system
July 22, 2011, 9:38pm
1
I performed an AV scan after updating AV definitions:
Virus Found:
File Name:
C:\Users\Silver\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\4d610a4d-18f39461
Severity High
Status Threat: Win32:Karagany-M [Trj]
Action Move to Chest (successful)
Next, a boot-time scan detected 5 more files:
fire.class, poison.class, bilbo.class, frodo.class, saruman.class
Threat: Java:Agent-DT [Expl]
Threat: Java:Agent-DU [Expl]
Threat: Java:Agent-GJ [Expl]
Threat: Java:Agent-EG [Expl]
Threat: Java:Agent-DV [Expl]
Action Move to Chest (successful)
Repeat scans do not detect virus. Virus continues with persistent popups. How to proceed? ???
Pondus
July 22, 2011, 10:06pm
2
try this, remove java with JavaRa and reboot, then install new java version
http://www.softpedia.com/get/System/System-Miscellaneous/JavaRa.shtml
report back
system
July 22, 2011, 10:30pm
3
Downloaded JavaRa install file (avg_isct_stb_all_2011_1390_ppc2.exe) on clean computer.
Does not start on infected computer (hourglass icon appears briefly).
Advise?
(file extracts successfully on the clean computer).
Pondus
July 22, 2011, 10:38pm
4
system
July 22, 2011, 11:20pm
5
JavaRa removed old version, log attached. JRE says to defer installation until out of safe mode.
Virus persists with interference/popups.
Advise?
Pondus
July 22, 2011, 11:29pm
6
Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
( post the logs HERE and not in the guide )
To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( Malwarebytes log / OTS log ) save OTS log as ANSI
Essexboy will look at the logs when posted…he is in bed now so later today…