Windows Support Forum

Solved: Potentially serious exploit for Java server software!

Q: Solved: Potentially serious exploit for Java server software!

http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html Note that the impact on desktop systems should be 'minimal' so home users need only install Update 24 (which fixes this problem) when it is released next Tuesday, 15th February.

Relevancy 100%
Preferred Solution: Solved: Potentially serious exploit for Java server software!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/directdownload.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Solved: Potentially serious exploit for Java server software!

This is supposed to be fixed by Update 24 which was released yesterday. If you allow Java to update automatically you should already have it, otherwise you can get it from here; http://www.java.com/en/download/windows_manual.jsp?locale=en&host=www.java.com

https://forums.techguy.org/threads/solved-potentially-serious-exploit-for-java-server-software.980055/
Relevancy 76.97%

A few days ago my computer was infected by a slew of nasties I ve removed many with the help of various programs Malware Bytes Trojan Remover AVG Avast Microsoft OneCare Ad-Aware Spybot S amp D and Avira However Microsoft OneCare reports that is is unable to remove the issues in the title My other symptoms include windows update blocked google yahoo search results redirected some random popups as well as some warnings from Ad-Aware that firefox and svchost have been trying to connect to malicious websitesI have been unable to run gmer all the way through as my computer keeps resetting before it s finished Here s my DDS DDS Ver - - - NTFSx Run by Andy Exploit:Java/CVE-2009-3867.GC & & Virus:Win32/Alureon.H Exploit:Java/CVE-2008-5353.KM at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows XP Home Edition GMT - AV Virus:Win32/Alureon.H & Exploit:Java/CVE-2009-3867.GC & Exploit:Java/CVE-2008-5353.KM AVG Anti-Virus Free On-access scanning enabled Updated DDD - FF- F- E B- D D BF AV AntiVir Desktop On-access scanning enabled Updated AD - F - A-A -FDD C AV avast Antivirus On-access scanning enabled Updated DB - F - A -B - A FD D AV Microsoft Security Essentials On-access scanning enabled Updated BCF -A - -AEDE-D FCBCFCDF Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC Program Files Microsoft Security Essentials MsMpEng exeC WINDOWS System svchost exe -k netsvcssvchost exeC Program Files AVG AVG avgchsvx exeC Program Files AVG AVG avgrsx exesvchost exeC Program Files Lavasoft Ad-Aware AAWService exeC Program Files AVG AVG avgcsrvx exeC WINDOWS Explorer EXEC Program Files Alwil Software Avast AvastSvc exeC WINDOWS system igfxtray exeC Program Files EeePC ACPI AsTray exeC Program Files EeePC ACPI AsAcpiSvr exeC Program Files EeePC ACPI AsEPCMon exeC Program Files Elantech ETDCtrl exeC Program Files Microsoft Office Office GrooveMonitor exeC WINDOWS RTHDCPL EXEC Program Files CyberLink PowerDVD PDVDServ exeC Program Files lg fwupdate fwupdate exeC WINDOWS system igfxsrvc exeC PROGRA AVG AVG avgtray exeC WINDOWS system igfxext exeC Program Files Adobe Reader Reader Reader sl exeC Program Files Common Files Real Update OB realsched exeC PROGRA ALWILS Avast avastUI exeC Program Files Avira AntiVir Desktop avgnt exeC Program Files Microsoft Security Essentials msseces exeC Program Files Common Files Java Java Update jusched exeC WINDOWS system ctfmon exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files WIDCOMM Bluetooth Software BTTray exeC Program Files ASUS EeePC Super Hybrid Engine SuperHybridEngine exeC Program Files WinTV WinTV WinTVTray exeC WINDOWS system spoolsv exeC Program Files Avira AntiVir Desktop sched exesvchost exeC Program Files Alwil Software Avast setup avast setupC Program Files Avira AntiVir Desktop avguard exeC Program Files AskBarDis bar bin AskService exeC Program Files Avira AntiVir Desktop avshadow exeC Program Files AskBarDis bar bin ASKUpgrade exeC Program Files AVG AVG avgwdsvc exeC WINDOWS system FsUsbExService ExeC PROGRA WinTV TVServer HAUPPA EXEC Program Files Common Files InterVideo RegMgr iviRegMgr exeC Program Files AVG AVG avgnsx exeC Program Files Java jre bin jqs exeC WINDOWS System svchost exe -k HPZ C WINDOWS System svchost exe -k HPZ C Program Files CyberLink Shared Files RichVideo exeC WINDOWS system svchost exe -k imgsvcC WINDOWS system wuauclt exeC Program Files WIDCOMM Bluetooth Software bin btwdins exeC Documents and Settings Andy Desktop dds scr Pseudo HJT Report uStart Page hxxp my excite com uInternet Settings ProxyServer http uInternet Settings ProxyOverride lt local gt mURLSearchHooks H - No FileBHO Adobe PDF Reader Link Helper e f-c d - d -b d- b d be b - c program files common files adobe acrobat activex AcroIEHelper dllBHO AskBar BHO f d - - d - c -aa e ed - c program files askbardis bar bin askBar dllBHO Skype add-on mastermind bf b-c d - d - a -a f ba c - c program files skype toolbars internet explorer SkypeIEPlugi... Read more

A:Virus:Win32/Alureon.H & Exploit:Java/CVE-2009-3867.GC & Exploit:Java/CVE-2008-5353.KM

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below and save it to your desktop:Download DDS and save it to your desktopLink1Link2Link3Please disable any anti-malware program that will block scripts from running before running DDS.Double-Click on dds.scr and a command window will appear. This is normal.Shortly after two logs will appear: DDS.txt Attach.txtA window will open instructing you save & post the logsSave the logs to a convenient place such as your desktopCopy the contents of both logs & post in your next replyScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"MBRCheckPlease also download MBRCheck to your desktop Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)It will show a Black screen with some data on it a report called MBRcheck will be on your desktopopen this reportRight click on the screen and select > Select All Press Control+Cnow please copy that report to this threadinformation and logs:In your next post I need the following1.logs from DDS2.log from RKUnHooker3. report from MBRchecker4.let me know of any problems you may have hadGringo

http://www.bleepingcomputer.com/forums/t/334725/viruswin32alureonh-exploitjavacve-2009-3867gc-exploitjavacve-2008-5353km/
Relevancy 75.68%

I have these infections Win32/ms07-017!exploit, Java/ByteVerify!exploit! and Java/Shinwow.BJ and I don't know how to remove them. I have eTrust EZ Antivirus Version 7.0.6.7. It runs the scan, detects it but doesn't get rid of it. Can someone please help?

A:Win32/ms07-017!exploit, Java/byteverify!exploit! And Java/shinwow.bj Infections

Java.ByteVerify is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. Attackers can exploit the vulnerability by creating malicious Java applets and inserting them into web pages that could be hosted on a web site or sent to users as an attachment. Trojan Exploit ByteVerify indicates that a Java applet - a malicious Java archive file (JAR) - was found on your system containing the exploit code. When a browser runs an applet, the Java Runtime Environment (JRE) stores all the downloaded files into its cache directory for better performance. Microsoft stores the applets in the Temporary Internet Files.The Java.ByteVerify will typically arrive as a component of other malicious content. An attacker could use the compiled Java class file to execute other code...Notification of infection does not always indicate that a machine has been infected; it only indicates that a program included the viral class file. This does not mean that it used the malicious functionality. See here. The following malicious applets have been discovered in the cache directory:1. Trojan.ByteVerify2. VerifierBug.class3. Java.JJBlack worm4. Java.Shinwow trojanThese malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011). If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer. See: here.AVG, eTrust EZ Antivirus, Pest Patrol and others will find Java/ByteVerify but cannot get rid of them. If you have the Java-Plugin installed, then deleting them from the Java cache should eliminate the problem. The Java Plug-In in the Control Panel is only present if you are using Sun's Java. If you don't have the Java-Plugin installed then just delete the files manually. The Microsoft Virtual machine stores the applets in the Temporary Internet Files.If your using Sun Java, follow the instructions for Clearing the Java Runtime Environment (JRE) Cache.If your using IE, Netscape, Mozilla, Opera, or AOL, follow the instructions for Clearing your Web Browser Cache.Win32/MS07-017!exploit is a generic detection of animated cursor files that attempt to exploit a vulnerability in the handling of these file formats. Also see Vulnerability in Windows Animated Cursor Handling.

http://www.bleepingcomputer.com/forums/t/93979/win32ms07-017exploit-javabyteverifyexploit-and-javashinwowbj-infections/
Relevancy 74.39%

Hello I was directed here by boopme from this thread http www bleepingcomputer com forums t exploitjavacve- - gena-exploitjavacve- - Hello and & exploit:Java/CVE-2012-1723.gen!A exploit:Java/CVE-2013-0431 thank you in advance for the advice The problems occurred yesterday and today My browser is Firefox exploit:Java/CVE-2012-1723.gen!A & exploit:Java/CVE-2013-0431 and my OS is Windows Home Premium SP Bit Yesterday while visiting a website MSE detected exploit Java CVE- - gen A When I opened MSE for more information it said that the exploit had been quarantined but it didn't exploit:Java/CVE-2012-1723.gen!A & exploit:Java/CVE-2013-0431 show up under quarantined items and gave an error message Security Essentials encountered the following error Error code x The program could not find the malware and other potentially unwanted software on this computer Now I've gotten this error before so I was really worried According to this It can also mean that the threat was blocked coming via an infected web page and then a scan was unable to remove it as it never saved to the browser cache I scanned with MBAM to make sure and it detected nothing Flashforward to today and when I scan my computer with MSE it says that I have exploit Java CVE- - Apparently unlike the other this threat hadn't been blocked So I removed the exploit emptied my java cache disabled Java on Firefox I had it disabled before but I think updating Firefox or Java turned it back on downloaded Noscript and scanned with MBAM It didn't detect anything But now I'm worried Can you help me ensure that my computer is clean My DDS DDS Ver - - - NTFS AMD Internet Explorer BrowserJavaVersion Run by CB at on - - Microsoft Windows Home Premium GMT - AV Microsoft Security Essentials Enabled Updated F -C A -C -E C-E BA FB SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF SP Microsoft Security Essentials Enabled Updated E -E -C D -D BC-D F Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS c Program Files Microsoft Security Client MsMpEng exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Windows system svchost exe -k LocalServiceNoNetwork c Program Files x Adobe Elements Organizer PhotoshopElementsFileAgent exe C Program Files x Intel Bluetooth devmonsrv exe C Windows system svchost exe -k bthsvcs C Program Files Conexant SA CxUtilSvc exe C Program Files Intel WiFi bin EvtEng exe C Windows system svchost exe -k LocalServiceAndNoImpersonation c Program Files Intel iCLS Client HeciServer exe C Program Files x Dell Dell Datasafe Online NOBuAgent exe C Program Files Common Files Intel WirelessCommon RegSrvc exe C Program Files x Dell DataSafe Local Backup sftservice EXE C Windows system svchost exe -k imgsvc C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Intel WiFi bin ZeroConfigService exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Program Files x Intel Bluetooth obexsrv exe C Windows system wbem unsecapp exe C Windows system wbem wmiprvse exe c Program Files Microsoft Security Client NisSrv exe C Windows system svchost exe -k NetworkServiceNetworkRestricted C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Program Files x Dell DataSafe Local Backup TOASTER EXE C Program Files x Dell DataSafe Local Backup COMPONENTS SCHEDULER STSERVICE EXE C Program Files Elantech ETDCtrl exe C Program Files Dell QuickSet quickset exe C Program Files x Intel Bluetooth BleServicesCtrl exe C Windows System rundll exe C Program Files Conexant SA SmartAudio exe C Program Files x Dell Stage Remote StageRemote exe C Program Files Elante... Read more

A:exploit:Java/CVE-2012-1723.gen!A & exploit:Java/CVE-2013-0431

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe and follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt Note: Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/491563/exploitjavacve-2012-1723gena-exploitjavacve-2013-0431/
Relevancy 74.39%

Hello and exploit:Java/CVE-2013-0431 exploit:Java/CVE-2012-1723.gen!A & thank you in advance for the advice The problems occurred yesterday and today My browser is Firefox and my OS is Windows Home Premium SP Bit Yesterday while visiting a website MSE detected exploit Java CVE- - gen A When I opened MSE for more information it said that the exploit had been quarantined but it didn't show up under exploit:Java/CVE-2012-1723.gen!A & exploit:Java/CVE-2013-0431 quarantined items and gave an error message Security Essentials encountered the following error Error code x The program could not find the malware and other potentially unwanted software on this computer Now I've gotten this error before so I was really worried According to this It can also mean that the threat was blocked coming via an infected web page and then a scan was unable to remove it as it never saved to the browser cache I scanned with MBAM to make sure and it detected nothing Flashforward to today and when exploit:Java/CVE-2012-1723.gen!A & exploit:Java/CVE-2013-0431 I scan my computer with MSE it says that I have exploit Java CVE- - Apparently unlike the exploit:Java/CVE-2012-1723.gen!A & exploit:Java/CVE-2013-0431 other this threat hadn't been blocked So I removed the exploit emptied my java cache disabled Java on Firefox I had it disabled before but I think updating Firefox or Java turned it back on downloaded Noscript and scanned with MBAM It didn't detect anything But now I'm worried Can you help me ensure that my computer is clean

A:exploit:Java/CVE-2012-1723.gen!A & exploit:Java/CVE-2013-0431

Hello lets look at this asExploit:Java/CVE-2012-1723 is a family of malicious Java applets that attempt to exploit a vulnerability (CVE-2012-1723) in the Java Runtime Environment (JRE) in order to download and install files of an attacker’s choice onto your computer.If you visit a website containing the malicious code while using a vulnerable version of Java, Exploit:Java/CVE-2012-1723 is loaded. It then attempts to download and execute files from a remote host/URL; the files that are downloaded and executed could include additional malware. Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

http://www.bleepingcomputer.com/forums/t/491554/exploitjavacve-2012-1723gena-exploitjavacve-2013-0431/
Relevancy 74.39%

New zero day vulnerability in Java.Article by Sophos.http://nakedsecurity.sophos.com/2012/08/28/unpatched-java-exploit-spreads-like-wildfire/?utm_source=Naked+Security+-+Sophos+List&utm_medium=email&utm_campaign=080ad38316-naked%252BsecurityWithin days of its discovery it appears that a new zero day flaw in Java could soon be in widespread use.FireEye first reported on the flaw being used in a targeted attack originating from a Chinese web server. The web page hosting the exploit is timestamped August 22nd, 2012.The flaw affects all versions of Oracle's Java 7 (version 1.7) on all supported platforms. Java 6 and earlier are unaffected. No patch is available at this time.

A:Zero day Java exploit in wild. "Unpatched Java exploit spreads like wildfire"

Thank you for keeping a watch for these types of things and informing us.

http://www.bleepingcomputer.com/forums/t/466754/zero-day-java-exploit-in-wild-unpatched-java-exploit-spreads-like-wildfire/
Relevancy 69.23%

I used the MSE (Microsoft Security Essential) to scan my computer since its performance has decreased dramatically from literary one day to another. The scan had deduced that my computer was infected with the 2 exploits listed above and although it says that it has cleaned my computer i am not that confident. Are there any more measures i can take to ensure that my computer is cleaned ? 
P.S. i have read various posts and forums but i am not entirely sure of what to do. Thanks a lot of reading and in advance for replying.
 

 attach.txt   8.6KB
  2 downloads
 

 dds.txt   20.01KB
  1 downloads

A:Infected with exploit:java/Anogre.E and Exploit:Java/CVE

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own actions! Please download FRST (by Farbar) from the link below and save it to your Desktop.Download Mirror #1If you are unsure whether you have 32-Bit or 64-Bit Windows, see hereDisable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)When the disclaimer appears, click Yes.Click Scan to start FRST.When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

http://www.bleepingcomputer.com/forums/t/541414/infected-with-exploitjavaanogree-and-exploitjavacve/
Relevancy 67.51%

Hi I am on Windows Home Premium MS Internet Explorer is installed but I only use it when my default browser Firefox does not display something correctly A Exploit Infection, Mail Exploit and hacking Jave Java Yahoo BKO couple of weeks ago I notice that my AVG protection turned off a couple of times so I ran a routine AVG virus scan AVG showed I had java Exploit and Java Exploit BKO Java Exploit and Jave Exploit BKO Infection, Yahoo Mail hacking and appeared to cleaned it up The only other possible symptom that I have had is Java Exploit and Jave Exploit BKO Infection, Yahoo Mail hacking my Yahoo email has been flagged for suspicious activity and I know it has been hacked a couple of times over the last - months I change my Yahoo password every time there is a hint of trouble but the suspicious activity continued including after I thought I removed Java Exploit Yesterday a new coworker told me that Java Exploit is very bad and impossible to get rid of and that if I have Java Exploit and Jave Exploit BKO Infection, Yahoo Mail hacking it I should buy a new computer to guarantee security He said Java Exploit runs Internet Explorer in the background Per his instructions I installed and ran Process Explorer to check Internet Explorer was not running in the background so I thought I was OK I installed and ran Malwarebytes which showed I had no problems I bought the computer a year ago tomorrow at Micro Center so I called their tech support I explained the above to the technician He remote accessed in and looked at the Process Explorer He spent about an hour loading and running various virus and malware software that included SuperAntiSpyware He only found a couple of harmless tracking cookies I let him talk me into buying their antivirus program ESET and another year of their tech support After I disconnected from Micro Center Tech support Process Explorer still does not show IE running in the background Based on what my coworker said and my limited understand of what I have read on this forum I am not confident that my computer actually is secure and free from Java Exploit or maybe something else It just seemed too easy to clean up from my computer My questions are Is it still possible to have Java Exploit or Java Exploit BKO If so is there any easy way to get rid of it I am not very computer savvy and would happily buy a new computer if it saved me from the stress of having to do anything more complicated that installing and running yet another antivirus program Do you think the Yahoo mail hacking is related to Java Exploit What type of data does Java Exploit look for All I can tell from web searching is that it installs malware Specifically does it go after financial date Does it want to spam my email hacking Use my computer as a robot to accomplish something else external of my machine or data Any opinions on Micro Center s ESET antivirus Thank you soooooooo much Miss Dazed Stunned and Infected

A:Java Exploit and Jave Exploit BKO Infection, Yahoo Mail hacking

Hello and welcome Miss Dazed. This explanation from our quietman7 may help.When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets, malicious Java class files are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in the JRE. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I agree with Rui Paz and recommend clearing the entire cache manually to ensure everything is cleaned out:Clear the Java cacheHow to Clear Java Cache in Windows 7If you want to perform a more thorough browser clean up, please refer to:How to Clear Your Browser's Cache<- for all versions of Internet Explorer, Firefox and different browsersMicrosoft Fix it: How to Delete the Contents of the Temporary Internet Files FolderSafely Delete the Temporary Internet Files <- for Internet Explorer 8How to clear the cache in Firefox>>>>>>>>>>>>>>>...Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Do not change the default options on scan results.Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.

http://www.bleepingcomputer.com/forums/t/498170/java-exploit-and-jave-exploit-bko-infection-yahoo-mail-hacking/
Relevancy 66.22%

My computer has been recently infected with some new kind of spyware called quot Java Figfub exploit quot which according to ca com was found just this month Here s the filepath C Documents and Settings Travis Application Data Sun Java Deployment cache e - ae b lt BaaaaBaa class gt ca com says the following files are also Java Figfub Exploit Solved: a part of the spyware though they weren t detected in the scan Solved: Java Figfub Exploit d class game class jaja class-aeeb c- ffaa c class Solved: Java Figfub Exploit java class Here s my Hijack This log Logfile of HijackThis v Solved: Java Figfub Exploit Scan saved at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C Program Files Yahoo Antivirus ISafe exe C Program Files ewido anti-malware ewidoctrl exe C WINDOWS system svchost exe C WINDOWS system fxssvc exe C Program Files iPod bin iPodService exe C Program Files Yahoo Antivirus VetMsg exe C WINDOWS Explorer EXE C Program Files Analog Devices Core smax pnp exe C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Real RealPlayer RealPlay exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files Dell Media Experience DMXLauncher exe C Program Files Dell Photo AIO Printer dlbubmgr exe C Program Files Dell Photo AIO Printer memcard exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files HP HP Software Update HPWuSchd exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Java jre bin jusched exe C Program Files BroadJump Client Foundation CFD exe C Program Files Yahoo Antivirus CAVTray exe C Program Files Yahoo Antivirus CAVRID exe C PROGRA Yahoo YOP yop exe C Program Files Dell Photo AIO Printer dlbubmon exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files DellSupport DSAgnt exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files SpywareGuard sgmain exe C PROGRA Yahoo browser ycommon exe C Program Files HP Digital Imaging bin hpqgalry exe C Program Files SpywareGuard sgbhp exe C Program Files Internet Explorer iexplore exe C Program Files Yahoo Antivirus CAVCtx exe C Program Files Internet Explorer iexplore exe C Program Files Internet Explorer IEXPLORE EXE C Program Files Internet Explorer iexplore exe C Documents and Settings Travis My Documents Stuff s o Travis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www rightwingnews com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext wmplayer exe ICWLaunch R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Yahoo R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SpywareGuardDLBLOCK CBrowserHelper - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dll O - BHO no name - - F - D - - D F - C DOCUME Travis MYDOCU STUFF SPYBO... Read more

A:Solved: Java Figfub Exploit

Clear your java cache as described here: http://www.java.com/en/download/help/5000020300.xml
 

https://forums.techguy.org/threads/solved-java-figfub-exploit.585963/
Relevancy 63.64%

how can i get rid of this virus please? My avg program blocks it everytime on my laptop. so i presume the virus is on the server? but cannot access my website www.ksamui.com from my laptop. funny but no problem from my android phone. have 2 subdomains also cannot access from laptop but ok with mobile.
my staff has same problem with her laptop ( not connected to mine in any way )
so really no idea to know if it is my computer or what ?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, 32 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, x64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 2010 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 781 Mb
Hard Drives: C: Total - 102304 MB, Free - 14547 MB; D: Total - 72406 MB, Free - 64922 MB; E: Total - 130427 MB, Free - 9535 MB;
Motherboard: Dell Inc., 0K138P
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled
 

https://forums.techguy.org/threads/have-exploit-blackhole-exploit-kit-type-2170-on-the-server.1066049/
Relevancy 63.64%

