Solved: Virus I can't get rid of

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rameam

Thread Starter
Joined
Mar 14, 2003
Messages
435
AVG found a virus in C:\Windows\ApplicationData\Sun\Java\Deployment\cache\javapi\v1.0\jar\ classload.jar-690cc978-37266963\d.class :eek:

Every time I try to delete or heal the d.class file with AVG, it comes right back. I've tried deleting it in safe mode, but no luck. I started to delete the whole zip file, classload.jar-690cc978-37266963\d.class, but thought I would check here first. :)

Don't know whether you need it or not, but here's the latest Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 8:54:51 AM, on 7/11/2005
Platform: Windows ME (Win9x 4.90.3000A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\WINDOWS\SYSTEM\CMPDPSRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\REGPROT\REGPROT.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = -
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\PROGRAM FILES\SPYWAREGUARD\DLPROTECT.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [PDPServer] CMpdpsrv.exe
O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

OS is WinMe. (y)

I have Spywareguard, Spyblaster, Zone Alarm, Adaware, etc.

I have found a virus before in this same location. Is Sun something I should get rid of or will Java not work without it?

Thanks for help. :)
 

rameam

Thread Starter
Joined
Mar 14, 2003
Messages
435
By the way, if I don't respond right away, today is my wife's birthday, and will be a little busy, but will get back to this today.

Thanks again.
 

rameam

Thread Starter
Joined
Mar 14, 2003
Messages
435
OK, I ran Trend and Panda. Trend found nothing, Panda found 79 infected files, and said it disinfected them.

Here's what Panda found. Wonder why Trend found nothing?

Incident Status Location

Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963.zip[b.class]
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963.zip[c.class]
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963.zip[a.class]
Virus:Trj/Downloader.DIS Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963.zip[d.class]
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 2\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 2\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 2\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 3\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 3\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 3\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 4\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 4\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 4\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 5\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 5\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 5\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 6\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 6\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 6\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 7\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 7\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 7\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 8\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 8\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 8\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 9\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 9\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 9\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 10\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 10\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 10\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 11\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 11\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 11\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 12\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 12\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 12\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 13\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 13\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 13\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 14\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 14\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 14\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 15\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 15\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 15\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 16\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 16\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 16\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 17\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 17\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 17\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 18\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 18\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 18\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 19\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 19\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 19\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 20\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 20\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 20\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 21\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 21\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 21\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 22\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 22\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 22\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 23\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 23\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 23\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 24\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 24\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 24\a.class
Virus:Trj/Classloader.I Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 25\b.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 25\c.class
Virus:Exploit/BytVerify Disinfected C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cc978-37266963 25\a.class
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
for future reference

Removing Java trojans That your antivirus has found
If you still are using JAVA 1.4 or earlier
open control panel, select java plug in control panel, select cache and then press clear cache

That gets rid of the trojans
If you are using 1.5 version it's slightly different so read here

http://www.java.com/en/download/help/5000020300.xml
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top