TrojanDownloader:Java\Rexec.B!! HELP!!

Hi Guys,

I have had real problems with my laptop today…been sortin it for almost 13 hours now…started with Win32:Patched-RP[Trj. Which with the help of this forum I sucessfully got rid of by using Dr.Web CureIt.THANKS!
Thought I would run windows onecare on the pc just to make sure…now this opened up a whole new can of worms!! My main worry is a TrojanDownloader:Java\Rexec.B!! I have only found info on this on microsoft and it is severe! But they only posted it yesterday so not much info is known…Avast dont seem to even realize it is there but when I Google a page avast comes up with malicious malware warning and stops me entering the site…or it directs me to a completely different web site…often an offensive one.

I followed the path to where the TrojanDownloader is C:\users\name\appdata\locallow\sun\java\deployment\cashe\6.0
When i went there the folder 6.0 has numbers from 1 to 13 now an hour later its up to 63!! also files named Host, Muffin, Tmp, LastAccessed…When I hold my curser over the file/s (NOT CLICK) they all claim to be empty. I also just checked my REG EDIT and it looks like something is different from yesterday!!

Please Help Me!!

Try this

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have latest database before you scan
click the remove selected button to quarantine anything found
you may post the scan log here if anything is found

OK have found the VT scan from 22/9-2010

VirusTotal - 9/43 - jar_cache32547.tmp
http://www.virustotal.com/file-scan/report.html?id=54eb820a86d4afd02cb627726a7ff325d8d02ac64ac9a7861577ab074968f77f-1285161981

So it is detected by latest Dr.Web

Thank You,

Thats if my laptop will start now…i switched it off to try to protect it and now its doing a start up repair :cry:

I ran DrWeb again and it still dident detect the TrojanDownloader but it found Win32.Dat.4 again and said it cured it…but it said that the last time so that is still in there too…i\m running out of ideas…i cant afford to lose my laptop :frowning:

Did you run Malwarebytes ?

I have the same virus on a user’s PC.

Have run malwarebytes, picked up 4 registry changes. Cleared these.

Trend is picking up the virus in C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Conent.IE5.
Obviously this PC is too new to have ever seen IE5, so deleted the entire folder (logged in as an Admin account, as opposed to the user affected).

After this was done, restarted the machine and run the scan again. It has picked up some of the files again, albeit 6 less entries.

Any other ideas?

Trend is picking up the virus in C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Conent.IE5.
It will say IE5 even if you have IE8, it is some microsoft programming thing

Try cleaning temp files with this
TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

you did update MBAM before you scanned ?
you may also try SuperAntiSpyware 4.43.1000 http://filehippo.com/download_superantispyware/