Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

pj.exe ej.exe

Posted on 2006-05-16
10
Medium Priority
?
5,154 Views
Last Modified: 2012-06-21
How to clean these viruses?

*** log from symantac antivirus ***
Date      Filename      Virus Name
5/16/2006 19:14      funk.exe      Download.Trojan
5/16/2006 19:14      ej.exe      Download.Trojan
5/16/2006 19:14      jar.jar-36170ac6-5a56fe0c.zip      ??????
5/16/2006 19:14      Xeyond.class      Downloader.Trojan
5/16/2006 19:14      Worker.class      Trojan.ByteVerify
5/16/2006 19:14      VerifierBug.class      Trojan.ByteVerify
5/16/2006 19:14      Counter.class      Trojan.ByteVerify
5/16/2006 19:14      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify
5/16/2006 19:04      funk.exe      Download.Trojan
5/16/2006 18:23      ej.exe      Download.Trojan
5/16/2006 18:02      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify
5/15/2006 19:42      jar.jar-79d29e04-1338d6cb.zip      ??????
5/15/2006 19:42      Xeyond.class      Downloader.Trojan
5/15/2006 19:42      Worker.class      Trojan.ByteVerify
5/15/2006 19:42      web.exe      Trojan.Alemod.B
5/15/2006 19:42      VerifierBug.class      Trojan.ByteVerify
5/15/2006 19:42      Counter.class      Trojan.ByteVerify
5/15/2006 19:42      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/13/2006 11:44      jar.jar-79d29e04-1338d6cb.zip      ??????
5/13/2006 11:44      Xeyond.class      Downloader.Trojan
5/13/2006 11:44      Worker.class      Trojan.ByteVerify
5/13/2006 11:44      web.exe      Trojan.Alemod.B
5/13/2006 11:44      VerifierBug.class      Trojan.ByteVerify
5/13/2006 11:44      Counter.class      Trojan.ByteVerify
5/13/2006 11:44      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/11/2006 19:13      pj.exe      Trojan.Alemod.B
5/11/2006 19:13      pj.exe      Trojan.Alemod.B
5/11/2006 19:13      ej.exe      Trojan.LowZones
5/11/2006 19:13      ej.exe      Trojan.LowZones
5/11/2006 19:13      jar.jar-79d29e04-1338d6cb.zip      ??????
5/11/2006 19:13      Xeyond.class      Downloader.Trojan
5/11/2006 19:13      Worker.class      Trojan.ByteVerify
5/11/2006 19:13      web.exe      Trojan.Alemod.B
5/11/2006 19:13      VerifierBug.class      Trojan.ByteVerify
5/11/2006 19:13      Counter.class      Trojan.ByteVerify
5/11/2006 19:13      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/11/2006 14:32      pj.exe      Trojan.Alemod.B
5/11/2006 14:32      pj.exe      Trojan.Alemod.B
5/11/2006 14:32      ej.exe      Trojan.LowZones
5/11/2006 14:32      ej.exe      Trojan.LowZones
5/11/2006 14:32      jar.jar-79d29e04-1338d6cb.zip      ??????
5/11/2006 14:32      Xeyond.class      Downloader.Trojan
5/11/2006 14:32      Worker.class      Trojan.ByteVerify
5/11/2006 14:32      web.exe      Trojan.Alemod.B
5/11/2006 14:32      VerifierBug.class      Trojan.ByteVerify
5/11/2006 14:32      Counter.class      Trojan.ByteVerify
5/11/2006 14:32      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/6/2006 15:30      pj.exe      Trojan.Alemod.B
5/6/2006 15:30      pj.exe      Trojan.Alemod.B
5/6/2006 15:30      ej.exe      Trojan.LowZones
5/6/2006 15:30      ej.exe      Trojan.LowZones
5/6/2006 15:30      jar.jar-79d29e04-1338d6cb.zip      ??????
5/6/2006 15:30      Xeyond.class      Downloader.Trojan
5/6/2006 15:30      Worker.class      Trojan.ByteVerify
5/6/2006 15:30      web.exe      Trojan.Alemod.B
