Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove exploit:java/cve-2012-5076.gaa


  • Please log in to reply
6 replies to this topic

#1 B5Guy

B5Guy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 02 March 2013 - 10:25 AM

Hi, MSE detects this removes it and it returns on re-boot. Malwarebytes, Superantispyware and Emisoft don't detect it? Anyone know how to remove this,

Thanks


Edited by hamluis, 02 March 2013 - 12:34 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 02 March 2013 - 11:08 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#3 B5Guy

B5Guy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 03 March 2013 - 06:23 AM

wMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-03 06:10:20
-----------------------------
06:10:20.214    OS Version: Windows x64 6.1.7601 Service Pack 1
06:10:20.214    Number of processors: 8 586 0x1E05
06:10:20.214    ComputerName: GREG-PC  UserName: Greg
06:10:20.433    Initialize success
06:19:19.454    AVAST engine defs: 13030300
06:19:27.188    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
06:19:27.188    Disk 0 Vendor: INTEL_SS 300i Size: 114473MB BusType: 3
06:19:27.188    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-3
06:19:27.204    Disk 1 Vendor: WDC_WD15 04.0 Size: 143089MB BusType: 3
06:19:27.204    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-4
06:19:27.204    Disk 2 Vendor: SAMSUNG_ 1AJ1 Size: 476940MB BusType: 3
06:19:27.219    Disk 0 MBR read successfully
06:19:27.219    Disk 0 MBR scan
06:19:27.219    Disk 0 Windows 7 default MBR code
06:19:27.235    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
06:19:27.235    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114372 MB offset 206848
06:19:27.250    Disk 0 scanning C:\Windows\system32\drivers
06:19:29.750    Service scanning
06:19:36.407    Modules scanning
06:19:36.407    Disk 0 trace - called modules:
06:19:36.422    ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys iaStor.sys hal.dll
06:19:36.422    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d48d790]
06:19:36.438    3 CLASSPNP.SYS[fffff8800191443f] -> nt!IofCallDriver -> [0xfffffa800d3baa10]
06:19:36.438    5 vsflt67.sys[fffff88000fe47cd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa800d194050]
06:19:36.563    AVAST engine scan C:\Windows
06:19:36.907    AVAST engine scan C:\Windows\system32
06:20:31.266    AVAST engine scan C:\Windows\system32\drivers
06:20:34.219    AVAST engine scan C:\Users\Greg
06:20:43.094    AVAST engine scan C:\ProgramData
06:20:53.282    Scan finished successfully
06:21:25.313    Disk 0 MBR has been saved successfully to "C:\Users\Greg\Desktop\MBR.dat"
06:21:25.313    The log file has been saved successfully to "C:\Users\Greg\Desktop\aswMBR.txt"
 



#4 B5Guy

B5Guy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 03 March 2013 - 06:32 AM

Hi I Pasted and posted the TDSKiller log and it said it was too big?



#5 B5Guy

B5Guy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 03 March 2013 - 07:39 AM

Eset Results:
C:\Users\Greg\Downloads\cpu-z_1.59-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
D:\User Folder\Program Installs\Hardware Monitor\hwmonitor_1.16-setup.exe multiple threats cleaned by deleting - quarantined

Edited by B5Guy, 03 March 2013 - 07:40 AM.


#6 B5Guy

B5Guy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:08 PM

Posted 03 March 2013 - 08:17 AM

Hi, All the scans I did only the ESET found those 2 bugs which didn't look like the Exploit virus. However after doing them I also found this link http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/i-cant-remove-exploit-javacve-2012-5076gaait-keeps/ccea33ca-8d4c-45ab-8b91-b20937b10e98 so I also emptied the Java cache, between that and all this, the virus is gone. I re-booted and ran MSE it did not find it. Thanks for all your help BC Advisor.



#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:08 AM

Posted 03 March 2013 - 08:40 AM

:welcome:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users