?
Solved

Virus Bomb:vmain.clas and  jvmimpro.jar-6b13a7e7-54ebfdaa.zip

Posted on 2008-01-24
6
Medium Priority
?
5,521 Views
Last Modified: 2013-12-06
Running XP professional sp2
norton antivirus quarantined 2 files
jvmimpro.jar-6b13a7e7-54ebfdaa.zip
vmain.class

I removed all versions of java and then followed these instructions:
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Computer still sending out hundreds of icmp packets.  
Attached hijackthis log file below.
Thanks,
Tommy
0
Comment
Question by:tomcerami
  • 4
  • 2
6 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 20738078
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe

The above entry is a trojan.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back


0
 
LVL 47

Assisted Solution

by:rpggamergirl
rpggamergirl earned 2000 total points
ID: 20738103
If problem persists;
Run Combofix and show us the logfile to check if there are other nasties present.

Please download ComboFix by sUBs from either of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 

Author Comment

by:tomcerami
ID: 20742797
RPG- attached file
combofix file attached
new hjackthis file attached
- Much Thx !...
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 

Author Comment

by:tomcerami
ID: 20743326
I think we might be ok here...I just tested with my network team and the icmp pings are not happening anymore.  If you have the time to take a quick look at the files posted just to confirm?

You are truly a guru...Thanks again!!!!!
Tommy
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20747869
Tommy,

Thanks! It's good to know that the problem seems to be resolved.
I'm more than happy to check the logs but there isn't any attached here.
Have you attached them? or is my IE playing up, :(
I've also looked at EE-Stuff and no files there from this question.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 20747900
Firefox also doesn't display the attachments, so it must be something malfuntioning on EE pages.
I can't see the attached log in your Title which I could yesterday.

Can you just paste the logs as a comment? or upload the logs at EE-Stuff.com.
Thanks.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
If you are like me and like multiple layers of protection, read on!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question