[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3465
  • Last Modified:

funk.exe ej.exe jar.jar-36170ac6-5a56fe0c.zip

These disapeared and came back.  How do you remove these for sure?

Date      Filename      Virus Name      Virus Type
5/24/2006 17:20      funk.exe      Download.Trojan      File
5/24/2006 17:20      ej.exe      Download.Trojan      File
5/24/2006 17:20      jar.jar-36170ac6-5a56fe0c.zip      ??????      Compressed file
5/24/2006 17:20      Xeyond.class      Downloader.Trojan      File; Compressed file
5/24/2006 17:20      Worker.class      Trojan.ByteVerify      File; Compressed file
5/24/2006 17:20      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/24/2006 17:20      Counter.class      Trojan.ByteVerify      File; Compressed file
5/24/2006 17:20      jar.jar-36170ac6-5a56fe0c.zip      Trojan.ByteVerify      File
0
JohnLucania
Asked:
JohnLucania
2 Solutions
 
Purple_SkyCommented:
Lets run the following scans and then look at your hijackthis log.

1-download and install ewido www.ewido.net 
Install Ewido Security Suite
When installing, under "Additional Options" uncheck..
Install background guard
Install scan via context menu
Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
And under scanner do a full system scan

2-Perform an online scan using Internet Explorer with Panda ActiveScan at http://www.pandasoftware.com/products/activescan.htm
click on "Free use ActiveScan" located on the top right hand corner
Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
If it finds any malware, it will offer you a report.
Click on see report. Then click Save report

3-Please perform an online scan with Internet Explorer at Kaspersky Online Scanner www.kaspersky.com

Answer Yes, when prompted to install an ActiveX component.
The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Download and run Hjt and save a log file http://www.hijackthis.de/ paste the log file back to that same web site analyze and then save analysis and post the link here.

And let us know with your progress and/or if you have any questions.
0
 
rpggamergirlCommented:
Have you tried deleting them?
Do you have their paths?
funk.exe should show up in hijackthis log, hijackthis can delete the registry key and you can killbox the file.

In the registry run key have you look there?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"funk"="C:\WINDOWS\system32\funk.exe "


All viruses in the jar cache can be deleted by emptying the cache or deleting the jar.
From the Start button, click Settings  > Control Panel
In the Control Panel, open the "Java Plug-in Control Panel"
Select the Cache Tab
Click the Clear button inside the Cache Tab, which will clear your JRE cache directory
http://www.java.com/en/download/help/cache_virus.xml
0
 
JohnLucaniaAuthor Commented:
It seems ok now.  
figers-crossed!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now