Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Jackbot Infection detected by Avast


  • Please log in to reply
2 replies to this topic

#1 Overwatch

Overwatch

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 03 March 2014 - 12:28 PM

I have MalwareBytes Anti-Malware and Avast 2014 installed.

I am running Windows 7 64bit.

I run Avast scan once every week and MBAM scans 2 or more times a week.

 

I ran a Boottime scan with Avast last night and it has found 4 pieces of malware in the same file. I am not able to find the boottime log but in my quarantine but they are listed as:

 

Java:Jackbot-R

Java:Malware-Gen

Java:Agent-HCH

Java:Jackbot-G

 

and they were all found in different .class files inside of "svchost302236404.jar" which was located:

 

C:\users\owner\AppData\Roaming\svchost302236404.jar

 

I looked into the infections online and it appears they could have been installed from a Minecraft modifications and that they are used as RAT tools and keyloggers to steal information. I generally only download modifications from trusted sources(Minecraft Forums) and I haven't downloaded one in quite some time.

 

This didn't sit too well with me so I went to check for the "svchost302236404.jar" file to see when it was added and to see if I could figure out where it was installed from. Unfortunately, when I check for the file in the Roaming folder, the file is not there. Avast didn't say it quarantined the "svchost302236404.jar" only the 4 .class files that were infected inside of it. 

 

I ran a quick Malwarebytes scan and that found 0 infections but I ran it before countless times and it has never found the file(Note sure how long the infection has been on the computer).

 

Is it possible that the file has hidden itself or moved itself or would Avast have removed it completely? 

 

I want to start changing some passwords but not until I am certain that this malware is first dealt with.

 

Any help is appreciated.


Edited by Overwatch, 03 March 2014 - 12:36 PM.


BC AdBot (Login to Remove)

 


#2 Overwatch

Overwatch
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 06 March 2014 - 10:24 AM

I`ve opted to perform a reformat. This topic can be locked/closed. Thank you.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:47 AM

Posted 06 March 2014 - 01:50 PM

Sometimes a reformat or a factory restore is the best solution. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action.

We do not close (lock) topics in this forum unless a member has been asked to (and does) start a new topic in the Malware Removal Logs forum and post the required logs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users