Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Exploit.wmf


  • Please log in to reply
8 replies to this topic

#1 Sherman8r44

Sherman8r44

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Location:Lawng Oiland, New Yawk
  • Local time:05:18 PM

Posted 21 August 2006 - 06:44 PM

Hi everyone,

I just got my computer (Windows XP Home) last week and updates are automatic, so I believe I have the WMF patch. There are no high-priority updates left at windowsupdate.com, so I think I have it. Which confuses me because I clicked an apparently bad email, and I got infected with some sort of virus(es) that look like Exploit-WMF to me.


So far, I ran AVG Free and NONE of the files found could be fixed. :thumbsup: here were the bad results:

VIRUS IDENTIFIED Java\ByteVerify in
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601 a.jar-523da84a-56f54064.zip:\SandBoxEscape.class

VIRUS IDENTIFIED Java\ByteVerify in
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601 a.jar-523da84a-56f54064.zip:\SuperMSClassLoader.class

VIRUS IDENTIFIED Java\OpenStream in
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601 a.jar-523da84a-56f54064.zip:\Installer.class

VIRUS IDENTIFIED Java\ByteVerify in
C:\Documents and Settings\Compaq_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601 a.jar-523da84a-56f54064.zip

MAY BE INFECTED Exploit.WMF in
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\4ZMBQHQX\video[1].wmf

VIRUS FOUND Exploit in
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\MN4VY54B\pluginst[1].htm


What is the way to remove this? THANK YOU!!!!!!!!!

Edited by Sherman8r44, 21 August 2006 - 06:56 PM.


BC AdBot (Login to Remove)

 


m

#2 FifeFlyer

FifeFlyer

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Location:North of Hadrians Wall.
  • Local time:10:18 PM

Posted 22 August 2006 - 06:01 AM

Hi Sherman8r44 , if you have the sun java console and the cache tab it's just a case of :

Click on start
Control panel
Open Java Plug-in
Click on the Cache tab
Click clear

To stop this from happening again uncheck the enable cache
This should remove these viruses.

Run AVG again to check it's gone.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:18 PM

Posted 22 August 2006 - 07:17 AM

FifeFlyer's instructions with graphics can be found here.
Also to clean your your Web Browser Cache follow the instructions here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Sherman8r44

Sherman8r44
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Location:Lawng Oiland, New Yawk
  • Local time:05:18 PM

Posted 22 August 2006 - 07:25 AM

Sweet, thanks for the quick concise replies! I'm about to run AVG and hope it's all gone...

#5 Sherman8r44

Sherman8r44
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Location:Lawng Oiland, New Yawk
  • Local time:05:18 PM

Posted 22 August 2006 - 07:36 AM

MAY BE INFECTED Exploit.WMF in
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\4ZMBQHQX\video[1].wmf

VIRUS FOUND Exploit in
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\MN4VY54B\pluginst[1].htm


Okay, the Java viruses are all gone (thank you! :thumbsup: ) but these two are still there. Right now I just put them in the AVG Virus Vault. So now do I deal with these two? Are they related to the other Java problems? Thanks again!

Edited by Sherman8r44, 22 August 2006 - 07:38 AM.


#6 FifeFlyer

FifeFlyer

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Location:North of Hadrians Wall.
  • Local time:10:18 PM

Posted 22 August 2006 - 07:59 AM

Hi again , these two files should have been deleted by clearing your web browsers cache. Nevertheless you can finally remove them by opening AVG and deleting them from the virus vault. The next time you run AVG all traces should be finally gone.



p.s. thanks for your input quietman7 :thumbsup:

Edited by FifeFlyer, 22 August 2006 - 08:02 AM.


#7 Sherman8r44

Sherman8r44
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Location:Lawng Oiland, New Yawk
  • Local time:05:18 PM

Posted 22 August 2006 - 09:57 AM

All better! Thank you FifeFlyer and quietman7! :thumbsup:

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:18 PM

Posted 22 August 2006 - 10:44 AM

Your welcome.

Don't forget to verify your JAVA Software Installation & Version here.
If you need to update, download and install the latest version of Java Runtime Environment.
Installation instructions if needed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 FifeFlyer

FifeFlyer

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Location:North of Hadrians Wall.
  • Local time:10:18 PM

Posted 22 August 2006 - 11:59 AM

Pleased you're sorted and thanks for the feedback. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users