Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan Sun Java

  • This topic is locked This topic is locked
2 replies to this topic

#1 C_Lover


  • Members
  • 3 posts
  • Gender:Female
  • Local time:12:42 AM

Posted 15 September 2012 - 11:55 AM

My Mom asked if it was ok for a JAVA file to update and I said yeah, sure.
Then...later today I noticed some files were having errors.
Thought nothing of it since some were known to have errors.
Then I found this. Happening to almost all my files.
Posted Image
Posted Image
Looks like that in the install/uninstall area too.
Some files were working fine, like firefox.
So I used that to try and figure out why I got the message.
"Example.exe has been changed or moved."
Posted Image
When I noticed it was happening to paid software, I got a little edgy and started looking it up.
Came across loads of people saying it was malware so I made happy with the bootscan.

Through that, avast found a trojan pinned with Sun Java files.
I moved it to chest (Wise move?) and during the bootscan.
Two files were found to be corrupt, (one expendable in my opinion an old install file for Adobe Cs4)
and then this file I didn't catch a name but it was found in LocalLow (I tried to write it down but then it zoomed right through the rest of the files).

I came across with someone on this site have the same problem (now I see my errors in guessing but)
I installed and scanned with Combofix. Now I'm getting an "Illegal attempt" error

Posted Image
Almost all my programs like Firefox or paint (any exe file) without hitting "Run as admin"
If anyone is out there that can help.
I hope they're on this site and can help me.

Sorry if I posted this in the wrong section too.
Also uploaded attachments for the Combofix log.

This is also happening!
My home page and tab browsing do not collect about:home or about:tab as a link.
It just shows up as an error. That happened after I found out about the trojan too.

Attached Files

Edited by hamluis, 15 September 2012 - 12:26 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.

BC AdBot (Login to Remove)


#2 nasdaq


  • Malware Response Team
  • 40,190 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 AM

Posted 17 September 2012 - 01:25 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please Download

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.


Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

Please post the logs for my review.

#3 nasdaq


  • Malware Response Team
  • 40,190 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:42 AM

Posted 23 September 2012 - 09:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users