Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Am Infected.....what Do I Do?


  • Please log in to reply
5 replies to this topic

#1 computer_time

computer_time

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 07 February 2007 - 08:09 PM

well this morning i did a deep scan of my pc with BitDefender v10 & found like this:

Summary:

C:\Documents and Settings\Manju\Local Settings\Temporary Internet Files\Content.IE5\6W8WMS71\444444[1].htm=>(JAVASCRIPT 1) Infected: Generic.XPL.MhtRedir.FD488364
C:\Documents and Settings\Manju\Local Settings\Temporary Internet Files\Content.IE5\6W8WMS71\444444[1].htm=>(JAVASCRIPT 1) Disinfection failed
C:\Documents and Settings\Manju\Local Settings\Temporary Internet Files\Content.IE5\6W8WMS71\444444[1].htm Moved
C:\Documents and Settings\Manju\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqy4kqpy.default\Cache\7A000CC2d01=>keygen.exe Infected: Trojan.Downloader.Small.ZP
C:\Documents and Settings\Manju\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqy4kqpy.default\Cache\7A000CC2d01=>keygen.exe Disinfection failed
C:\Documents and Settings\Manju\Local Settings\Application Data\Mozilla\Firefox\Profiles\cqy4kqpy.default\Cache\7A000CC2d01=>keygen.exe Move failed
C:\Documents and Settings\Manju\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-6d83b2cc.zip=>BlackBox.class Infected: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Manju\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-6d83b2cc.zip=>BlackBox.class Disinfection failed
C:\Documents and Settings\Manju\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-6d83b2cc.zip=>VerifierBug.class Infected: Java.Trojan.Exploit.Bytverify.C
C:\Documents and Settings\Manju\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-6d83b2cc.zip=>Dummy.class Infected: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Manju\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-6d83b2cc.zip=>Dummy.class Disinfection failed
C:\Documents and Settings\Manju\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-6d83b2cc.zip=>Beyond.class Infected: Java.Trojan.Exploit.Bytverify.C
C:\Documents and Settings\Manju\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-6d83b2cc.zip Moved

Still 4 virus remaining.....what should i do now

will cCleaner or superantispyware gonna work...

Any help would be appreciated...

Thanx

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 PM

Posted 07 February 2007 - 10:37 PM

I would run the Super antispyware, see if it knocks off those.
http://www.superantispyware.com/
Free home user version
btw Welcome to bleepingcomputer,computer_time
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:02:33 AM

Posted 08 February 2007 - 03:34 AM

Welcome to BC

Which version of Java do you have?

IMPORTANT NOTE: Backdoor Trojans are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider all your passwords to be compromised. They should be changed by using a different computer and not the infected one. Do not change passwords or do any transactions while using the infected computer because an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Did you try the scan in SAFE MODE?

Also do this :

* Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Under Browsing History, click "Delete".
* Click "Delete Files", "Delete cookies" and "Delete history"
* Click Close below.

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu..
* Click the Clear now button below.. A new window will popup what to clear.
* Select all and click the Clear button again.
* Click OK to close the Options window

* Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.

* Press OK to remove them.

Download install and update Ccleaner
After installing and updating go to options - advanced and tick prompt for registry back ups
Now Start up in safe mode
Do two runs

1) Click on problems and tick all. Click on analyse. At the end you will be prompted for storing a backup.
This will be stored, as a default, in My documents.
2) Click on cleaner click on analyse and accept all files to be removed.

After that

Download and scan with SUPERAntiSypware Free for Home Users

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.
* Scan in SAFE MODE

Edited by fozzie, 08 February 2007 - 03:34 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:33 PM

Posted 08 February 2007 - 10:06 AM

Java.ByteVerify is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. Attackers can exploit the vulnerability by creating malicious Java applets and inserting them into web pages that could be hosted on a web site or sent to users as an attachment. Trojan Exploit ByteVerify indicates that a Java applet - a malicious Java archive file (JAR) - was found on your system containing the exploit code. See here.

When a browser runs an applet, the Java Runtime Environment (JRE) stores all the downloaded files into its cache directory for better performance. Microsoft stores the applets in the Temporary Internet Files. Anti-virus programs have detected such malicious applets in the following directory:

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\
See: here.

AVG, eTrust EZ Antivirus, Pest Patrol and others will find Java/ByteVerify but cannot get rid of them. If you have the Java-Plugin installed, then deleting them from the Java cache and clearing's IE cache should eliminate the problem.

When done, reboot and do you scans again to make sure they are clean.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 computer_time

computer_time
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 09 February 2007 - 10:35 PM

Thanx a lot guys!!!

I think problem got solved.......

No virus found on next scan! :thumbsup:

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:33 PM

Posted 09 February 2007 - 10:44 PM

You're welcome
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users