Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java Exploit CVE-2010


  • Please log in to reply
12 replies to this topic

#1 bigalster

bigalster

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 18 October 2013 - 10:19 PM

I ran my MBAM and it found PUP.Optional in my D file in Doc and settings.I then google PUP and it brought me to Bleeping Computer here and then i read about running ESET which i did for past 4hrs and it found something called Java/Exploit CVE-201-0094.Ptrojan. When i ran ESET i unchecked the box that tells you to remove found threats and checked box to scan threats but i think i forgot to go to Advanced settings and check "scan potentially unsafe applications" and instead went right to START. Anyway,it found here is lof file from ESET>C:\Documents and Settings\Al\Application Data\Sun\Java\Deployment\cache\6.0\38\11311b66-50181063    a variant of Java/Exploit.CVE-2010-0094.P trojan

Now i run XP on my Lenovo PC and use Firefox only as my browser and have for some time diabled any Java on the addons and i do not use IE at all. The thing is my PC is running great,not slow at all no problems but it appears i still have this virus,what would you guys recommend as i have no ill effects?


Edited by hamluis, 19 October 2013 - 07:07 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 21 October 2013 - 10:18 PM

Hello bigalster and Welcome -

 

Scan your machine with ESET OnlineScan

I would prefer you to use Internet Explorer if you can, since the scan is better with ActiveX.

Read on and I will leave you an option, Wait for step 3-1

 

How To Temporarily Disable Your Anti-virus during this scan .....
 

1. Hold down Control (Ctrl) key and click on > This Link to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the icon on your desktop.

 

4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:

*Scan potentially unwanted applications
*Scan for potentially unsafe applications
*Enable Anti-Stealth technology

9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time. Allow at least 2 hours -
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button.

 

NOTE:Sometimes if ESET finds no infections it will not create a log.

 

When you post back we will revirw your options.

 

Thank you -



#3 bigalster

bigalster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 22 October 2013 - 01:26 AM

Gday Aussie Addict. Here si ESAT scan details as requested>>>>

 

C:\Documents and Settings\Al\Application Data\Sun\Java\Deployment\cache\6.0\38\11311b66-50181063 a variant of Java/Exploit.CVE-2010-0094.P trojan cleaned by deleting - quarantined
C:\Documents and Settings\Al\My Documents\Downloads\cpu-z_1.57.1-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\spnotifier.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
D:\Documents and Settings\al\My Documents\Downloads\adobe-flash-player-activex.exe a variant of Win32/InstallCore.AY application cleaned by deleting - quarantined
D:\Documents and Settings\al\My Documents\Downloads\cpu-z_1.58-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
D:\Documents and Settings\al\My Documents\Downloads\cpu-z_1.62-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
D:\Documents and Settings\al\My Documents\Downloads\disk-defrag-setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
 
As i said, i see no appreciable difference in the performance of my PC, i ran MSEssential and MBAM again after the first ESAT found the Java Exploit when i first contacted you, and neither one detected any of these listed above. I also ran the scan in IE as u suggested rather than my main browser Firefox.I rarely use IE for the record.  Are hese items listed above real threats? what should i now do? Thanks a million:)


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 22 October 2013 - 02:57 AM

Hi Mate -

You did remove a few Scam and Infected items as listed below =>

Java/Exploit.CVE-2010-0094.P trojan 

Uniblue\SpeedUpMyPC

Toolbar.Ask

Win32/InstallCore.AY

 

C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster <= This is a set of "scam programs" that will lead to redirects and other problems

 

Has anything improved at all ??



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 22 October 2013 - 03:08 AM

Hi -

Sorry but I got cut off as I was finishing the post -

Now run a Full scan of MBAM, and remove all found infections, and post the log back here.

 

Then we can have a quick look at what is left on your system that may cause problems.

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• Report FF Proxy Settings
• Reset FF Proxy Settings
• List content of Hosts
• List IP configuration
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

After that Please download Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK and Reboot your computer and finish the cleanup.

