Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Definitely infected: JAVA exploit and flooder(?)


  • Please log in to reply
6 replies to this topic

#1 kathpt

kathpt

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 PM

Posted 25 January 2013 - 11:49 PM

For about a week or so now my wifi signal randomly turns itself off and takes 5 minutes to turn itself on again. Once during that time, by pure coincidence -if I recall correctly MSE icon was orange and I did the weekly manual scan to get it back to green-, opened Microsoft Security Essentials and noticed there had been THREE items found and put to quarantine all at the same time, the exact same time the wifi signal turned itself off. It has happened again twice before starting this topic.

Here's a printscreen of the last time it happened (an hour prior to the start of this post), it's in Portuguese but I'm assuming the language is the only thing that changes when it comes to MSE and the virus' names are the same

Posted Image

The names of the viruses in the image above are:

Exploit:JAVA/CVE-2012-0507.D!ldr

Flooder:Java/Loic

Exploit:JS/Blacole.GB


I had heard of the exploit virus coming from JAVA so on Monday (Jan 21st) I uninstalled it, thinking the problem would disappear. I then searched on google how to safely remove such files and the indications were vague so I couldn't do it by myself in fear I would compromise and potentially ruin the PC.

I would attach a log right away if I had found such instructions to do so. Since I didn't I will wait until I get a reply with further instructions.

Thank you in advance.

EDIT: As I wrote this post, Microsoft Security Essentials detected the same three threats at 04:37.
EDIT2: To start this post I was running the PC on safe mode with networking, after I finished it I restarted the PC in normal mode and now the MSE quarantines the three threats every minute but it doesn't turn off the Wifi -for now anyway-. I'm not sure if this information is relevant but I thought I'd include it just in case. Should I run the Pc always in safe mode until the problem is resolved? Or just keep it off? Thanks again.

Edited by kathpt, 26 January 2013 - 12:32 AM.


BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:41 AM

Posted 26 January 2013 - 06:44 AM

Hi, kathpt! I'm going to try to help you out. :)

Please run all of these in normal mode, and I'd advise running the computer in normal mode at all times to monitor issues.

Removing Java will prevent any more exploits of it, but those already on your system won't be affected. I can tell MSE is not fixing the problem, so let's run some things.

TDSSKiller

I need you to run a scan using TDSSKiller.

  • Download TDSSKiller from here, and save it to your desktop.
  • Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.
  • Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Download MBAM from here, and save it to your desktop.
  • Double-click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them, unless you want them.
  • Once the program is done installing and updating, select the Perform full scan option on the main interface. The click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

AdwCleaner

I need you to run AdwCleaner to see if it removes anything.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.
  • Once rebooted, a text file will open up. Please copy and paste it into your reply.

RogueKiller

I need you to run RogueKiller to see if it removes anything.

  • Download RogueKiller from here, and save it to your desktop.
  • Close all open programs.
  • Double click the file on your desktop. Once the automatic check completes, hit the Scan button.
  • Once the full scan has finished, click on the Delete button. Once it's done removing things, open the newest log on your desktop (should be called RKreport[2].txt) and copy and paste it into your reply.

Please tell me how the PC is running in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 kathpt

kathpt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 PM

Posted 26 January 2013 - 05:22 PM

Hello Gunto, thank you for your fast reply.
Here are the logs from the 4 scans you asked me to run. From what I can understand no threats were found? That leaves me confused and anxious.
Maeanwhile may I add MSE found another threat (not sure when, but definitely after I posted the first comment)
Here is a screenshot.

TDSSKiller

Spoiler



Malwarebytes

Spoiler



AdwCleaner

Spoiler



RogueKiller

Spoiler


Thank you

#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:41 AM

Posted 27 January 2013 - 12:39 AM

Hi,

Yeah, not much got done with those, but I'm not quite finished yet. :)

SUPERAntiSpyware

I need you to run a scan with SUPERAntiSpyware.

  • Download SAS from here, and save it to your desktop.
  • Double click the installer to start the installation. If you do not want to start the trial of the full version, please decline, and feel free to uncheck options to install external toolbars/software, unless you want them. Otherwise, follow the prompts and let the program install.
  • Once the program is done installing and updating, tick the Complete Scan option on the interface, and press the big Scan your Computer... button. Ensure that the options Activate Scan Boost™ > Low boost and Scan inside .ZIP archives are selected and Start Complete Scan.
  • After scanning, be sure to remove all detected threats if any were detected. If asked to reboot to remove threats, do so immediately.
  • Once finished, return to the main interface, go to View Scan Logs and view the newest log. Copy and paste it into your reply.

ESET Online Scanner

I need you to run a scan with ESET Online Scanner.

  • Download the scanner from here, and save it to your desktop.
  • Double click the file to install the program. Once it's done, accept the terms of use and click Start. Be sure the following settings are checked before beginning:
    Scan archives
    Remove found threats
    Scan potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology
  • Once the scan is done, if anything was found, click List of found threats, and then Export to text file..., and save the log to your desktop.
  • Click << Back, and then Finish. If you have to reboot, do so immediately.
  • After ESET finishes scanning and removing threats, copy and paste the log into your reply.

Junkware Removal Tool

I need you to run a scan with Junkware Removal Tool.

  • Download JRT from here, and save it to your desktop.
  • Double click the file to open it, and hit any key as per the instructions of the popped up window.
  • Once the scan is done, copy and paste the contents of the resulting log into your reply.

Please tell me how the PC is running in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 kathpt

kathpt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 PM

Posted 27 January 2013 - 05:26 PM

Here they are:

SUPERAntiSpyware
Spoiler


ESET Online Scanner
Spoiler


Junkware Removal Tool
Spoiler


MSE still shows the four threats just like it did before.

EDIT:
SUPERAntiSpyware ran a scan by itself out of nowhere and found a few more threats, here's the second log.

Spoiler

Edited by kathpt, 27 January 2013 - 10:29 PM.


#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:11:41 AM

Posted 28 January 2013 - 12:04 AM

Hi,

Whatever is on your system is not giving up easily, so you'll need advanced help.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 kathpt

kathpt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:41 PM

Posted 28 January 2013 - 12:31 AM

Thank you so much for your help. I have posted on the malware removal section now all I gotta do is wait.
Thank you again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users