pj.exe ej.exe

How to clean these viruses?

*** log from symantac antivirus ***
Date      Filename      Virus Name
5/16/2006 19:14      funk.exe      Download.Trojan
5/16/2006 19:14      ej.exe      Download.Trojan
5/16/2006 19:14      jar.jar-36170ac6-5a56fe0c.zip      ??????
5/16/2006 19:14      Xeyond.class      Downloader.Trojan
5/16/2006 19:14      Worker.class      Trojan.ByteVerify
5/16/2006 19:14      VerifierBug.class      Trojan.ByteVerify
5/16/2006 19:14      Counter.class      Trojan.ByteVerify
5/16/2006 19:14      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify
5/16/2006 19:04      funk.exe      Download.Trojan
5/16/2006 18:23      ej.exe      Download.Trojan
5/16/2006 18:02      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify
5/15/2006 19:42      jar.jar-79d29e04-1338d6cb.zip      ??????
5/15/2006 19:42      Xeyond.class      Downloader.Trojan
5/15/2006 19:42      Worker.class      Trojan.ByteVerify
5/15/2006 19:42      web.exe      Trojan.Alemod.B
5/15/2006 19:42      VerifierBug.class      Trojan.ByteVerify
5/15/2006 19:42      Counter.class      Trojan.ByteVerify
5/15/2006 19:42      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/13/2006 11:44      jar.jar-79d29e04-1338d6cb.zip      ??????
5/13/2006 11:44      Xeyond.class      Downloader.Trojan
5/13/2006 11:44      Worker.class      Trojan.ByteVerify
5/13/2006 11:44      web.exe      Trojan.Alemod.B
5/13/2006 11:44      VerifierBug.class      Trojan.ByteVerify
5/13/2006 11:44      Counter.class      Trojan.ByteVerify
5/13/2006 11:44      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/11/2006 19:13      pj.exe      Trojan.Alemod.B
5/11/2006 19:13      pj.exe      Trojan.Alemod.B
5/11/2006 19:13      ej.exe      Trojan.LowZones
5/11/2006 19:13      ej.exe      Trojan.LowZones
5/11/2006 19:13      jar.jar-79d29e04-1338d6cb.zip      ??????
5/11/2006 19:13      Xeyond.class      Downloader.Trojan
5/11/2006 19:13      Worker.class      Trojan.ByteVerify
5/11/2006 19:13      web.exe      Trojan.Alemod.B
5/11/2006 19:13      VerifierBug.class      Trojan.ByteVerify
5/11/2006 19:13      Counter.class      Trojan.ByteVerify
5/11/2006 19:13      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/11/2006 14:32      pj.exe      Trojan.Alemod.B
5/11/2006 14:32      pj.exe      Trojan.Alemod.B
5/11/2006 14:32      ej.exe      Trojan.LowZones
5/11/2006 14:32      ej.exe      Trojan.LowZones
5/11/2006 14:32      jar.jar-79d29e04-1338d6cb.zip      ??????
5/11/2006 14:32      Xeyond.class      Downloader.Trojan
5/11/2006 14:32      Worker.class      Trojan.ByteVerify
5/11/2006 14:32      web.exe      Trojan.Alemod.B
5/11/2006 14:32      VerifierBug.class      Trojan.ByteVerify
5/11/2006 14:32      Counter.class      Trojan.ByteVerify
5/11/2006 14:32      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/6/2006 15:30      pj.exe      Trojan.Alemod.B
5/6/2006 15:30      pj.exe      Trojan.Alemod.B
5/6/2006 15:30      ej.exe      Trojan.LowZones
5/6/2006 15:30      ej.exe      Trojan.LowZones
5/6/2006 15:30      jar.jar-79d29e04-1338d6cb.zip      ??????
5/6/2006 15:30      Xeyond.class      Downloader.Trojan
5/6/2006 15:30      Worker.class      Trojan.ByteVerify
5/6/2006 15:30      web.exe      Trojan.Alemod.B
5/6/2006 15:30      VerifierBug.class      Trojan.ByteVerify