 

 

Thank You -



#6 bigalster

bigalster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 22 October 2013 - 10:48 AM

Good day mate,

 A couple of questions before i post results. You say

 

[You did remove a few Scam and Infected items as listed below =>

Java/Exploit.CVE-2010-0094.P trojan 

Uniblue\SpeedUpMyPC

Toolbar.Ask

Win32/InstallCore.AY

 

C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster <= This is a set of "scam programs" that will lead to redirects and other problems

 

Has anything improved at all ??]

 

When i ran ESET last nite it found these culprits and at end it stated that it deleted and quarinteened them and cleaned my machine.The thing is if it deletes them why would it need to quaranteen them?? This i never understood. Also as i said i never had any slowdown issues or redirects or anything obviously wrong with my PC,that is funny thing about this whole affair:)  I also exclusively use Firefox and rarely IE. The UniBlue may have been an old cache file that my nephew used when i reformatted the HD,i cannot recall Toolbar. ask,god only knows where that came from. i dunno about the others.

My question is how debilitating were these culprits had i not gotten rid of them? My PC has never suffered all along,that is strange anomaly.:) Perhaps you can answer these Aussie Addict. Also i have Advanced System Care 6(free version) which i use,is this just a scam and should i just uninstall? Your opinion?

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.22.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
al :: AL-2EE23B0BE121 [administrator]

10/22/2013 8:59:23 AM
mbam-log-2013-10-22 (08-59-23).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 602952
Time elapsed: 2 hour(s), 7 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by al (administrator) on 22-10-2013 at 11:20:04
Running from "D:\Documents and Settings\al\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

VIA Rhine II Fast Ethernet Adapter = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : al-2ee23b0be121

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : home

        Description . . . . . . . . . . . : VIA Rhine II Fast Ethernet Adapter

        Physical Address. . . . . . . . . : 00-19-21-10-0F-59

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.2.12

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.2.1

        DHCP Server . . . . . . . . . . . : 192.168.2.1

        DNS Servers . . . . . . . . . . . : 192.168.2.1

        Lease Obtained. . . . . . . . . . : Tuesday, October 22, 2013 8:41:01 AM

        Lease Expires . . . . . . . . . . : Friday, October 25, 2013 8:41:01 AM

Server:  monreseau.home
Address:  192.168.2.1

DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Addresses:  184.150.182.50, 184.150.182.35, 184.150.182.29, 184.150.182.20
      184.150.182.49, 184.150.182.30, 184.150.182.44, 184.150.182.59, 184.150.182.24
      184.150.182.40, 184.150.182.54, 184.150.182.39, 184.150.182.34, 184.150.182.25
      184.150.182.55, 184.150.182.45



Pinging google.com [184.150.182.45] with 32 bytes of data:



Reply from 184.150.182.45: bytes=32 time=12ms TTL=58

Reply from 184.150.182.45: bytes=32 time=12ms TTL=58



Ping statistics for 184.150.182.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 12ms, Maximum = 12ms, Average = 12ms

Server:  monreseau.home
Address:  192.168.2.1

DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=205ms TTL=49

Reply from 98.139.183.24: bytes=32 time=73ms TTL=49



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 73ms, Maximum = 205ms, Average = 139ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 21 10 0f 59 ...... VIA Compatable Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.12      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.2.0    255.255.255.0     192.168.2.12    192.168.2.12      20
     192.168.2.12  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.2.255  255.255.255.255     192.168.2.12    192.168.2.12      20
        224.0.0.0        240.0.0.0     192.168.2.12    192.168.2.12      20
  255.255.255.255  255.255.255.255     192.168.2.12    192.168.2.12      1
Default Gateway:       192.168.2.1
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/22/2013 08:59:08 AM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/21/2013 11:47:19 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/21/2013 11:47:14 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/21/2013 11:47:14 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/18/2013 11:08:37 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/15/2013 01:32:58 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.3.219.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (10/10/2013 09:28:20 AM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x8004FF05
Description:Can't complete the Setup Wizard. One or more command line arguments are invalid. Error code:0x8004FF05.