My Zone Alarm program has picked up two with and Trojan-Downloader.Java.Agent.cf Infected Exploit.Java.CVE-2009-3867d viruses in the space of about a week Exploit Java CVE- - d six days ago and Trojan-Downloader Java Agent cf today After the first Infected with Exploit.Java.CVE-2009-3867d and Trojan-Downloader.Java.Agent.cf I updated and ran Malware-Bytes and online ESET virus scan Computer was apparently clean Zone Alarm was set to do a full scan only every month and I m sure I set it to scan daily There are no scan logs for either the ZA antivirus or firewall After the downloader trojan appeared I updated and ran Malware-Bytes and again it showed no infection I ve run DDS log attached but GMER is not running for me The error message is C windows system config system The system cannot find the file specified I assume it s not working because the computer is set up as -bit Because of this only Services Registry and Files are checked I ran it anyway and for what it s worth it said no system modifications were detected The system is a Toshiba Satellite A running Windows - -bit DDS file DDS Ver - - - NTFSX Run by Cathy B at on Fri Internet Explorer Microsoft Windows Home Premium GMT SP Spybot - Search and Destroy enabled Outdated coloro SP SUPERAntiSpyware disabled Updated coloro Running Processes C windows system wininit exeC windows system lsm exeC windows system svchost exe -k DcomLaunchC windows system nvvsvc exeC windows system svchost exe -k RPCSSC windows System svchost exe -k LocalServiceNetworkRestrictedC windows System svchost exe -k LocalSystemNetworkRestrictedC windows system svchost exe -k netsvcsC windows system svchost exe -k LocalServiceC windows system svchost exe -k NetworkServiceC windows system nvvsvc exeC Windows SysWOW ZoneLabs vsmon exeC Program Files CheckPoint ZAForceField IswSvc exeC windows System spoolsv exeC windows system svchost exe -k LocalServiceNoNetworkC Program Files x Common Files Apple Mobile Device Support AppleMobileDeviceService exeC Program Files x Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exeC Program Files x Bonjour mDNSResponder exeC Program Files x Canon IJPLM IJPLMSVC EXEc Program Files x Microsoft SQL Server MSSQL MSSQL Binn sqlservr exeC Program Files x Microsoft Infected with Exploit.Java.CVE-2009-3867d and Trojan-Downloader.Java.Agent.cf Search Enhancement Pack SeaPort SeaPort exec Program Files Microsoft SQL Server Shared sqlwriter exeC windows system ThpSrv exeC windows system TODDSrv exeC Program Files TOSHIBA Power Saver TosCoSrv exeC Program Files TOSHIBA TECO TecoService exeC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Program Files x Spybot - Search amp Destroy SDWinSec exeC Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exeC windows system SearchIndexer exeC windows system svchost exe -k LocalServiceAndNoImpersonationC windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system WUDFHost exeC Program Files x TOSHIBA ConfigFree CFIWmxSvcs exeC Program Files x TOSHIBA ConfigFree CFProcSRVC exeC Program Files x TOSHIBA ConfigFree CFSvcs exeC windows System svchost exe -k secsvcsC windows system taskhost exeC windows system Dwm exeC windows Explorer EXEC Program Files TOSHIBA Power Saver TPwrMain exeC Program Files TOSHIBA SmoothView SmoothView exeC Program Files TOSHIBA FlashCards TCrdMain exeC Program Files Realtek Audio HDA RAVCpl exeC Program Files Synaptics SynTP SynTPEnh exeC Windows System ThpSrv exeC Program Files TOSHIBA TECO Teco exeC Program Files TOSHIBA HDMICtrlMan HDMICtrlMan exeC Program Files TOSHIBA BulletinBoard TosNcCore exeC Program Files TOSHIBA ReelTime TosReelTimeMonitor exeC Program Files Canon MyPrinter BJMYPRT EXEC Program Files x Canon SolutionMenu CNSLMAIN EXEC Program Files x Spybot - Search amp Destroy TeaTimer exeC Program Files x Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files x Windows Live Messenger msnmsgr exeC Program Files Synaptics... Read more

A:Infected with Exploit.Java.CVE-2009-3867d and Trojan-Downloader.Java.Agent.cf

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

http://www.bleepingcomputer.com/forums/t/328631/infected-with-exploitjavacve-2009-3867d-and-trojan-downloaderjavaagentcf/
Relevancy 63.64%

Hello,
 
I recently had the two Trojan virus warnings caught by my AVG Anti Virus - It says they were deleted but ever since I have had erratic, slow and error messages popping up on Firefox and Chrome. Can you please help me to see if something is still in my machine? I ran Malware Bytes - nothing found - then ran a full scan with AVG and again nothing. The machine just does not perform like it was at all.
 
Thank you for any help - Jeff

A:Trojan Horse Exploit Java and Java/CVE-2013-1493 Infection

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===How is the computer running now?Wait for further instructions.

http://www.bleepingcomputer.com/forums/t/594974/trojan-horse-exploit-java-and-javacve-2013-1493-infection/
Relevancy 63.21%

Help! I ran the Windows Safety Scanner. It detected four issues, but apparently, the scanner cannot clean three:

Exploit:Java/CVE-2008-5353.B
Trojan:Java/Selace.A
Trojan:Java/Selace.B

There is no concrete information on how to get rid of these unwanted visitors and prevent them from inviting themselves back. Please help! The virus keeps on re-directing me 80% of the time...

Thank you!

A:Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B

  
Quote: Originally Posted by Barbara511


Help! I ran the Windows Safety Scanner. It detected four issues, but apparently, the scanner cannot clean three:

Exploit:Java/CVE-2008-5353.B
Trojan:Java/Selace.A
Trojan:Java/Selace.B

There is no concrete information on how to get rid of these unwanted visitors and prevent them from inviting themselves back. Please help! The virus keeps on re-directing me 80% of the time...

Thank you!


Hi Barbara and welcome to seven forums

What do you have as an anti virus now?
If you can get to malwarebytes web page you can download from them and run. It isnt as known as a major AV and therefor less likely to be blocked
You can also try to boot in safe mode with networking.

Let us know what you find and how we can help

Ken J

http://www.sevenforums.com/system-security/35700-exploit-java-cve-2008-5353-b-trojan-java-selace-b.html
Relevancy 63.21%

I just finished cleaning up my sister's computer and decided that I should run scans on mine Norton on & Java/ByteVerify!exploit Found computer Java/Shinwow.AB Antivirus shows no infections however etrust anitvirus and panda activescan show infections Don't want to mess things up Found Java/ByteVerify!exploit & Java/Shinwow.AB on computer by just deleting files Here is my HI Jack this log and the logs from the two virus scanners Logfile of HijackThis v Scan saved Found Java/ByteVerify!exploit & Java/Shinwow.AB on computer at AM on Platform Windows XP SP WinNT MSIE Internet Explorer v SP Running processes C WINNT System smss exe C WINNT system winlogon exe C WINNT system services exe C WINNT system lsass exe C WINNT system svchost exe C WINNT System svchost exe C Program Files Common Files Symantec Shared ccProxy exe C Program Files Common Files Symantec Shared ccSetMgr exe C Program Files Norton Internet Security ISSVC exe C Program Files Common Files Symantec Shared SNDSrvc exe C Program Files Common Files Symantec Shared SPBBC SPBBCSvc exe C Program Files Common Files Symantec Shared ccEvtMgr exe C WINNT system spoolsv exe C Program Files Symantec LiveUpdate ALUSchedulerSvc exe C WINNT System CTsvcCDA exe C Program Files Common Files EPSON EBAPI eEBSVC exe C Program Files Common Files EPSON EBAPI SAgent exe C Program Files Norton Internet Security Norton AntiVirus navapsvc exe C WINNT System nvsvc exe C WINNT System svchost exe C Program Files Common Files Symantec Shared CCPD-LC symlcsvc exe C WINNT wanmpsvc exe C WINNT Explorer EXE C WINNT system SK DM EXE C WINNT system devldr exe C WINNT GWMDMMSG exe C Program Files Adaptec Easy CD Creator DirectCD DirectCD exe C Program Files Common Files Microsoft Shared Works Shared WkUFind exe C Program Files PhoneTools CapFax EXE C Program Files Winamp Winampa exe C Program Files Creative ShareDLL CtNotify exe C Program Files Common Files Symantec Shared ccApp exe C Program Files QuickTime qttask exe C Program Files Creative ShareDLL MediaDet Exe C WINNT System spool DRIVERS W X E S I F EXE C Program Files Common Files Real Update OB realsched exe C Program Files Netscape Netscape Netscp exe C Program Files Common Files AOL ee AOLHostManager exe C Program Files Common Files AOL ee AOLServiceHost exe C Program Files Sony Corporation Image Transfer SonyTray exe C Program Files MSAC-FD MSSTAT EXE C Program Files Messenger msmsgs exe C HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www donny com R - HKLM Software Microsoft Internet Explorer Main Start Page http www gateway net R - URLSearchHook AOLTBSearch Class - EA - - DB- F -D CA FB C D - C Program Files AOL AOL Toolbar aoltb dll N - Netscape user pref quot browser startup homepage quot quot http www yahoogroups com quot C Documents and Settings Owner Application Data Mozilla Profiles default s rh b l slt prefs js N - Netscape user pref quot browser search defaultengine quot quot engine C A CProgram Files CNetscape CNetscape Csearchplugins CSBWeb src quot C Documents and Settings Owner Application Data Mozilla Profiles default s rh b l slt prefs js O - BHO AcroIEHlprObj Class - E F-C D - D -B D- B D BE B - C Program Files Adobe Acrobat Reader ActiveX AcroIEHelper ocx O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO AOL Toolbar Launcher - C - CB - A -B F - EA C F - C Program Files AOL AOL Toolbar aoltb dll O - BHO Norton Internet Security - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - BHO no name - FDD B - D - ffb- - B AD ACC - C Program Files Microsoft Money System mnyviewer dll O - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF ... Read more

A:Found Java/ByteVerify!exploit & Java/Shinwow.AB on computer

Oops, forgot to add that I've been having IE crashes every now and then.
Thanks again!

http://www.techsupportforum.com/forums/f100/found-java-byteverify-exploit-and-java-shinwow-ab-on-computer-115459.html
Relevancy 63.21%

About 2 months ago, I downloaded Verizon's Internet Security Suite and on the inital scan, it came back with exploit.java.gimsh.b and Trojan-dowloader.java.openconnection.ap viruses. I have 2 of the explot virus and one of the trojan virus. I have done 2 system restores in the last 2 weeks in order to be able to use my computer to some extent.
These viruses are making it virtually impossible to use Internet Explorer, simple windows commands, and to check my Yahoo email. Please help me with removal or at the least quarantine of these viruses and let me know what to post for whomever is helping me. I have never joined a site like this and I am unsure of what info someone would need to have to assist me. I have a Dell desktop that is about 3 years old and this is the first time I have had this happen. I operate on Windows XP 2005.
Thanks for the assistance!

A:exploit.java.gimsh.b and Trojan-dowloader.java.openconnection.ap

Use Ccleaner to cleanup the Java cache, temporary files, logs, cookies, etc. During install you will be offered the YahooToolbar. UNcheck if not wanted. http://www.ccleaner.com/ Use the default settings for now. Use Super Antispyware to find and remove the malware.Be sure to update in regular mode before rebooting into Safe Mode to run the scan.Instructions for using SAS are in the link below.http://www.bleepingcomputer.com/forums/ind...t&p=1040160Open your control panel. Double click on the Java coffee cup. click on the update tab. click on update and allow the download.After downloading and installing the update, and reboot if necessary, go to Add/Remove program and remove ALL old Java programs. Post the SAS log back here.

http://www.bleepingcomputer.com/forums/t/186295/exploitjavagimshb-and-trojan-dowloaderjavaopenconnectionap/
Relevancy 62.78%

hello,

i scanned my computer with microsoft securtiy essentials and two things were quarinted, i deleted them but i am not sure if they caused problems to my computer or not. the names of the items were Exploit:Java/CVE-2011-3544.FM and Exploit:Java/CVE-2011-3544.FL. should i download the TSG SysInfo or since they are no longer on my computer, should i skip it.

i just wanted to know more about them and if they have caused any problems. thank you so much in advance.

ps. i was a little nervous to download tsg sysinfo. i am chicken to download certain things to my computer. ive never had a virus before.
 

A:Exploit:Java/CVE-2011-3544.FM and Exploit:Java/CVE-2011-3544.FL found on computer

SysInfo is clean. However, it's not necessary for a virus removal problem. The programs you'd need to download and run are listed here:
http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

I'd hope that MSE caught the whole infection anyway, but it may be safer to check.
 

https://forums.techguy.org/threads/exploit-java-cve-2011-3544-fm-and-exploit-java-cve-2011-3544-fl-found-on-computer.1068395/
Relevancy 61.49%

I ran windows online scanner and found a trojan that it was unable to remove and my scanners werent detecting I saw a similar post on your page that said to download Kaspersky and exterminate it even those would not get rid of it i also tried MSE it said it deleted it but it came right back as soon as it closed DDS Ver - - - NTFSx Run by home at on Mon Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Basic GMT - Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k rpcssc Program with Selace Exploit.java.....Java Infected Files Microsoft Security Essentials MsMpEng exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system AUDIODG EXEC Windows system svchost exe -k GPSvcGroupC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Program Files Avira AntiVir Desktop sched exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system WUDFHost exeC Program Files Common Files ArcSoft Connection Service Bin ACService exeC Program Files Avira AntiVir Desktop avguard exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Kodak AiO Center ekdiscovery exeC Program Files Avira AntiVir Desktop avshadow exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files Common Files New Boundary PrismXL PRISMXL SYSC Program Files Common Files Intuit QuickBooks QBCFMonitorService exeC Windows system Dwm exeC Windows Explorer EXEC Windows system taskeng exeC Windows system taskeng exeC Windows System igfxpers exeC Program Files Common Files ArcSoft Connection Service Bin ACDaemon exeC Program Files Common Files Research In Motion Auto Update RIMAutoUpdate exeC Windows System spool drivers w x EKIJ MUI exeC Program Files QuickTime QTTask exeC Program Files Microsoft Search Enhancement Pack SeaPort SeaPort exeC Windows system svchost exe -k imgsvcC Program Files Common Files Java Java Update jusched exeC Program Files Common Files Real Update OB realsched exeC Program Files Avira AntiVir Desktop avgnt exeC Program Files Infected with Exploit.java.....Java Selace Common Files InstallShield UpdateService ISUSPM exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Windows Media Player wmpnscfg exeC Windows System svchost exe -k WerSvcGroupC Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXEC Windows system SearchIndexer exeC Windows system WUDFHost exeC Windows system DRIVERS xaudio exeC Program Files Common Files Pure Networks Shared Platform nmsrvc exeC Program Files Common Files Microsoft Infected with Exploit.java.....Java Selace Shared Windows Live WLIDSvcM exeC Program Files Internet Explorer iexplore exeC Program Files Internet Explorer iexplore exeC Program Files Google Google Toolbar GoogleToolbarUser exeC Program Files Kaspersky Lab Kaspersky Anti-Virus klwtblfs exeC Program Files Windows Media Player wmpnetwk exeC Windows system Macromed Flash FlashUtil e exeC Windows system svchost exe -k SDRSVCC Windows system wuauclt exeC Windows system wbem wmiprvse exeC Windows system msiexec exeC Windows system MsiExec exeC Windows system wbem unsecapp exeC Windows servicing TrustedInstaller exeC Users home AppData Local Microsoft Windows Temporary Internet Files Content IE JFZVO NT Defogger exeC Program Files Internet Explorer iexplore exeC Windows system wuauclt exeC Windows system DllHost exeC Windows system DllHost exeC Users home Desktop dds scrC Windows system wbem wmiprvse exe Pseudo HJT Report uStart Page hxxp www aflac com uSearch Page hxxp us rd yahoo com customize ie defaults sp msgr http www yahoo comuSearch Bar hxxp www yahoo com search ie htmlmStart ... Read more

A:Infected with Exploit.java.....Java Selace

My "Documents and Settings" shows an arrow like the folder has been turned into a shortcut and I am locked out of it. It tells me I dont have permission to access it. The virus is located in this folder inside the Java folder.

http://www.bleepingcomputer.com/forums/t/317324/infected-with-exploitjavajava-selace/
Relevancy 59.34%

Would really appreciate some help since am at wits end I had IE installed on my PC and it started spontaneously shutting down yesterday It opens up fine and even navigates to a couple of pages but then shuts down I have not been able to figure out if there is a pattern to the kinds of pages that make it shut down definitely cannot Net-worm.win32.mytob.dn, Etc. Trojan-dropper.java.small.c, Win32.netsky.aa, Exploit.java.byteverify, go to Windows Update page Here are some new environmental things that have been happening over the last few days A game called Runescape has been played by a visiting nephew Said nephew has also watched Loonytunes on my PC I installed Kaspersky AV two days ago My old AV software Norton had expired days prior to installation of Exploit.java.byteverify, Trojan-dropper.java.small.c, Win32.netsky.aa, Net-worm.win32.mytob.dn, Etc. Kaspersky When I ran Kaspersky yesterday it told me that the following things had been Exploit.java.byteverify, Trojan-dropper.java.small.c, Win32.netsky.aa, Net-worm.win32.mytob.dn, Etc. discovered and fixed Exploit Java ByteVerify Exploit.java.byteverify, Trojan-dropper.java.small.c, Win32.netsky.aa, Net-worm.win32.mytob.dn, Etc. Trojan-Dropper Java Small c Win NetSky aa Trojan-Downloader Win Zlob cz Trojan-Downloader Win Zlob cy Win LovGate w Explot html mht Trojan-Dropper Win Mudrop ao However Kaspersky ran again last night and this morning I saw that there were a number of trojans and viruses that needed to be cleaned mostly the same as the ones above except Trojan-Spy HTML Sunfraud c and Net-Worm Win Mytob dn Here are some of the things I have done since yesterday which have made no difference Rolled back IE to IE Tried a variety of anti-spyware softwares and the only one that turned up something was on Spyware Doctor PS Guard However PS Guard has not shown up on any of the others I have tried SpyHunter AdAware Yahoo Spybot Ran CCleaner to do a general clean up Reinstalled IE Posted to quot Am I Infected quot forum and per instruction installed and ran Smitfraudfix Followed instructions in Topic except Windows Update which I am unable to perform I am running Windows XP Professional SP HijackThis log below Regards Girish Logfile of HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exeC WINDOWS system csrss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC WINDOWS system svchost exeC WINDOWS System svchost exeC Program Files CheckPoint SecuRemote bin SR Service exeC Program Files CheckPoint SecuRemote bin SR WatchDog exeC WINDOWS Explorer EXEC Program Files CheckPoint SecuRemote bin SR GUI ExeC WINDOWS system svchost exeC WINDOWS system svchost exeC Program Files Common Files Symantec Shared ccSetMgr exeC Program Files Common Files Symantec Shared ccEvtMgr exeC WINDOWS system spoolsv exeC Program Files Symantec LiveUpdate ALUSchedulerSvc exeC Program Files Common Files Microsoft Shared VS DEBUG MDM EXEC Program Files Norton SystemWorks Norton AntiVirus IWP NPFMntor exeC PROGRA NORTON NORTON NPROTECT EXEC WINDOWS system nvsvc exeC Program Files Spyware Doctor sdhelp exeC PROGRA NORTON NORTON SPEEDD NOPDB EXEC WINDOWS system svchost exeC Program Files Common Files Symantec Shared CCPD-LC symlcsvc exeC WINDOWS system fxssvc exeC WINDOWS System alg exeC WINDOWS system wscntfy exeC Program Files Adaptec Easy CD Creator DirectCD DirectCD exeC Program Files Yahoo browser ybrwicon exeC PROGRA SBCSEL SMARTB MotiveSB exeC Program Files Common Files Symantec Shared ccApp exeC Program Files Java jre bin jusched exeC Program Files QuickTime qttask exeC Program Files iTunes iTunesHelper exeC Program Files Microsoft ActiveSync WCESCOMM EXEC WINDOWS system devldr exeC WINDOWS system ctfmon exeC PROGRA Yahoo browser ycommon exeC Program Files SBC Self Support Tool bin mpbtn exeC Program Files iPod bin iPodService exeC Program Files Microsoft AntiSpywa... Read more

A:Exploit.java.byteverify, Trojan-dropper.java.small.c, Win32.netsky.aa, Net-worm.win32.mytob.dn, Etc.

Hello GMS and welcome to the BC HijackThis forum. Let's strt with a little cleanup. Please follow the steps below in order.Step #1If Norton has expired then go to the Control Panel->Add/Remove Programs and uninstall all Symantec/Norton products. If it has expired then it isn't performing any useful function to still be installed, and running 2 AV's can easily cause file access issues.Step #2Download ATF CleanerDouble-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Step #3Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)Now close ALL open windows except HijackThis and click the Fix Checked button.Reboot the machine to finish the repair.Step #4Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Updating Java:Note: the "XX" in the version will be whatever the latest version is.Download the latest version of Java Runtime Environment (JRE) 5.0 Update XX.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Check the box that says: "Accept License Agreement".The page will refresh.Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-1_5_0_XX-windowsi586-p.exe to install the newest version.Step #5Post back a new HijackThis log and let me know how things are running and if you had any problems performing the above steps.Cheers.OT

http://www.bleepingcomputer.com/forums/t/76273/exploitjavabyteverify-trojan-dropperjavasmallc-win32netskyaa-net-wormwin32mytobdn-etc/
Relevancy 57.62%

Initial symptoms:
a) Firefox started trying to open "file:///C:/ProgramData/Airstrongs/snp.sc" on startup
b) Target on firefox shortcut changed to '"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" %SNF%'
c) "findit" installed as a one-click search engine
d) Some websites started showing ads "Powered by SafeFinder"
e) There is a process "Airstrong.exe" running at all times

Same issues as initial keep coming back even after using multiple anti-malware programs

Used:
Malwarebytes Anti-Malware
AdwCleaner
JRT
 

A:Potentially unwanted software keeps coming back

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.

Please attach all report using button below. Doing this, you make it easier for me to analyze and fix your problem.

Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay for the repair.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.


Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

https://malwaretips.com/threads/potentially-unwanted-software-keeps-coming-back.55467/
Relevancy 56.33%

Ok so earlier this month I was searching exploit?!?!?! Java for some stuff and I was re-directed to a site that was rather unsavory but I digress it said something about please wait while we check your browser and a red blah went up in my mind so I exited out of Firefox Ever since hat my computer has been kinda buggy so today I ran avast and it picked up several java exploits Java exploit?!?!?! one of them was cve and I think it mentioned something about remote accesses and I'm kinda Java exploit?!?!?! scared idk if people have been Stealing my data or like I've heard of the NSA using exploits to track people and I digress I'm just really worried understandably and I'm also curious if this all stems from a problem I had way back and if Java exploit?!?!?! something keeps lurking on my computer Though avast didn't give me an alert when I went to the site so now I'm scared yeah So any help would be appreciated

A:Java exploit?!?!?!

