan.txt in your next reply.

Below is the list of found and quarantined files from ESET:

C:\Users\Jamie\AppData\LocalLow\CouponAlert_2p\bar\setups\CouponAlertAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application deleted - quarantined


Am I safe in assuming then, that I do not have a virus on my computer? I believe that I am, but always best to ask someone who knows more than I! Thanks!!

Even what Eset found wasn't anything of significant concern.

In any case, I can only go by what the scan logs show (what was detected/removed) and your description of whatever signs or symptoms of infection you are experiencing. If you're not seeing any signs (redirects, bogus alerts, unwanted pop-ups), then it appears you are ok.

If you want a more detailed look at your system, then more advanced tools are needed to investigate. Before that can be done you will need you to follow the instructions in the Preparation Guide and post a DDS log for further investigation in the Virus, Trojan, Spyware, and Malware Removal Logs forum.