Error: (10/10/2013 09:07:24 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/25/2013 10:28:24 PM) (Source: Application Error) (User: )
Description: Faulting application cbase10.exe, version 10.0.0.3, faulting module cbase10.exe, version 10.0.0.3, fault address 0x000059c9.
Processing media-specific event for [cbase10.exe!ws!]

Error: (09/13/2013 03:52:55 PM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 23.0.1.4974, faulting module mozalloc.dll, version 23.0.1.4974, fault address 0x00001988.
Processing media-specific event for [plugin-container.exe!ws!]


System errors:
=============
Error: (10/22/2013 11:04:53 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 10:56:52 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 10:56:48 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 10:41:07 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 10:40:56 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 10:33:10 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 10:33:03 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 10:11:13 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 10:11:07 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/22/2013 09:52:43 AM) (Source: DCOM) (User: AL-2EE23B0BE121)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (10/22/2013 08:59:08 AM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.3.219.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (10/21/2013 11:47:19 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.3.219.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (10/21/2013 11:47:14 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/21/2013 11:47:14 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (10/18/2013 11:08:37 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.3.219.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (10/15/2013 01:32:58 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.3.219.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (10/10/2013 09:28:20 AM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x8004FF05
Description:Can't complete the Setup Wizard. One or more command line arguments are invalid. Error code:0x8004FF05.

Error: (10/10/2013 09:07:24 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (09/25/2013 10:28:24 PM) (Source: Application Error)(User: )
Description: cbase10.exe10.0.0.3cbase10.exe10.0.0.3000059c9

Error: (09/13/2013 03:52:55 PM) (Source: Application Error)(User: )
Description: plugin-container.exe23.0.1.4974mozalloc.dll23.0.1.497400001988


=========================== Installed Programs ============================

%WS4_ARP_DISPLAY% (Version: 04.00.6001.503)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Advanced SystemCare 6 (Version: 6.4)
Akamai NetSession Interface Service
ArcSoft PhotoStudio 5.5
Bing Bar (Version: 7.3.107.0)
BlitzIn 3.0
CAM UnZip 4.5
Canon MP Navigator 2.0
Canon MP500
Canon Utilities Easy-PhotoPrint
CCleaner (Version: 4.06)
ChessBase 10 (Version: 10)
CPUID CPU-Z 1.62
Deep Rybka 3 (Version: 3.0)
Driver Booster (Version: 1.0)
Easy-WebPrint
ESET Online Scanner v3
FileHippo.com Update Checker
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
IObit Malware Fighter (Version: 2.1)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Junk Mail filter update (Version: 14.0.8117.416)
Kobo (Version: 3.3.11)
LENOVO OKE FN PS2 KEYBOARD (Version: V6.3.1221)
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 12.10.1113)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Service Pack 1 (Version: 1.1.4322)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Security Client (Version: 4.3.0219.0)
Microsoft Security Essentials (Version: 4.3.219.0)
Microsoft Silverlight (Version: 2.0.40115.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Octoshape add-in for Adobe Flash Player
OmniPage SE 2.0 (Version: 2.00.0004)
Rapport (Version: 3.5.1304.9)
Realtek AC'97 Audio (Version: 5.28)
Realtek High Definition Audio Driver (Version: 5.10.0.6418)
Secunia PSI (3.0.0.3001) (Version: 3.0.0.3001)
Segoe UI (Version: 14.0.4327.805)
Skype™ 6.0 (Version: 6.0.126)
Smart Defrag 2 (Version: 2.9)
SpywareBlaster 5.0 (Version: 5.0.0)
Trusteer Endpoint Protection (Version: 3.5.1304.9)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2808679) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VIA Rhine-Family Fast-Ethernet Adapter
WD Quick View (Version: 2.2.0.8)
WD SmartWare (Version: 2.2.0.8)
WD SmartWare Installer (Version: 2.2.0.8)
WD Software Upgrader (Version: 1.5.1)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Rights Management Client Backwards Compatibility SP2 (Version: 5.2.70)
Windows Rights Management Client with Service Pack 2 (Version: 5.2.70)