5/6/2006 15:30      Counter.class      Trojan.ByteVerify
5/6/2006 15:30      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/5/2006 17:56      pj.exe      Trojan.Alemod.B
5/5/2006 17:56      pj.exe      Trojan.Alemod.B
5/5/2006 17:56      ej.exe      Trojan.LowZones
5/5/2006 17:56      ej.exe      Trojan.LowZones
5/5/2006 17:56      jar.jar-79d29e04-1338d6cb.zip      ??????
5/5/2006 17:56      Xeyond.class      Downloader.Trojan
5/5/2006 17:56      Worker.class      Trojan.ByteVerify
5/5/2006 17:56      web.exe      Trojan.Alemod.B
5/5/2006 17:56      VerifierBug.class      Trojan.ByteVerify
5/5/2006 17:56      Counter.class      Trojan.ByteVerify
5/5/2006 17:56      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
5/3/2006 20:35      pj.exe      Trojan.Alemod.B
5/3/2006 20:35      pj.exe      Trojan.Alemod.B
5/3/2006 20:35      ej.exe      Trojan.LowZones
5/3/2006 20:35      ej.exe      Trojan.LowZones
5/3/2006 20:35      jar.jar-79d29e04-1338d6cb.zip      ??????
5/3/2006 20:35      Xeyond.class      Downloader.Trojan
5/3/2006 20:35      Worker.class      Trojan.ByteVerify
5/3/2006 20:35      web.exe      Trojan.Alemod.B
5/3/2006 20:35      VerifierBug.class      Trojan.ByteVerify
5/3/2006 20:35      Counter.class      Trojan.ByteVerify
5/3/2006 20:35      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
4/28/2006 21:06      pj.exe      Trojan.Alemod.B
4/28/2006 21:06      pj.exe      Trojan.Alemod.B
4/28/2006 21:06      ej.exe      Trojan.LowZones
4/28/2006 21:06      ej.exe      Trojan.LowZones
4/28/2006 21:06      jar.jar-79d29e04-1338d6cb.zip      ??????
4/28/2006 21:06      Xeyond.class      Downloader.Trojan
4/28/2006 21:06      Worker.class      Trojan.ByteVerify
4/28/2006 21:06      web.exe      Trojan.Alemod.B
4/28/2006 21:06      VerifierBug.class      Trojan.ByteVerify
4/28/2006 21:06      Counter.class      Trojan.ByteVerify
4/28/2006 21:06      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
4/28/2006 21:02      pj.exe      Trojan.Alemod.B
4/28/2006 21:02      pj.exe      Trojan.Alemod.B
4/28/2006 21:02      ej.exe      Trojan.LowZones
4/28/2006 21:02      ej.exe      Trojan.LowZones
4/28/2006 21:02      jar.jar-79d29e04-1338d6cb.zip      ??????
4/28/2006 21:02      Xeyond.class      Downloader.Trojan
4/28/2006 21:02      Worker.class      Trojan.ByteVerify
4/28/2006 21:02      web.exe      Trojan.Alemod.B
4/28/2006 21:02      VerifierBug.class      Trojan.ByteVerify
4/28/2006 21:02      Counter.class      Trojan.ByteVerify
4/28/2006 21:02      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
4/25/2006 20:17      jar.jar-79d29e04-1338d6cb.zip      Trojan.ByteVerify
4/24/2006 18:45      pj.exe      Trojan.Alemod.B
4/24/2006 18:45      pj.exe      Trojan.Alemod.B
4/24/2006 18:45      ej.exe      Trojan.LowZones
4/24/2006 18:45      ej.exe      Trojan.LowZones
4/23/2006 0:10      pj.exe      Trojan.Alemod.B
4/23/2006 0:06      ej.exe      Trojan.LowZones
4/23/2006 0:06      ej.exe      Trojan.LowZones
4/22/2006 1:38      pj.exe      Trojan.Alemod.B
JohnLucaniaAsked:
Who is Participating?
 
rpggamergirlCommented:
Symantec doesn't remove those?
Trojan.ByteVerify located in jar cache just need to empty the cache.
Trojan Alemod can be taken care of using Smitrem/Smitfraud.