5/6/2006 15:30      VerifierBug.class      Trojan.ByteVerify
5/6/2006 15:30      Counter.class      Trojan.ByteVerify
5/6/2006 15:30      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/5/2006 17:56      pj.exe      Trojan.Alemod.B
5/5/2006 17:56      pj.exe      Trojan.Alemod.B
5/5/2006 17:56      ej.exe      Trojan.LowZones
5/5/2006 17:56      ej.exe      Trojan.LowZones
5/5/2006 17:56      jar.jar-79d29e04-1338d6cb.zip      ??????
5/5/2006 17:56      Xeyond.class      Downloader.Trojan
5/5/2006 17:56      Worker.class      Trojan.ByteVerify
5/5/2006 17:56      web.exe      Trojan.Alemod.B
5/5/2006 17:56      VerifierBug.class      Trojan.ByteVerify
5/5/2006 17:56      Counter.class      Trojan.ByteVerify
5/5/2006 17:56      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/3/2006 20:35      pj.exe      Trojan.Alemod.B
5/3/2006 20:35      pj.exe      Trojan.Alemod.B
5/3/2006 20:35      ej.exe      Trojan.LowZones
5/3/2006 20:35      ej.exe      Trojan.LowZones
5/3/2006 20:35      jar.jar-79d29e04-1338d6cb.zip      ??????
5/3/2006 20:35      Xeyond.class      Downloader.Trojan
5/3/2006 20:35      Worker.class      Trojan.ByteVerify
5/3/2006 20:35      web.exe      Trojan.Alemod.B
5/3/2006 20:35      VerifierBug.class      Trojan.ByteVerify
5/3/2006 20:35      Counter.class      Trojan.ByteVerify
5/3/2006 20:35      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
4/28/2006 21:06      pj.exe      Trojan.Alemod.B
4/28/2006 21:06      pj.exe      Trojan.Alemod.B
4/28/2006 21:06      ej.exe      Trojan.LowZones
4/28/2006 21:06      ej.exe      Trojan.LowZones
4/28/2006 21:06      jar.jar-79d29e04-1338d6cb.zip      ??????
4/28/2006 21:06      Xeyond.class      Downloader.Trojan
4/28/2006 21:06      Worker.class      Trojan.ByteVerify
4/28/2006 21:06      web.exe      Trojan.Alemod.B
4/28/2006 21:06      VerifierBug.class      Trojan.ByteVerify
4/28/2006 21:06      Counter.class      Trojan.ByteVerify
4/28/2006 21:06      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
4/28/2006 21:02      pj.exe      Trojan.Alemod.B
4/28/2006 21:02      pj.exe      Trojan.Alemod.B
4/28/2006 21:02      ej.exe      Trojan.LowZones
4/28/2006 21:02      ej.exe      Trojan.LowZones
4/28/2006 21:02      jar.jar-79d29e04-1338d6cb.zip      ??????
4/28/2006 21:02      Xeyond.class      Downloader.Trojan
4/28/2006 21:02      Worker.class      Trojan.ByteVerify
4/28/2006 21:02      web.exe      Trojan.Alemod.B
4/28/2006 21:02      VerifierBug.class      Trojan.ByteVerify
4/28/2006 21:02      Counter.class      Trojan.ByteVerify
4/28/2006 21:02      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
4/25/2006 20:17      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
4/24/2006 18:45      pj.exe      Trojan.Alemod.B
4/24/2006 18:45      pj.exe      Trojan.Alemod.B
4/24/2006 18:45      ej.exe      Trojan.LowZones
4/24/2006 18:45      ej.exe      Trojan.LowZones
4/23/2006 0:10      pj.exe      Trojan.Alemod.B
4/23/2006 0:06      ej.exe      Trojan.LowZones
4/23/2006 0:06      ej.exe      Trojan.LowZones
4/22/2006 1:38      pj.exe      Trojan.Alemod.B
0
Comment
Question by:JohnLucania
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 1200 total points
ID: 16695727
Symantec doesn't remove those?
Trojan.ByteVerify located in jar cache just need to empty the cache.
Trojan Alemod can be taken care of using Smitrem/Smitfraud.

