|
java problem and more
Today, when opening a normal page here, i got a warning of my anti-virus that the access would be denied because of a trojan virus and the java symbol pop-up has if I was enable the program.
Then, when going to google and search a website, it took a long time to do it and when I clicked in the first link it when strait to another completly difrent web page and my anti-virus went mad with all the trojans and etc. After running the AV, it detected some trojan in the java program folder and other trojans in IE temp files, etc. After clean up, deleting all the temp files, running the av a few times in selected folders, noting. After rebooting the pc, I went to google and see if every was fine. No, still the same thing. Went looking for any thing similar on the web, read about it in the java site, cleaned the program cache, unistaled and reinstaled after reboot, etc. But my google page is the same. Long times to do any search and the first click on any link sends me to a virus paradise. Any one had some similar experience? Is the browser damage in any away? Im thinking of unistalling IE8 and then reinstall or install mozilla. Any other access to sites is fine. MSN also, so it's not a slow internet connection. PS: My antivirus is the NOD32, already runned ccleaner and spyboot! |
What's the Virus identified as?
HunterICX |
Maybe a root-kit
|
Try uninstalling java, and then visit a google link (without java). Does it still send you to a virus site?
Quote:
|
Starting in Safe Mode with Networking,to solve the problem
|
Quote:
28-09-2010 18:56:53 HTTP filter file http://86.55.211.118/phxop001/l.php?i=2 a variant of Win32/Kryptik.GZK trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\javaw.exe. 28-09-2010 18:19:43 HTTP filter file http://rezamaj.co.cc/CVMGCi8JNBdZDYV...zgPdJh?s=samba& a variant of Win32/Kryptik.EWF trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\javaw.exe. 28-09-2010 18:19:34 HTTP filter file http://rezamaj.co.cc/client.zip Java/TrojanDownloader.Agent.NBU trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Application Data\Microsoft\Windows\shell.exe. 28-09-2010 18:07:07 HTTP filter file http://mneboras.com/mneboras9/files/bobbystellar.jar multiple threats connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Definições locais\Temp\0.9025880865312967.exe. 28-09-2010 18:07:04 HTTP filter file http://mneboras.com/mneboras9/files/java.jar Java/Exploit.Agent.NAL trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Definições locais\Temp\0.9025880865312967.exe. Many of the virus were when google redirects me. I did some search and it's a root-kit, and many people have/had this problem.. Downloaded the removal tool from kaspersky but didn't found anything. Then downloaded, installed and runned emsisoft anti-malware, but didn't found any thing. Possibly do it again in safe mode. |
Use this link,
Quote:
http://www.f-secure.com/en_EMEA/secu...nline-scanner/ |
Already did it. In a google support forum:
"then downloaded kaspresky malware tool and finally got rid of it what I found was, a rootkit that was called TDL3, it's the third generation of TDSS which uses rootkit technology to hide itself on a system by infecting drivers like atapi.sys, iastor.sys and a few others. Atapi.sys is a common target for this rootkit because it loads early during the boot process and is difficult to detect. Common symptons/signs of this infection include:Google redirection.Slowness of the computer and poor performance." trying to get some removal tool that works. Also read that in one case, the "bad guy" was in the router. Could this happend with a modem? |
Rhodes! To avoid this in the future so add, some add-on for firefox (if you use the browser) Noscript, Ad Block Plus, WOT, etc.
|
Possibly, but will try to fix this and use IE8. I do not have the certain thai it will not happen in firefox!
|
As long as you have a connection via the Internet, you can get it all down, at worst, therefore I propose real-time protection, update at least once per hour, which is necessary and if it has web scanning (remove viruses from web traffic), it is a plus,here is links for "bad thing"
http://www.bleepingcomputer.com/viru...ing-tdsskiller http://www.f-secure.com/weblog/archives/00001976.html |
Yes, I'm in that sites reading, but the removal tool didn't find it. Will run it in safe mode to see if changes something. But I am begining to lose faith....
PS: Gentelmen, the bugger is terminated, killed, destroyed, obliterated!!!!!!! :/\\x: I tried what many people said that had done the work, hitman 3.5 and it did. 3 things: the bugger made my IE access the net by a proxy server (possibly one specific to it) and the program deleted one shell.exe file and svchost.exe file also. After rebooting, went to google and had a normal and fast search and clicked on many sites, and it went there, no more virus paradise! http://hitman-pro.en.softonic.com/ here's the link |
It can be removed manually, also, by using the search,in the Start menu,
http://www.f-secure.com/en_EMEA/prod...es/blacklight/ http://www.tizersecure.com/about_TDL...ect_remove.php http://forum.sysinternals.com/rootki...266_page1.html http://hitmanpro.wordpress.com/2010/...l3-infections/ http://www.prevx.com/blog/155/x-TDL-...follow-up.html |
Good news!
Quote:
|
Forgot to thank every one here for the help and support, :yeah::salute:Vendor!
|
We can take and a few beers in Funchal for the reasons you have solved your PC prob. :()1:
|
I had almost the same thing with Java, it effected firefox, every time I fired it up it tried to update some application, had to exit quickly, this was a while ago, I tried uninstalling firefox and reinstalling, fired it up and the same thing starts, both avira and ad-aware didn't find anything so I just saved my Outlook Express, game saves etc then re-ghosted my machine, best thing in the long run I reckon!:yep:
|
Same here, had a similiar malware that injected itself in some key system files mostly in the System32 folder so the virus just wouldn't die untill I did some heavy cleaning and restoring a bit frustrating and it really made me want to hurt people that create this kind of garbage.
HunterICX |
And what they get paid, to develop PC infections
|
Ideed. But now, I opened this thread and got the same virus from the first time detected by nod32 and and java console pop up. But it's strange, subsim is not infected! I am not seeing any site apart from this.
PS: 29-09-2010 10:34:24 HTTP filter file http://drerlre.co.cc/1.zip a variant of Java/Mugademel.A trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\java.exe. Its was this that appear! |
| All times are GMT -5. The time now is 06:32 PM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Copyright © 1995- 2025 Subsim®
"Subsim" is a registered trademark, all rights reserved.