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 1983.48 MB
Available physical RAM: 1401.59 MB
Total Pagefile: 3876.48 MB
Available Pagefile: 3488.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.76 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:70.28 GB) (Free:9.94 GB) NTFS
2 Drive d: (Secondary Drive) (Fixed) (Total:162.61 GB) (Free:113.72 GB) NTFS

========================= Users: ========================================

User accounts for \\AL-2EE23B0BE121

Administrator            al                       ASPNET                   
Guest                    HelpAssistant            SUPPORT_388945a0         

========================= Minidump Files ==================================

No minidump file found


**** End of log ****


Results of screen317's Security Check version 0.99.74  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Secunia PSI (3.0.0.3001)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 7 Update 10  
 Java version out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 IObit IObit Malware Fighter IMFsrv.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive D:: 3%
````````````````````End of Log``````````````````````

 

Hop all i include evrything Aussie Addict and i await your assesment.many thx mate:):)



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 22 October 2013 - 04:33 PM

The thing is if it deletes them why would it need to quaranteen them??

There is a "hidden cache" that you can access just in case it takes a good / wrong program out.

Several items include "you only use F/fox", some tools are designed in a certain way (ActiveX is beyond my ken). Your motor car may be designed to run on XX Octane fuel, but you (or I do) just use the next vacant pump.

I can also tell you that a Safe Mode scan (Full or Quick) with many tools (Malwarebytes included) is only a 50% scan or so.

In Safe Mode, not all areas and programs are available to be scanned as Safe Mode only loads a basic amount of items.

You will always (mostly) get a report and any large problems can be found / isolated, but many are not opened for the scan.

 

The toolbars etc. are "sloppy downloads" from Hidden Extras (you just ticked continue and did not read it). We all do it.

 

None of this is personal towards you, note I included We all do it. Me too.

 

I will spend the next 15 minutes ot so going over those logs (briefly) to see what is there -

 

Thanks -



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 22 October 2013 - 05:35 PM

Hi -

A 95% good set of scans with just a few items that I would attend to -

 

Java 7 Update 10 
Java version out of Date! Important to remove all old versions and update
Version7 Update45 is current now
Open Java Auto Updater (Version: 2.1.9.0) in Control panel and the second tab is Update.
 
Hosts content is OK and set to normal

 

Pinging yahoo was a bit "slow" but we overload them at times

 

Most Errors are only basic at this time. I can add diskcheck but it looks OK.

 

ESET Online Scanner  can remain in Add / Remove as it makes the next scan quicker

 

Due to my optional only versions, these I consider not required programs -

IObit Malware Fighter (Version: 2.1) - Malwarebytes well exceeds this, and do you normally see forums asking for you to use and install this Chinese program (except for IObit forum) ??
and Smart Defrag 2 (Version: 2.9) - Another IObit add-on. (not required)

Please note that IObit is a Chinese program, and was the only one available to them for a while, so it is logical that they have so many users, and I and 95% of others prefer Malwarebytes as their choice (read any forum) -

 

Stay off all Torrent sites (I Never use them) and just watch your downloads -

 

For your review, and (if you wish) comments.



#9 bigalster

bigalster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 22 October 2013 - 08:39 PM

Goodday Aussie Addict,

                                        i was told that get rid of Java,you don't need this and it provides backdoor for virus malware etc...Now you tell me tio instal;l it.

I have it disabled in my Firefox Plugins,now i am confused.i did update it but notsure if unisatlled older version.

 

Did get rid as per your suggestion,IOBIT Smart DeFrag,i agree with you,they are gone! Dont use Torrent and don't do downloads like movies,although i do watch some sporting events on StreamMe Watch. Is that okay? You get live Football matches,cricket,baseball,boxing etc...

 

 

Oh i forgot to ask just how serious was that Java/Exploit CVE-2010-0094P.Trojan?? Is it a serious virus and malware infection?

