Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Java Trojan Removed Now?


  • Please log in to reply
No replies to this topic

#1 Aaron123

Aaron123

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 14 March 2011 - 04:27 PM

Hey all,

Since about a month and a half ago, I was getting notices from MSE about Java Trojans located in my Java temp folder. These would get cleaned, and would come back in another form/file about every 4 or 5 days. I got help from a user on TechSpot about a week ago on this, in which we did the following:

1. Cleaned out temp files from Java.
2. Used Rkill, ExeHelper, ComboFix, GMER, DDS, MoveIt, NOD32 Online Scan, MBAM Scan to: Get rid of (what I think was) a false positive in the source code of one of my eBooks, get rid of the Ask.com toolbar I had and its remnants, and get rid of some registry entries related to the toolbar and some Windows temp files that were found from a ComboFix log.

ComboFix was a nightmare--the first times I used it screwed up in some way and wouldn't finish, and the time I actually got it to complete, Win7 booted into a black screen and I couldn't get the task manager up to run explorer.exe. I ended up System Restoring to before that particular run so my OS could function again, and managed to redo the run and get it to give a decent log to work from that wouldn't FUBAR my system. Another time later on I'd thought the user told me to use it twice, and when it screwed up my system again, I had to System Restore again as some of my programs claimed to be missing dll's to run, which they hadn't been claiming prior to the ComboFix run. When I told the user of this, he threw a fit that I wasn't following instructions as I had System Restored without him saying so (I wasn't going to leave a broken OS running when it could be fixed...), and closed the support thread.

All in all, I had to System Restore twice in order to undo the damage ComboFix had done; but this raises the issue of some the steps I'd run through possibly not taking effect. I took extra care to redo any steps that may have been reversed from System Restore, so I think that base is covered. I'm pretty sure the system's clean now--ESET Online Full Scan, an MSE Full Scan, and MBAM Quick Scan don't pick up anything, all the temp files for Java and Windows have been cleaned out, and the multitude of scanners run during my time with the other support user turned up nothing but the false-positive and Ask.com toolbar, which is now removed. I'm wondering if anyone here could advise me on how I can check if I'm ultimately safe and uncompromised now? I know there's no 100% way of knowing without a reformat, but for my purposes, I would think that most of the work on my end is done?

I've attached an MBAM Quick Scan log for the scan I just did. Thanks very much for any help in advance.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6056

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/14/2011 5:16:02 PM
mbam-log-2011-03-14 (17-16-02).txt

Scan type: Quick scan
Objects scanned: 173614
Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users