Java trojan at the least

Discussion in 'malware problems & news' started by Manticmeister, Apr 19, 2004.

Thread Status:
Not open for further replies.
  1. Manticmeister

    Manticmeister Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    18
    Hello all,
    I hope someone can help me out. Earlier this month I hit a malicious web site and my free Grisoft antivirus immediately informed me of a virus it called "Dropper." I quarenteened the virus and then used Goback to revert to a prior time, re-scanned w/ AVG and came up OK. Then some weeks later, after updating Spybot S&D to it's latest version (1.3rc3), it flagged "Dropper" also and said it was associated with the Microsoft download manager. I deleted Dropper, but today Spybot found it again. In the meantime, I deleted AVG entirely as I felt it had failed to protect me. I tried to download Kaspersky's trial version and it came in corrupted. I tried to update Spywareblaster's database and it too came in corrupted. I tried to download Spyblock and it too came in corrupted.I did an online scan w/ Bit-defender and it gave the following report;
    C:\Documents and Settings\{my full name}\Application data\Sun\Java\deployment\cache\javapi\v1.0\jar\classload.jar-6a1abb15-55709129.zip=>GetAccess.class infected:Java.Trojan.Exploit.Bytverify
    C:\Documents and Settings\{my full name}\Application data\Sun\Java\deployment\cache\javapi\v1.0\jar\classload.jar-6a1abb15-55709129.zip=>InsecureClassLoader.class infected:Java.Trojan.Exploit.Bytverirfy
    C:\Documents and Settings\{my full name}\Application data\Sun\Java\deployment\cache\javapi\v1.0\jar\classload.jar-6a1abb15-55709129.zip=>Dummy.Class infected:Java.Trojan.Exploit.Bytverify
    C:\Documents and Settings\{my full name}\Application data\Sun\Java\deployment\cache\javapi\v1.0\jar\classload.jar-6a1abb15-55709129.zip=>Installer.class infected.Java.Trojan.OpenConnedtion.F

    I have TrojanHunter, which I am able to update but it gives me a clean report. I am also able to update Ad-aware but it too comes up clean. In the meanwhile, my homepage news section remains strangely frozen on news from 3 days ago, while other sections of the homepage reflect the current date.
    Could I have encountered a root kit? Can someone suggest what I should do? I do have Hijack This version 1.7.97 as well as Process Explorer, TCPview and RegdataXP installed, although I am not adept at using them.
    Any suggestions would be most appreciated.
    Manticmeister
    PS; And now another exciting development. I decided as an experiment to try and download the free AVG program again, not remembering that I still had the old zip file. I downloaded the new one and went to unzip it. The self-extracting process began, with an opening window from Grisoft, but the second window that appeared was for an entirely different program, one I had installed some time ago! I tried to unzip the old program from last Jan. and got the same result. At this point I am one confused puppy.
    Manticmeister
     
    Last edited: Apr 19, 2004
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Manticmeister,

    Have a look at this thread coping with one and the same issue. It most probably will solve your problem. Keep us posted ;)

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.