funk.exe ej.exe

Posted on 2006-05-24
Last Modified: 2007-10-18
These disapeared and came back.  How do you remove these for sure?

Date      Filename      Virus Name      Virus Type
5/24/2006 17:20      funk.exe      Download.Trojan      File
5/24/2006 17:20      ej.exe      Download.Trojan      File
5/24/2006 17:20      ??????      Compressed file
5/24/2006 17:20      Xeyond.class      Downloader.Trojan      File; Compressed file
5/24/2006 17:20      Worker.class      Trojan.ByteVerify      File; Compressed file
5/24/2006 17:20      VerifierBug.class      Trojan.ByteVerify      File; Compressed file
5/24/2006 17:20      Counter.class      Trojan.ByteVerify      File; Compressed file
5/24/2006 17:20      Trojan.ByteVerify      File
Question by:JohnLucania
    LVL 4

    Assisted Solution

    Lets run the following scans and then look at your hijackthis log.

    1-download and install ewido
    Install Ewido Security Suite
    When installing, under "Additional Options" uncheck..
    Install background guard
    Install scan via context menu
    Double-click the icon on Desktop to launch Ewido
    You will need to update Ewido to the latest definition files.
    On the left hand side of the main screen click update.
    Then click on Start Update.
    And under scanner do a full system scan

    2-Perform an online scan using Internet Explorer with Panda ActiveScan at
    click on "Free use ActiveScan" located on the top right hand corner
    Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
    Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
    Begin the scan by selecting My Computer
    If it finds any malware, it will offer you a report.
    Click on see report. Then click Save report

    3-Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

    Answer Yes, when prompted to install an ActiveX component.
    The program will then begin downloading the latest definition files.
    Once the files have been downloaded click on NEXT
    Locate the Scan Settings button & configure to:
    Scan using the following Anti-Virus database:
    Scan Options:
    Scan Archives
    Scan Mail Bases
    Click OK & have it scan My Computer
    Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

    Download and run Hjt and save a log file paste the log file back to that same web site analyze and then save analysis and post the link here.

    And let us know with your progress and/or if you have any questions.
    LVL 47

    Accepted Solution

    Have you tried deleting them?
    Do you have their paths?
    funk.exe should show up in hijackthis log, hijackthis can delete the registry key and you can killbox the file.

    In the registry run key have you look there?
    "funk"="C:\WINDOWS\system32\funk.exe "

    All viruses in the jar cache can be deleted by emptying the cache or deleting the jar.
    From the Start button, click Settings  > Control Panel
    In the Control Panel, open the "Java Plug-in Control Panel"
    Select the Cache Tab
    Click the Clear button inside the Cache Tab, which will clear your JRE cache directory

    Author Comment

    It seems ok now.  

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    So you got the Conficker. You could go to each machine and run the eye chart test (, but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
    PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now