Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found a new threat


  • Please log in to reply
10 replies to this topic

#1 DONBEL

DONBEL

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hollywood, Florida
  • Local time:07:02 PM

Posted 21 February 2011 - 02:27 PM

I did a routine scan of our work computer with the latest Avast! and found two threats that I tried to identify with your search tool on the Spyware Removal page. Neither came up.

They are: Win32: Kryptik-AFN and Java: Jade-A.

That being said we were not having any issues with the computer and Avast! removed them successfully and I dropped them in the Treasurechest. Avast! considered Kryptik to be severe.

Mostly I'm just curious about them and what they can do. Are they new?

Also, on a side note, we DID get hit with the rogue Securityshield and rkill with Malwarebytes removed it completely!!! Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:02 PM

Posted 21 February 2011 - 03:08 PM

Hello DONBEL. I am moving this to the Am I Infected forum. The Kryptic is a known malware.
http://vil.nai.com/vil/content/v_376825.htm
It's a Generic Backdoor. This allows hackers to remotely control your computer, steal critical system information and download and execute files.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


I recommend an Online scan also.


Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.


The Jave item... Things found in the java cache folder, makes me think of JAVA exploits and JAVA needing an update. This also should be removed.

IF XP..What version of JAVA,if any, is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DONBEL

DONBEL
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hollywood, Florida
  • Local time:07:02 PM

Posted 21 February 2011 - 04:48 PM

Thanks for the quick reply.

I wasn't really sure just where to post this since I thought I removed it successfully. Fortunately we don't use this computer for any financial work and there is little to be of much interest here to any hacker, but I will run the online scan.

One question though is that we use Google Chrome as our browser and Windows7 Pro. Does the online program work with Chrome?

Avast! was updated today right before I scanned the system and then I had Avast! scan again at boot. How safe am I if I wait until tomorrow to do the online scan and should I go to Avast!'s treasure chest and remove the two items?

Thanks again.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:02 PM

Posted 21 February 2011 - 08:13 PM

Hello,No problem with where you posted it will just serve other readers better here.

It will work with Chrome >>>
ESET Online Scanner implemented as an ActiveX control, and requires Internet Explorer 5.0 or later. Compatibility with other browsers (Firefox, Opera, Netscape, etc.) was added. The only thing you have to do is to agree to the installation of ESET Smart Installer, an application, which will install and launch ESET Online Scanner in a new browser window
http://www.eset.com/online-scanner/faq

Yes you can delete them from Avast

I asked this as if you have outdated versions of JAVA on here that is how the exploit entered.
What version of JAVA,if any, is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).

You're welcome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:07:02 PM

Posted 22 February 2011 - 01:18 AM

I also know of some variants of Kryptik to be rogue antivirus program downloaders. Win32/Kryptik.EEI is one. That's Eset's name for it, but it's definitely well-known as previously stated. Who knows, the Kryptik variant that existed on your computer could have been the cause of the rogue getting in there. According to one of Eset's moderators, that can happen.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:02 PM

Posted 22 February 2011 - 09:36 AM

Since you say this a work computer, have you contacted and advised your IT Department? In most work environments, the IT staff implement specific policies and procedures for the use of computer equipment and related resources. In fact, many companies will require you to read those policies and sign a statement of understanding. These official procedures are designed and implemented to provide security and certain restrictions to protect the network. This allows all users to safely use business resources with minimum risk of malware infection, illegal software, and exposure to inappropriate Internet sites or other prohibited activity.

A business IT staff generally has established procedures in place to deal with issues and infections on client machines on the network. As such, they may not approve of employees seeking help at an online forum or outside the business office as doing so could interfere or cause problems with their removal methods. The malware you are dealing with may have infected the network. If that's the case, the IT Department needs to be advised right away so they can take the appropriate disinfection measures.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 DONBEL

DONBEL
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hollywood, Florida
  • Local time:07:02 PM

Posted 22 February 2011 - 12:40 PM

Thanks, Quietman

We have no real IT department. It's a small four store family-owned business with computer-phobic owners. The bookkeeper is the closest thing to an IT person and she calls ME when they get any virus or malware infections. Through BC I removed two rogue scarewares and they think I might be a genius. They were more than glad to have me get rid of Security Shield. I have installed AVAST! and MBAM on three of their four computers so far. So, I'm not offending anyone here.

At my last job I would most certainly would have offended IT and maybe even lost my job, so I appreciate the heads up!

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,938 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:02 PM

Posted 22 February 2011 - 02:29 PM

The bookkeeper is the closest thing to an IT
person and she calls ME when they get any virus or malware infections.

Sounds like the government agency where I work. Just continue to work with boopme then.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:02 PM

Posted 22 February 2011 - 09:43 PM

Hello, thanks quietman7...

Please continue at Post 4
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 DONBEL

DONBEL
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hollywood, Florida
  • Local time:07:02 PM

Posted 23 February 2011 - 02:41 PM

Hi, Boopme.

I'll get with you tomorrow.

I'm at home today awaiting UPS for my home computer upgrade (posted elsewhere). I ran ESET on my home computer last night to test it (no problems). It took awhile and I have a problem at work with the computer being down for any time as it uses Quickbooks as our cash register. I can do it, but it might take awhile for the opportunity to come up.

There's more to the story and I'll keep you posted as I get the time.

Thanks.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:02 PM

Posted 23 February 2011 - 03:08 PM

Alls good,we'll keep a light on fer ya.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users