Have you tried any of these 3 scanners to remove them?

1. Download and install the free version of Ewido anti-malware.
http://www.ewido.net/en/download/
Update first then scan in safe mode.

2. Trojan remover: 30 free trial
http://www.simplysup.com/tremover/download.html

3. http://www.snapfiles.com/get/stinger.html

4. SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php

5. Also download HijackThis so we can look at the hijackthis log would help.
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.
Notepad will also open, copy its contents and paste it to either these sites:
http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here:

Or paste the log at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Post the link to the saved list here.


0
 
JohnLucaniaAuthor Commented:
I am using 'Spybot - Search & Destroy', but symantec doesn't remove them either.

http://www.rafb.net/paste/results/1gqBuA49.html
0
 
rpggamergirlCommented:
Did Norton give you their locations so you can delete them manually?

1. If you don't know where they are located, try scanning with mwav, it won't delete delete viruses but it gives you their locations so they can all be deleted in one go using Killbox, you can post the result if you like.
http://www.mwti.net/products/mwav/mwav.asp

2. Activescan also gives you path(for viruses it doesn't delete)
http://www.pandasoftware.com/activescan/com/activescan_principal.htm


Unfortunately they are not showing in your log:
DSSAgent is Advertising spyware, this program has been seen most often bundled with children's software titles from Mattel Interactive/Broderbund.

You can fix this entry:
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE

The only suspicious file I see in the log:
C:\WINDOWS\System32\skcbgm.exe
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
blue_zeeCommented:

Besides the excellent sggestions above, have you tried an online virus scanner (run at least 2 of them)?

Panda ActiveScan
http://www.pandasoftware.com/activescan 

Bitdefender
http://www.bitdefender.com/scan/Msie/index.php 

McAfee FreeScan
http://us.mcafee.com/root/mfs/default.asp 

Symantec Security Check
http://security.symantec.com/sscv6/ 

Pc-Cillin (Trend Micro Housecall)
http://housecall.antivirus.com/housecall/start_pcc.asp 

PcPitstop
http://pcpitstop.com/antivirus/default.asp 

RAV
http://www.ravantivirus.com/scan/ 

Zee
0
 
knuthfCommented:
.. or
http://www.lavasoft.com/software/adaware/ 

and update Spybot!
I doubt you have a virus - more likely spyware, and email-protection is worthless. You have to install a proper firewall - like the Lavasoft - or ZoneLab

See: http://www.pcworld.com/downloads/file_description/0,fid,30734,00.asp 

(Tiny had a small problem - messed up Windows Security...)
--BUT this is more important than a virus scanner now - ability to isolate those that can access your computer to those you want on your computer!
0
 
JohnLucaniaAuthor Commented:
I have tried, but they are still there.

Date      Filename      Virus Name      Virus Type
5/22/2006 20:52      funk.exe      Download.Trojan      File
5/22/2006 20:52      ej.exe      Download.Trojan      File
5/22/2006 20:52      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/22/2006 20:52      Xeyond.class      Downloader.Trojan      File; Compressed file
5/22/2006 20:52      Worker.class      Trojan.ByteVerify      File; Compressed file
5/22/2006 20:52      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/22/2006 20:52      Counter.class      Trojan.ByteVerify      File; Compressed file
5/22/2006 20:52      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify      File
5/21/2006 22:37      funk.exe      Download.Trojan      File
5/21/2006 22:37      ej.exe      Download.Trojan      File
5/21/2006 22:37      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/21/2006 22:37      Xeyond.class      Downloader.Trojan      File; Compressed file
5/21/2006 22:37      Worker.class      Trojan.ByteVerify      File; Compressed file
5/21/2006 22:37      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/21/2006 22:37      Counter.class      Trojan.ByteVerify      File; Compressed file
5/21/2006 22:37      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify      File
5/20/2006 9:09      funk.exe      Download.Trojan      File
5/20/2006 9:09      ej.exe      Download.Trojan      File
5/20/2006 9:09      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/20/2006 9:09      Xeyond.class      Downloader.Trojan      File; Compressed file
5/20/2006 9:09      Worker.class      Trojan.ByteVerify      File; Compressed file
5/20/2006 9:09      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/20/2006 9:09      Counter.class      Trojan.ByteVerify      File; Compressed file
5/20/2006 9:09      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify      File
5/19/2006 22:23      funk.exe      Download.Trojan      File
5/19/2006 22:23      ej.exe      Download.Trojan      File
5/19/2006 22:23      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/19/2006 22:23      Xeyond.class      Downloader.Trojan      File; Compressed file
5/19/2006 22:23      Worker.class      Trojan.ByteVerify      File; Compressed file
5/19/2006 22:23      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/19/2006 22:23      Counter.class      Trojan.ByteVerify      File; Compressed file