Have you tried any of these 3 scanners to remove them?

1. Download and install the free version of Ewido anti-malware.
http://www.ewido.net/en/download/
Update first then scan in safe mode.

2. Trojan remover: 30 free trial
http://www.simplysup.com/tremover/download.html

3. http://www.snapfiles.com/get/stinger.html

4. SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php

5. Also download HijackThis so we can look at the hijackthis log would help.
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Notepad will also open, copy its contents and paste it to either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.


0
 

Author Comment

by:JohnLucania
ID: 16696010
I am using 'Spybot - Search & Destroy', but symantec doesn't remove them either.

http://www.rafb.net/paste/results/1gqBuA49.html
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 16696722
Did Norton give you their locations so you can delete them manually?

1. If you don't know where they are located, try scanning with mwav, it won't delete delete viruses but it gives you their locations so they can all be deleted in one go using Killbox, you can post the result if you like.
http://www.mwti.net/products/mwav/mwav.asp

2. Activescan also gives you path(for viruses it doesn't delete)
http://www.pandasoftware.com/activescan/com/activescan_principal.htm


Unfortunately they are not showing in your log:
DSSAgent is Advertising spyware, this program has been seen most often bundled with children's software titles from Mattel Interactive/Broderbund.

You can fix this entry:
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE

The only suspicious file I see in the log:
C:\WINDOWS\System32\skcbgm.exe
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 29

Assisted Solution

by:blue_zee
blue_zee earned 400 total points
ID: 16696959

Besides the excellent sggestions above, have you tried an online virus scanner (run at least 2 of them)?

Panda ActiveScan
http://www.pandasoftware.com/activescan 

Bitdefender
http://www.bitdefender.com/scan/Msie/index.php 

McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp 

Symantec Security Check
http://security.symantec.com/sscv6/ 

Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp 

PcPitstop
http://pcpitstop.com/antivirus/default.asp 

RAV
http://www.ravantivirus.com/scan/ 

Zee
0
 

Assisted Solution

by:knuthf
knuthf earned 200 total points
ID: 16704539
.. or
http://www.lavasoft.com/software/adaware/ 

and update Spybot!
I doubt you have a virus - more likely spyware, and email-protection is worthless. You have to install a proper firewall - like the Lavasoft - or ZoneLab

See: http://www.pcworld.com/downloads/file_description/0,fid,30734,00.asp 

(Tiny had a small problem - messed up Windows Security...)
--BUT this is more important than a virus scanner now - ability to isolate those that can access your computer to those you want on your computer!
0
 

Author Comment

by:JohnLucania
ID: 16739156
I have tried, but they are still there.

Date      Filename      Virus Name      Virus Type
5/22/2006 20:52      funk.exe      Download.Trojan      File
5/22/2006 20:52      ej.exe      Download.Trojan      File
5/22/2006 20:52      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/22/2006 20:52      Xeyond.class      Downloader.Trojan      File; Compressed file
5/22/2006 20:52      Worker.class      Trojan.ByteVerify      File; Compressed file
5/22/2006 20:52      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/22/2006 20:52      Counter.class      Trojan.ByteVerify      File; Compressed file
5/22/2006 20:52      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify      File
5/21/2006 22:37      funk.exe      Download.Trojan      File
5/21/2006 22:37      ej.exe      Download.Trojan      File
5/21/2006 22:37      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/21/2006 22:37      Xeyond.class      Downloader.Trojan      File; Compressed file
5/21/2006 22:37      Worker.class      Trojan.ByteVerify      File; Compressed file
5/21/2006 22:37      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/21/2006 22:37      Counter.class      Trojan.ByteVerify      File; Compressed file
5/21/2006 22:37      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify      File
5/20/2006 9:09      funk.exe      Download.Trojan      File
5/20/2006 9:09      ej.exe      Download.Trojan      File
5/20/2006 9:09      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/20/2006 9:09      Xeyond.class      Downloader.Trojan      File; Compressed file
5/20/2006 9:09      Worker.class      Trojan.ByteVerify      File; Compressed file
5/20/2006 9:09      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/20/2006 9:09      Counter.class      Trojan.ByteVerify      File; Compressed file
5/20/2006 9:09      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify      File
5/19/2006 22:23      funk.exe      Download.Trojan      File
5/19/2006 22:23      ej.exe      Download.Trojan      File
5/19/2006 22:23      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/19/2006 22:23      Xeyond.class      Downloader.Trojan      File; Compressed file
5/19/2006 22:23      Worker.class      Trojan.ByteVerify      File; Compressed file
5/19/2006 22:23      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/19/2006 22:23      Counter.class      Trojan.ByteVerify      File; Compressed file

