Trj/Java.Binny.A

Sorry, I couldn't find mention of this trojan by a search: Trj/Java.Binny.A.

The online scans at PC Pitstop and Bitdefender detected it, and Bitdefender disinfection failed. TDS and AVG Free Edition do not detect. Wondering how to get rid of it; or if a false positive. TDS is up to date.

Path:

C:\Documents and Settings\Charles Pelham\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
archive.jar-68ec1667-270b35e5.zip

Thanks,
charlie

 

Hi there!
Can you please submit the zip to submit@diamondcs.com.au ? Thanks in advance!
It has various names, yours might be another variety.

From the viruslist description:
http://www.viruslist.com/en/viruses/encyclopedia?virusid=57696
Aliases:
Trojan.Java.Binny.a (Kaspersky Lab) is also known as: JV/Shinwow (McAfee), Trojan.ByteVerify (Symantec), Troj/Clsldr-A (Sophos), Java/Binny.A.2 (H+BEDV), Java.Trojan.Binny.A (SOFTWIN), Java.Trojan.Binny.A-2 (ClamAV), Trj/Java.Binny.A (Panda)
The applet contains three files:
mein.class, which is 2031 bytes in size. This is the main program function, and also contains the exploit function
binny.class, which is 3464 bytes in size. This array variable is launched using the exploit
beyond.class, which is 972 bytes in size. This file writes the program which binny.class contains to disk and launches it

 

Hi tokdok, Your other AV may be stopping TDS3 from detecting it. Also you may need to enable Scanning inside .zi/.rar file and unpack compressed.exe's

Anyway to do a full scan with no interference reboot into Safe mode by pressing F8 a few times before Windows starts, then enable all of the scan options in TDS3 - Select all physical drives and do the scan.
This is a very deep scan and will take quite a time depending upon amount of files to be scanned and your machine's specifications.

And, of course, do submit the file as Jooske has suggested

HTH Pilli.

 

I'll go do that right now.
Thanks,
cp

 

Hi Pilli,

The computer will not go into safe mode. (Sure sign of trouble...) I doublechecked updates and scanned in normal mode (all options enabled) with no trojan found.


Update: Got into safe mode and ran full scan; no results....
cp

Last update for the night:
I ran ccleaner, which unceremoniously wiped out all that Jave crap, and 3 different web virus scans now say my system is clean.
So, am I clean?

 

Thanks for replying tokdok, Hopefully DCS will analyse the file(s) and add them to their latest definitions if it / they are malware.
Regarding more analysis of your own machine, following the some or all of the steps here: https://www.wilderssecurity.com/showthread.php?t=50662 will help ensure that your system is clean.

Pilli.

 

By the looks of it you should be clean now.
Good you tried the various online scanners already as that would have been my next suggestion.
You might like to have a look with the AutoStartViewer (DiamondCs free products site) if there is anything suspicious trying to do anything nasty.

 

Hi Pilli,
I did all of the steps (maybe not 3 times) and everything comes up clean. Maybe we can announce a new method for dealing with a trojan: just delete the dadgum file! And maybe advise Firefox users to empty the Java cache often....

I'll wait for future updates & developments before declaring victory. Thanks for your help.

charlie

 

Hi Jooske,
I downloaded that file, and all looks OK so far. Thanks for your help.
charlie

 

Hi Charlie i'm really happy to see you're system is clean and safe now!
The bad part all that work and scanning, the good part you learned definitely lots from all that! And with that experience you can save people around with their systems!