Help removing viruses

Discussion in 'ESET NOD32 Antivirus' started by zookeeper525, Dec 6, 2010.

Thread Status:
Not open for further replies.
  1. zookeeper525

    zookeeper525 Registered Member

    Joined:
    Dec 6, 2010
    Posts:
    5
    Nod32 is detecting 6 infected things and i cant seem to get rid of them. I ran Malwarebytes' Anti-Malware and it didn't detect them, but nod won't remove the files so im stuck with them on my pc. here is the log for nod32

    C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\29d9bb55-2912e892 » ZIP » javax/AServers.class - probably a variant of Win32/TrojanDownloader.Agent.DLBCGQR trojan
    C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\29d9bb55-2912e892 » ZIP » javax/Server1.class - probably a variant of Win32/TrojanDownloader.Agent.IHULBCB trojan
    C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\29d9bb55-2912e892 » ZIP » javax/Server2.class - probably a variant of Win32/TrojanDownloader.Agent.HBVQMAU trojan
    C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-115ceada » ZIP » Email.class - probably a variant of Win32/Agent.FXCQQMQ trojan
    C:\Users\******\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-115ceada » ZIP » ExecService.class - probably a variant of Win32/Agent.KBEESLR trojan
    C:\Users\*****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\27c3f96-115ceada » ZIP » SendService.class - a variant of Java/Exploit.Agent.W trojan

    Can somone please tell me how to remove these or link me to how to get rid of them?
     
  2. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    Have you tried going to folder options / view / show hidden files, and folders? Then browse to the directory location where they are listed. Also what OS are you using?
     
  3. zookeeper525

    zookeeper525 Registered Member

    Joined:
    Dec 6, 2010
    Posts:
    5

    Hi, thanks for the reply.

    Yes i tried that and nothing seems to show up and im running windows 7
     
  4. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    If i was you i would uninstall java if it will let you, and then delete all traces of java from the user's directory. Then reinstall java, and see if that works. Also you could try running hijack this, and Gmer to make sure you don't have other infections not being detected by NOD 32.
     
  5. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    Did you enable hidden files? I just navigated to the directory shown above, and I have the same folders as you except the folders that are showing infected on your machine are empty on mine. If you can I would uninstall java, and delete all trace of java from your machine. Including the Program files folder, and then reinstall java.
     
  6. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    If you are able to uninstall java then I would recommend you install a program called agentRansack. Then use AgentRansack to do a search for all files named sun and Java. Search for each name separately. It will help you find all traces of java on your machine. If you are not sure what is safe to delete then post a screen shot of your search results on this thread so i can help you.
     
  7. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    If you don't feel like going through the trouble of installing AgentRansack then just do a search with widows search function, and that may suffice. I just like to be really thorough. :D
     
  8. zookeeper525

    zookeeper525 Registered Member

    Joined:
    Dec 6, 2010
    Posts:
    5
    Well i found some files in them folders and removed them and then uninstalled java and scanned again with nod32 and they seem to be gone. I'm also scanning with gmer, but it hasnt found anything yet.
     
  9. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    That's good news. If i was you I would delete the entire sun folder from the user directory before reinstalling java if it's still there. There's always a possibility their could be more infections that are not being detected in one of the subfolders. Play it safe, and delete the entire folder before reinstalling java. That is.. if the Sun folder was not deleted by the uninstaller.
     
  10. zookeeper525

    zookeeper525 Registered Member

    Joined:
    Dec 6, 2010
    Posts:
    5
    Yeah, the uninstaller removed the folder and i did a search with agentransack and removed a few files in the temp and reinstalled java and all seems fine. That was the first time ive got a virus that nod has picked up in like a year. Teaches me to click on links from friends.
     
  11. zookeeper525

    zookeeper525 Registered Member

    Joined:
    Dec 6, 2010
    Posts:
    5
    hm, i was scanning my pc with that program you told me to scan it with and my pc crashes into a blue screen and said something like "ran into an error" or something like that. You think i should try to restore my pc to a different date?
     
  12. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  13. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    cuttingedgetech

    why are you giving such bad advice, uninstalling java does not normaly clear the java cache ( temporary files folder) ( it is a hidden folder) and there is no need to go to such drastic steps to solve a very minor problem
    If you don't know, then don't guess and don't post useless rubbish

    All those entries are in java cache & although correctly detected by the antivius as potentially dangerous, cannot harm you if you have the latest version of java because they are not allowed to run
    clear your Java cache as shown http://www.java.com/en/download/help/5000020300.xml
    then scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer and update whatever it suggests
     
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    I know the java cache folder is hidden. I already stated that above. How do you know he or she had the latest version of java installed. Are you assuming he or she did? He or she also stated they could not find the infected files in their cache folder in their initial post. I am not Eset staff so I will not offer anymore assistance on this forum in regards to removing anyone's infection. So I do apologize if i have broken forum rules! If I have i was not aware, and will refrain from further doing so.
     
    Last edited: Dec 7, 2010
  15. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It is overkill to uninstall java when folowing very simple clear instructions to empty the java cache cures the problems

    Don't go down the hard & difficult road, try the easy things first
     
  16. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    I've always taken the overkill approach. I just feel safer or more secure in being more thorough. I don't have any experience in removing any infections from my own machines because I've never been infected by anything unless it went undetected. I have removed countless infections from friends machines, and have never been made aware that I caused any harm to their machine. I am not a professional in this field so I will leave it to your staff in any further advice in manually removing malware. I would still like to refer them to other products that I know do an excellent job in detecting, and removing infections like MBAM, Hitman Pro, Prevx, and a few others.
     
Thread Status:
Not open for further replies.