Any ideas?
0
 
LVL 29

Expert Comment

by:blue_zee
ID: 16740387
Format and reinstall Windows?

Zee
0
 
LVL 11

Assisted Solution

by:kelvinwkw
kelvinwkw earned 200 total points
ID: 16741125
The reason not to do a scan while you are in your window are, the virus might be loaded into memory
and keep spreading. Thus the viable way is to run a virus scan before you are in Windows environment

Create a emergency disk,
boot the emergency disk and remove the virus

Or get this
http://ultimatebootcd.com/

boot the cd and select the antivirus tool.


Regards
Kelvin
0
 

Expert Comment

by:knuthf
ID: 16776770
Well,
You have their name e.g. "funk.exe" - then use Explorer - go to "Documents and Setting", Use "Tool" and "Folder Option" -See "View" - and 10 lines down "Hidden Folders and Files" - mark "Show hiden files and folders". + OK
Right Click on "Documents and Settings" - select "Search..."
In File name - type funk.exe - and hit "Search".

You will most likely find it in a Local Setting\"Temporary Internet Files\Content.IE5".. Take from bottom to top and delete all.

Search for the others likewise - unless you "saw" them in files you deleted.

In Start, Run..  (whatever) - acivate "REGEDIT".
Search for "Key"  "RUN" - there are 4 of them.
Now, these are used to load programs into memory as you start - and delete them as "RUN" entries.

You can save yourself this problem by backing up the registry every time you have installed something - and recover the registry every time strange things happen.

You can also search the registry for the same names "Funk.exe" - and find them. However, they are usually in the RUN entries.

Removal of other traces.
Check C:\ (root) and \WINN\System32
-----------------------
So to all of you clever guys responding "run my virus-scanner it will find it" - get used to adware that no virus-scanner finds. Including the one installed with you camera software that traces not only every time you connect the camera to the USB port - but a lot of other things as well. Get used to adware that taps your keystrokes and use "Magic Wand" in Opera to enter passwords. Start to learn how you can use tools to find the villain that reports your actions - and get rid of it without relying on Norton.
Because Microsoft has provided us with some unique "Technology" that is renders you open as if you left your home unlocked daily - running without a proper (HW) filewall. Most firewalls runs verisions of Unix -and will be capable of blocking NETBIOS.
0
 

Expert Comment

by:knuthf
ID: 16776838
.. its in memory:
Hit ctrl+alt+del, select "Taskman" - or what it is known as in your language,
Select second tab - not "Applications" but "Processes"
Hit image name, to sort on names.
Find the moron - "Funk.exe"  - rightclick - select "End Process"....

Well select the wrong process, and you can stop the system - shut it down. However, most OS processes are protected, and will not allow you to kill them like that. Another hint: Check highest "PID" processes, sort processes according to PID, wait, sort again - and verify that no process has been created after the one you just killed. Because most malware ends with starting a copy of itself.

There are tools around that allows you to view this lot with full directory path - which enables you to find the bastard - without the help of others.

One problem is that the spyware/virus people also have to live - so the figure out fancy names on simple things for you to buy. They even report problems - "you may have a virus" "seems like a Budware.Early:Alert" - for the sole purpose of making you buy their software or upgrade a notch.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question