Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Multiple Viruses


  • Please log in to reply
5 replies to this topic

#1 jamieshevonne

jamieshevonne

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 12 April 2011 - 09:13 AM

I have an HP laptop that is currently running Windows Vista 32 bit (Home Premium). I have been infected with multiple viruses (I believe from watching videos online). I ran microsoft safety scanner and it removed some adware, but it was only able to partially remove the following:
Exploit:Java/CVE-2008-5353.PG
Exploit:Java/CVE-2008-5353.RC
Exploit:Java/CVE-2009-3867.IZ
Exploit:Java/CVE-2009-3867.KJ
Exploit:Java/CVE-2009-3869.M
Trojan Downloader: Java/Open Connection.LZ

These viruses were not even detected by Norton 360 or Spybot. PLEASE HELP???!!!

Edited by hamluis, 12 April 2011 - 10:20 AM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,473 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:31 PM

Posted 12 April 2011 - 01:19 PM

Your scan results indicate a threat(s) was found in the Java cache.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in the JRE. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache manually to ensure everything is cleaned out:Alternatively, you can download and use TFC (Temp File Cleaner) by Old Timer, ATF Cleaner by Atribune for Windows 2000/XP/Vista or Browser-Cleaner.

Also be aware that older versions of Java have vulnerabilities that malicious sites can use to exploit and infect your system. That's why it is important to always use the most current Java Version and remove outdated Java components.Even Java advises users to always have the latest version of the Java since it contains security updates and improvements to previous versions.

The latest Java version contains important enhancements to improve performance, stability and security of the Java applications that run on your machine. Installing this free update will ensure that your Java applications continue to run safely and efficiently.

Why should I upgrade to the latest Java version?
Why should I upgrade to Java 6?

You can verify (test) your JAVA Software Installation & Version here.

Edited by quietman7, 12 April 2011 - 01:24 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jamieshevonne

jamieshevonne
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 13 April 2011 - 10:08 AM

I followed the instructions given above and then ran Microsoft's safety scanner again. It stated that my computer was still infected with the following items which were unable to be cleaned:

Exploit: Java/CVE-2008-5353.PG
Exploit: Java/CVE-2008-5353.RC
Exploit: Java/CVE-2009-3867.IZ
Exploit: Java/CVE-2009-3867.KJ
Trojan Downloader: Java/OpenConnection.LZ

Thanks for your advice so far and any further advice you can provide would be greatly appreciated!

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,473 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:31 PM

Posted 13 April 2011 - 12:18 PM

As I said, these detections are exploits related to malicious Java applets as shown in this example.

Exploit:Java/CVE-2008-5353.A is a detection for malicious code that attempts to exploit a vulnerability in the Java Runtime Environment (JRE). The vulnerability, referenced by CVE number CVE-2008-5353, may lead to the download and execution of arbitrary files in an affected system.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2008-5353.A

Microsoft provides a list here:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Browse.aspx?L=C&Page=99

Java.Trojan.Downloader.OpenConnection.AI is a malicious Java applet that downloads and executes arbitrary files. In the wild, it can be found as a Java archive.

http://www.bitdefender.com/VIRUS-1000645-en--Java.Trojan.Downloader.OpenConnection.AI.html

Did you verify your Java, ensure you have the most current version & remove any older ones?


Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders (temp, IE temp, Java, FF, Opera, Chrome, Safari) for all user accounts, including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
-- Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.


Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.[/color][/i]
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 jamieshevonne

jamieshevonne
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 13 April 2011 - 04:09 PM

Below is the list of found and quarantined files from ESET:

C:\Users\Jamie\AppData\LocalLow\CouponAlert_2p\bar\setups\CouponAlertAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application deleted - quarantined


Am I safe in assuming then, that I do not have a virus on my computer? I believe that I am, but always best to ask someone who knows more than I! Thanks!!

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,473 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:31 PM

Posted 13 April 2011 - 05:05 PM

Even what Eset found wasn't anything of significant concern.

In any case, I can only go by what the scan logs show (what was detected/removed) and your description of whatever signs or symptoms of infection you are experiencing. If you're not seeing any signs (redirects, bogus alerts, unwanted pop-ups), then it appears you are ok.

If you want a more detailed look at your system, then more advanced tools are needed to investigate. Before that can be done you will need you to follow the instructions in the Preparation Guide and post a DDS log for further investigation in the Virus, Trojan, Spyware, and Malware Removal Logs forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users