Virus? Exploit:Jsvs/CVE-2012-1723

Something is disabling functions on my machine. Cannot open most of the applications in the Control Panel. I think it is Exploit:Jsvs/CVE-2012-1723

I tried to include a DDS.txt log but it was too long and Avast system would not let me post because the message exceded the 10000 character limit.

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

is your java updated?

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2012-1723

[b]The following versions of Java are vulnerable to this exploit:[/b]

JDK and JRE 7 Update 4 and earlier Java SE
JDK and JRE 6 Update 32 and earlier Java SE
JDK and JRE 5.0 Update 35 and earlier Java SE
SDK and JRE 1.4.2_37 and earlier Java SE

No I don’t think Java is up to date. I am in the process of creating logs as instructed.

her they are

Tried to run the antiroot program and it unexpectedly stopped working.

you may try run it from safe mode…if no success essexboy have more tools if needed :wink:

Here is the aswMBR log.

Do I need to continue with the next steps starting with:

SPECIFIC INFECTIONS LOGS

If you have the hard drive infection and are no longer able to see your files/folders/start menu then do not run any temporary file cleaners but download and run the following programme:

Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

Quit all programs
Start RogueKiller.exe.

Wait until Prescan has finished …
Click on Scan

Could you delete the copy of combofix that you have

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xqtpcpmu.sys -- (xqtpcpmu)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wdmiuyya.sys -- (wdmiuyya)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2012/10/22 06:56:33 | 000,097,641 | ---- | C] () -- C:\ProgramData\puisyngkqqeuabd
[2011/11/24 23:43:08 | 000,000,240 | ---- | C] () -- C:\ProgramData\~EcQdpl2SHOEmMXr
[2011/05/02 10:29:23 | 000,000,088 | -HS- | C] () -- C:\Users\USER\AppData\Roaming\27FGHDTZQ43K327FV6JFD8LTD7

:Files
C:\Users\keithf\AppData\Local\{8527c484-1c70-49fc-e80c-ca7403d90f70}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Here is the first log requested, from the OTL scan.

Tried to run Combofix but I get a warning that Microsoft Security Essentials is running. I cannot open it to disable it. I get a dialogue box that goes away so fast that I cannot read it but I saw .dll at the end of the program listed.

I have no system tray icon for Microsoft Security Essentials nor can I access the uninstall feature in Control Panel. Should I run the combofix scan even the it states that results will be unpredictable?

Yes accept the warning

HEre is the Combofix log

What problems remain

Cannot open recovery from contol panel along with other features, However I can open the program list which I could not do before.
Cannot run latest version of Java
PlanPlus Add in cannot be select from the manage addins settings
I cannot install and run Microsfot Security Solutions

Upon Starting the machine I get the following errors
GfXui not working
WD Drive Manager error
Microsoft C++ Runtime Library Runtime Error

I downloaded some drivers from the HP website in an attempt to fix yesterday. Could this be relevant?

Possibly, lets run a system repair now and see what it looks like after that

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

Cannot open recovery from contol panel along with other features, However I can open the program list which I could not do before.
Cannot run latest version of Java
PlanPlus Add in cannot be select from the manage addins settings
I cannot install and run Microsfot Security Solutions

Upon Starting the machine I get the following errors
GfXui not working
WD Drive Manager error
Microsoft C++ Runtime Library Runtime Error

I downloaded some drivers from the HP website in an attempt to fix yesterday. Could this be relevant?

Cannot open recovery from contol panel along with other features, However I can open the program list which I could not do before.
Cannot run latest version of Java
PlanPlus Add in cannot be select from the manage addins settings
I cannot install and run Microsfot Security Solutions

Upon Starting the machine I get the following errors
GfXui not working
WD Drive Manager error
Microsoft C++ Runtime Library Runtime Error

I downloaded some drivers from the HP website in an attempt to fix yesterday. Could this be relevant?

Doing it now.