Yesterday, I did a SAS Quick Scan it was clean as usual.

I left the PC on. Later that day I came back to find Out Post Firewall disabled and AntiVir Guard disabled. I am behind a NAT Router with the Wireless turned off. I did not turn off the hardware firewall. To my knowledge it still works.

AV would not come back on until I restarted Out Post under programs then AntiVir Guard snapped back to attention. I did get the Out Post FW box earlier requesting that I send the report to them due to issues. I did just that to help in future development.

I thought perhaps it might have been some rare conflict. Not satisfied with this I did a AntiVir Scan.

It did find malware: TR/Java.Downloader.Gen :-[ That is all that was found.

It is currently in quarantine. Most of the virus libraries and encyclopedias are a little short on information including AntiVir. Most say the damage is low.

Is this the type of trojan that could be stealing information such as passwords or just attempting to download other stuff. This trojan may have been dormant for a while, but I am not sure.

Thanks.

Heres the info given by Trend Micro (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA%5FBYTEVER%2EA%2D1&VSect=T) and since you said Avira didnt find anything else I think youre safe.

Id consider doing a online scan like ESET or Kaspersky just in case.

Thanks WSFuser,
I am set up for HouseCall, but it's been awhile. Likely why it took so long. It showed a clean system....

...but darn it all if OutPost didn't crash again while reading your post earlier this afternoon, which of course locked up my AV (all in my sig) again.

Wait a few minutes relaunch OutPost and then AV Guard comes up again without the need for further action. There is a conflict there. I'm going to work on it and post back.

Any suggestions are welcome. ;)

EDIT: I thought it was a milder version too. Never hurts to get a second opinion. Everything I was reading said it needed something else in order to start doing damage.

Edit: (Referencing the Trojan).

{QUOTE-> I left the PC on. .

<-QUOTE}

I have only left my PC remain connected overnight (or more than a day) just one time over the past 5 years. I don't believe in letting it stay on unattended (especially with wasting electricity). But I have never seen a case where the firewall nor Antivirus was shut down after I went away from the PC. Since I don't use any of the high speed services that allow voice and data communications concurrently, I have to keep a reminder in the back of my head that I am tying up a phone line when I leave my PC connected. ;D

{QUOTE-> Yesterday, I did a SAS Quick Scan it was clean as usual.

I am behind a NAT Router with the Wireless turned off. I did not turn off the hardware firewall. To my knowledge it still works.


Thanks. <-QUOTE}I'd be checking to be sure the router is still doing what it's supposed to.

ccsito,
I leave it on during the day on weekends only. Other wise it is put in Standby or off. This is a change in my policy after the results and postings to my '24/7 poll'.
No longer is it left running over night.

The Hammer,
I'll check it, but I really believe it is a conflict, not an infection or outside attack.
I have turned off the self protection feature, which I have had problems with before and so far no problems. Trial and error I'll figure it out. :)

{QUOTE-> Yesterday, I did a SAS Quick Scan it was clean as usual.

I left the PC on. Later that day I came back to find Out Post Firewall disabled and AntiVir Guard disabled. I am behind a NAT Router with the Wireless turned off. I did not turn off the hardware firewall. To my knowledge it still works.

AV would not come back on until I restarted Out Post under programs then AntiVir Guard snapped back to attention. I did get the Out Post FW box earlier requesting that I send the report to them due to issues. I did just that to help in future development.

I thought perhaps it might have been some rare conflict. Not satisfied with this I did a AntiVir Scan.

It did find malware: TR/Java.Downloader.Gen :-[ That is all that was found.

It is currently in quarantine. Most of the virus libraries and encyclopedias are a little short on information including AntiVir. Most say the damage is low.

Is this the type of trojan that could be stealing information such as passwords or just attempting to download other stuff. This trojan may have been dormant for a while, but I am not sure.

Thanks. <-QUOTE}


Hi Merc:

Well as usual being an old guy I take a different tact. Are you the only person with access to this PC?

The advice you have been given all seems fine BUT know one knows for sure do they? How much if anything was "stolen"? Why gamble at all you don't need to!

So do you do on line banking? taxes etc? If so track those accounts closely over the next little while! If some has your account you will have to change account numbers!

I would change your passwords except maybe for forums but anything to do with your personal business do it! It's good practice to change them anyway from time to time. Make sure you max out the psw strength use a psw generator like free RoboForm or there is one in FF. Keep these psw OFF your PC on a stick/cd sheet of paper and lock them up.

I know you will figure out how this happened but something/someone shut down your FW and your AV, that is NOT good. Ask the FW guys like Stem what they suggest!

On the plus side at least you know something bad happened most of the great mass of users wouldn't have noticed! :thumb:

You ask a question that you already know the answer to.
It takes a few minutes to change them or possibly many months to recover what is stolen.

Escalader,
I have already changed several since this event. Likely will change more...

...which brings me to why I reject the post by Doc.

No I don't know the answer or I wouldn't have asked. >:(

The question was does this type of trojan keylog or other wise steal data. Not all malware does the samething. Redoing your passwords all at once is a pain. :( :P If it is a data stealer redoing a few passwords in my case is not going to cut it, they must all be changed and fast. You don't know what I do on my PC. Then they have to all be placed somewhere or memorized, not as simple as you make it out to be. :P

Thanks again Escalader your response was helpful I will look into that auto password generator...Roboform? ??? what is ff?

EDIT; I have been the only one using it for about a month, before that my wife and daughter used it. I was not happy to learn this either: daughter forgot her log on password...Mom logs her on her account :o Mom has admin rights, daughter does not. Spouse suffered some verbal abuse that night. >:( :-[

{QUOTE-> The question was does this type of trojan keylog or other wise steal data. <-QUOTE}

It does not appear that way.
Looks like this one might only mess with IE settings and the registry,tring to redirect to certain web sites.
At least that is what I gathered form searching around.
You should be ok.

{QUOTE-> It does not appear that way.
Looks like this one might only mess with IE settings and the registry,tring to redirect to certain web sites.
At least that is what I gathered form searching around.
You should be ok. <-QUOTE}

This is a detection using a Generic Signature for Trojan Downloaders written in Java language. That's all. You cannot get more information from googling the name, as it doesn't make reference to a particular sample but to many samples that share those characteristics and can be detected with that generic signature.
It could be the JAVA_BYTEVER.A-1 or more likely a completly different malware, known or unknown, or even a false positive.
I suggest uploading the sample to VirusTotal and / or sending it to Avira.

If it truely was going to do active damage as opposed to just sitting there wating to do damage I would think Avira Guard would have caught it. I think the shut down of my AV and Outpost is a conflict. Also remember this I am an exBOClean user this thing could have been sitting dormant for a while as I recently switched from AVG Free to Avira too but had not done a scan for a while.

I deleted the nasty from quarantine but understand I can get for it back for submission as I did not do a "wipe" of it. Just not sure how.

I note even with the trojan gone OutPost still crashes. >:( That OutPost really does give me trouble sometimes, which is why I seem to use it only for short periods of time. I send the crash file to them everytime so who knows...

AV works fine and scan yesterday was clean.

{QUOTE->
Spouse suffered some verbal abuse that night. >:( :-[ <-QUOTE}

Is this because you got a lot of "Tickle me Elmo bots"? :P :D