After I scanned with avast on a boot-time scan my computer restarted (don't know if I found anything I was away for most of the scan) and when it restarted for a brief moment it displayed the "this copy of windows is not genuine" watermark when I know full we'll it is genuine, I fear this might be a root kit or boot kit.

http://www.bleepingcomputer.com/forums/t/509178/java-exploit/
Relevancy 56.33%

I m still having a problem with an infected file that has moved into a folder called Submit on my hard drive The file is called quot Java Figfub exploit quot and it s filepath is quot C Submit e - ae b lt BaaaBaa java exploit with help please class gt quot Here s my Hijack This log Logfile of HijackThis v Scan please help with java exploit saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE please help with java exploit C Program Files Analog Devices Core smax pnp exe C Program Files Intel Modem Event Monitor IntelMEM exe C Program Files CyberLink PowerDVD DVDLauncher exe C Program Files Real RealPlayer RealPlay exe C Program Files Yahoo Antivirus ISafe exe C WINDOWS system dla tfswctrl exe C Program Files Common Files InstallShield UpdateService issch exe C Program Files please help with java exploit ewido anti-malware ewidoctrl exe C Program Files Dell Media Experience DMXLauncher exe C Program Files Dell Photo AIO Printer dlbubmgr exe C WINDOWS system svchost exe C Program Files Dell Photo AIO Printer memcard exe C Program Files Common Files AOL ee AOLSoftware exe C Program Files HP HP Software Update HPWuSchd exe C Program Files Dell Photo AIO Printer dlbubmon exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C Program Files Java jre bin jusched exe C Program Files BroadJump Client Foundation CFD exe C Program Files Yahoo Antivirus CAVTray exe C Program Files Yahoo Antivirus CAVRID exe C Program Files Yahoo Antivirus VetMsg exe C WINDOWS system fxssvc exe C PROGRA Yahoo YOP yop exe C Program Files QuickTime qttask exe C Program Files iTunes iTunesHelper exe C WINDOWS system ctfmon exe C Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exe C Program Files DellSupport DSAgnt exe C Program Files HP Digital Imaging bin hpqtra exe C Program Files SpywareGuard sgmain exe C PROGRA Yahoo browser ycommon exe C Program Files iPod bin iPodService exe C Program Files HP Digital Imaging bin hpqgalry exe C Program Files SpywareGuard sgbhp exe C Program Files Internet Explorer iexplore exe C Program Files Yahoo Antivirus caaviftest exe C DOCUME Travis LOCALS Temp Temporary Directory for KillBox zip KillBox exe C Documents and Settings Travis My Documents Stuff s o Travis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http www rightwingnews com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www yahoo com R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http www yahoo com R - HKCU Software Microsoft Internet Connection Wizard ShellNext wmplayer exe ICWLaunch R - HKCU Software Microsoft Internet Explorer Main Window Title Windows Internet Explorer provided by Yahoo R - URLSearchHook Yahoo Toolbar - EF BD -C FB- D - F- D F - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Yahoo Toolbar Helper - D -C F - EFB- B - ECA - C Program Files Yahoo Companion Installs cpn yt dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO SpywareGuardDLBLOCK CBrowserHelper - A E - F- - B - B DDD DB - C Program Files SpywareGuard dlprotect dll O - BHO no name - - F - D - - D F - C DOCUME Travis MYDOCU STUFF SPYBOT SDHelper dll O - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoo... Read more

A:please help with java exploit

You can delete the folder: C:\!Submit
 

https://forums.techguy.org/threads/please-help-with-java-exploit.586010/
Relevancy 55.9%

I recently cleaned up a laptop running Win7 Home Premium. At the time it was running Norton 360, which I removed (showed as expired), and installed AVG Free. I scanned and came up with a bunch of viruses, then ran SuperAntiSpyware and MalwareBytes, which also found a ton of stuff. It is now clean and running really well, with the exception that Windows Action Center shows "Potentially Harmful Software Detected" and gives the option to "clean system" If I tried to clean the system it would launch Windows Defender, but it couldn't start the service. I unistalled AVG and ran sfc /scannow, which now allows Defender to start, but if I clean the system it launches Windows Defender and finds nothing. No matter what I try I cannot get the message to go away. Is there a way to clean action center or manually remove the message?
 

A:Action Center Showing Potentially Harmful Software Detected When No Issues Are There

Adjust what it notifies you:
http://www.howtogeek.com/80122/how-to-manage-action-center-in-windows-7-2/
 

http://forums.majorgeeks.com/index.php?threads/action-center-showing-potentially-harmful-software-detected-when-no-issues-are-there.313123/
Relevancy 55.9%

I am a computer dummy, I admit it but I sure would appreciate your help!

I have the Exploit:Java/CVE 2012-1723.ov virus

Yesterday I ran the microsoft clean up tool and it discovered 3 Java viruses. It removed 2 of them but the third it only removed partially. I went to add/remove and tried to remove Java 6 but received a pop up window that stated that "System cannot find registry Key" I then tried System Restore to set it to an earlier time but it would not restore to an earlier date.

I downloaded Java 7.5 which was probably a mistake. I have disabled it.

Microsoft Essentials does not recognize that I have virus but I can no longer cut and paste and am certain the virus is in the registry since it was only partially removed.

Can someone please help me remove this virus manually? I run Windows xp.

Thanks!

A:Help! Exploit Java Virus

p.s. Do I actually need JAVA on my computer?

Thanks!

http://www.techsupportforum.com/forums/f50/help-exploit-java-virus-661606.html
Relevancy 55.9%

Its been bothering me for weeks now I tried going into Java from control panel and deleting temp files for everyone and uninstalling Java and reinstalling the newer version Also tried leaving Java off after removing from uninstalling programs in control panel It won t go away I have Kapersky AVG Spybot etc and Kapersky is the only one picking it up but says it can t get rid of it I tried searching Exploit.Java.Gimsh.b rid Help-Can't on Help-Can't rid Exploit.Java.Gimsh.b this site but didn t get much for results I ran a scan on HJT but now being a techie don t really know what I m looking at Below is the results Any help would be greatly appreciated Its getting really annoying Dave Scan saved at PM on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system taskeng exe C Windows Explorer EXE C Windows system Dwm exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Windows StartupMonitor exe C Program Files Grisoft AVG avgcc exe C Program Files Microsoft Office Office GrooveMonitor exe C Program Files iTunes iTunesHelper exe C Program Files Windows Sidebar sidebar exe C Program Files Windows Live Messenger msnmsgr exe C Program Files AIM aim exe C Program Files Windows Sidebar sidebar exe C Program Files AIM aolsoftware exe C PROGRA MICROS Office OUTLOOK EXE C Program Files Internet Explorer ieuser exe C Program Files Internet Explorer iexplore exe C Program Files Common Files Microsoft Shared Windows Live WLLoginProxy exe C Program Files Mozilla Firefox firefox exe C Windows system Macromed Flash FlashUtil e exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe C Windows system taskeng exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page http www cnn com R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride localhost R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - A B - - e -AB -E E AA B - C Program Files AskPBar SrchAstt bin A SRCHAS DLL O - Hosts localhost O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Ask Search Assistant BHO - A B - - e -AB -E E AA B - C Program Files AskPBar SrchAstt bin A SRCHAS DLL O - BHO no name - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C Program Files Microsoft Office Office GrooveShellExtensions dll O - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Google Toolbar Helper - AA ED - DD- d - -CF F - c program files google googletoolbar dll O - BHO Windows Live Toolbar Helper - BDBD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - BHO Ask Toolbar BHO - F D F - - a- F-E F C F - C Program Files AskPBar bar bin ASKPBAR DLL O - Toolbar Ask Toolbar - F D F - - a- F-E F C F - C Program Files AskPBar bar bin ASKPBAR DLL O - Toolbar Windows Live Toolbar - BDAD DAD-C - A -ADC - B B FF D - C Program Files Windows Live Toolbar msntb dll O - Toolbar amp Google - C B - - d - B - A CD F - c program files google googletoolbar ... Read more

https://forums.techguy.org/threads/help-cant-rid-exploit-java-gimsh-b.696313/
Relevancy 55.9%

Please help with computer issue - suddenly receiving pop-error constanly of ih exe has encountered a problem and needs to close Have Charter Security Suite and it finds Exploit Java Gimsh virus Have uninstalled all Sun Java programs and ran through virus scans Lava Ad-Aware Spybot etc but continue to get the pop-up which makes it difficult to do anything Thanks for any help Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode NormalRunning processes C WINDOWS System smss exeC WINDOWS system winlogon exeC WINDOWS system services exeC WINDOWS system lsass exeC WINDOWS system svchost exeC Program Files Windows Defender MsMpEng exeC WINDOWS System svchost exeC Program Files Lavasoft Ad-Aware aawservice exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files Bonjour mDNSResponder exeC Program Files Charter High-Speed Security Suite Anti-Virus fsgk st exeC Program Files Charter High-Speed Security Suite Common FSMA EXEC Program Files Charter High-Speed Security Suite Anti-Virus FSGK EXEC Program Files Charter High-Speed Security Suite Common FSMB EXEC WINDOWS system svchost exeC WINDOWS system UStorSrv exeC Program Files Charter High-Speed Security Suite Common FCH EXEC Program Files Charter High-Speed Security Suite Anti-Virus fssm exeC Program Files Charter High-Speed Security Suite Common FAMEH EXEC Program Files Charter High-Speed Security Suite Anti-Virus fsqh exeC Program Files Charter High-Speed Security Suite FSAUA program fsaua exeC Program Files Charter High-Speed Security Suite FSPC fspc exeC Program Files Charter High-Speed Security Suite FWES Program fsdfwd exeC Program Files Charter High-Speed Security Suite FSAUA program fsus exeC WINDOWS Explorer EXEC Program Files Charter High-Speed Security Suite Anti-Virus Exploit.java.gimsh.6 - Help fsav exeC Program Files CyberLink PowerDVD DVDLauncher exeC WINDOWS system dla tfswctrl exeC Program Files Common Files InstallShield UpdateService issch exeC WINDOWS system hkcmd exeC WINDOWS Help - Exploit.java.gimsh.6 system igfxpers exeC Program Files Windows Defender MSASCui exeC Program Help - Exploit.java.gimsh.6 Files Dell AIO Printer A dlbabmgr exeC Program Files Charter High-Speed Security Suite Common FSM EXEC WINDOWS System svchost exeC Program Files Dell AIO Printer A dlbabmon exeC Program Files Charter High-Speed Security Suite FSGUI ispnews exeC Program Files Analog Devices Core smax pnp exeC Program Files Charter High-Speed Security Suite FSGUI fsguidll exeC WINDOWS system ctfmon exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Spybot - Search amp Destroy TeaTimer exeC Program Files iPod bin iPodService exeC Program Files Internet Explorer iexplore exeC Program Files Trend Micro HijackThis HijackThis exeC Program Files Charter High-Speed Security Suite FSAUA program ih exeR - HKCU Software Microsoft Internet Explorer Main Start Page http e my yahoo com config my init intl my amp from iR - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dllO - BHO Spybot-S amp D IE Protection - - F - D - - D F - C PROGRA SPYBOT SDHelper dllO - BHO DriveLetterAccess - CA D E- - CF- E - - C WINDOWS system dla tfswshx dllO - BHO no name - E D - A- EC-A -BA D E E - no file O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Share... Read more

A:Help - Exploit.java.gimsh.6

Duplicate log is being handled at Dell. Therefore I am closing this topic.

http://www.bleepingcomputer.com/forums/t/137053/help-exploitjavagimsh6/
Relevancy 55.9%

Hi guys I had viruses coming in my Microsoft security essential recently and they kept coming back java exploit and adware pornpop So I did a combofix and it seems to have cleaned my computer so here is the log and I did the DDS log too but I was unable to do the Gmer log I couldn t check some squares if someone has and idea what it could be again sorry for my english ComboFix - - - Fred - - - x Microsoft Windows exploit java combofix and Professionnel GMT - java exploit and combofix Lanc depuis C Users Fred Desktop ComboFix exe AV Microsoft Security Essentials Disabled Updated EA - D C- DFB- - E E F F SP Microsoft Security Essentials Disabled Updated C BB - B - - A - B A B B SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Un nouveau point de restauration a t cr Autres suppressions C install exe C Users Sam AppData Roaming result db Fichiers cr s du - java exploit and combofix - au - - - - - - -------- d-----w- C Users Sam AppData Local temp - - - - -------- d-----w- C Users Manon AppData Local temp - - - - -------- d-----w- C Users Default AppData Local temp - - - - ----a-w- C ProgramData Microsoft Microsoft Antimalware Definition Updates C F - CAB- - C- AF mpengine dll - - - - ----a-w- C ProgramData Microsoft Microsoft Antimalware Definition Updates Backup mpengine dll - - - - -------- d-----w- C Users Manon AppData Local Macromedia - - - - ------w- C ProgramData Microsoft Microsoft Antimalware Definition Updates - F- A - E C- F BD E gapaengine dll - - - - -------- d-----w- C Users Manon AppData Local Diagnostics - - - - -------- d-----w- C Users Sam AppData Local Macromedia - - - - -------- d-----w- C Users Fred AppData Local Macromedia - - - - -------- d-----w- C Program Files x Oracle - - - - -------- d-----w- C Users Fred AppData Roaming AnvSoft - - - - -------- d-----w- C Program Files x AnvSoft - - - - -------- d-----w- C ProgramData Research In Motion - - - - -------- d-----w- C Program Files x Common Files XCPCSync OEM - - - - -------- d-----w- C Users Sam AppData Local Research In Motion - - - - -------- d-----w- C Users Sam AppData Roaming Research In Motion - - - - ----a-w- C Windows system wups dll - - - - ----a-w- C Windows system wuaueng dll - - - - ----a-w- C Windows system wuauclt exe - - - - ----a-w- C Windows system wucltux dll - - - - ----a-w- C Windows system wups dll - - - - ----a-w- C Windows system wuapi dll - - - - ----a-w- C Windows system wudriver dll - - - - ----a-w- C Windows system wuwebv dll - - - - ----a-w- C Windows system wuapp exe - - - - ----a-w- C Windows system rdpwsx dll - - - - ----a-w- C Windows system rdpcorekmts dll - - - - ----a-w- C Windows system rdrmemptylst exe - - - - ----a-w- C Windows system ntoskrnl exe - - - - ----a-w- C Windows system profsvc dll - - - - ----a-w- C Windows SysWow ntkrnlpa exe - - - - ----a-w- C Windows SysWow ntoskrnl exe - - - - ----a-w- C Windows system win k sys - - - - ----a-w- C Windows system drivers rdpwd sys - - - - ----a-w- C Windows system msi dll - - - - ----a-w- C Windows SysWow msi dll - - - - -------- d-----w- C Users Sam AppData Local Microsoft Games - - - - ----a-w- C Windows system crypt dll - - - - ----a-w- C Windows system cryptsvc dll - - - - ----a-w- C Windows system cryptnet dll - - - - ----a-w- C Windows SysWow cryptsvc dll - - - - ----a-w- C Windows SysWow crypt dll - - - - ----a-w- C Windows SysWow cryptnet dll - - - - ------w- C ProgramData Microsoft Microsoft Antimalware Definition Updates NISBackup gapaengine dll - - - - ----a-w- C Program Files x Mozilla Firefox msvcr dll - - - - ----a-w- C Program Files x Mozilla Firefox msvcp dll Compte-rendu de Find M - - - - ----a-w- C Windows SysWow FlashPlayerCPLApp cpl - - - - ----a-w- C Windows SysWow FlashPlayerApp exe - - - - ----a-w- C Windows SysWow FlashPlayerInstaller exe - - - - ----a-w- C Windows SysWow npDeployJava dll - - - - ----a-w- C Windows SysWow deployJava dll - - - - ----a-w- C Windows system msclmd dll - - - - ----a-w- C Windows SysWow msclmd dll Poin... Read more

A:java exploit and combofix

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/460006 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just... Read more

http://www.bleepingcomputer.com/forums/t/460006/java-exploit-and-combofix/
Relevancy 55.9%

G'Day

I think the southern cross cables website has been some how hacked/exploited.

So i visited southerncrosscables.com (visit URL at own risk) just to check news and updates. A java applet popped up. It linked to miproperty.com.au. Originally the java applet linked to 77.68.45.148/pdn.php (visit this at own risk). I never allowed the applet to run. I'm just curious if it hurt me computer?

The source code of pdn.php is:
I would just like to know if i have still been infected?

There were no suspicious entries in my HJT log. Certainly AVAST real time scanner didn't pick up anything.

A:Java Applet Exploit

miproperty.com.au.Mi Corp Property specialise(sic) in developing luxury tropical Queensland property solutions.Possibly a legitimate ad on southern cross cables website----------------------------------------Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".-------------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note:-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Note 2:-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs----------------------------------If your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:Download... Read more

http://www.bleepingcomputer.com/forums/t/212804/java-applet-exploit/
Relevancy 55.9%

have 4 of these,and there is Win32/Alemod,and Java/Shinwow.M
 

Relevancy 55.9%

I was referred to this forum section by boopme from the Am I Infected section We have performed some tests and malware cleaners but need further assistance Below are the logs from DDS DDS Ver - - - NTFS x Internet Explorer Run by Nathan at on - - Running Processes C WINDOWS system spoolsv exe C WINDOWS System SCardSvr exe C WINDOWS Explorer EXE C Program Files Apoint Apoint exe C Program Files Trend Micro Internet Security UfSeAgnt exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS system igfxsrvc exe C Program Files Java Exploit/Ransomware Apoint ApMsgFwd exe C Program Files Apoint HidFind exe C Program Files Apoint Apntex exe C Program Files Motorola Media Java Exploit/Ransomware Link Lite NServiceEntry exe C Program Files LeapFrog LeapFrog Connect CommandService exe Java Exploit/Ransomware C Program Files Common Files Microsoft Shared VS DEBUG MDM EXE C Program Files Trend Micro Internet Security SfCtlCom exe C WINDOWS system dllhost exe C WINDOWS system dllhost exe C WINDOWS system msdtc exe C Program Files Trend Micro Internet Security TmPfw exe C Program Files Trend Micro BM TMBMSRV exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k WudfServiceGroup C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C WINDOWS system svchost exe -k LocalService C WINDOWS system svchost exe -k imgsvc C WINDOWS System svchost exe -k HTTPFilter Pseudo HJT Report uWindow Title Internet Explorer optimized for Bing and MSN uSearchMigratedDefaultURL hxxp www google com search q searchTerms uProxyOverride local uSearchAssistant hxxp www google com ie uSearchURL Default hxxp www google com search q s BHO D -C F - efb- B - ECA - lt orphaned gt BHO Adobe PDF Link Helper DF C-E AD- -A -FA C EBDC - c program files common files adobe acrobat activex AcroIEHelperShim dll mRun Apoint c program files apoint Apoint exe mRun UfSeAgnt exe quot c program files trend micro internet security UfSeAgnt exe quot mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe dRun EPSON WorkForce Network c windows system spool drivers w x e fatieka exe fu quot c windows temp E S F tmp quot EF quot HKCU quot uPolicies-Explorer NoDriveTypeAutoRun dword mPolicies-Explorer NoDriveTypeAutoRun dword IE Append Link Target to Existing PDF - c program files common files adobe acrobat activex AcroIEFavClient dll AcroIEAppendSelLinks html IE Append to Existing PDF - c program files common files adobe acrobat activex AcroIEFavClient dll AcroIEAppend html IE Convert Link Target to Adobe PDF - c program files common files adobe acrobat activex AcroIEFavClient dll AcroIECaptureSelLinks html IE Convert to Adobe PDF - c program files common files adobe acrobat activex AcroIEFavClient dll AcroIECapture html IE E amp xport to Microsoft Excel - c progra micros office EXCEL EXE IE B - CC- C -B BE- C C A - FF E -CC A- E E-BF B- E D IE e e dd -d - - b -f ba - windir Network Diagnostic xpnetdiag exe IE FB F -F - d -BB E- C F - c program files messenger msmsgs exe INFO HKCU has more than listed domains If you wish to scan all of them select the Force scan all domains option DPF BCC -B - - C - D A B C - hxxp office microsoft com sites production ieawsdc cab DPF CCA D- A - E -B - DEE D - hxxp upload facebook com controls v FacebookPhotoUploader cab DPF - - - - AA B - hxxp download microsoft com download e f e fcec b- c b- b -adab-ab c a f wvc dmo cab DPF - - - - AA B - hxxp download microsoft com download A A F B - F C- D -A -E CAB EB F wmvadvd cab DPF BFB - - D - - A AFC - hxxp download eset com special eos OnlineScanner cab DPF D A- - C-BEE -AFECE D - hxxp upload facebook com controls v FacebookPhotoUploader cab DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cab DPF FFBE D- C C- - BD- DC B C - hxxp fpdownload macromedia com get flashplayer current polarbear ultrashim cab DPF BEA D- C - -A -DC - hxxp samsclubus pnimedia com upload activex v PhotoCenter... Read more

A:Java Exploit/Ransomware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo

http://www.bleepingcomputer.com/forums/t/482928/java-exploitransomware/
Relevancy 55.9%

I cannot open certain control panel features, microsoft security essentials is running but I ccanot access it through the program list or control panel. My computer seems slow and I get the included error messages.

A:Java:Exploit-2012-

I cannot open certain control panel features, microsoft security essentials is running but I ccanot access it through the program list or control panel. My computer seems slow and I get the included error messages. I think the problem is Exploit:Java/CVE-2012-1723

http://www.bleepingcomputer.com/forums/t/478812/javaexploit-2012/
Relevancy 55.9%

Hi guys I rencently did a combofix on my computer because I had a java exploit virus and pornpop adware result on a scan with microsoft security essentials they always came back even if I deleted them I think the combofix cleared all my problems but I want to be sure that my computer is virus free so here is the Log sorry for my english i m french ComboFix - - - Fred - - - x Microsoft Windows Professionnel GMT - Lanc depuis C Users Fred Desktop ComboFix exe AV Microsoft Security Essentials Disabled Updated EA - D C- DFB- - E E F F SP Microsoft Security Essentials Disabled Updated C BB - B - - A - B A combofix exploit and Java B B SP Windows Defender Disabled Updated D DDC A- F- fae- E -DA C ACF Un nouveau point de restauration a t cr Autres suppressions C install exe C Users Sam Java exploit and combofix AppData Roaming result db Fichiers cr s du - - au - - - - - - -------- d-----w- C Users Sam AppData Local temp - - - - -------- d-----w- C Users Manon AppData Local temp - - - - -------- d-----w- C Users Default AppData Local temp - - - - ----a-w- C ProgramData Microsoft Microsoft Antimalware Definition Updates C F - CAB- - C- AF mpengine dll - - - - ----a-w- C ProgramData Microsoft Microsoft Antimalware Definition Updates Backup mpengine dll - - - - -------- d-----w- C Users Manon AppData Local Macromedia - - - - ------w- C ProgramData Microsoft Microsoft Antimalware Definition Updates - F- A - E C- F BD E gapaengine dll - - - - -------- d-----w- C Users Manon AppData Local Diagnostics - - - - -------- d-----w- C Users Sam AppData Local Macromedia - - - - -------- d-----w- C Users Fred AppData Local Macromedia - - - - -------- d-----w- C Program Files x Oracle - - - - -------- d-----w- C Users Fred AppData Roaming AnvSoft - - - - -------- d-----w- C Program Files x AnvSoft - - - - -------- d-----w- C ProgramData Research In Motion - - - - -------- d-----w- C Program Files x Common Files XCPCSync OEM - - - - -------- d-----w- C Users Sam AppData Local Research In Motion - - - - -------- d-----w- C Users Sam AppData Roaming Research In Motion - - - - ----a-w- C Windows system wups dll - - - - ----a-w- C Windows system wuaueng dll - - - - ----a-w- C Windows system wuauclt exe - - - - ----a-w- C Windows system wucltux dll - - - - ----a-w- C Windows system wups dll - - - - ----a-w- C Windows system wuapi dll - - - - ----a-w- C Windows system wudriver dll - - - - ----a-w- C Windows system wuwebv dll - - - - ----a-w- C Windows system wuapp exe - - - - ----a-w- C Windows system rdpwsx dll - - - - ----a-w- C Windows system rdpcorekmts dll - - - - ----a-w- C Windows system rdrmemptylst exe - - - - ----a-w- C Windows system ntoskrnl exe - - - - ----a-w- C Windows system profsvc dll - - - - ----a-w- C Windows SysWow ntkrnlpa exe - - - - ----a-w- C Windows SysWow ntoskrnl exe - - - - ----a-w- C Windows system win k sys - - - - ----a-w- C Windows system drivers rdpwd sys - - - - ----a-w- C Windows system msi dll - - - - ----a-w- C Windows SysWow msi dll - - - - -------- d-----w- C Users Sam AppData Local Microsoft Games - - - - ----a-w- C Windows system crypt dll - - - - ----a-w- C Windows system cryptsvc dll - - - - ----a-w- C Windows system cryptnet dll - - - - ----a-w- C Windows SysWow cryptsvc dll - - - - ----a-w- C Windows SysWow crypt dll - - - - ----a-w- C Windows SysWow cryptnet dll - - - - ------w- C ProgramData Microsoft Microsoft Antimalware Definition Updates NISBackup gapaengine dll - - - - ----a-w- C Program Files x Mozilla Firefox msvcr dll - - - - ----a-w- C Program Files x Mozilla Firefox msvcp dll Compte-rendu de Find M - - - - ----a-w- C Windows SysWow FlashPlayerCPLApp cpl - - - - ----a-w- C Windows SysWow FlashPlayerApp exe - - - - ----a-w- C Windows SysWow FlashPlayerInstaller exe - - - - ----a-w- C Windows SysWow npDeployJava dll - - - - ----a-w- C Windows SysWow deployJava dll - - - - ----a-w- C Windows system msclmd dll - - - - ----a-w- C Windows SysWow msclmd dll Points de chargement Reg Note les l ments vides amp... Read more

A:Java exploit and combofix

Sorry i'm in the wrong section I think.

http://www.bleepingcomputer.com/forums/t/459685/java-exploit-and-combofix/
Relevancy 55.9%

I CVE-2010 Java Exploit ran my Java Exploit CVE-2010 MBAM and it found PUP Optional in my D file in Doc and settings I then google PUP and it brought me to Bleeping Computer here and then i read about running ESET which i did for past hrs and it found something called Java Exploit CVE- - Ptrojan When i ran ESET Java Exploit CVE-2010 i unchecked the box that tells you to remove found threats and checked box to scan threats but i think i forgot to go to Advanced settings and check scan potentially unsafe applications and instead went right to START Anyway it found here is lof file from ESET gt C Documents and Settings Al Application Data Sun Java Deployment cache b - a variant of Java Exploit CVE- - P trojan Now i run XP on my Lenovo PC and use Firefox only as my browser and have for some time diabled any Java on the addons and i do not use IE at all The thing is my PC is running great not slow at all no problems but it appears i still have this virus what would you guys recommend as i have no ill effects

A:Java Exploit CVE-2010

Hello bigalster and Welcome -
 
Scan your machine with ESET OnlineScan
I would prefer you to use Internet Explorer if you can, since the scan is better with ActiveX.
Read on and I will leave you an option, Wait for step 3-1
 
How To Temporarily Disable Your Anti-virus during this scan .....
 
