We help IT Professionals succeed at work.

Virus Bomb:vmain.clas and  jvmimpro.jar-6b13a7e7-54ebfdaa.zip

Medium Priority
5,543 Views
Last Modified: 2013-12-06
Running XP professional sp2
norton antivirus quarantined 2 files
jvmimpro.jar-6b13a7e7-54ebfdaa.zip
vmain.class

I removed all versions of java and then followed these instructions:
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u3
http://java.sun.com/javase/downloads/index.jsp
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check for any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.

Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Computer still sending out hundreds of icmp packets.  
Attached hijackthis log file below.
Thanks,
Tommy
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2007
Commented:
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe

The above entry is a trojan.

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
*  Instead of Windows loading as normal, a menu with options should appear;
*  Select the first option, to run Windows in Safe Mode, then press "Enter".
*  Choose your usual account.

*  Open the extracted folder and double click "RunThis.bat" to start the script.
*  Type "Y" to begin the script.
*  It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
*  Press any Key and it will restart the PC.
*  Your system will take longer that normal to restart as the fixtool will be running and removing files.
*  When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
*  Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back


CERTIFIED EXPERT
Top Expert 2007
Commented:
If problem persists;
Run Combofix and show us the logfile to check if there are other nasties present.

Please download ComboFix by sUBs from either of these locations:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..


Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Author

Commented:
RPG- attached file
combofix file attached
new hjackthis file attached
- Much Thx !...

Author

Commented:
I think we might be ok here...I just tested with my network team and the icmp pings are not happening anymore.  If you have the time to take a quick look at the files posted just to confirm?

You are truly a guru...Thanks again!!!!!
Tommy
CERTIFIED EXPERT
Top Expert 2007

Commented:
Tommy,

Thanks! It's good to know that the problem seems to be resolved.
I'm more than happy to check the logs but there isn't any attached here.
Have you attached them? or is my IE playing up, :(
I've also looked at EE-Stuff and no files there from this question.
CERTIFIED EXPERT
Top Expert 2007

Commented:
Firefox also doesn't display the attachments, so it must be something malfuntioning on EE pages.
I can't see the attached log in your Title which I could yesterday.

Can you just paste the logs as a comment? or upload the logs at EE-Stuff.com.
Thanks.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.