As i indicated my PC was really operating well.I just happened to run MBAM as i do and it originally found that PUP.Optional and then i decided to run ESAT and it found the Java/Exploit CVE. So it was just by accident that i discovered i had it. I gather it is good to run ESAT once per week then as it appears to be more thorough. Many thx mate:) Goodday!


Edited by bigalster, 22 October 2013 - 08:51 PM.


#10 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 22 October 2013 - 09:28 PM

i was told that get rid of Java << Well I only posted that as you have it listed in your Current Programs.

Since you had it listed, I was just telling you that there was an old version listed, and Old versions should be updated.

notsure if unisatlled older version << You only need to look in Add / Remove in Control Panel for installed version

Also you had the Java Updater installed so I just showed you how to use it

 

Any programs that link via Torrents are generally a risk for infection.

Is StreamMe Watch, a way around legal use of Paid TV etc. as this would be a good backdoor for infections.

You do not need to tell me if it is, but if it is, then you have been warned that it can carry infections

 

Java/Exploit CVE-2010-0094P.Trojan can spread and be a severe infection if not removed as soon as found.

Note that MBAM is not your prime Virus protection, that is your Antivirus program

 

Is all OK now - Please ask if you want any extra information that I may be able to help with.

 

Your system is generally cleaned, but in this area we are limited to what tools we can use



#11 bigalster

bigalster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 22 October 2013 - 10:05 PM

Aussie Addict, what is your opinion of Java?I have it diabled in my Firefox Plugins (that is Java Deployment Tool kit and the Java™Platform SE 745)

to be specific because i was told that there was this world-wide panic several months ago about how bad Java is and that we don't really need it.Case in point is the fact that i did pick up the Java/Exploit CVE-2010-0094P.Trojan. i was told to deactivate it and i read everywhere that it is good thing to do.

I know that MBAM is not my primary virus protection,MS Essentials is .MBAM finds things that MS Essentials doesn't and ESAT also found stuff that the other two never found.You touched on that though  already.I wasn't sure i understood why you mentioned SafeMode and running scans in Safe Mode.

I never mentioned Safe Mode although i think that in these forums often if a PC is badly infected scans in safe Mode are recommended,but this wasn't my case. I agree that maybe Stream Me Watch is iffy and a backdoor to infection so i will eliminate that:) That makes sense.

The Java stuff i find very confusing,some say it is essential others say you don't really need it and it is dangerous for infections.Give me your opinion on this controversy?  

I want to kindly thank you Aussie Addict,a very good day and thanks so much for all your kind help!

bigalster



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 22 October 2013 - 10:45 PM

The Java stuff i find very confusing < We all do, but it is required to run some games / programs / etc -

 

I have it Enabled and an Updater tells me when the next version is ready.....I did know there was to be problems at Java a couple of months ago, now they start using things like Updates from 40 to 45 with nothing between.

 

All  the Safe mode //// stuff was just a part of explaining why we ask for scans in I.E. rather than your standard browser, and that was about it (a mini Lecture that I waste my time on, but enjoy << Understand that bit and you understand the rest)

 

Java/Exploit CVE-2010-0094P.Trojan can also be an old existing problem that stuck its head up at the wrong time and got it cut off. I would need to go back and find what the "2010" part was related to exactly -

 

EDIT From M/soft - - -

First detected on: Aug 10, 2010

This entry was first published on: Aug 16, 2010

Edited by noknojon, 22 October 2013 - 10:50 PM.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 26 October 2013 - 03:53 PM

If you require further help =>

Follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.

 

If you are unable to complete any step, please post the topic and leave a full description of your problems

 

When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

 

Please Use Copy / Paste for your responses, and Do Not Attach them unless your helper requests this.

 

If HelpBot responds to your topic, please follw his Step #1 so the team will be notified.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users