1. Hold down Control (Ctrl) key and click on > This Link to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
 
- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the icon on your desktop.
 
4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
*Scan potentially unwanted applications
*Scan for potentially unsafe applications
*Enable Anti-Stealth technology
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time. Allow at least 2 hours -
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button.
 
NOTE:Sometimes if ESET finds no infections it will not create a log.
 
When you post back we will revirw your options.
 
Thank you -

http://www.bleepingcomputer.com/forums/t/511221/java-exploit-cve-2010/
Relevancy 55.9%

Hi,My first and needy post!For the last few months I have been having problems with my computer. Examples are browser change, home page change, sending out spam to those in my email address book, unexplained downloads ( never found on my machine.)After some homework, I suspect the JAVA/EXploit/Bytverify malware. I have removed 16 such files in two attempts, all seemed to be linked to the above.My problems seem to have decreased since I deleted this rubbish but how can I be be sure that all the malware has been permanenty deleted? I suspect it still lies in recent Restore points.Could any one suggest how I can be sure that my actions have been totally successful?I am running W7 home edition, 64 bit wih Norton Security, mwBytes,Spybot search & destroy, none of which was able to prevent infection! I just don't know where this infection came from to avoid re-infection!Dunwunderin

A:Java/Exploit/ Bytverify

Please follow Steps 6-10 at Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html , preparing the requested logs and providing same narrative that you've posted here...and then initiate a new topic in the forum where the Prep Guide is located.

That will get you started on the right path.

Louis

http://www.bleepingcomputer.com/forums/t/458001/javaexploit-bytverify/
Relevancy 55.9%

Hi there Basically I will explain what happened so I can get some help on this matter I connected my phone to my PC Samsung Galaxy S via Kies Air I opened Google Chrome fresh and typed the url to connect to my phone I went to download pictures from my phone to PC but it said that I needed the latest version of Java to download multiple pictures I clicked the update now button for java and it took me to the Java website It was java com I downloaded the update and ran it no problem but as it was installing just finished I'm usure Exploit Java Possible - Advice? my Microsoft Securty Essentials flashed up there was a problem and it was being taken care of I clicked it and it said Java exploit was found I tried to remove it it was listed in Detected Items I'm not sure if it did but its not on my MSE anymore Basically all I had open was the Java download page and I am wondering if there was actually a problem or whether my Kies air was causing a problem when I updated the Java Basically I am Possible Java Exploit - Advice? really worried and would like for someone to advise me on what to do next I ran Malwarebytes and my MSE and they found nothing Thanks a lot Ash

A:Possible Java Exploit - Advice?

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.===================================================ESET Online Scanner--------------------I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normalHold down Control and click on this link to open ESET OnlineScan in a new window.Click the   button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:

Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsCopy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.Click the Back button.Click the Finish button.===================================================Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. TDSSKiller logaswMBR logESET results 

http://www.bleepingcomputer.com/forums/t/485574/possible-java-exploit-advice/
Relevancy 55.9%

Scanning the web today [October 30] I still do not see a credible "all clear" signal regarding the JAVA exploit. This team came up with a patch:
Researcher Develops Patch for Java Zero-Day, Puts Pressure on Oracle to Deliver its Fix | threatpost
but I don't see affirmative Greenlight from the major 3rd party security firms.
And as the article clearly shows, its not foremost on Oracle's "do list" .

how are the big IT shops coping? Turning off all things Java?

A:JAVA Exploit Remedy?

I'd like more information on this JAVA problem too since I've been affected to the tune of 200 bucks for the DELL IT guys to remove the Trojan that was installed on my puter.

From what I've read, the security problem was only supposed to affect JAVA 7, but I had JAVA 6 before all of this bull. The only fix I've seen is to disable JAVA in your web browser.

I took it the next step.... I removed it from my puter!

I'd like to know if JAVA and ORACLE are going to have to pay for this? I wish I was puter savvy enough to remove Malware myself, but since I"m not, I had to get IT to do it. I wouldn't have needed to though, if JAVA wouldn't have had so many security holes in it.

http://www.sevenforums.com/system-security/261502-java-exploit-remedy.html
Relevancy 55.9%

Hello and Exploit Java Potential thank you in advance for the advice The problem occured Potential Java Exploit while I was using Firefox My OS is Windows Home Premium SP Bit It all started after I had preformed a google search and was browsing through the results I clicked on a link and a MSE popup appeared and said something like the computer had been protected and was clean I looked in MSE s History and it showed Exploit Java cve- - ra It said that the files had been quarantined but they didn t show up under quarantined items only under all detected items It also showed the MSE had encountered an error quot Security Essentials encountered the following error Error code x The program could not find the malware and other potentially unwanted software on this computer quot I researched this error and one of the possible causes was quot It can also mean that the threat was blocked coming via an infected web page and then a scan was unable to remove it as it never saved to the browser cache quot This link is a summary of the java exploit MSE found http cve mitre org cgi-bin cvename cgi name - Interestingly this exploit supposedly only applied to Java SE Update and earlier and was patched with update even though at the time I got the pop-up from MSE I had already updated Java to the latest version which is Version Update I cleared my Java cache and Firefox cache and I did a full scan with MBAM and MSE neither of which detected anything and I don t believe I m experiencing any symptoms Still I m kind of a little paranoid How can I be sure my computer is clean

A:Potential Java Exploit

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/472941/potential-java-exploit/
Relevancy 55.9%

Hi All i recently got a virus warning on my Lapton on which I run Windows Vista with KAV KAV pops up with a warning for quot Exploit Java Agent co quot and even if I click on quot neutralize all quot i keep getting the warning quot threats have been detected Exploit.Java.Agent.co quot I am unable to find the file that is infected according to KAV scan path is C Documents and Settings nowsh AppData LocalLow Sun Java Deployment cache cd ef- c ea a myf y AppletX class when I try to go Exploit.Java.Agent.co to C Documents and Settings I am told quot access is denied quot HijackThis log file below I am hoping its nothing as i have done several full system scans since using KAV in normal as well as safe mode and nothing has come up but the warning quot threats have been detected quot remains so I hopefully someone here can confirm if there is anything for me to be worried about Thanks Logfile of Trend Micro HijackThis v Scan saved at on Platform Windows Vista WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows system Dwm exe C Windows system taskeng exe C Windows Explorer EXE C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Java jre bin jusched exe C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe C Windows system igfxsrvc exe C Program Files Mozilla Firefox firefox exe C Program Files Kaspersky Lab Kaspersky Anti-Virus klwtblfs exe C Program Files Windows Media Player wmpnscfg exe C Windows system wuauclt exe C Program Files Java jre bin jucheck exe C Windows system SearchFilterHost exe C Program Files Trend Micro HiJackThis HiJackThis exe R - HKCU Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName R - URLSearchHook no name - A BC A - F - -AA - D C - no file O - Hosts localhost O - BHO AcroIEHelperStub - DF C-E AD- -A -FA C EBDC - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelperShim dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - no file O - BHO IEVkbdBHO - AB -E D - F -A A - FA CCA C - C Program Files Kaspersky Lab Kaspersky Anti-Virus ievkbd dll O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Java tm Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO no name - A BC A - F - -AA - D C - no file O - BHO MegaIEMn - bf e - a - fd -b - b e c - C Program Files Megaupload Mega Manager MegaIEMn dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO link filter bho - E CF -D - A- F - F A F - C Program Files Kaspersky Lab Kaspersky Anti-Virus klwtbbho dll O - Toolbar DAEMON Tools Toolbar - AAC-C - - E A- E A E - C Program Files DAEMON Tools Toolbar DTToolbar dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run IgfxTray C Windows system igfxtray exe O - HKLM Run HotKeysCmds C Windows system hkcmd exe O - HKLM Run Persistence C Windows system igfxpers exe O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run AVP quot C Program Files Kaspersky Lab Kaspersky Anti-Virus avp exe quot O - HKUS S- -... Read more

Relevancy 55.9%

I m running Win Ultimate x and am 7 Java Win exploit recent & not an idiot There was a Java exploit recently that allows complete access including the ability to change local file permission levels remotely and my antivirus flagged this activity However though this problem has Win 7 & recent Java exploit been known to exist - I do research on things like a responsible person before I talk about them - since atleast it was not addressed until just recently for Windows users via a Windows Update last week or so Java JRE note Upon these items being flagged I was at first skeptical the items were not in the AVG database AVG could not give any real information about them and they were from a trusted core application that commonly runs scripts in the background I am an idiot in one respect I did not remember to write down the name of the file flagged by AVG I also can t find the flagged event in my AVG log files I m not sure why this is Anyhow To move on After seeing the items flagged a second time having told AVG to remove their threat as power users since it couldnt clean the infection - a function that I m unsure does anything actually useful quot removing threat as power users quot - I then ran scans with Spybot Search amp Destroy immunized with SB S amp D deleted the folders at the flagged location which contained no files and only a series of empty hex-labeled folders and timed this delete to be followed within seconds by the Wipe Free Space command on Piriform s CCleaner Not sure if that last step Wipe Free Space really helped me at all but it felt like a more effective way to approach problems in the way I prefer to approach them from multiple vectors under a philosophy of all-out-war Anyhow To move on once more after having done all this I looked around some more but as the problem had only recently been recognised as a threat there wasnt much information out there that was relevant to making sure you were safe after-the-fact and since the vulnerability allows the person to execute any code of their own choice no specific place to attack no pre-defined enemy to batter down And for a while things were fine In these last few days however the quality of my internet connection the speed with which my computer can handle multi-tasking the frequency of general errors and my once-respectable bootup shutdown times have all decayed significantly and at rapid rates Additionally my connection handles a great deal of packets on a daily basis I am not sure what a normative amount would be for my computer to send on a daily basis as I do not check but the sheer quantity aside sometimes the ratios between Sent and Received packet amounts are massively disproportionate Such as now mil to mil sent vs received respectively Not that I am saying this is a causal correlational or even meaningful link but there it is on the offchance that it matters Let me know what you think would be a good plan of action Thanks Cheers Matt -NOTES amp REFS - http news cnet com - - - html - - http landonf bikemonkey org scroll to quot CVE- - quot - - http www microsoft com technet security n ms - mspx - talks specifically about MS-VMs but is not unique to that platform Java- not OS- specific - http java sun com javase downloads index jsp - - C Users AzureSkyy AppData Roaming - Full path incomplete had hex values as folder string name

http://www.bleepingcomputer.com/forums/t/312632/win-7-recent-java-exploit/
Relevancy 55.9%

I got infected by the Anti-piracy ransomware thing yesterday. Is the infection related to the Java exploit?

I used tools recommended on this site and it looks to be fixed. I also uninstalled Java 6 and Java 7 (had both on my system?). While on the Java website they showed an option in the Java control panel, under the security tab to disable Java in the browser (only available in Java 7). If Java is needed, would this be an option to look at or are there other holes?

To be safe, I'll be doing a clean install later this week. How can I make sure Java doesn't get installed when I reinstall? I'm not sure if Java gets installed with one of my programs or if it gets installed with IE.

A:Yet another Java exploit thread.

I won't be installing Java in my next clean install. I thought I needed it to access a website that I use for work. I just visited the website (without Java) and the website is working normally.

http://www.sevenforums.com/system-security/273883-yet-another-java-exploit-thread.html
Relevancy 55.9%

Security Team I ve been attempting to no avail to remove some sort of trojan from this computer It started a few days ago with a FBI Moneypack Ransomware virus that locked out all Users in safe mode safe with networking mode etc I was able to get in with Safe Exploit Ransomware & Java Mode with Command Prompt Then in there I opened a new task on task bar ran CCleaner and Malwarebytes This Ransomware & Java Exploit allowed me to have access in the other Normal Safe Mode sartups Congruent with this with knowledge of Java exploits from my IT Department at work I removed Java with Revo Uninstaller When I Ransomware & Java Exploit removed Java Trend Micro picked off a trojan and I deleted it from quarantine I have been running TDSSKiller aswMBR ESET and Malwarebytes in rotation with the Ransomware & Java Exploit two User accounts I don t remember my Administrator password to run from this account At least one program from one of the scans and user profile will pick up something and I haven t been able to get a clean log I do appreciate any further assistance with this situation Thank you for all the you guys do

A:Ransomware & Java Exploit

Hello, trt folllowing this guide and see how it is. [email protected]@K

http://www.bleepingcomputer.com/forums/t/482538/ransomware-java-exploit/
Relevancy 55.9%

Hi Guys More trouble with my McAfee security software Shows up as a ok but firewall and realtime anti-virus are off and refuse to switch on Malwarebytes Pro can find nothing and Windows Defender Offline also reports nothing Here are the logs from HijackThis RKill and RogueKiller HijackThis Logfile of Trend Micro HijackThis Java infection Exploit Another possible v Scan saved at on Platform Windows SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Program Files x Malwarebytes' Anti-Malware mbamgui exe C Program Files x Trusteer Rapport bin RapportService exe C Program Files x TomTom HOME TomTomHOMERunner exe C Users Stewart AppData Roaming Dropbox bin Dropbox exe Another possible Java Exploit infection C Program Files x Common Files Motive pcContextHookShim exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files x Multimedia Card Reader ShwiconXP exe C Program Files x Common Files Pure Networks Shared Platform nmctxth exe C Program Files x Pure Networks Network Magic nmapp exe C Program Files x Canon Canon IJ Network Scan Utility CNMNSUT exe C Program Files x Common Files Another possible Java Exploit infection ArcSoft Connection Service Bin ACDaemon exe C Program Files x Creative Creative Live Cam VideoFX StartFX exe C Windows V Mon exe C Program Files x Common Files ArcSoft Connection Service Bin ArcCon ac C Program Files x iTunes iTunesHelper exe C Program Files x Dell DataSafe Local Backup TOASTER EXE C Program Files x Dell DataSafe Local Backup COMPONENTS SCHEDULER STSERVICE EXE C Program Files x Dell DataSafe Local Backup Components DSUpdate DSUpd exe C Program Files x Malwarebytes' Anti-Malware mbam exe C Program Files x Microsoft Office Office OUTLOOK EXE C Users Stewart Downloads HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Default Page URL http g uk msn com USCON R - HKCU Software Microsoft Internet Explorer Main Start Page about blank R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink p LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKLM Software Microsoft Internet Explorer Main Local Page C Windows SysWOW blank htm R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName F - REG system ini UserInit userinit exe O - BHO MSS Identifier - E A AD- D - EB- D D- EF A - C Program Files McAfee Security Scan McAfeeMSS IE dll file missing O - BHO Canon Easy-WebPrint EX BHO - D AD-BFFF- F -BF B-A C FED - C Program Files x Canon Easy-WebPrint EX ewpexbho dll O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files x Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO Java Plug-In SSV Helper - BB-D F - C-B EB-D DAF D D - C Program Files x Java jre bin ssv dll O - BHO scriptproxy - DB D A - - E -B D- F C - C Program Files x Common Files McAfee SystemCore ScriptSn dll O - BHO Windows Live ID Sign-in Helper - D - C - ABF- ECC- C - C Program Files x Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO SkypeIEPluginBHO - AE - E C- ED - F B-F F A - C Program Files x Skype Toolbars Internet Explorer skypeieplugin dll O - BHO McAfee SiteAdvisor BHO - B E -A B - A -B - CD E A FF - c PROGRA mcafee SITEAD mcieplg dll O - BHO Java Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files x Java jre bin jp ssv dll O - Toolbar Canon Easy-WebPrint EX - D - C F- -BAB - A F C C F - C Program Files x Canon Easy-WebPrint EX ewpexhlp dll O - Toolbar McAfee SiteAdvi... Read more

A:Another possible Java Exploit infection

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If not already done please remove all the items found by the RogueKiller tool.
===

Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.

IMPORTANT

If you click the Clean button all items listed in the report will be removed.

If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).

Please download
Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
When finished, it will produce a report for you.Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

HijackThis doesn't handle 64 bit system Vista or Windows well. In your case I need to see a final DDS Log.
You should remove HijackThis using the Add/Remove Programs list. Use the DDS tool from now on.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists... Read more

http://www.bleepingcomputer.com/forums/t/515768/another-possible-java-exploit-infection/
Relevancy 55.9%

Today i decide to run a mse full scan and it found Exploit:Java/CVE-2011-3544 and Exploit:Java/CVE-2010-0840.OO. I removed both of them and ran a malwarebytes scan and found nothing and removed java and reinstalled it. i was just wondering if i should do anything else.

Thanks in advance!!

A:MSE found Exploit:Java

Please download and run Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.

http://www.bleepingcomputer.com/forums/t/446000/mse-found-exploitjava/
Relevancy 55.9%

I am writing this on my Possible Java Infection Exploit daughter's machine which has the infection McAffee internet security reports all is fine but when you access the firewall Possible Java Exploit Infection it is turned off and impossible to turn on Malwarebytes Pro reports all clear as does the Sophos virus removal tool Windows Defender Offline finds some entries and supposedly removes them Possible Java Exploit Infection When rerun it reports all clear but the problem with McAffee persists when the computer is rebooted Possible Java Exploit Infection Attempting to activate the Windows firewall returns error x Attempting to run HijackThis results a failure to write a log as access to the Hosts file is blocked Here is the DDS log - DDS Ver - - - NTFS AMD Internet Explorer Run by Caitlin at on - - Microsoft Windows Home Premium GMT AV McAfee Anti-Virus and Anti-Spyware Enabled Updated ADA C - F - - A- B E SP McAfee Anti-Virus and Anti-Spyware Enabled Updated C C - - - FA- E F F FW McAfee Firewall Enabled DA E - - D - - AD FE Running Processes C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system svchost exe -k RPCSS C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k LocalService C Windows system svchost exe -k netsvcs C Windows system svchost exe -k GPSvcGroup C Windows system svchost exe -k NetworkService C Windows system WLANExt exe C Windows System spoolsv exe C Program Files x Common Files Adobe ARM armsvc exe C Program Files x Bluetooth Suite Ath CoexAgent exe C Program Files x Bluetooth Suite adminservice exe C Program Files x Microsoft BingDesktop BingDesktopUpdater exe C Windows System svchost exe -k LocalServiceNoNetwork C Windows system svchost exe -k LocalServiceAndNoImpersonation C Program Files x Malwarebytes' Anti-Malware mbamscheduler exe C Program Files x Malwarebytes' Anti-Malware mbamservice exe C Program Files Common Files McAfee McSvcHost McSvHost exe C Program Files McAfee MSC McAPExe exe C Windows system mfevtps exe C Program Files x Sony PMB PMBDeviceInfoProvider exe C Windows system rundll exe C Windows system rundll exe C Program Files x Sony VAIO Event Service VESMgr exe C Windows SysWOW rundll exe C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE C Program Files Common Files McAfee AMCore mcshield exe C Program Files Common Files McAfee SystemCore mfefire exe C Program Files x Common Files Pure Networks Shared Platform nmsrvc exe C Program Files x Sony VAIO Event Service VESMgrSub exe C Program Files x Sony VAIO Event Service VESMgrSub exe C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe C Windows SysWOW DllHost exe C Windows SysWOW DllHost exe C Program Files Common Files mcafee Platform McSvcHost McSvHost exe C Windows system wbem wmiprvse exe C Windows system svchost exe -k bthsvcs C Program Files x Malwarebytes' Anti-Malware mbamgui exe C Windows system taskhost exe C Windows system Dwm exe C Windows Explorer EXE C Windows system taskeng exe C Program Files Sony VAIO Gate VAIO Gate exe C Program Files CONEXANT cAudioFilterAgent cAudioFilterAgent exe C Program Files x Bluetooth Suite BtvStack exe C Program Files x Bluetooth Suite AthBtTray exe C Windows System igfxtray exe C Windows System hkcmd exe C Windows System igfxpers exe C Program Files Apoint Apoint exe C Program Files McAfee Security Scan SSScheduler exe C Program Files Apoint ApMsgFwd exe C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe C Program Files x Sony ISB Utility ISBMgr exe C Program Files x Sony PMB PMBVolumeWatcher exe C Program Files Common Files McAfee Platform mcuicnt exe C Program Files x Common Files Pure Networks Shared Platform nmctxth exe C Program Files x Pure Networks Network Magic nmapp exe C Program Files Apoint Apvfb exe C Program Files Apoint Apntex exe C Windows system SearchIndexer exe C Program Files Windows... Read more

A:Possible Java Exploit Infection

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: TurorialLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe and follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt Note: Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/512456/possible-java-exploit-infection/
Relevancy 55.9%

Hey there, I have a PC running TrendMicro Office scan, and every time a webpage is opened, I get a threat detected from the URL "http://loadasset.info/run.js?92736" has anyone seen this before? The JS in the URL leads me to believe it might be a javascript thing trying to run.
So far I have tried removing temp internet files, I ran a scan with hijackthis and didn't see anything strange... I have also removed and re-installed java, still the threat pops up.
If anyone has any insight on the issue, or any advice on what scanning software to run it would be a great help!EDIT broke hot link to instant download ~~boopme

A:Java Exploit attempting to run?

