Java Agent Virus - Help!

Hi out there

I got the same problem as bcminty with some java agent viruses. I copied what bcminty wrote as I’ve been taking almost the same measures in cleaning my system:

The other day I noticed something strange was going on with my machine - slight amount of slowness and error messages about MS Word Macros that I’m certain I did not set up or authorize. (Sadly I didn’t take a screen grab of these, and I don’t recall the full error text.)

This concerned me, so I immediately ran a virus scan on my Win 7 machine and it found a multitude of problems, among them several Java Agents viruses and other items. In looking at several of the message boards, it seems like these are rather difficult to get rid of. Can anyone help me in making sure that I’ve successfully removed all threats? I’m a little new at this…

Here’s what I did. I ran the avast! full system scan, which found a number of items that I moved to the chest. It then prompted me to run a boot time scan, which I also did. It uncovered even more items, which I then selected to delete all.
(Copied from: http://forum.avast.com/index.php?topic=99464.msg793287#msg793287)

Unlike bcminty, I got Windows XP and as I tried uninstalling Java from my machine the action just froze. So Java is still installed. My computer skills are limited, so how to make an OTL is like crossing new borders (and I don’t got a clue about what it actually is). So if you could help me with some pedagogical explanations on how to secure my computer I would be over the top thanksful.

so how to make an OTL is like crossing new borders (and I don't got a clue about what it actually is).
OTL is a diagnostic tool .....that can also remove malware. the remover will create a comand script based on the log from your machine

follow this guide and attach the logs, not copy and paste
http://forum.avast.com/index.php?topic=53253.0

AdwCleaner / Malwarebytes / OTL / aswMBR

it may take hours befor a malware remover arrive so be patient

I got through the scans alive! I also ran the MBAM but didnt find any malware… Hope the logs are useful. I succeeded in uninstalling Java as well.

hi goldbär,

Could you also attach AdwCleaner as well? Running this program will save the malware expert who does assist you a lot of time in crafting a fix for your system, which is why this is now recommended to run as well as the other three programs.

yeah sure!

OK this will remove the Java remnants and clear the java cache

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll File not found
[2012-08-17 19:41:58 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download an run Javara from here http://majorgeeks.com/JavaRA_d5982.html
Select remove old Java

Hi essexboy

Thanx for helping me out! I tried to do the Run Fix in OTL with the commandoes but it didnt work. The OTL went ‘not answering’ and the screen froze. In the process line below it said ‘Killing processes DO NOY INTERUPT’ which also froze.

I restarted the computer and ran the Quick Scan (log attached). I don’t know if that’s any help… Should I wait installing the Javara untill the other step is cleared?

OK that is MBAM flexing its muscles again… Run this revised script

:OTL
SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOKALE~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll File not found
[2012-08-17 19:41:58 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll

:Commands
[resethosts]
[emptyjava]
[emptyflash]
[CREATERESTOREPOINT]
[Reboot]

Hurray! You flexed better than him! It went smooth - and here’s the new OTL… I’ll pay Javara a visit now

How is the computer behaving now ?

Everything seems to be in order! I’ve now installed the latest version of Java. Should I delete the Anti Malware? And hey, a MASSIVE thanx for your help! Way too cool skills…

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands [CLEARALLRESTOREPOINTS] [Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave: