Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky Free Online Scan


  • Please log in to reply
6 replies to this topic

#1 Dennis H

Dennis H

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 16 June 2007 - 03:33 AM

Howdy,

I recently scanned my computer with Kaspersky Free Online Scan. The scan log indicated that I have a Trojan that has infected my computer. Below are the two items infected by the same Trojan.



C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72BF65DB.tmp Infected: Trojan.Java.ClassLoader.ao skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\72C20FD8.tmp Infected: Trojan.Java.ClassLoader.ao skipped


I searched for information about this Trojan and got the following results. (In order to enlarge the screen shot below to make it legible ,I had to disable my pop up blocker)


Posted Image





I removed Norton Security 2006 from my computer over a month ago. It looks as if these items are in quarantine somewhere in my computer.

After the scan I re-started my computer in safe mode and ran a scans with SpyBot S&D, Ad-Aware SE, AVG Anti-Spyware 7.5 Free and SUPERAntiSpyware. The combined results were three tracking cookies.

I then re-started in normal mode and ran a scan with Windows Live Care and Housecall, they came up clean.


Are these items harmless ? I ask that because it seems to show they are quarantined. Regardless, I would like to do away with these items.



Could someone please tell me how to locate these files (?) and how to delete them ?


Thank You for your time.


Dennis :thumbsup: XP Home, SP-2, IE-7

Edited by Dennis H, 16 June 2007 - 03:58 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:59 PM

Posted 16 June 2007 - 06:07 AM

Here is a link to Norton's removal tool. Whether it will allow you to remove the quarantined items or not, ????????
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 16 June 2007 - 06:40 AM

Thanks for the reply buddy215.

I used that tool when I removed my Norton Security 2006 products. Should I run it again ?





Dennis :thumbsup:

#4 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 19 June 2007 - 05:13 PM

Howdy,

It's me again.

Any thoughts or comments ??



Thanks,

Dennis :thumbsup:

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:59 PM

Posted 19 June 2007 - 06:50 PM

Hi Dennis H, well in Quarentine they are harmless

I've just a thought. Try a search all files/folders. Enter *.tmp and see what it finds.
You can delete them if found
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:59 PM

Posted 20 June 2007 - 12:29 AM

Hi Dennis

You can find the folder using Windows Explorer, (right click on start, click on explore) delete the following folder and all their content:

C:\Documents and Settings\All Users\Application Data\Symantec <--folder

And you may need to update your java,

Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586-p.exe to install the newest version.


Stelios

#7 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:02:59 PM

Posted 22 June 2007 - 10:17 AM

Thanks for the help. I found the temporary folders and deleted them.


DASOS,

The only Java showing on my computer is Version 1.6.0 (build 1.6.0_01-b06)

So I believe I am up to date.

Should I replace it anyway in case it was infected when I downloaded it ?





Thanks,

Dennis :thumbsup:

Edited by Dennis H, 22 June 2007 - 10:20 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users