Hello, this may be part of a security tool. We should bett a deeper look. Please do steps 6,7 and 8 Preparation Guide

http://www.bleepingcomputer.com/forums/t/495195/java-exploit-attempting-to-run/
Relevancy 55.9%

I think I may have some sort of java exploit problem I am running windows vista This has been Exploit problem? Java Possible going on for some time It started out that I was constantly getting java update screens multiple times each day If I went to the real java update website my java was already up to date I finally disabled the java updates using the java control panel but still received the update requests My internet explorer started running horribly My cpu would be at nearly and the computer would be processing Possible Java Exploit problem? non-stop It would just whir very loudly Internet explorer was painfully slow and recently stopped letting me do downloads No error message just said it wasn't able to finish Possible Java Exploit problem? the download near the end of the download I switched to firefox and have been able to download and it seems to run ok I have cleared the cache in the java control panel I have been deleting the temp files in every folder on the computer daily that says temp that I can find I have found where the java update was in my task scheduler and deleted that out Things have been going much better but I think there is still something on my computer Everyday I am still finding a rogue instance of java in my temp files Any help would be greatly appreciated Thanks Lonni

A:Possible Java Exploit problem?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select Perform quick scan, then click Scan.* When the scan is complete, click OK, then Show Results to view the results.* Be sure that everything is checked, and click Remove Selected.* When completed, a log will open in Notepad.* Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.Unzip downloaded file.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.DO NOT click on the Cleanup button. Simply exit the program.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt Please download Rkill (courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7 right-click on it and choose Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.Do not reboot until instructed.If the tool does not run from any of the links provided, please let me know.If normal mode still doesn't work, run the tool from safe mode.When the scan is done Notepad will open with rKill log.Post it in your next reply.NOTE. rKill.txt log will also be present on your desktop.NOTE Do NOT wrap your logs in "quote" or "code" brackets.

http://www.bleepingcomputer.com/forums/t/500075/possible-java-exploit-problem/
Relevancy 55.9%

Trend Micro Office Scan is blocking a URL Exploit Issue Java Possible from running every time a web page is opened hXXttp loadasset info run js pops up as a blocked URL in the notification message Im really trying to determine if this is potentially harmful or not I am Possible Java Exploit Issue pasting the DDS logs below per the instructions provided by the response to my previous post DDS Ver - - - NTFS AMD Internet Explorer Run by Kyle Lindler at on - - Microsoft Windows Professional GMT - AV Trend Micro OfficeScan Antivirus Enabled Updated B - - A-A C -A A C BDA SP Trend Micro OfficeScan Anti-spyware Enabled Updated C C-A F- D - F - ABC SP Windows Defender Enabled Updated D DDC A- F- fae- E -DA C ACF FW Trend Micro Personal Firewall Enabled A C- - B -B B - F DDE Running Processes C Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system svchost exe -k RPCSSC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k LocalServiceC Windows system svchost exe -k netsvcsC Windows system svchost exe -k GPSvcGroupC Windows system svchost exe -k NetworkServiceC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Program Files X Client TUXCredProv exeC Windows dwrcs DWRCS EXEC Windows system svchost exe -k LocalServiceAndNoImpersonationC Windows System svchost exe -k HPZ C Program Files Common Files Nitro PDF Reader NitroPDFReaderDriverService x exeC Program Files x Trend Micro OfficeScan Possible Java Exploit Issue Client ntrtscan exeC Windows System svchost exe -k HPZ C Windows system svchost exe -k regsvcC Program Files x Trend Micro OfficeScan Client tmlisten exeC Program Files Altiris Dagent dagent exeC Windows System svchost exe -k LocalServicePeerNetC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows System svchost exe -k secsvcsC Program Files x Trend Micro OfficeScan Client TmProxy exeC Program Files x Trend Micro OfficeScan Client CNTAoSMgr exeC Program Files x Trend Micro BM TMBMSRV exeC Program Files x Trend Micro OfficeScan Client TmPfw exeC Windows system SearchIndexer exeC Program Files Common Files Microsoft Shared OfficeSoftwareProtectionPlatform OSPPSVC EXEC Windows sysWOW wbem wmiprvse exeC Windows system taskhost exeC Windows system Dwm exeC Windows Explorer EXEC Windows system wbem wmiprvse exeC Windows System hkcmd exeC Windows system igfxsrvc exeC Windows System igfxpers exeC Program Files Altiris Dagent dagentui exeC Program Files ActiveFax Terminal TSClientB exeC Windows dwrcs DWRCST EXEC Program Files x Trend Micro OfficeScan Client PccNTMon exeC Program Files x Internet Explorer iexplore exeC Program Files x Internet Explorer iexplore exeC Windows system wuauclt exeC Windows sysWOW wbem wmiprvse exeC Windows system PrintIsolationHost exeC Program Files x Internet Explorer iexplore exeC Windows System cscript exe Pseudo HJT Report uStart Page hxxp intranet SitePages Home aspxuDefault Page URL hxxp intranet SitePages Home aspxmWinlogon Userinit userinit exeBHO Coupon Companion Plugin - - - - - C Program Files x Coupon Companion Plugin Coupon Companion Plugin dllBHO TmIEPlugInBHO Class CA B-DC D- A - - E FAC - C Program Files x Trend Micro OfficeScan Client TmIEPlg dllBHO SelectionLinksBHO Class BEC -B - D - B - DC D FFB - C Program Files x OApps SelectionLinks dllBHO Office Document Cache Handler B F A - E - -BA - B E FF - C Program Files x Microsoft Office Office URLREDIR DLLBHO WeCareReminder Class D F DE- D - F - EB - ECD ABB - C ProgramData WeCareReminder IEHelperv dllmRun OfficeScanNT Monitor C Program Files x Trend Micro OfficeScan Client pccntmon exe -HideWindowmRun BCSSync C Program Files x Microsoft Office Office BCSSync exe DelayServicesuPolicies-Explorer NoDriveTypeAutoRun dword uPolicies-Explorer ForceStartMenuLogOff dword mPolicies-Explorer NoActiveDesktop dword mPolicies-Explorer NoActiveDesktopChanges dword mPolicies-Explorer ... Read more

A:Possible Java Exploit Issue

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe and follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt Note: Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

http://www.bleepingcomputer.com/forums/t/495224/possible-java-exploit-issue/
Relevancy 55.04%

Not sure how to rid my Dell Latitude Vista Ultimate SP laptop Exploit.Java.Agent Trojan and of a virus Here is my scan from Kaspersky I also deleted my temp files in Java My Java is update I started this in security amp malware removal general but still getting problems and thought I should move this here instead -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER scan report Tuesday August Operating system Microsoft Windows Vista Ultimate Edition -bit Service Pack build Kaspersky Exploit.Java.Agent and Trojan Online Scanner version Last database update Tuesday August Records in database -------------------------------------------------------------------------------- Scan settings scan using the following database extended Scan archives yes Scan e-mail databases yes Scan area - My Computer C D Scan statistics Objects scanned Threats found Infected objects found Suspicious objects found Scan duration File name Threat Threats count C Users rmb AppData Local Temp jar cache tmp Infected Exploit Java Agent dh C Users rmb AppData Local Temp jar cache tmp Infected Exploit Java Agent dh C Users rmb AppData Local Temp jar cache tmp Infected Trojan-Downloader Java Agent gx C Users rmb AppData Local Temp jar cache tmp Infected Trojan-Downloader Java Agent gx C Users rmb AppData LocalLow Sun Java Deployment cache a b a- f Infected Exploit Java Agent bu C Users rmb AppData LocalLow Sun Java Deployment cache e aee - c Infected Exploit Java Agent bu C Users rmb AppData LocalLow Sun Java Deployment cache a b - dc f f Infected Exploit Java Agent bu Selected area has been scanned nbsp

A:Exploit.Java.Agent and Trojan

Hiya

Sorry for the lateness in a reply, but these forums are very busy

Are you still having this problem? If so, can you do the following:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

Regards

eddie
 

https://forums.techguy.org/threads/exploit-java-agent-and-trojan.947117/
Relevancy 55.04%

OS is XP PRO SP3.

Once every week I do a complete scan in Safe Mode using MSE. Two weeks ago MSE detected ?Exploit:Java/CVE-2013-0507? and safely removed it. During the following week?s scan it detected ?Exploit:Java/CVE-2013-4681?and safely removed it. Last night?s scan detected ?Exploit:Java/CVE-2013-0422? and said that it was safely removed.
Apparently this file is some sort of Trojan that is difficult to remove and keeps coming back.

Can someone here guide me through the permanent removal process?

Thank you,

A:“Exploit:Java/CVE-2013-0507”

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/482091/exploitjavacve-2013-0507/
Relevancy 55.04%

This exploit and another have shown up a few times on MSE scan even though I updated java/cve-2013-1493 exploit java several months ago I have removed them through MSE but am concerned that someone may have accessed my computer while it was compromised exploit java/cve-2013-1493 Here are the FRST and addition logs As always thanks for your help Scan result of Farbar Recovery Scan Tool FRST txt x Version exploit java/cve-2013-1493 - - Ran by Brikster administrator on - - Running from C Users Brikster Desktop Windows Home Premium Service Pack X OS Language English US Internet Explorer Version Boot Mode Normal Processes Whitelisted IDT Inc C Program Files IDT WDM STacSV exe Apple Inc C Program Files Bonjour mDNSResponder exe EasyBits Software AS C Windows SysWOW ezSharedSvcHost exe Hewlett-Packard Company C Program Files Hewlett-Packard HP Client Services HPClientServices exe Hewlett-Packard Company C Program Files x Hewlett-Packard Shared HPDrvMntSvc exe Hewlett-Packard Development Company L P C Program Files x Hewlett-Packard HP Quick Launch HPWMISVC exe Realsil Microelectronics Inc C Program Files x Realtek Realtek PCIE Card Reader RIconMan exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components LMS LMS exe Alcatel-Lucent C Program Files x Common Files Motive McciCMService exe Alcatel-Lucent C Program Files Common Files Motive McciCMService exe Microsoft Corporation C Program Files x Microsoft Application Virtualization Client sftvsa exe Microsoft Corp C Program Files Common Files Microsoft Shared Windows Live WLIDSVC EXE Microsoft Corporation C Program Files x Microsoft Application Virtualization Client sftlist exe Safer Networking Ltd C Program Files x Spybot - Search amp Destroy SDWinSec exe Microsoft Corp C Program Files Common Files Microsoft Shared Windows Live WLIDSvcM exe Microsoft Corporation C Program Files x Common Files Microsoft Shared Virtualization Handler CVHSVC EXE Microsoft Corporation c Program Files Microsoft Security Client NisSrv exe Synaptics Incorporated C Program Files Synaptics SynTP SynTPEnh exe Intel Corporation C Windows System hkcmd exe Intel Corporation C Windows System igfxpers exe IDT Inc C Program Files IDT WDM sttray exe Microsoft Corporation C Program Files Microsoft Security Client msseces exe Safer-Networking Ltd C Program Files x Spybot - Search amp Destroy TeaTimer exe Evernote Corp Walnut Street Redwood City CA C Program Files x Evernote Evernote EvernoteClipper exe OpenOffice org C Program Files x OpenOffice org program soffice exe OpenOffice org C Program Files x OpenOffice org program soffice bin Synaptics Incorporated C Program Files Synaptics SynTP SynTPHelper exe Intel Corporation C Program Files x Intel Intel reg Rapid Storage Technology IAStorIcon exe Hewlett-Packard Development Company L P C Program Files x Hewlett-Packard HP On Screen Display HPOSD exe Oracle Corporation C Program Files x Common Files Java Java Update jusched exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components IMSS PrivacyIconClient exe Intel Corporation C Program Files x Intel Intel reg Management Engine Components UNS UNS exe Hewlett-Packard Company C Program Files x Hewlett-Packard HP Support Framework hpsa service exe Intel Corporation C Program Files x Intel Intel reg Rapid Storage Technology IAStorDataMgrSvc exe Microsoft Corporation C Windows Microsoft Net Framework v WPF PresentationFontCache exe Hewlett-Packard Development Company L P C Program Files x Hewlett-Packard HP Connection Manager hpConnectionManager exe Hewlett-Packard Development Company L P C Program Files x Hewlett-Packard HP Connection Manager hpCMSrv exe Hewlett-Packard Company C Program Files x Hewlett-Packard Shared hpqWmiEx exe Hewlett-Packard Development Company L P C Program Files x Hewlett-Packard Shared hpCaslNotification exe AlhareryIT C Program Files x Rater Time Tracker LF Time Tracker exe Google Inc C Program Files x Google Chrome Application chrome exe Google Inc ... Read more

A:exploit java/cve-2013-1493

It doesn't appear as if anything horrible has invaded the PC, but there are a couple of things that need taking care of:Please do the following:Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).Save it on your desktop as fixlist.txt(if you saved FRST to a different folder and not your desktop originally, then save fixlist.txt to the same location as FRST was saved)start
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
endNOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating systemNow run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.The tool will make a log on your desktop (Fixlog.txt) please attach that log to your reply.Note: FixList.txt and FRST must be saved to the same location or the fix will not workReboot Normally.NEXTPlease download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right-mouse click JRT.exe and select Run as administratorThe tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next messageNEXTDownload AdwCleaner from here and save it to your desktop.Run AdwCleaner and select DeleteOnce done it will ask to reboot, allow the rebootOn reboot a log will be produced, please attach the content of the log to your next replyNEXTPlease open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXTGo here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activeX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan completes, press the LIST OF THREATS FOUND buttonPress EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktopInclude the contents of this report in your next reply.Press the BACK button.Press Finish

http://www.bleepingcomputer.com/forums/t/501126/exploit-javacve-2013-1493/
Relevancy 55.04%

As instructed in the preparation guide the logs are listed below A short description of my problem follows Over the last few days when I scan the PC using Malwarebytes ?Exploit:Java/CVE-2013-0422.C? or Microsoft Safety Scanner a Microsoft Security Essentials alert pops up indicating a threat has been detected and cleaned When I look at the history in MSE Exploit Java CVE- - C is ?Exploit:Java/CVE-2013-0422.C? shown and it is indicated as a severe threat I click on remove and it seems to have removed it until the next next time I scan using the above mentioned tools It just keeps coming back Can anyone help me get rid of this thing It does not seem to slow the computer or do anything that is noticeable but it is there Do not know from where it came I had a similarly named exploit several weeks ago that quot narenxp quot worked on for me I tried all of the tools that narenxp gave me at the following thread http www bleepingcomputer com forums topic html page pid entry Those tools did not work DDS Ver - - - NTFS x Internet Explorer Run by Sonny at on - - Microsoft Windows XP Professional GMT - AV Microsoft Security Essentials Enabled Updated EDB FA - B - AFA- C D- CCA AV Lavasoft Ad-Aware Disabled Updated FCE - B - D -ADD -EB C FW Lavasoft Ad-Aware Disabled Running Processes C Program Files Microsoft Security Client MsMpEng exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C Program Files Ad-Aware Antivirus AdAwareService exe C Program Files Common Files Intuit Update Service v IntuitUpdateService exe C WINDOWS system igfxtray exe C WINDOWS system hkcmd exe C WINDOWS system igfxpers exe C WINDOWS RTHDCPL EXE C WINDOWS system igfxsrvc exe C Program Files Microsoft Security Client msseces exe C Program Files ScanSoft PaperPort pptd nt exe C Documents and Settings All Users Application Data Ad-Aware Browsing Protection adawarebp exe C Program Files Common Files LightScribe LSSrvc exe C WINDOWS system ctfmon exe C Program Files Spybot - Search amp Destroy TeaTimer exe C Program Files SUPERAntiSpyware SUPERAntiSpyware exe C Program Files Ad-Aware Antivirus SBAMSvc exe C PROGRA AD-AWA AdAware exe C Program Files QUICKENW QWDLLS EXE C Program Files Western Digital WD SmartWare WD Drive Manager WDDMStatus exe C Program Files Windows Desktop Search WindowsSearch exe C Program Files Microsoft Office Office ONENOTEM EXE C WINDOWS system wdfmgr exe C Program Files Western Digital WD SmartWare WD Drive Manager WDDMService exe C Program Files Western Digital WD SmartWare Front Parlor WDFME WDFME exe C Program Files Western Digital WD SmartWare Front Parlor WDSC exe C WINDOWS system SearchIndexer exe C Program Files Canon CAL CALMAIN exe C WINDOWS System alg exe C Program Files Mozilla Firefox firefox exe C WINDOWS system SearchProtocolHost exe C WINDOWS system SearchFilterHost exe C WINDOWS system wbem wmiprvse exe C WINDOWS System svchost exe -k netsvcs C WINDOWS system svchost exe -k NetworkService C WINDOWS system svchost exe -k LocalService C WINDOWS system svchost exe -k LocalService C WINDOWS system svchost exe -k imgsvc Pseudo HJT Report uStart Page hxxp www comcast net BHO Adobe PDF Link Helper DF C-E AD- -A -FA C EBDC - c program files common files adobe acrobat activex AcroIEHelperShim dll BHO Spybot-S amp D IE Protection - F - D - - D F - c program files spybot - search amp destroy SDHelper dll uRun ctfmon exe c windows system ctfmon exe uRun MSMSGS quot c program files messenger msmsgs exe quot background uRun SpybotSD TeaTimer c program files spybot - search amp destroy TeaTimer exe uRun SUPERAntiSpyware c program files superantispyware SUPERAntiSpyware exe mRun IgfxTray c windows system igfxtray exe mRun HotKeysCmds c windows system hkcmd exe mRun Persistence c windows system igfxpers exe mRun RTHDCPL RTHDCPL EXE mRun Alcmtr ALCMTR EXE mRun Recguard c windows sminst RECGUARD EXE mRun NeroFilterCheck c windows system NeroCheck exe mRun MSC quot c program files microsoft security client msseces exe quot -hide -runkey mRun Qui... Read more

A:“Exploit:Java/CVE-2013-0422.C”

Attached is a screenshot of the most recent scan in MSE showing location of the exploit.

http://www.bleepingcomputer.com/forums/t/484157/exploitjavacve-2013-0422c/
Relevancy 55.04%

Hi I recently clicked on a fake Java update which infected my computer with Exploit Java CVE- - IO TrojanDownloader Java OpenConnection OS TrojanDownloader Java OpenConnection OU These were recognised after doing a full MSE scan and selecting these files for removal Everytime I browse the web I am prompted to allow a Java update From what I have researched this is a Rootkit virus and I will most likely be performing a clean install First I have some questions What exactly help. Exploit:Java/CVE-2010-0840.IO is this virus doing to my computer All I can find are people saying it's collecting personal info to be sent out remotely Is this correct Will this infect my hardware firmware Will I need to flash my Bios or replace any hardware - I have gigs of iTunes music most of it backed up and gigs songs not backed up of Propellerhead Reason song files I was thinking about putting the Reason song files and a few iTunes albums on a cloud drive and then bringing them back after the clean install - Is it a bad idea to move files like this to a cloud drive and then back onto the clean computer If so there are sites that can scan files for viruses right - I only care about the Reason files so it is prudent that they not be erased Everything else can be erased - Reason also uses a ComStick that will have to be cleaned How do I do this Or should I request an new ComStick from the company - I have an MPD Akai MIDI controller attached to my computer now and I do believe it contains memory do I need to worry about it being infected as well - On that same note I have a Firewire Focusrite Saffire Pro Preamp It however has not been powered up since I got the virus Do I need to worry about it being infected -- I have tried to uninstall Java v so I can reinstall Java again from the website It will not allow itself to be uninstalled It Exploit:Java/CVE-2010-0840.IO help. says Java v gathering information and then does nothing This is the first virus I have gotten in years The fake update had a certificate and everything I was almost sure it was authentic before I clicked it Let me know what you need from me or anyway I can help you to help me I have not included much personal system info on my page yet because I don't know what info this virus is collecting from me at the moment Thansks SickCom

A:Exploit:Java/CVE-2010-0840.IO help.

I wouldn't transfer the files by sticking a usb into your pc while its powered on. Download a copy of ubuntu and burn a live dvd or usb and then boot up your pc with the live ubuntu. Select try Kubuntu. You could then insert a clean usb and use the file manager to copy and paste all the files to it. It's free. Kubuntu | Friendly Computing Then clean install.

http://www.sevenforums.com/system-security/269606-exploit-java-cve-2010-0840-io-help.html
Relevancy 55.04%

Bitdefender found the virus that has been giving me problems I have Google as my home page and when I do a search and click on the link it takes me to another site but if you click back quick enough and click the link again it will go to the site you clicked on I have Windows XP SP and IE I have run the five steps and now have my hijack this log file It also found many more Trojans I appreciate all the help Running processes C WINDOWS System smss exe C WINDOWS system csrss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS system svchost exe C WINDOWS system svchost exe C Program Files Webroot Java.Trojan.Exploit.Bytverify.C Spy Sweeper SpySweeper exe C WINDOWS Explorer EXE C WINDOWS Explorer EXE C WINDOWS system ctfmon exe C Documents and Settings Bryan Desktop Accesseries Spyware HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http www sony com vaiopeople O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- Java.Trojan.Exploit.Bytverify.C B D BE B - C Program Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO GigagetIEHelper - CAA - F F- AC- -B Java.Trojan.Exploit.Bytverify.C C D BBAB - C WINDOWS system gigagetbho v dll O - BHO no name - - F - D - - D F - C Program Files Spybot - Search amp Destroy SDHelper dll O - BHO SSVHelper Class - BB-D F - C-B EB-D DAF D D - C Program Files Java jre bin ssv dll O - BHO Norton Internet Security - ECB - F - bbc- D- DDF E - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - BHO NAV Helper - BDF E -B - AD-A -FADC B - C Program Files Norton Internet Security Norton AntiVirus NavShExt dll O - Toolbar Norton Internet Security - B EAC - D - b e- B -A C A A - C Program Files Common Files Symantec Shared AdBlocking NISShExt dll O - Toolbar Norton AntiVirus - CDD BF- FFB- - AD - DF B D - C Program Files Norton Internet Security Norton AntiVirus Java.Trojan.Exploit.Bytverify.C NavShExt dll O - HKLM Run IgfxTray C WINDOWS system igfxtray exe O - HKLM Run HotKeysCmds C WINDOWS system hkcmd exe O - HKLM Run High Definition Audio Property Page Shortcut HDAudPropShortcut exe O - HKLM Run SoundMan SOUNDMAN EXE O - HKLM Run AlcWzrd ALCWZRD EXE O - HKLM Run Alcmtr ALCMTR EXE O - HKLM Run VAIO Update quot C Program Files Sony VAIO Update VAIOUpdt exe quot Stationary O - HKLM Run BJCFD C Program Files BroadJump Client Foundation CFD exe O - HKLM Run Symantec NetDriver Monitor C PROGRA SYMNET SNDMon exe O - HKLM Run VMConsole exe quot C Program Files Sony VAIO Media Integrated Server Platform VMConsole exe quot windowmin O - HKLM Run AcctMgr quot C Program Files Norton Password Manager AcctMgr exe quot startup O - HKLM Run ccApp quot C Program Files Common Files Symantec Shared ccApp exe quot O - HKLM Run TkBellExe quot C Program Files Common Files Real Update OB realsched exe quot -osboot O - HKLM Run VAIO Recovery quot C WINDOWS Sonysys VAIO Recovery PartSeal exe quot O - HKLM Run PaperPort PTD quot C Program Files ScanSoft PaperPort pptd nt exe quot O - HKLM Run IndexSearch quot C Program Files ScanSoft PaperPort IndexSearch exe quot O - HKLM Run ControlCenter quot C Program Files Brother ControlCenter brctrcen exe quot autorun O - HKLM Run SunJavaUpdateSched quot C Program Files Java jre bin jusched exe quot O - HKLM Run SpySweeper quot C Program Files Webroot Spy Sweeper SpySweeperUI exe quot startintray O - HKLM Run type quot C Program Files Microsoft IntelliType Pro type exe quot O - HKLM Run IntelliPoint quot C Program Files Microsoft IntelliPoint point exe quot O - HKLM Run QuickTime Task quot C Program Files QuickTime qttask exe quot -atboottime O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - Startup BHODemon lnk C Program Files BHODemon BHODemon exe O - Global Startup Bluetooth lnk O - Global Startup Desktop Weather Authority lnk C Program Files Common Files Desktop Weather Authority TrueWeather exe O - Global Startup Remocon Driver lnk O - Global St... Read more

A:Java.Trojan.Exploit.Bytverify.C

Hello optaylor823, and welcome to TSF


Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools,
then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding.
Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this
webpage would not be available when you're carrying out the fix.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

----------------------------------------

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.