Any ideas?
0
 
blue_zeeCommented:
Format and reinstall Windows?

Zee
0
 
kelvinwkwCommented:
The reason not to do a scan while you are in your window are, the virus might be loaded into memory
and keep spreading. Thus the viable way is to run a virus scan before you are in Windows environment

Create a emergency disk,
boot the emergency disk and remove the virus

Or get this
http://ultimatebootcd.com/

boot the cd and select the antivirus tool.


Regards
Kelvin
0
 
knuthfCommented:
Well,
You have their name e.g. "funk.exe" - then use Explorer - go to "Documents and Setting", Use "Tool" and "Folder Option" -See "View" - and 10 lines down "Hidden Folders and Files" - mark "Show hiden files and folders". + OK
Right Click on "Documents and Settings" - select "Search..."
In File name - type funk.exe - and hit "Search".

You will most likely find it in a Local Setting\"Temporary Internet Files\Content.IE5".. Take from bottom to top and delete all.

Search for the others likewise - unless you "saw" them in files you deleted.

In Start, Run..  (whatever) - acivate "REGEDIT".
Search for "Key"  "RUN" - there are 4 of them.
Now, these are used to load programs into memory as you start - and delete them as "RUN" entries.

You can save yourself this problem by backing up the registry every time you have installed something - and recover the registry every time strange things happen.

You can also search the registry for the same names "Funk.exe" - and find them. However, they are usually in the RUN entries.

Removal of other traces.
Check C:\ (root) and \WINN\System32
-----------------------
So to all of you clever guys responding "run my virus-scanner it will find it" - get used to adware that no virus-scanner finds. Including the one installed with you camera software that traces not only every time you connect the camera to the USB port - but a lot of other things as well. Get used to adware that taps your keystrokes and use "Magic Wand" in Opera to enter passwords. Start to learn how you can use tools to find the villain that reports your actions - and get rid of it without relying on Norton.
Because Microsoft has provided us with some unique "Technology" that is renders you open as if you left your home unlocked daily - running without a proper (HW) filewall. Most firewalls runs verisions of Unix -and will be capable of blocking NETBIOS.
0
 
knuthfCommented:
.. its in memory:
Hit ctrl+alt+del, select "Taskman" - or what it is known as in your language,
Select second tab - not "Applications" but "Processes"
Hit image name, to sort on names.
Find the moron - "Funk.exe"  - rightclick - select "End Process"....

Well select the wrong process, and you can stop the system - shut it down. However, most OS processes are protected, and will not allow you to kill them like that. Another hint: Check highest "PID" processes, sort processes according to PID, wait, sort again - and verify that no process has been created after the one you just killed. Because most malware ends with starting a copy of itself.

There are tools around that allows you to view this lot with full directory path - which enables you to find the bastard - without the help of others.

One problem is that the spyware/virus people also have to live - so the figure out fancy names on simple things for you to buy. They even report problems - "you may have a virus" "seems like a Budware.Early:Alert" - for the sole purpose of making you buy their software or upgrade a notch.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.