java problem and more
 

Today, when opening a normal page here, i got a warning of my anti-virus that the access would be denied because of a trojan virus and the java symbol pop-up has if I was enable the program.
Then, when going to google and search a website, it took a long time to do it and when I clicked in the first link it when strait to another completly difrent web page and my anti-virus went mad with all the trojans and etc.

After running the AV, it detected some trojan in the java program folder and other trojans in IE temp files, etc. After clean up, deleting all the temp files, running the av a few times in selected folders, noting.
After rebooting the pc, I went to google and see if every was fine. No, still the same thing.
Went looking for any thing similar on the web, read about it in the java site, cleaned the program cache, unistaled and reinstaled after reboot, etc.
But my google page is the same. Long times to do any search and the first click on any link sends me to a virus paradise.
Any one had some similar experience? Is the browser damage in any away? Im thinking of unistalling IE8 and then reinstall or install mozilla.

Any other access to sites is fine. MSN also, so it's not a slow internet connection.

PS: My antivirus is the NOD32, already runned ccleaner and spyboot!

What's the Virus identified as?

HunterICX

Maybe a root-kit

Try uninstalling java, and then visit a google link (without java). Does it still send you to a virus site?

I'd install Firefox anyway (less vulnerability to viruses etc. being one of its advantages)

Starting in Safe Mode with Networking,to solve the problem

It's an idea. The anti-virus identifided this:
28-09-2010 18:56:53 HTTP filter file http://86.55.211.118/phxop001/l.php?i=2 a variant of Win32/Kryptik.GZK trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\javaw.exe.
28-09-2010 18:19:43 HTTP filter file http://rezamaj.co.cc/CVMGCi8JNBdZDYV...zgPdJh?s=samba& a variant of Win32/Kryptik.EWF trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\javaw.exe.
28-09-2010 18:19:34 HTTP filter file http://rezamaj.co.cc/client.zip Java/TrojanDownloader.Agent.NBU trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Application Data\Microsoft\Windows\shell.exe.
28-09-2010 18:07:07 HTTP filter file http://mneboras.com/mneboras9/files/bobbystellar.jar multiple threats connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Definições locais\Temp\0.9025880865312967.exe.
28-09-2010 18:07:04 HTTP filter file http://mneboras.com/mneboras9/files/java.jar Java/Exploit.Agent.NAL trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Documents and Settings\Administrador\Definições locais\Temp\0.9025880865312967.exe.

Many of the virus were when google redirects me.

I did some search and it's a root-kit, and many people have/had this problem.. Downloaded the removal tool from kaspersky but didn't found anything. Then downloaded, installed and runned emsisoft anti-malware, but didn't found any thing.
Possibly do it again in safe mode.

Use this link,
 

for clean an get rid of the prob.

http://www.f-secure.com/en_EMEA/secu...nline-scanner/

Already did it. In a google support forum:
"then downloaded kaspresky malware tool and finally got rid of it what I found was, a rootkit that was called TDL3, it's the third generation of TDSS which uses rootkit technology to hide itself on a system by infecting drivers like atapi.sys, iastor.sys and a few others. Atapi.sys is a common target for this rootkit because it loads early during the boot process and is difficult to detect. Common symptons/signs of this infection include:Google redirection.Slowness of the computer and poor performance."

trying to get some removal tool that works. Also read that in one case, the "bad guy" was in the router. Could this happend with a modem?

Rhodes! To avoid this in the future so add, some add-on for firefox (if you use the browser) Noscript, Ad Block Plus, WOT, etc.

Possibly, but will try to fix this and use IE8. I do not have the certain thai it will not happen in firefox!

As long as you have a connection via the Internet, you can get it all down, at worst, therefore I propose real-time protection, update at least once per hour, which is necessary and if it has web scanning (remove viruses from web traffic), it is a plus,here is links for "bad thing"

http://www.bleepingcomputer.com/viru...ing-tdsskiller

http://www.f-secure.com/weblog/archives/00001976.html

Yes, I'm in that sites reading, but the removal tool didn't find it. Will run it in safe mode to see if changes something. But I am begining to lose faith....


PS: Gentelmen, the bugger is terminated, killed, destroyed, obliterated!!!!!!! :/\\x:

I tried what many people said that had done the work, hitman 3.5 and it did. 3 things: the bugger made my IE access the net by a proxy server (possibly one specific to it) and the program deleted one shell.exe file and svchost.exe file also. After rebooting, went to google and had a normal and fast search and clicked on many sites, and it went there, no more virus paradise!

http://hitman-pro.en.softonic.com/ here's the link

It can be removed manually, also, by using the search,in the Start menu,

http://www.f-secure.com/en_EMEA/prod...es/blacklight/

http://www.tizersecure.com/about_TDL...ect_remove.php

http://forum.sysinternals.com/rootki...266_page1.html

http://hitmanpro.wordpress.com/2010/...l3-infections/

http://www.prevx.com/blog/155/x-TDL-...follow-up.html

Good news!
 

:up:

Forgot to thank every one here for the help and support, :yeah::salute:Vendor!