The process is not instant. Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear. So lets do this to the end!

Please make every effort to reply to my posts in a timely manner. Malware breeds malware and the longer an infection remains on a system, the more
likely additional infections will result.

----------------------------------------

You have a Wareout infection which must be addressed first and seperately before anything else as it can affect your internet
connection. Also, your HJT log is incomplete. On your next post, please include the header information and make sure HJT is run in Normal Mode

----------------------------------------


Fixwareout


Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe

or

http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it.
Click "Next", then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin: Please follow the prompts.
You will be asked to reboot your compute: Please do so.
Your system may take longer than usual to load and this is normal.


Once the desktop loads a text file will open (report.txt), you can close it - the file has already been saved


Open Hijack This and click on 'Do a System Scan Only'. Check the following entries if found (make sure you do not miss any)

O17 - HKLM\System\CCS\Services\Tcpip\..\{001D1BEC-3E10-464F-A98F-AC58A63151FE}: NameServer = 85.255.116.148,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FD89EC1-18DE-4517-A0E7-01A615E92AA6}: NameServer = 85.255.116.148,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{75BF78B1-7871-45C8-AB0D-21F214A2FA5D}: NameServer = 85.255.116.148,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0FA54F2-BCF1-4040-A167-946768C6C87A}: NameServer = 85.255.116.148,85.255.112.226
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.148 85.255.112.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{001D1BEC-3E10-464F-A98F-AC58A63151FE}: NameServer = 85.255.116.148,85.255.112.226
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.148 85.255.112.226
O17 - HKLM\System\CS2\Services\Tcpip\..\{001D1BEC-3E10-464F-A98F-AC58A63151FE}: NameServer = 85.255.116.148,85.255.112.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.148 85.255.112.226




Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.

----------------------------------------

FOLLOW-UP

Please return and post these items:

Wareout log - (you can find it at C:\fixwareout\report.txt
A new HJT log run in Normal Mode

Please note: In order to properly see what is on your system, all HJT logs must be run in the normal mode

http://www.techsupportforum.com/forums/f284/java-trojan-exploit-bytverify-c-129217.html
Relevancy 55.04%

Hi I was on here a few weeks ago after my laptop became infected with Trojans after a Java update I was able to clean my computer up thanks to your help but now I think I may be having the same problem again Since my problem was fixed my daily antivirus antispyware scans have come up clean Trojans!! Exploit.Java.Agent!IK More Yesterday and several other times prior Emsisoft detected svchost exe trying to write on quot malicious quot file TMP followed by a series of random numbers and letters I found out that Windows Defender creates these TMP files More Trojans!! Exploit.Java.Agent!IK whenever it runs a scan but I quarantined it anyway Today Emsisoft did a full system scan on my computer and detected Trojan-Downloader Java Agent IK and Exploit Java Agent IK Afterwards I ran full system scans with More Trojans!! Exploit.Java.Agent!IK Malwarebytes SuperAntiSpyware and Norton in Safe Mode and all the scans came up clear I don t know how it More Trojans!! Exploit.Java.Agent!IK could have detected Java trojans because I uninstalled Java all together after the first round of Trojans invaded my computer I m very worried because I did a few online transactions this morning with personal information Please help Emsisoft Anti-Malware - Version Last update AM Scan settings Scan type Custom Scan Objects Memory Traces Cookies C Scan archives On Heuristics Off ADS Scan On Scan start PM C Users Owner AppData Local Temp Low jar cache tmp AppletPanel class detected Trojan-Downloader Java Agent IK C Users Owner AppData Local Temp Low jar cache tmp Main class detected Exploit Java Agent IK Scanned Files Traces Cookies Processes Found Files Traces Cookies Processes Registry keys Scan end PM Scan time Malwarebytes Anti-Malware www malwarebytes org Database version Windows Service Pack Safe Mode Internet Explorer PM mbam-log- - - - - txt Scan type Full scan C Objects scanned Time elapsed hour s minute s second s Memory Processes Infected Memory Modules Infected Registry Keys Infected Registry Values Infected Registry Data Items Infected Folders Infected Files Infected Memory Processes Infected No malicious items detected Memory Modules Infected No malicious items detected Registry Keys Infected No malicious items detected Registry Values Infected No malicious items detected Registry Data Items Infected No malicious items detected Folders Infected No malicious items detected Files Infected No malicious items detected SUPERAntiSpyware Scan Log http www superantispyware com Generated at PM Application Version Core Rules Database Version Trace Rules Database Version Scan type Complete Scan Total Scan Time Memory items scanned Memory threats detected Registry items scanned Registry threats detected File items scanned File threats detected nbsp

https://forums.techguy.org/threads/more-trojans-exploit-java-agent-ik.930668/
Relevancy 55.04%

My system info:
Model : Dell Dimension 8400
OS: XP Pro SP3
Processor: Pentium 4, 3.2gHz
Ram: 4gb
HD: 320gb
Antivirus: BitDefender IS 2010
Software: Firefox, IE, Chrome, UTorrent,

About four days ago a virus used my YahooMail to send an ad link to most of my contacts, including my own Gmail and Hotmail accounts. I found all the sent mail in the 'sent' folder, meaning the virus acted as the sender. I went for a deep antivirus scan and discovered:
Virus: Java Trojan Exploit Bytverify I"
File infected: 37037098-5e6eb888 (4857 KB)
Location: C:\Documents and settings\USER\Application Data\Sun\Java\Deployment Cache\6.0\24
BitDefender put the infected file in quarantine. I changed my YahooMail password soon after the scan. I'm not sure whether this is the virus that has caused the havoc with my YahooMail, or it is some other virus still hidden. Will it be safe to eliminate the file infected file?
Please help!
Robin55

A:Java Trojan Exploit Bytverify I

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

http://www.techsupportforum.com/forums/f100/java-trojan-exploit-bytverify-i-470652.html
Relevancy 55.04%

I cleared Java's Cache,uninstalled the previous versions, and I ran a full scan on my Computer. Unfortunately AVG didn't detect anything but Microsoft Forefront Endpoint Protection did.

First, it detected 1 program that was sever and needed to be removed immediately. I removed it. A couple seconds later, 6 more pop up, as before I removed them. Its a repeated proccess and I really don't know what else to do.

If I Remove the first virus the antivirus picks up 6 more. Then it picks up another..

A:Exploit:Java/CVE-2012-1723

Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

http://www.bleepingcomputer.com/forums/t/478568/exploitjavacve-2012-1723/
Relevancy 55.04%

need java How to exploit virus a track some thoughts I was unlucky enough to get a java exploit virus on my pc it quarantined about or files in ms security essentials as java exploit and i went to java website and verified ver u was installed ran Wireshark traced ip i think i want to How to track a java exploit virus learn how this stuff works so I m wanting to rip out all my important data then un-quarantine the virus and see whats going on searched all day with no ideas what i can be doing to see what its doing like using process explorer Wireshark netstat etc any thoughts on how to see what this thing will can do how it operates i won t connect to internet so i should see if its trying to call home i think i still need to run something to get it installed into the os any thoughts appreciatedMod EDit boopmeJava Runtime Environment JRE is at Version update Moved to AntiVirus Firewall and Privacy Products and Protection Methods forum

A:How to track a java exploit virus

Maybe to read this --> http://zeltser.com/malware-analysis-toolkit/

http://www.bleepingcomputer.com/forums/t/476257/how-to-track-a-java-exploit-virus/
Relevancy 55.04%

I had a friend infected and I thought that I should run malwarebytes software that was on my desktop So yesterday I updated it and it ran then said I needed to restart After doing so I immediately noticed a redirect virus I had bought Kaspersky Pure in the fall and it on trojan.java.exploit am Yup...I infected. XP was conflicting with other programs so my IT guy removed it My bad for not making sure there was another program monitoring it Anyway I then went and loaded Kaspersky which found the following and deleted Trojan program Trojan Downloader Java Agent mx Trojan program Exploit Yup...I am infected. trojan.java.exploit on XP Java CVE- - r Virus Win zaccess aml It disinfected the same So last night I attempt to access Yup...I am infected. trojan.java.exploit on XP the internet and I notice that I am unable appears that my computer can t utilize the drivers I have a Verizon card and it appeared that it was connected but would not actually allow me to access the internet Yup...I am infected. trojan.java.exploit on XP I also use Intel ProSet Wireless Connection Utility My data appears to be fine What should I do now Thank you so much in advance BTW I tried to fix quot it but deleting the Malwarebytes program file as well as Java file I also backed up the registry and ran cc on the registry Superbeet

A:Yup...I am infected. trojan.java.exploit on XP

DownloadFSSLaunch it* Click on "Scan".* It will create a log (FSS.txt) in the same directory the tool is run.DownloadTDSSkillerLaunch it Click on "Scan".Please post the LOG report Please download GMER from herehttp://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.

http://www.bleepingcomputer.com/forums/t/439574/yupi-am-infected-trojanjavaexploit-on-xp/
Relevancy 55.04%

Java issues with my Vista PC. I ran Avasta bootup scan about a week ago. It found and deleted Java:Agent???[Trj]

Computer seemed to be running fine but internet connection was really slow. Contacted tech support at my IP. Came down to I need to run a virus sweep.

Ran Avast bootup scan last night. Avast found and deleted Java:CVE-2011-3544-CT[Exp]

Seems I can't get rid of java issues. Do I have a further issue or is this bad luck? How do I stop these java issues?

Thanks,
FP

A:Java exploit and trojan issue

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

http://www.bleepingcomputer.com/forums/t/444604/java-exploit-and-trojan-issue/
Relevancy 55.04%

System Info Windows XP version service pak bit Internet explorer runs Eset NOD Antivirus My computer gets slower and slower everyday I think I have had this problem for a long time probably before I installed the Eset I have tried one more time to clean it up In order to do that I have run the following Eset NOD Antivirus even though I have a paid verison that runs in the background constantly and updates automatically I still did a manual update and scan Showed no problems Free version of Malwarebytes Even disconnected my exploit java/cve-2008-5353.wx DSL modem first exploit java/cve-2008-5353.wx and ran the program in safety mode instead of normal mode as recommended to me one time Showed no problems Spybot Search and Destroy to search for adware malware etc It found a couple of adwares I removed but nothing big I also went into internet options and deleted all history cookies etc When none of these found anything major and the computer did not speed up I ran the free Microsoft Safety Scanner and did a full scan It showed a total of viruses found It did not name them but at finish came up with the following statement Exploit Java CVE- - WX partially removed I did not know what it meant by quot partially removed quot so I did an internet chat with a Microsoft tech That person advised me to update my Java and Adobe flash player but admitted that would do nothing to remove the remaining virus He advised me that MSS would not have removed the parts of the virus in exploit java/cve-2008-5353.wx the system folders in order to avoid possibly damaging my computer The only advice he could give me on how to get rid of the rest of the virus was to pay Microsoft and he would take over my computer and remove it for me I cannot afford that right now so I was wondering if anyone knew a safe way I could do this myself without damaging my computer I am not a real pro at this stuff so I might mess up anything too complicated I am guessing that I have had this virus for quite some time probably it came through before I got the Eset but I don t understand why the Eset doesn t find it when I do manual scans Neither did the Malwarbytes for that manner Does anyone have a recommendation Thanks

A:exploit java/cve-2008-5353.wx

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt=============================================================================Download aswMBR to your desktop.Double click the aswMBR.exe to run it.If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".Click the "Scan" button to start scan.On completion of the scan click "Save log", save it to your desktop and post in your next reply.NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

http://www.bleepingcomputer.com/forums/t/448776/exploit-javacve-2008-5353wx/
Relevancy 55.04%

As above Karpersky scan from boot disk I was reading combfix help and said to get an assistant I WILL NOT USE TILL DIRECTED I know the drill seems I was here years ago Really appreciate the help BSOD on on all windows safe modes - nothing works I did get a Norton warning and followed instructions to reboot TOO LATE That was the last time I was in my Win bit machine other than the virus boot disk I have tried Windows install disk repair - not working Seems like it can t detect the disk as mounted or something Karpersky scan is long on findings but here are a select few I will wait for further instructions PM Detected Trojan JS Fraud ba mnt Exploit.Java.CVE-2012-0507.nj MountedDevices PD- A B A B- E Users TEMP AppData Local Mozilla Firefox Profiles olexd q default Cache A Ed virus PM Detected Exploit Java CVE- - nj mnt MountedDevices PD- A B A B- E Users Ken AppData Local Temp jar cache tmp Byte class PM Detected Exploit Java CVE- - nj mnt MountedDevices PD- A B A B- E Users Ken AppData Local Temp jar cache tmp Exploit.Java.CVE-2012-0507.nj Byte class PM Detected Exploit Java CVE- - o C Users Ken AppData Local Temp jar cache tmp Ruz class PM Detected Exploit Java CVE- - nj mnt MountedDevices PD- A B A B- E Users Ken AppData Local Temp jar cache tmp Byte class

http://www.bleepingcomputer.com/forums/t/461339/exploitjavacve-2012-0507nj/
Relevancy 55.04%

A couple of days ago on doing a routine full scan with MSE I discovered that I several Java Exploit CVE- - malicious applets in the Java temporary folders I had never CVE-2012-0507 Exploit Java heard of this before and did some Googling What I found suggests that these applets are used as back doors for other potentially more serious malware This leads me to worry that even though I seem to have got rid of the Java Exploit can I be sure that there s not something more serious lurking in the background that hasn Java Exploit CVE-2012-0507 t revealed itself yet I have Java Exploit CVE-2012-0507 listed the steps I have taken so far and I hope that someone will take the time to tell me if there is anything more I should be doing in this situation Updated to latest version of Java and uninstalled old versions Disabled Java in Firefox Will only use IE if an absolutely essential web page requires Java Included Java in the CCleaner settings Replaced Superantispyware Pro with Malwarebytes Pro as resident anti-spyware Did complete scans with Malwarebytes - one in safe mode Did complete scans with Superantispyware - one in safe mode Did complete scans with Microsoft Security Essentials - one in safe mode Did complete scans with Hitman Pro Panda Activescan and Eset Free Online Scanner Everything is now showing my system as clean Is there anything more I should do I run Windows Home Premium Malwarebytes Pro Microsoft Security Essentials Online Armor Premium Spywareblaster

A:Java Exploit CVE-2012-0507

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/465385/java-exploit-cve-2012-0507/
Relevancy 55.04%

OS is XP Pro Service Pack Over the last few days when I scan the PC using Malwarebytes or Microsoft Safety Scanner a Microsoft Security Essentials alert pops up indicating a threat has been detected and cleaned When I look at the history in MSE Exploit Java CVE- - C is shown and it is indicated as a severe threat I click on remove and it seems ?Exploit:Java/CVE-2013-0422.C? to have removed it until the ?Exploit:Java/CVE-2013-0422.C? next next time I scan using the above mentioned tools It just keeps coming back Can anyone help me get rid of this thing It does not seem to slow the computer or do anything that is noticeable but it is there Do not ?Exploit:Java/CVE-2013-0422.C? know from where it came I had a similarly named exploit several weeks ago that quot narenxp quot worked on for me I tried all of the tools that narenxp gave me at the following thread http www bleepingcomputer com forums topic html page pid entry Those tools did not work I also removed ?Exploit:Java/CVE-2013-0422.C? all of the JAVA programs from my PC I really do not need Java Thank you

A:“Exploit:Java/CVE-2013-0422.C”

Hello, as this appsears too resistant to those tools,let's repost and get a deeper look. Please follow this Preparation Guide and post in a new topic. Let me know if all went well.

http://www.bleepingcomputer.com/forums/t/484140/exploitjavacve-2013-0422c/
Relevancy 55.04%

I am running Win7 64bit on a Dell Laptop. I run Norton Internet Security and I keep it and Windows on automatic update.
The Microsoft Safety Scanner found and removed a number of files when I ran it in full scan mode. Now, every time I run it, it finds 7 new files and always reports the "Exploit: Java/CVE-2012-1723 Partially removed."
I ran Norton Power Eraser and it found and removed c:\windows\system32\drivers\rikvm_9ec60124.sys but the MS Safety Scanner still finds and removes 7 files and reports the exploit again.
I have updated to the latest Java but I am considering uninstalling it altogether. Of course it is too late now that these files are on my computer. They are obviously active enough to regenerate their files.
What should I do about this?

A:Exploit: Java/CVE-2012-1723

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

http://www.bleepingcomputer.com/forums/t/482520/exploit-javacve-2012-1723/
Relevancy 55.04%

Hello This is my first post to Bleeping Computer and I hope someone can provide me with some advice regarding the Java CVE Virus I m not a tech whiz but I m fairly competent so please bear with me I ve searched your forums and the web but I still don t know what action I should take I believe my pc was is infected and the virus seems to continue to reinfect since I got it about days ago I realize now that I had an outdated version of Java installed I believe I used to use Java to log into a former employer s network If that s the case then I haven t used it in about years which is probably why I didn t receive any software update notices I have a Windows Vista Business pc and use Internet Explorer and MS Security Essentials This happened pretty fast so I may not get all the details correct but this is what I recall I was browsing the web when an unfamiliar window popped up I believe it had a warning saying it was downloading something and I could see it running code Like you see when you re installing legitimate software or running a process If I recall it appeared to be a security alert but it didn t look like a Sec Essent window so I didn t want to click on any of the options or X out of it because I thought in doing so I might quot allow quot the download Instead I tried to access the task window and realized my mouse was effected the click and right click buttons were reversed I eventually was please Exploit:Java Help - CVE Virus needed able to shut down using Exploit:Java CVE Virus - Help needed please the Start button and I hoped this would kill the download I didn t Exploit:Java CVE Virus - Help needed please turn on the computer until the next day and when I did that window popped up again and continued to run the download as if it had never been interrupted Since this happened I haven t been using that pc very much because I m afraid of the exposure but I have used it somewhat and I ve been running virus scans often Almost each time I run a scan a new virus is found Below are the items I ve quarantined and removed there may be a few more I ve uninstalled Java My question is can I get rid of this virus for good and if so how Thanks very much for your help Exploit Java CVE- - AK Exploit Java CVE- - AGP Trojan Win Sirefef cfg Rogue Win Winwebsec TrojanDropper Win Sirefef gen A Trojan Win Sirefef BC Exploit Java Blacole GA Exploit Java CVE- - BTS Exploit Java CVE- - BTV Exploit Java CVE- - BTT

A:Exploit:Java CVE Virus - Help needed please

Welcome aboard It looks like ZeroAccess rootkit. It'll require elevated help.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

http://www.bleepingcomputer.com/forums/t/472809/exploitjava-cve-virus-help-needed-please/
Relevancy 55.04%

For about a week or so now my wifi signal randomly turns itself off and takes minutes to turn itself on again Once during that time by pure coincidence -if I recall correctly MSE icon was orange and I did the weekly manual scan to get it back to green- opened Microsoft Security Essentials and noticed there had been THREE items found and put to quarantine all at the same time the exact same time the wifi signal turned itself off It has happened again twice before starting this topic Here s a printscreen of the last and flooder(?) Definitely JAVA infected: exploit time it happened an hour prior to the start of this post it s in Portuguese but Definitely infected: JAVA exploit and flooder(?) I m assuming the language is the only thing that changes when it comes to MSE and the virus names are the same The names of the viruses in the image above are Exploit JAVA CVE- - D ldrFlooder Java LoicExploit JS Blacole GBI had heard of the exploit virus coming from JAVA so on Monday Jan st I uninstalled it thinking the problem would disappear I then searched on google how to safely remove such files and the indications were vague so I couldn t do it by myself in fear I would compromise and potentially ruin the PC I would attach a log right away if I had found such instructions to do so Since I didn t I will wait until I get a reply with further instructions Thank you in advance EDIT As I wrote this post Microsoft Security Essentials detected the same three threats at EDIT To start this post I was running the PC on safe mode with networking after I finished it I restarted the PC in normal mode and now the MSE quarantines the three threats every minute but it doesn t turn off the Wifi -for now anyway- I m not sure if this information is relevant but I thought I d include it just in case Should I run the Pc always in safe mode until the problem is resolved Or just keep it off Thanks again

A:Definitely infected: JAVA exploit and flooder(?)

Hi, kathpt! I'm going to try to help you out. Please run all of these in normal mode, and I'd advise running the computer in normal mode at all times to monitor issues.Removing Java will prevent any more exploits of it, but those already on your system won't be affected. I can tell MSE is not fixing the problem, so let's run some things.TDSSKillerI need you to run a scan using TDSSKiller.Download TDSSKiller from here, and save it to your desktop.Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.MalwarebytesI need you to run a scan with Malwarebytes Anti-Malware.Download MBAM from here, and save it to your desktop.Double-click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them, unless you want them.Once the program is done installing and updating, select the Perform full scan option on the main interface. The click the Scan button, hit Scan, and let the scan run.Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.AdwCleanerI need you to run AdwCleaner to see if it removes anything.Download AdwCleaner from here, and save it to your desktop.Close all open programs.Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.Once rebooted, a text file will open up. Please copy and paste it into your reply.RogueKillerI need you to run RogueKiller to see if it removes anything.Download RogueKiller from here, and save it to your desktop.Close all open programs.Double click the file on your desktop. Once the automatic check completes, hit the Scan button.Once the full scan has finished, click on the Delete button. Once it's done removing things, open the newest log on your desktop (should be called RKreport[2].txt) and copy and paste it into your reply.Please tell me how the PC is running in your next reply.Gunto

http://www.bleepingcomputer.com/forums/t/483054/definitely-infected-java-exploit-and-flooder/
Relevancy 55.04%

hi i am running a eset scan on my sisters computer in safe mode and it has come up with a few threats will try and copy and paste whats on her screen and pot up but here are the threats coming up 
 
a variant of java/exploit.agent.pej trojan x2 
 
a variant of win32/bunndle application 
 
4 x a variant of win32/hiddenstart.a.application 
 
a bit about the system it is a dell n5030 with windows 7 64 bit os 
 
any help gratefully received 
 
 
thanks in advance 
 
 
 

A:help java/exploit.agent.pej.trojan

 
 
 Install and run MBAM
Information about MBAM: http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
If this scan has been done, please post the log into your next reply.
===================================================
 
  Running TDSSKiller to obtain log
 
Note: Don't cure or delete a threat, but choose skip for all instead.
Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

In the Additional options: Check Detect TDLFS file system
Click Start Scan and allow the scan process to run.
Choose for all threats to Skip for all of them.
Click Continue
Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================
 
 ESET Online Scanner
 
Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.
 
