Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Java/TrojanDownloader.OpenStream on Server 2003 64-bit

  • Please log in to reply
No replies to this topic

#1 jpf1954


  • Members
  • 1 posts
  • Local time:08:18 AM

Posted 31 May 2011 - 01:18 AM


I'm a new member so please forgive me if I am not posting my question as clearly as I should. ESAT NOD32 AV reports infection with multiple versions of downloader Trojans "OpenStream" and "OpenConnection" in the "...\Application Data\Sun\Java\Deployment\Cache ..." folders on a number of different user profiles on our server (OS Server 2003 64-bit)[copy of log file attached]. However the AV software is unable to remove the malware. As best I can tell, we originally picked up the infection from a compromised website that was accessed through one of the workstations in our network. The infection subsequently migrated to other workstations before we picked it up. The infections on the workstations all appear to be related to the rouge Microsoft Total Security AV scam.

I've read a number of posts in BleepingComputer suggesting ways to remove these Trojans from systems running Win XP: These posts suggest running RKill to stop the malware and then running MalwareBytes to remove it. Some other procedures, such as deleting the Java cache are also suggested. We've applied these procedures on the infected workstations (all running under Win XP Pro SP3) and they all appear to be clean. Do these suggested malware removal procedures also apply to servers running under Server 2003 64-bit, or is a completely different approach required to remove this sort of malware from such a server? Do RKill and the other malware removal utilities work under Server 2003 64-bit environment?

I appreciate that much more information is required before I attempt to remove this malware and I would appreciate any suggestions you might have. But for now I'm simply wondering whether I'm even in the right ballpark or if a completely different solution to our problem is required.

Is the reported infection of files in the user profiles on the server an active threat, or are these merely archived files? Is there any way short of a full rebuild of the hard drives on the server to get rid of the infection now that it's become widely dispersed like this?

Attached Files

Edited by hamluis, 31 May 2011 - 09:04 AM.
Moved from NT to Am I Infected.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users