Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java related trojans?


  • Please log in to reply
3 replies to this topic

#1 zemicht

zemicht

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 24 February 2011 - 05:22 PM

Hey guys,

First post here. Just yesterday I have had a popup on Avast saying that one of the links i was trying to access was blocked. Following that, I used MBAM and have removed a trojan dropper. Even though I have not received any popups from Avast, my COMODO is still logging multiple blocked attempts over the course of the last 24 hours. I am currently scanning with ESET online scanner and have had several threats found in the JAVA folders (I just updated my Java and Adobe Readers after finding out that older versions have security vulnerabilities). Right now I am not sure if I should use ESET to remove said threats... How should I proceed?

Thanks

BC AdBot (Login to Remove)

 


#2 zemicht

zemicht
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 24 February 2011 - 05:30 PM

Forgot to add that my MBAM, TDSS, Avast logs are free of infection.

#3 zemicht

zemicht
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 24 February 2011 - 06:15 PM

Completed eset scan:

C:\Users\biozai\AppData\Local\Temp\uideoftas\qoewqslsika.exe a variant of Win32/Kryptik.LAE trojan
C:\Users\biozai\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v006DBC2F\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe probably a variant of Win32/Agent.EYGOYDB trojan
C:\Users\biozai\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v65ED1E19\Native\STUBEXE\@APPDIR@\HMHud.exe probably a variant of Win32/Agent.HJJSWFN trojan
C:\Users\biozai\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v65ED1E19\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe probably a variant of Win32/Agent.HJJSWFN trojan
C:\Users\biozai\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v65ED1E19\TheApp\STUBEXE\@APPDIR@\HMImport.exe probably a variant of Win32/Agent.CXLGMFC trojan
C:\Users\biozai\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v65ED1E19\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe probably a variant of Win32/Agent.CXLGMFC trojan
C:\Users\biozai\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe probably a variant of Win32/Agent.PQGVNB trojan
C:\Users\biozai\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe probably a variant of Win32/Agent.HNCVHWF trojan
C:\Users\biozai\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe probably a variant of Win32/Agent.DKVTQKN trojan
C:\Users\biozai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-4d1b6b58 multiple threats
C:\Users\biozai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\eee2921-22106c2f multiple threats
C:\Users\biozai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\2866892f-6e969c4b multiple threats
C:\Users\biozai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6d7dff30-164c0acf Java/TrojanDownloader.Agent.NBY trojan
C:\Users\biozai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6d7dff30-57c12bb7 probably a variant of Win32/Agent.KYOMCBX trojan
C:\Users\biozai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\6d7dff30-615dece5 Java/TrojanDownloader.Agent.NBY trojan
C:\Users\biozai\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\3fccfb32-187f04c3 multiple threats
Operating memory a variant of Win32/Kryptik.LAE trojan


I believe the first line has been the source of the recent blocked attempts by Comodo. Also, no idea whats going on in the Java folders. The xenocode stuff should be fine.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:35 AM

Posted 24 February 2011 - 07:24 PM

Also, no idea whats going on in the Java folders.

Your scan results indicate a threat(s) was found in the Java cache.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. In your case they probably were so as an added precaution, I recommend clearing the entire cache manually to ensure everything is cleaned out:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users