I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the  button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
Click the Back button.
Click the Finish button.
===================================================

http://www.bleepingcomputer.com/forums/t/504037/help-javaexploitagentpejtrojan/
Relevancy 55.04%

Hi there,

Microsoft Security Essentials has picked up a stack of viruses over the last 3 days and has managed to remove all except the Exploit:Java/Blacole.BV virus along with the Exploit:Java/Blacole.BW / BU / K/ BH viruses. Although it has detected them, they are labelled as 'allowed' instead of 'removed' in the virus history. There is no option to remove them.

Now, I have done some searching around but it seems that this is a relatively new virus and so, there doesn't seem to be a lot on it. I've been having trouble finding solutions to the removal of these viruses so I was wondering whether you guys would be willing to help.

I appreciate your help in advance,

thank you.

A:Help removing Exploit:Java/Blacole.BV

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

------------------------------------------------------

http://www.techsupportforum.com/forums/f284/help-removing-exploit-java-blacole-bv-615810.html
Relevancy 55.04%

Today I ran MSE and found I had this under quarantine. I didn't remove because the last time I did it with a virus it just came back when I rescanned. If it helps it was first detected 8/9/2013. Is this a threat?

A:Exploit: Java/CVE-2012-1723

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select Perform quick scan, then click Scan.* When the scan is complete, click OK, then Show Results to view the results.* Be sure that everything is checked, and click Remove Selected.* When completed, a log will open in Notepad.* Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txtDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.Unzip downloaded file.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.DO NOT click on the Cleanup button. Simply exit the program.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt Please download Rkill (courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/Double-click on the Rkill desktop icon to run the tool.If using Vista or Windows 7 right-click on it and choose Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.Do not reboot until instructed.If the tool does not run from any of the links provided, please let me know.If normal mode still doesn't work, run the tool from safe mode.When the scan is done Notepad will open with rKill log.Post it in your next reply.NOTE. rKill.txt log will also be present on your desktop.NOTE Do NOT wrap your logs in "quote" or "code" brackets.

http://www.bleepingcomputer.com/forums/t/507800/exploit-javacve-2012-1723/
Relevancy 55.04%

i have theses 2 java exploits on my pc how can i remove theam Exploit.Java.CVE-2009-3867.c Exploit:Java/CVE-2009-3867.DN have scaned with windows live one care and it couldnt clean theam have also tryed lots other viruses programs and none but windows one care find it plzz help thanks

A:Exploit.Java.CVE-2009-3867.c

Quote:




Use up-to-date Java software
This malware exploits a known vulnerability in Sun Java. Install the updates available from the vendor so that your software is no longer affected by the vulnerability. You can read more about the vulnerability from the following links:




http://www.microsoft.com/security/po...FCVE-2009-3867

As I read the article from the link (above), it seems your anti-virus has found an "exploit", but not necessarily an infection. Updating your Java may be the solution.

http://www.techsupportforum.com/forums/f10/exploit-java-cve-2009-3867-c-499261.html
Relevancy 55.04%

Yesterday on my dad s computer his Microsoft Security Essentials found a Java Exploit CVE - CE ranked severe on his computer and quarantined it It was not running a scan just popped up and said it had found this thing and to quarantine it He has a Compaq Presario running Windows Vista he just reformatted his system a month or two ago because of a Rogue Anti-virus we couldn t get rid of I uninstalled an old version of Java 2010-0840.CE CVE Java:Exploit that was on his computer and and reinstalled the latest version I also went into the quarantine and removed the file Java exploit I really need to know if this kind of thing could have stolen information from online as we had been doing some important stuff online right before I had disconnected his computer and opened CCleaner Java:Exploit CVE 2010-0840.CE when Microsoft Security Essentials find the file And Java:Exploit CVE 2010-0840.CE apparently this version of the exploit CE was just released on April st so I don t know when it got on his computer but his MSE was update at am and Java:Exploit CVE 2010-0840.CE pm yesterday and a file wasn t detected until around - pm Could his computer be compromised by remote code What should I do Thank you for your time DDS log DDS Ver - - - NTFSx Run by Charles at on Sun Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Basic GMT - AV Microsoft Security Essentials Enabled Updated DAC -C - B -BB - DA SP Microsoft Security Essentials Enabled Updated ABEC DA -E C- F - B -AA E D BDD SP Windows Defender Disabled Outdated D DDC A- F- fae- E -DA C ACF Running Processes C Windows system wininit exe C Windows system lsm exe C Windows system svchost exe -k DcomLaunch C Windows system nvvsvc exe C Windows system svchost exe -k rpcss c Program Files Microsoft Security Client Antimalware MsMpEng exe C Windows System svchost exe -k LocalServiceNetworkRestricted C Windows System svchost exe -k LocalSystemNetworkRestricted C Windows system svchost exe -k netsvcs C Windows system SLsvc exe C Windows system svchost exe -k LocalService C Windows system rundll exe C Windows system svchost exe -k NetworkService C Windows system Dwm exe C Windows Explorer EXE C Windows System spoolsv exe C Windows system taskeng exe C Windows system svchost exe -k LocalServiceNoNetwork c Program Files Common Files LightScribe LSSrvc exe C hp support hpsysdrv exe C Windows System rundll exe C Program Files Cyberlink PowerCinema PCMAgent exe C Program Files Cyberlink PowerCinema Kernel CLML CLMLSvc exe C Program Files Cyberlink PlayMovie PMVService exe C Program Files Microsoft Security Client msseces exe C Program Files HP HP Software Update hpwuschd exe C Program Files Hewlett-Packard HP Advisor HPAdvisor exe C Program Files SUPERAntiSpyware SUPERANTISPYWARE EXE c Program Files Microsoft SQL Server MSSQL MSSQL Binn sqlservr exe C Windows system svchost exe -k NetworkServiceNetworkRestricted c Program Files Microsoft SQL Server Shared sqlbrowser exe c Program Files Microsoft SQL Server Shared sqlwriter exe C Windows system svchost exe -k imgsvc C Windows System svchost exe -k WerSvcGroup C Windows system SearchIndexer exe C Windows system DRIVERS xaudio exe c Program Files Microsoft Security Client Antimalware NisSrv exe C Windows Microsoft Net Framework v WPF PresentationFontCache exe C Windows system svchost exe -k LocalServiceAndNoImpersonation c Program Files Hewlett-Packard HP Health Check hphc service exe C Program Files Windows Media Player wmpnscfg exe C Program Files Windows Media Player wmpnetwk exe C Windows system wbem wmiprvse exe C Program Files Hewlett-Packard HP Advisor SSDK exe C Windows system DllHost exe C Windows system WUDFHost exe C Windows system wbem wmiprvse exe C Windows system vssvc exe C Windows System svchost exe -k swprv C Windows system SearchProtocolHost exe C Windows system SearchFilterHost exe C Windows system DllHost exe C Windows system DllHost exe C Users Charles Desktop dds scr Pseudo HJT Report uStart Page hxxp www google co... Read more

A:Java:Exploit CVE 2010-0840.CE

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/388862/javaexploit-cve-2010-0840ce/
Relevancy 55.04%

I am using XP, I need help to get rid of the Java/ByteVerify.Exploit.240.Troj infection. Someone please help me! I ran InoculateIT and it won't cure it for some reason. Please send me step by step instructions. Thanks!
 

A:Java/ByteVerify.Exploit.896.Troj

Download HijackThis - http://www.thespykiller.co.uk/files/HJTsetup.exe

Once installed, open it, click "do a system scan and save a log file"
and copy+paste the full contents of the log file in your next reply here.
Though before doing that, do the following:

Close all windows (including this one)

Go to: Control Panel > Java -or- Java Plugin > General tab > Temporary Internet Files > Delete Files:
Checkmark all 3 options
Click OK
If those settings are different, the "Clear Cache" option might be under the "Cache" tab instead.
Go to: Control Panel > Internet Options
General tab > Temporary Internet Files > Delete Files:
Checkmark "Delete all offline content"
Click OK
 

https://forums.techguy.org/threads/java-byteverify-exploit-896-troj.350415/
Relevancy 55.04%

I ran Microsoft Infected and with Exploit:Java.Selace.W .Z security essentials to clean up the virus and several other Java expoits i did some research and it seems Selace can let other expoits in and i still have random redirects and Infected with Exploit:Java.Selace.W and .Z popups in firefox Here are the logs requested in your pined posts All my virus scan and malwarebytes scans show up clean i even killed suspicious processes in HJT HELP DDS Ver - - - NTFSx Run by Kenji at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows Home Premium Infected with Exploit:Java.Selace.W and .Z GMT - Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Windows system svchost exe -k RPCSSC Program Files Microsoft Security Essentials MsMpEng exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k LocalServiceC Windows system nvvsvc exeC Windows system svchost exe -k NetworkServiceC Windows Infected with Exploit:Java.Selace.W and .Z System spoolsv exeC Windows system Dwm exeC Windows Explorer EXEC Windows system svchost exe -k LocalServiceNoNetworkC Windows system taskhost exeC Windows system svchost exe -k LocalServiceAndNoImpersonationC Program Files Microsoft Security Essentials msseces exeC Program Files Steam Steam exeC Program Files Skype Phone Skype exeC Program Files NVIDIA Corporation D Vision nvSCPAPISvr exeC Windows system svchost exe -k NetworkServiceNetworkRestrictedC Windows system SearchIndexer exeC Program Files Windows Media Player wmpnetwk exeC Windows System svchost exe -k LocalServicePeerNetC Program Files Mozilla Firefox firefox exeC Windows system svchost exe -k netsvcsC Program Files Mozilla Firefox plugin-container exeC Users Kenji Downloads dds scrC Windows system conhost exeC Windows system wbem wmiprvse exe Pseudo HJT Report uRun Steam quot c program files steam Steam exe quot -silentuRun Skype quot c program files skype phone Skype exe quot nosplash minimizedmRun MSSE quot c program files microsoft security essentials msseces exe quot -hide -runkeymPolicies-system ConsentPromptBehaviorAdmin x mPolicies-system ConsentPromptBehaviorUser x mPolicies-system EnableLUA x mPolicies-system EnableUIADesktopToggle x mPolicies-system PromptOnSecureDesktop x DPF AD C - E- D -B E - F D - hxxp java sun com update jinstall- -windows-i cabDPF CAFEEFAC- - - -ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cabDPF CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA - hxxp java sun com update jinstall- -windows-i cabHandler belarc - E AB- E - D -B ED- CC A F - c program files belarc advisor system BAVoilaX dll FIREFOX FF - ProfilePath - c users kenji appdata roaming mozilla firefox profiles ogugpo i default FF - prefs js browser startup homepage - hxxp www google com igFF - component c users kenji appdata roaming mozilla firefox profiles ogugpo i default extensions a c cf f- c- -a ea- a e f platform winnt x -msvc components ipc fireftp dllFF - plugin c program files foxit software foxit reader plugins npFoxitReaderPlugin dllFF - plugin c program files java jre bin new plugin npdeployJava dllFF - plugin c program files nvidia corporation d vision npnv dv dllFF - plugin c program files pando networks media booster npPandoWebPlugin dllFF - plugin c programdata nexonus ngm npNxGameUS dllFF - plugin c users kenji appdata local google update npGoogleOneClick dllFF - HiddenExtension Java Console No Registry Reference - c program files mozilla firefox extensions CAFEEFAC- - - -ABCDEFFEDCBA ---- FIREFOX POLICIES ----FF - user js yahoo homepage dontask - truec program files mozilla firefox greprefs all js - pref quot network IDN whitelist xn--mgbaam a h quot true c program files mozilla firefox greprefs all js - pref quot network IDN whitelist xn--mgberp a d ar quot true SERVICES DRIVERS R MpFilter Microsoft Malware Protection Driver c windows system ... Read more

A:Infected with Exploit:Java.Selace.W and .Z

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the Quick Scan button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease download Rootkit Unhooker and save it to your DesktopDouble-click on RKUnhookerLE to run itClick the Report tab, then click ScanCheck Drivers, Stealth and uncheck the restClick OKWait until it's finished and then go to File > Save ReportSave the report to your DesktopCopy the entire contents of the report and paste it in a reply here.Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"-------------------------------------------------------------In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problemIf you still need help, please include the following in your next replyA detailed description of your problemsA new OTL log (don't forget extra.txt)RKU logThanks and again sorry for the delay.

http://www.bleepingcomputer.com/forums/t/357273/infected-with-exploitjavaselacew-and-z/
Relevancy 55.04%

I couldn't post a DDS log here before so I got help Exploit Java Infected with and Alureon in this thread With that fixed problem fixed I can now post the logs Here is the original problem Infected with Alureon and Java Exploit DDS Log and Attach and Ark attachments Since I created those logs I've Infected with Alureon and Java Exploit had to run Malwarebytes' Anti-Malware ATF and SAS to fix the previous problem so these old logs may not still be accurate If I need to re-run them let me know I'm running Windows XP and using Trend Micro Internet Security for the firewall and real time antivirus I used to manually update Windows a couple times a week but Infected with Alureon and Java Exploit a few months ago I switched to automatic updates A couple of days ago I tried to manually update Windows and got an error message at the Windows website I tried all their fixes but nothing worked I ran Windows Malicious Software Removal tool and it identified problems Alureon and some Jave exploit MSR was only able to partially remove them and they're still there Trend Micro's online tools didn't touch them either All the preparation steps went smoothly except the Gmer The first time I ran it after about minutes I got a encountered a problem and needs to close message It closed Gmer and I simply re-opened it and started the scan again After running for about hours the scan completed and I was able to save the log However once the log was saved my computer completely froze and I couldn't close open or Ctrl-Alt-Del anything I had to shut down using the power button Once I restarted it was fine DDS Ver - - - NTFSx Run by HP Administrator at on Sat Internet Explorer Microsoft Windows XP Professional GMT - AV Trend Micro Internet Security On-access scanning enabled Updated D BC- CC- - E- E AF FW Trend Micro Personal Firewall enabled E E E- A D- -A F - EC F EB Running Processes C WINDOWS system svchost -k DcomLaunchsvchost exeC WINDOWS System svchost exe -k netsvcssvchost exesvchost exeC WINDOWS system LEXBCES EXEC WINDOWS system spoolsv exeC WINDOWS system LEXPPS EXEC WINDOWS Explorer EXEC WINDOWS ehome ehtray exeC WINDOWS RTHDCPL EXEC Program Files HP DigitalMedia Archive DMAScheduler exeC Program Files Lexmark Series lxbrbmgr exeC PROGRA LEXMAR LXBRKsk exeC Program Files Trend Micro Internet Security UfSeAgnt exeC Program Files Hp HP Software Update HPWuSchd exeC Program Files Java jre bin jusched exeC Program Files Logitech Logitech WebCam Software LWS exeC Program Files Google GoogleToolbarNotifier GoogleToolbarNotifier exeC Program Files Skype Phone Skype exeC Program Files Messenger msmsgs exeC Program Files Logitech Logitech Vid vid exeC Program Files Adobe Acrobat Reader reader sl exeC Program Files iConcepts Music Express MEAutoDetect exeC Program Files Updates from HP Program Updates from HP exeC Program Files Lexmark Series lxbrbmon exeC Program Files Lexmark Series lxbrcmon exeC Program Files Microsoft Office Office msoffice exeC Program Files Common Files Logishrd LQCVFX COCIManager exesvchost exeC Program Files Trend Micro BM TMBMSRV exeC Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC WINDOWS arservice exeC Program Files Bonjour mDNSResponder exeC WINDOWS eHome ehRecvr exeC WINDOWS eHome ehSched exeC Program Files Java jre bin jqs exeC Program Files Common Files LightScribe LSSrvc exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC WINDOWS system nvsvc exeC Program Files Trend Micro Internet Security SfCtlCom exesvchost exeC WINDOWS system svchost exe -k imgsvcC Program Files Trend Micro Internet Security TmPfw exeC Program Files Trend Micro Internet Security TmProxy exeC WINDOWS system wuauclt exeC WINDOWS system dllhost exeC WINDOWS eHome ehmsas exeC WINDOWS System svchost exe -k HTTPFilterC Program Files Logitech Logitech Vid LU LULnchr exeC Program Files Logitech Logitech Vid LU LogitechUpdate exeC Program Files Internet Explorer iexplore exeC Program Files Skype Toolbars Shar... Read more

A:Infected with Alureon and Java Exploit

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

http://www.bleepingcomputer.com/forums/t/338852/infected-with-alureon-and-java-exploit/
Relevancy 55.04%

Hi A few minutes ago on my dad s computer his MSE found a Java Exploit CVE - CE ranked severe on his computer and quarantined it It was not running a scan just popped up and said it had found this thing and to quarantine it I looked up the information of the microsoft website here http www microsoft com security portal Threat 2010-0840.CE Java:Exploit CVE Encyclopedia Entry aspx Name Exploit AJava FCVE- - CE amp ThreatID - And looked around at other versions of this Java exploit and found that its quot successful exploitation leads to remote code execution quot First of all I quarantined it and am now running MBAM full scan I also checked and Java:Exploit CVE 2010-0840.CE he did have an old version of Java ver installed along with update so I Java:Exploit CVE 2010-0840.CE uninstalled the version Now what does remote code execution mean Could someone explain this Also is there anything else I need to check on his computer MSE had found it just as I was disconnecting from the internet and had opened up CCleaner I really need to know if this kind of thing could have stolen information from online because my family had just been on the FAFSa student college loan website right before it was detected on his computer We put private information into the FAFSA govt and IRS govt websites Do I need to check for any other old versions of java or for any temp files or his firewall settings If it is quarantined do I still have to delete it from his computer somehow I ve never run into a Java Exploit before And apparently this version of the exploit CE was just released yesterday so I don t know when it got on his computer but his MSE was update at am and pm today and wasn t detected until around - pm Please help confidential information could be involved Thank you for your time

A:Java:Exploit CVE 2010-0840.CE

please disregard this post as I have made a similar thread in the Malware removal thread, thank you.

http://www.bleepingcomputer.com/forums/t/388693/javaexploit-cve-2010-0840ce/
Relevancy 55.04%

HI guys. Thanx for taking the time to help out. I clicked on some thing and got pop ups and redirected. My hd wont stop read/writing like its de-fraging. I tryed to get it off but it keeps coming back. Any help would be appreciated.

A:fakealert-gm and Java exploit mybe more

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.-------------------------------------------------------------Please be patient and I'd be grateful if you would note the followingThe cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I ... Read more

http://www.bleepingcomputer.com/forums/t/283102/fakealert-gm-and-java-exploit-mybe-more/
Relevancy 55.04%

Hi can someone help hijack exploit browser java and I have a dell PC running XP SP with McAfee running continuously and a selection of other malware removal software but I have been got I had browser hijack affecting IE and Firefox and browser hijack and exploit java on running Spybot Malwarebytes malware doctor browser hijack and exploit java MS onecare browser hijack and exploit java live scan MS security essentials and MS defender I identified several trojans and succesfully removed most However I am stuck with Exploit Java CVE- - BO also had KM but apparently removed by reinstalling Java and Trojan downloader Java openconnection AK I also have port open not showing on Windows firewall These only show up with one or two programmes as all the others did so its very difficult to know whether they are real and whether the things that I seem to have removed are really gone What should I try next Also is there any chance of such malware passing from the infected PC to another clean machine on my internet hub Obviously if I copy across an infected file it would but can they jump unannounced Many thanks Eddy

http://www.bleepingcomputer.com/forums/t/332690/browser-hijack-and-exploit-java/
Relevancy 55.04%

I have a Dell Inspiron 580 desktop with Windows 7.
Went to do a cleaning on it after Java update kept popping up
ADW found and removed chrome extension mkfikfff........
Jrt found and removed coupon printer and wininiti.ini
Malware bytes found nothing
Spybot found 18 low level items
 
ESET found 16 including Win32/toolbar.widgi.B
Msert found and only partially removed:
Exploit:Java/blacole.et
Exploit:Java/CVE-2011-3544
Exploit:Java/CVE-2012-0507
 
Running other programs, Hitman pro, Slim Cleaner, Advanced Systen Care, SFC, Microsoft security essentials and ESET in safe mode,
I got rid of the first 2 of the exploits
BUT No matter what I do, Exploit:Java/CVE-2012-0507 keeps showing up in the Msert scan.
Been working on this for 2 days.
Can anyone help? Please?!!!!

A:Exploit:Java/CVE-2012-0507 won't go away

If Java is still installed on the computer, have you cleaned your Java cache? Also clean your browser cache.

http://www.bleepingcomputer.com/forums/t/553496/exploitjavacve-2012-0507-wont-go-away/
Relevancy 55.04%

I am running 64 bit Win7 Home Premium SP1. I was surfing to www.teamuscellular.com and noticed a redirect. Wasn't sure if it was something wrong with the site or my computer. I ran MBAM, SAS, and MSE full scan. SAS found some tracking cookies, and that was all.

When I restarted my computer, I noticed MSE "working". It stated that it was cleaning files. When I looked at the History, it showed "Exploit:Java/CVE-2012-5076" was prevented from running and quarantined. I read some info on it, checked and uninstalled my Java (was 6). I told MSE to remove the file. Upon restart, however, MSE gave the same message.

I ran MBAM, again, and it found nothing. Upon restart, MSE did not report it again. Can I assume that I am clean?

Can someone please help me to make sure I remove this thing for good? Thanks!

