Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sunjavaupdate Trojan


  • Please log in to reply
8 replies to this topic

#1 dizzydee

dizzydee

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:32 AM

Posted 27 September 2007 - 05:27 PM

OK where do i start, Ive just run the autorun programme to check what was running in there, wow what a load of stuff in there, most of it is not in the start up list, and as i am new to computers, i thought id better not untick any of it, the 1 thing that it did know was that i have a trojan called sunjavaupdate, ive down loaded the superantispyware free version, but dont know how to run it, is there somewhere , where it tells you how to set it up , and what things to tick on it, sorry for being a newbie and not knowing, oh and in the list it says, explorer.exe is a nasty 1 too. thanks in advance.

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,605 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:32 AM

Posted 27 September 2007 - 06:10 PM

INSTRUCTIONS FOR USING SUPER ANTISPYWARE
Double-click SUPERAntiSypware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "General and Startup", make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program.
--------------------------------------------------------------------------------

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Click Close to exit the program and reboot normally.
-----------------------------------------------------------------------------------------------------------------------------
You can stop Java from looking for updates by going to the Control panel, clicking on the Java Coffee Cup Icon, choose the update tab, uncheck automatic update, click apply/ click OK
While you have Java opened, click on check for updates now. Update if offered. After updating, go to Add/Remove program
and remove ALL old Java programs.

explorer.exe may be a legitimate file. Use Jotti to scan the file with multiple antimalware programs.
http://virusscan.jotti.org/

Edited by buddy215, 27 September 2007 - 06:15 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 dizzydee

dizzydee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:32 AM

Posted 27 September 2007 - 06:23 PM

Thanks buddy215, i will follow your instructions, and see what happens, ill post back when ive done. many thanks for now.

#4 dizzydee

dizzydee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:32 AM

Posted 27 September 2007 - 08:18 PM

ok , ive scanned my system with superantispyware all it found was 5 tracking cookies , also scanned with ad-aware found nothing, used also avast free version found nothing, got spywareblaster running, uninstalled spybot s&d , dont like it, cant see what the pop up box says. i think ill leave alone the autorun.exe for start up programmes, cause theres loads on it, that are not in the data base, so i dont know what to do with them, but start up inspector only picked about 30 things, no trojans on that, so i dont know if ive got that sunjavaupdate trojan or not, my pc was running slow a couple of days ago, but seems to be ok now ive got rid of the tracking cookies, where i got them from i dunno, what do you think i should do now, im confused now that 2 start up programmes havent got the same results as each other. thanks in advance.

#5 buddy215

buddy215

  • BC Advisor
  • 12,605 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:32 AM

Posted 27 September 2007 - 08:45 PM

Could you give a link to the program "autorun" that you are using. Startup Inspector is a good program.

You can block the tracking/adware/spyware third party cookies in Internet Explorer from being installed on your computer.
http://privacy.getnetwise.org/browsing/tools/ie6/block3

If you use Firefox browser:
1. Type about:config in the location bar
2. Type “cookie” in the Filter field
3. Right-click network.cookie.cookieBehavior and select “Modify” from the pop-up menu
4. Change the value to 1
5. Click OK.
6. Close the window

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 dizzydee

dizzydee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:32 AM

Posted 27 September 2007 - 09:04 PM

Hi, i will have to find it 1st, as i got it off here somewhere, will post when i find it, and thanks for your help so far.

#7 dizzydee

dizzydee
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:UK
  • Local time:05:32 AM

Posted 27 September 2007 - 09:08 PM

The link is in the startup list, i just clicked on autorun.

Edited by dizzydee, 27 September 2007 - 09:23 PM.


#8 buddy215

buddy215

  • BC Advisor
  • 12,605 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:32 AM

Posted 28 September 2007 - 07:53 AM

SunJavaUpdate is Dedler-G trojan and adds the file smvss.exe.
I would expect Super Antispyware or the antivirus scan you used would find it.
You can do a file search for smvss.exe. Before searching, unhide "hidden files and folders".

Did you submit the explorer.exe to Jotti?
I ran the Autoruns program and it says my explorer.exe is 1009kb in size.
Did Autoruns actually identify the files as malware or did you check them out in the Bleeping Computer Startup List?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 AM

Posted 28 September 2007 - 05:33 PM

If you are unsure what any of the startup program entries are or if they are safe to disable, then do a search on Google or at one of the following databases:
BC's Startup Programs Database
StartupList Index

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

You can download and use Process Explorer or Glarysoft Process Manager to investigate all running processes and gather additional information to identify and resolve problems. These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.

The Process Explorer window shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users