Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blade81 - renew follow-up request


  • This topic is locked This topic is locked
3 replies to this topic

#1 mikgaes

mikgaes

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 15 October 2010 - 10:11 AM

From the old locked thread:





Blade81,

I would like to restart our discussion, if you are willing:

http://www.bleepingcomputer.com/forums/topic339540.html

Regarding your last direction:

QUOTE
According to ComboFix log it was run without script. See if any of the following files exist:
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\arr3.jar-53b20018-67cf1235.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-457f8b4a.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-34a62d4f-7fb90e9e.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-22e12bfe-272c3cbb.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-acd4125-447f12b9.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-1492dab2-69950679.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-1492db44-40c6a6b6.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-1492db44-6cef53f3.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-1492dab2-48e8f393.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-19c20b67-6f0226b2.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-77557830-20402e02.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-684272fb-17f46542.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-17c2173f-3ec3c476.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-3e8906b6-5a3e41d7.zip
C:\Documents and Settings\Michael Gaesser MD\.jpi_cache\jar\1.0\OP.jar-11c01e80-24385fd9.zip

Delete if any of them is found.


I found all of them. After deleting one of those in the middle I began to get this infection alert:


The Java/SillyDl.EUA was detected in C:\RECYCLED\DC8.ZIP<OP.class>.




BC AdBot (Login to Remove)

 


#2 mikgaes

mikgaes
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:09 PM

Posted 15 October 2010 - 10:12 AM

btw,

My apologies for the gap of inactivity.


mikgaes

#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:09 PM

Posted 18 October 2010 - 09:13 AM

Hi,

I need to see fresh dds logs. If you have deleted DDS already please follow the steps below to download it again DDS.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


    #4 Blade81

    Blade81

      Bleepin' Rocker


    • Malware Response Team
    • 6,465 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Finland
    • Local time:08:09 PM

    Posted 27 October 2010 - 01:49 PM

    This is the second time your case gets closed due to inactivity. If you still need help make sure you follow these two things:
    1) don't use my nickname in topic title to not scare other helpers away from taking your topic
    2) follow preparation guide and do as instructed there.

    This topic won't be reopened.

    Microsoft Windows Insider MVP 2016-2017

    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006
    unite_blue.png

    Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users