Java trojan at the least

Discussion in 'malware problems & news' started by Manticmeister, Apr 19, 2004.

Thread Status:
Not open for further replies.
  1. Manticmeister

    Manticmeister Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    18
    Hello all,
    I hope someone can help me out. Earlier this month I hit a malicious web site and my free Grisoft antivirus immediately informed me of a virus it called "Dropper." I quarenteened the virus and then used Goback to revert to a prior time, re-scanned w/ AVG and came up OK. Then some weeks later, after updating Spybot S&D to it's latest version (1.3rc3), it flagged "Dropper" also and said it was associated with the Microsoft download manager. I deleted Dropper, but today Spybot found it again. In the meantime, I deleted AVG entirely as I felt it had failed to protect me. I tried to download Kaspersky's trial version and it came in corrupted. I tried to update Spywareblaster's database and it too came in corrupted. I tried to download Spyblock and it too came in corrupted.I did an online scan w/ Bit-defender and it gave the following report;
    C:\Documents and Settings\{my full name}\Application data\Sun\Java\deployment\cache\javapi\v1.0\jar\classload.jar-6a1abb15-55709129.zip=>GetAccess.class infected:Java.Trojan.Exploit.Bytverify
    C:\Documents and Settings\{my full name}\Application data\Sun\Java\deployment\cache\javapi\v1.0\jar\classload.jar-6a1abb15-55709129.zip=>InsecureClassLoader.class infected:Java.Trojan.Exploit.Bytverirfy
    C:\Documents and Settings\{my full name}\Application data\Sun\Java\deployment\cache\javapi\v1.0\jar\classload.jar-6a1abb15-55709129.zip=>Dummy.Class infected:Java.Trojan.Exploit.Bytverify
    C:\Documents and Settings\{my full name}\Application data\Sun\Java\deployment\cache\javapi\v1.0\jar\classload.jar-6a1abb15-55709129.zip=>Installer.class infected.Java.Trojan.OpenConnedtion.F

    I have TrojanHunter, which I am able to update but it gives me a clean report. I am also able to update Ad-aware but it too comes up clean. In the meanwhile, my homepage news section remains strangely frozen on news from 3 days ago, while other sections of the homepage reflect the current date.
    Could I have encountered a root kit? Can someone suggest what I should do? I do have Hijack This version 1.7.97 as well as Process Explorer, TCPview and RegdataXP installed, although I am not adept at using them.
    Any suggestions would be most appreciated.
    Manticmeister
    PS; And now another exciting development. I decided as an experiment to try and download the free AVG program again, not remembering that I still had the old zip file. I downloaded the new one and went to unzip it. The self-extracting process began, with an opening window from Grisoft, but the second window that appeared was for an entirely different program, one I had installed some time ago! I tried to unzip the old program from last Jan. and got the same result. At this point I am one confused puppy.
    Manticmeister
     
    Last edited: Apr 19, 2004
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Manticmeister,

    Have a look at this thread coping with one and the same issue. It most probably will solve your problem. Keep us posted ;)

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.