A:Exploit:Java/CVE-2012-5076

Welcome bomberIf this detection is reported then it is likely that your computer has been compromised .We can check a bit further for malwares neccessarily spotted by those.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>>Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.And I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.NOTE:Sometimes if ESET finds no infections it will not create a log.

http://www.bleepingcomputer.com/forums/t/480144/exploitjavacve-2012-5076/
Relevancy 55.04%

hi i am running a eset scan on my sisters computer in safe mode and it has come up with a few threats will try and copy and paste whats on her screen and pot up but here are the threats coming up 
 
a variant of java/exploit.agent.pej trojan x2 
 
a variant of win32/bunndle application 
 
4 x a variant of win32/hiddenstart.a.application 
 
a bit about the system it is a dell n5030 with windows 7 64 bit os 
 
any help gratefully received 
 
 
thanks in advance 
 

A:help java/exploit.agent.pej.trojan

You have a properly posted request here: http://www.bleepingcomputer.com/forums/t/504037/help-javaexploitagentpejtrojan/Please do not cross post the same issue across multiple forums. This only leads to confusion for yourself and those trying to help you. It sometimes leads to conflicting information when trying to follow directions from multiple sources.Please be patient and someone will reply to you. This topic is closed. I also deleted the duplicate in Malware Removal forum.

http://www.bleepingcomputer.com/forums/t/504036/help-javaexploitagentpejtrojan/
Relevancy 55.04%

Kaspersky has detected this on my computer. I have been to the control panel, gone to the Java control panel, told it to delete files, and it's still there. I have also run Malwarebytes and it's still there. I even tried uninstalling Java but that didn't help either. Can someone suggest a way to get rid of it? I will never very basic, very simple step-by-step instructions. I am running Windows 7.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4061 Mb
Graphics Card: Intel(R) G45/G43 Express Chipset, 1806 Mb
Hard Drives: C: Total - 928092 MB, Free - 793993 MB; F: Total - 953835 MB, Free - 476879 MB;
Motherboard: LENOVO, To be filled by O.E.M.
Antivirus: Kaspersky Internet Security, Updated and Enabled

Thanks

Breambuster
 

https://forums.techguy.org/threads/heur-java-exploit-generic.1109545/
Relevancy 55.04%

Have Windows 7, run AVG security 2012. Recently started getting threats, AVG fixes it, but next day, they are back. Downloaded Microsoft Safety Scanner. During scan, computer froze, what a mess. This morning, all appeared OK, connected to internet, but says no access. We run 2 computers, so there is no internet problem, as the other is working fine. However, we have unplugged modem/router, turned computer off and on, still can't connect. This must have something to do with the trojan. We chatted with AVG, free, but they said we needed more help and had to call and pay $99. Last time we did that, got nowhere. Were just about to have someone local come and check computer out, but were hoping to find out the internet access issue first. Is there something connected to this trojan, that was supposedly fixed, but keeps returning, that would allow no internet access?
 

https://forums.techguy.org/threads/exploit-java-script-trojan.1033639/
Relevancy 55.04%

Hi A few minutes ago on my dad s computer his MSE found a Java Exploit CVE - CE ranked severe on his computer and quarantined it It was not running a scan just popped up and said it had found this thing and to quarantine it I looked up the information of the microsoft website here http www microsoft com security portal Threat Encyclopedia Entry aspx Name Exploit AJava FCVE- - CE amp ThreatID - And looked around at other versions Java:Exploit CVE 2010-0840.CE of this Java exploit and found that its quot successful exploitation leads to remote code execution quot First of all I quarantined it and am now running MBAM full scan I also checked and he did have an old version of Java ver installed along with update so I uninstalled the version Now what does remote code execution mean Java:Exploit CVE 2010-0840.CE Could someone explain this Also is there anything else I need to check on his computer MSE had found it just as I was disconnecting from the internet and had opened up CCleaner I really need to know if this kind of thing could have stolen information from online because we had just put in confidential information into a government website before it was detected And apparently this version of the exploit CE was just released yesterday so I don t know when it got on his computer but his MSE was update at am and pm today and wasn t detected until pm Do I need to check for any other old versions of java or for any temp files or his firewall settings If it is quarantined do I still have to delete it from his computer somehow Oh and he s running windows Vista he had to reinstall from the partition drive about a month ago because of a rogue anti-virus but i don t think that is connected but just in case Thank you for your help nbsp

A:Java:Exploit CVE 2010-0840.CE

please disregard this post as I have posted to a malware removal thread and need no other further assistance, thank you.
 

https://forums.techguy.org/threads/java-exploit-cve-2010-0840-ce.989388/
Relevancy 55.04%

Having problems with Java Please read the thread below http forums techguy [ Java Log From All ] Other Software Solved: Problem Hijackthis org all-other-software -java-problem html post I have a Trojan and recently have Solved: Java Problem [ From All Other Software ] Hijackthis Log Java problems and Windows Update Problems I haven t had the time to install antivirus so that s how this trojan got in Here is my HijackThis log NOTE Thanks so much if you can fix my Java Problem and get rid of the trojan Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows XP SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C WINDOWS System smss exe C WINDOWS system winlogon exe C WINDOWS system services exe C WINDOWS system lsass exe C WINDOWS system svchost exe C WINDOWS System svchost exe C WINDOWS system spoolsv exe C WINDOWS Explorer EXE C WINDOWS system dlcqcoms exe C WINDOWS System nvsvc exe C WINDOWS System tcpsvcs exe C WINDOWS System snmp exe C WINDOWS System svchost exe C WINDOWS system ctfmon exe C Program Files Internet Explorer IEXPLORE EXE C WINDOWS System svchost exe C Program Files MSN Messenger msnmsgr exe C Program Files MSN Messenger usnsvc exe C DOCUME ESKIMO LOCALS Temp suchost exe C Program Files Internet Explorer iexplore exe C Program Files DAP DAP exe C PROGRA SPYCLE Spywatcher exe C Program Files Mozilla Firefox firefox exe C Program Files Trend Micro HijackThis HijackThis exe R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local O - BHO btorbit com - B - B - -B F -F B EFC - C Program Files Orbitdownloader orbitcth dll O - BHO IDM Helper - C - - B-A BF- B C A A - J Portable Software Portable IDM bin IDMIECC dll file missing O - BHO SnagIt Toolbar Loader - C D-C - C - -FCE AD C - C Program Files TechSmith SnagIt SnagItBHO dll O - BHO Adobe PDF Reader Link Helper - E F-C D - D -B D- B D BE B - C Program Files Common Files Adobe Acrobat ActiveX AcroIEHelper dll O - BHO Groove GFS Browser Helper - - C - D -B F - BBC D A E - C PROGRA MICROS Office GRA E DLL O - Toolbar SnagIt - FF E -ABDE- EB-B E-D AAB CABE - C Program Files TechSmith SnagIt SnagItIEAddin dll O - HKLM Run Spy Watcher quot C PROGRA SPYCLE SpyWatcher exe quot -S O - HKLM Run NvCplDaemon RUNDLL EXE C WINDOWS system NvCpl dll NvStartup O - HKCU Run activeds C WINDOWS system activeds exe O - HKCU Run ctfmon exe C WINDOWS system ctfmon exe O - HKCU Policies Explorer Run scApp C DOCUME ESKIMO LOCALS Temp suchost exe O - HKUS S- - - Run Nokia PCSync C Program Files Nokia Nokia PC Suite PcSync exe NoDialog User SYSTEM O - HKUS DEFAULT Run Nokia PCSync C Program Files Nokia Nokia PC Suite PcSync exe NoDialog User Default user O - Extra context menu item amp Clean Traces - C Program Files DAP Privacy Package dapcleanerie htm O - Extra context menu item amp Download by Orbit - res C Program Files Orbitdownloader orbitmxt dll O - Extra context menu item amp Download with amp DAP - C Program Files DAP dapextie htm O - Extra context menu item amp Grab video by Orbit - res C Program Files Orbitdownloader orbitmxt dll O - Extra context menu item Do amp wnload selected by Orbit - res C Program Files Orbitdownloader orbitmxt dll O - Extra context menu item Down amp load all by Orbit - res C Program Files Orbitdownloader orbitmxt dll O - Extra context menu item Download amp all with DAP - C Program Files DAP dapextie htm O - Extra context menu item Download All Links with IDM - J Portable Software Portable IDM bin IEGetAll htm O - Extra context menu item Download with IDM - J Portable Software Portable IDM... Read more

A:Solved: Java Problem [ From All Other Software ] Hijackthis Log

https://forums.techguy.org/threads/solved-java-problem-from-all-other-software-hijackthis-log.658895/
Relevancy 55.04%

I am trying to install the software for an HP scanner in my XP Home SP2 computer, which is not my primary computer. At the end of the 'install' procedure the following error message comes up: "Unable to start the application - the Java Virtual Machine cannnot be loaded. Class not registered."

What is wrong? How do I fix the problem? The software had previously been installed under another OS without any problem.
Thanks for your help. {redoak}
 

Relevancy 54.61%

Hello Bleeping computer community! Recently I was browsing the internet I was browsing the internet, I was redirected to one of those "Your java version is out of date!" pages, were I exited the page. But when I turned on my computer the next day, I got a notification my Bit Defender saying something about "Java.Exploit.CVE-2011-3544.I". But I'm not sure if Bit defender fully removed it, or if it had already downloaded more files. If anyone could help me make sure that everything id fine again, I will be truly grateful, Thanks!

A:Might be infected with "Java.Exploit.CVE-2011-3544.I"

If you want to doublecheck, you can download Malwarebytes from this link: http://downloads.malwarebytes.org/file/mbam and scan your computer. 
 
Download install file for Malwarebytes Anti-Malware (MBAM) ver.2.0 and install it. 
Double click on mbam-setup.exe and follow installation procedure. When installation is over, click Finish.
 
 
- After first run, MBAM will start "Update" for fresh database signatures. 
Or ... click on 'Update Now >>' link or button for fresh database signatures.
 
• Also, on Settings tab, set under Detection and Protection next options: 
1. 'Scan for rootkits'; 
2. Non-Malware Protection, for 'PUP detections', check 'Threat detections as malware' option.
 
Click on Scan tab, then on 'Scan Now >>' to begin with scanning.
 
• After the scan is complited, click on Apply Action button if threat is detected.

• While still on the Scan tab, choose View detailed log. In the window that opens, click the Export button, choose Text file (*.txt) and save the log to your Desktop.

• Click on Yes if message for computer restart is displayed. 

http://www.bleepingcomputer.com/forums/t/578846/might-be-infected-with-javaexploitcve-2011-3544i/
Relevancy 54.61%

Only 9 of 22 virus scanners block Java exploit - The H Security: News and Features

A:Only 9 of 22 virus scanners block Java exploit

Oracle is a dumb shit.They would release a patch after millions of PC gets affected.

http://www.sevenforums.com/system-security/250324-only-9-22-virus-scanners-block-java-exploit.html
Relevancy 54.61%

Hello So I thought that I exploit? with I Am still newest "virus" infected the Java haven t scanned my PC for quite a while I thought that I should do it now So yeah started the ESET Smart Security scanning Am I still infected with the newest Java "virus" exploit? and then went outside Came back after like hours and it showed that it had been scanning for nearly hours I guess it took that much because I ve got TB of data to scan So what did ESET find Well something called Java Agent DS trojan C Documents and Settings Hello Application Data Sun Java Deployment cache c cf- b ZIP support IO class - Java Agent DS trojan - was a part of the deleted object C Documents and Settings Hello Application Data Sun Java Deployment cache c cf- b ZIP support Pipe class - Java Agent DS trojan - was a part of the deleted object C Documents and Settings Hello Application Data Sun Java Deployment cache c cf- b ZIP support Socket class - Java Agent DS trojan - was a part of the deleted objectSo I thought what the hell great ESET found some trojans in Java fine let it clean it up and everything s gonna be alright But then I read the news http research zscaler com are-you-vulnerable-to-latest-java- -day htmlhttp reviews cnet com - - - oracle-patches-java- -vulnerability So I immediately disabled Java in Firefox just in case Then I installed the latest update for Java This is said to be fix the exploit But after the update the website still says that I m vulnerable to the exploit http zulu zscaler com research java version htmlJava version s installed Are you vulnerable to the latest -day exploit YesI have no idea why I have to Javas installed So I guess I should still disable Java just in case I thought I might ask if there is a way to make sure if this new exploit did something or not CNET s website says the following quot this vulnerability allows criminals to create a drive-by hack where the only action needed to compromise a system is to visit a rogue Web page that hosts a malicious Java applet quot I and no-one else in my family remembers visiting any quot rogue quot sites So I m not sure Computer hasn t slowed down and I haven t seen any strange or abnormal things Now after posting this thread I ll start scanning with MBAM SuperAntiSpyware and Spybot S amp D To tell you the truth I ve been a bit lazy when it comes to computer scanning I ve been told that I shouldn t be on PC while anti-virus program is scanning and that I shouldn t have the Internet connection while scanning - are these arguments true or not don t really know And these have been the reasons I ve been lazy to scan my computer And I actually thought that since I m usually visiting websites that are thought-to-be-safe and I m usually visiting websites that I know And I m not installing toolbars and I m not hitting none of the ads I see on the Internet So I thought I m safe But today I actually read that even if you do visit the websites you are absolutely sure that they re clean then there s still a risk of getting infected A computer that has either Java Flash or PDF reader installed have a risk of getting infected Now I m wondering since I haven t scanned my PC for quite a while would it be a smart move to just format my PC and start over Though I really don t want to do it since it takes awful lot of time to configure the programs and etc But then again I really don t have much data on my OS-drive GB So it wouldn t take much time to back it up But I ve got another drive as well TB So if I actually format my OS-drive could I still then be infected Maybe some of the viruses have spreaded to this drive A lot of questions And all of this might be a bit confusing But the main thing is mentioned in the topic title and that s the most I care about at the moment And if anyone has some spare time they could answer my other questions as well Now off to scan with the programs Cheers A-placid

A:Am I still infected with the newest Java "virus" exploit?

Hello,I moved this from XP to Am I Infected.Lets lokk at these..Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click on Change Parameters Put a check in the box of Detect TDLFS file system Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button and continue.If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.Click on the Scan button.When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.Make sure that everything is checked and then click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Exit Malwarebytes when done.Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening... Read more

http://www.bleepingcomputer.com/forums/t/467055/am-i-still-infected-with-the-newest-java-virus-exploit/
Relevancy 54.61%

Please assist me with removing this trojan Java Trojan Exploit Bytverify I The trojan appears to be located in the following folder C Users VirtualProfessional AppData LocalLow Sun Java Deployment cache ced d - ob d gt myf y TrewsdF classPlease note I was NOT able to run the RootRepeal as instructed When I tried I received the following error messag quot Error - RootRepeal does not support -bit OSs quot DDS Ver - - - NTFSX Run by Virtual Professional at on Fri Internet Explorer BrowserJavaVersion Microsoft Windows Vista Home Premium GMT - AV BitDefender Antivirus On-access scanning enabled Updated C BB C-B ED- F -A C- BB SP BitDefender Antispyware enabled Updated B Java.Trojan.Exploit.Bytverify.I with Infected EC- D - F-BC - DB BDF SP Windows Defender enabled Updated D DDC A- F- FAE- E -DA C ACF FW BitDefender Firewall enabled F- E - Infected with Java.Trojan.Exploit.Bytverify.I A -A - D B F Running Processes C Windows system wininit exeC Windows system lsm exeC Windows system svchost exe -k DcomLaunchC Windows system nvvsvc exeC Windows system svchost exe -k rpcssC Windows System svchost exe -k secsvcsC Program Files Common Files BitDefender BitDefender Update Service livesrv exeC Program Files BitDefender BitDefender vsserv exeC Windows System svchost exe -k LocalServiceNetworkRestrictedC Windows System svchost exe -k LocalSystemNetworkRestrictedC Windows system svchost exe -k netsvcsC Windows system SLsvc exeC Windows system svchost exe -k LocalServiceC Windows system rundll exeC Windows System spoolsv exeC Windows system svchost exe -k LocalServiceNoNetworkC Windows system svchost exe -k apphostC Program Files x Common Files Apple Mobile Device Support bin AppleMobileDeviceService exeC Program Files x Microsoft Small Business Business Contact Manager BcmSqlStartupSvc exeC Program Files x Bonjour mDNSResponder exeC Windows system svchost exe -k NetworkServiceC Windows system dldfcoms exeC Windows SysWOW svchost exe -k hpdevmgmtc Program Files x Common Files LightScribe LSSrvc exeC Program Files LogMeIn x RaMaint exeC Program Files LogMeIn x LogMeIn exeC Program Files LogMeIn x LMIGuardian exeC Program Files Common Files LogiShrd LVMVFM LVPrcSrv exeC Windows System svchost exe -k HPZ C Windows Microsoft NET Framework v Windows Communication Foundation SMSvcHost exeC Program Files x Common Files LogiShrd LVMVFM LVPrS H exeC Windows System svchost exe -k HPZ C Windows system svchost exe -k NetworkServiceNetworkRestrictedC Program Files x Common Files Intuit QuickBooks QBCFMonitorService exeC PROGRA Intuit QUICKB QBDBMgrN exeC Windows SysWOW WinService exec Program Files x Microsoft SQL Server Shared sqlbrowser exec Program Files Microsoft SQL Server Shared sqlwriter exeC Windows system svchost exe -k imgsvcC Windows system svchost exe -k iissvcsC Windows System svchost exe -k WerSvcGroupC Windows system SearchIndexer exeC Windows system DRIVERS xaudio exeC Windows system WUDFHost exeC Windows system taskeng exec Program Files x Microsoft SQL Server MSSQL MSSQL Binn sqlservr exeC Windows system taskeng exeC Windows system Dwm exeC Windows Explorer EXEC Program Files Windows Defender MSASCui exeC Windows RAVCpl exeC Windows System rundll exeC Program Files BitDefender BitDefender bdagent exeC Program Files x Windows Sidebar sidebar exeJ Programs MSGTAG MSGTAG exeC Windows ehome ehtray exeC Program Files x Google Google Calendar Sync GoogleCalendarSync exeC Program Files x NETGEAR WG v WG v exeC Program Files x PayPal Payment Request Wizard Outlook Wizard OEHook exeC Program Files x PayPal Payment Request Wizard QB US edition OEHook exeC Windows ehome ehmsas exeC hp support hpsysdrv exeC Program Files x Google Google Desktop Search GoogleDesktop exeC Program Files x HP HP Software Update hpwuSchd exeC Program Files x HP Digital Imaging bin HpqSRmon exeC Program Files x Java jre bin jusched exeC Program Files x iPod bin iPodService exeC Windows system wuauclt exeC Program Files x Windows Sidebar sidebar exeC Program Files BitDefen... Read more

A:Infected with Java.Trojan.Exploit.Bytverify.I

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

http://www.bleepingcomputer.com/forums/t/293555/infected-with-javatrojanexploitbytverifyi/
Relevancy 54.61%

On the th using a dell vostro laptop with bit vista i had multiple virus pop up using microsoft security essentials trojan win hiloti gen a trojanproxy Java Slow Laptop, exploit, HJTlog win tikayb A trojanspy win ursnif gen G PWS win Daurso A then later in the day Exploit Java CVE- - -C since then my computer has been very slow there is a delay in the appearance of my typing internet pages occasionally don t load and videos pause every seconds or so Heres my HJTlog Logfile of Trend Micro HijackThis v Scan saved at PM on Platform Windows Vista SP WinNT MSIE Internet Explorer v Boot mode Normal Running processes C Windows Explorer EXE C Windows system taskeng exe C Program Files Synaptics SynTP SynTPEnh exe C Windows System WLTRAY EXE C Windows System hkcmd exe C Windows System igfxpers exe C Program Files BillP Studios Slow Laptop, Java exploit, HJTlog WinPatrol WinPatrol exe C Program Files SigmaTel C-Major Audio WDM sttray exe C Program Files iTunes iTunesHelper exe C Program Files Microsoft Security Essentials msseces exe C Program Files Java jre bin jusched exe C Program Files RocketDock RocketDock exe C Program Files Siber Systems AI RoboForm robotaskbaricon exe C Program Files Windows Media Player wmpnscfg exe C Windows system igfxsrvc exe C Windows system svchost exe C Program Files Mozilla Thunderbird thunderbird exe C Windows system taskmgr exe C Windows system Dwm exe C Program Files Mozilla Firefox firefox exe C Program Files iTunes iTunes exe C Program Files Common Files Apple Mobile Device Support bin AppleMobileDeviceHelper exe C Program Files Common Files Apple Mobile Device Support bin distnoted exe C Windows system SearchFilterHost exe C Program Files Trend Micro HijackThis HijackThis exe R - HKCU Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Page URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Default Search URL http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Search Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Main Start Page http go microsoft com fwlink LinkId R - HKLM Software Microsoft Internet Explorer Search SearchAssistant R - HKLM Software Microsoft Internet Explorer Search CustomizeSearch R - HKCU Software Microsoft Windows CurrentVersion Internet Settings ProxyOverride local R - HKCU Software Microsoft Internet Explorer Toolbar LinksFolderName O - Hosts localhost O - BHO AskBar BHO - f d - - d - c -aa e ed - C Program Files AskBarDis bar bin askBar dll O - BHO WormRadar com IESiteBlocker NavFilter - CA F - F E- B -A E- E E C C - no file O - BHO no name - C C A-E - b - D - CECB - no file O - BHO Search Helper - EBF - F- bff-A F-B E AAC B - C Program Files Microsoft Search Enhancement Pack Search Helper SEPsearchhelperie dll O - BHO RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - BHO Windows Live Sign-in Helper - D - C - ABF- ECC- C - C Program Files Common Files Microsoft Shared Windows Live WindowsLiveLogin dll O - BHO Java tm Plug-In SSV Helper - DBC -A - b-BC - C C C A - C Program Files Java jre bin jp ssv dll O - BHO Windows Live Toolbar Helper - E A DC - - A - EA-DC EC ACF - C Program Files Windows Live Toolbar wltcore dll O - Toolbar amp RoboForm - d a - d - d - - e a - C Program Files Siber Systems AI RoboForm roboform dll O - Toolbar Foxit Toolbar - d e-fd b- e -b - d b f - C Program Files AskBarDis bar bin askBar dll O - Toolbar amp Windows Live Toolbar - FA EF- D- D - B F- A D - C Program Files Windows Live Toolbar wltcore dll O - HKLM Run Windows Defender ProgramFiles Windows Defender MSASCui exe -hide O - HKLM Run SynTPEnh C Program Files Synaptics SynTP SynTPEnh exe O - HKLM Run Broadcom Wireless Manager UI C Windows system WLTRAY exe O - HKLM Run IAAnotif C Program Files Intel Intel Matrix Storage Manager iaanotif exe O - H... Read more

A:Slow Laptop, Java exploit, HJTlog

a little faster today, I dont have a lot of confidence in its security though, any help would be appreciated.
 

https://forums.techguy.org/threads/slow-laptop-java-exploit-hjtlog.886692/
Relevancy 54.61%

Hi, MSE detects this removes it and it returns on re-boot. Malwarebytes, Superantispyware and Emisoft don't detect it? Anyone know how to remove this,
Thanks

A:Can't remove exploit:java/cve-2012-5076.gaa

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.===================================================ESET Online Scanner--------------------I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normalHold down Control and click on this link to open ESET OnlineScan in a new window.Click the   button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:

Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsCopy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.Click the Back button.Click the Finish button.===================================================Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. TDSSKiller logaswMBR logESET results 

http://www.bleepingcomputer.com/forums/t/487236/cant-remove-exploitjavacve-2012-5076gaa/
Relevancy 54.61%

MS Security Essentials detected and removed this. No other malware was detected. Does the presence of this entry indicate that an exploit is open in my JRE (I know there've been some issues there lately) or does it indicate that active malicious code was using the exploit?

What I need to know is if I should go and change every password at every website I'm registered at.

A:A question about Exploit:Java/CVE-2012-0507.D!ldr

Any reponse to this? I have the same question, but in my case MS Security Essentials detected and removed Exploit:Java/CVE-2012-0507.BA.

http://www.bleepingcomputer.com/forums/t/455333/a-question-about-exploitjavacve-2012-0507dldr/