Jump to content


Photo
- - - - -

Trojan-Downloader.Java.OpenStream!IK - false positive?


  • This topic is locked This topic is locked
7 replies to this topic

#1 wagesoffear

wagesoffear

    Member

  • Members
  • PipPip
  • 36 posts

Posted 05 May 2010 - 11:31 AM

Hi, I keep getting the above file in my a2 scan results. I don't delete it because it looks like part of the Java program but it's odd that a2 keeps flagging it up - so now I'm guessing it's not a false+. Please advise, thx.

#2 Lynx

Lynx

    Forum Veteran

  • Members
  • PipPipPipPipPip
  • 2546 posts
  • LocationAustralia

Posted 05 May 2010 - 12:12 PM

Hi wagesoffear,

1) Posting just the file name or the alleged infection name does not provide any information
The location of the files / precise names of files and/or Registry Entries ; processes, etc. are required. The same applies to the detections names. All that info should be in the saved report produced by a-squared.

2) if you are suspecting FP then submit as described in
Submitting suspected False Positives for analysis

3) Re:

... now I'm guessing it's not a false+...

that is not a matter of guessing

=======
Read the following instructions
START HERE, if you don't we are just going to send you back to this thread <--click
Prepare and post (attach) the required log files into Malware Removal section of the forum
(create new thread there)
Wait for reply from ShadowPuterDude, Katana, or JeanInMontana
for assistance and further instructions.
=======
Translation Links for Forum Instructions

My regards

XP Pro, SP3 (32-bit); EAM v8.1.0.40 (beta) ; Firewall: Comodo 3.14 FW only ("Defense+" HIPS)
Win 7 Home Premium x64, SP1; EAM v8.1.0.40 (beta); Firewall: Comodo as above

Win 7 Ultimate, SP1 (32-bit) testing EIS 9 beta


#3 wagesoffear

wagesoffear

    Member

  • Members
  • PipPip
  • 36 posts

Posted 06 May 2010 - 11:35 AM

Hi,

I ran CCleaner. I've attached the a2 and Hijackthis logs. I couldn't run ISeeYouXP because my adaware flagged it up as a trojan "win32.trojan.killproc".

Thanks.

#4 Lynx

Lynx

    Forum Veteran

  • Members
  • PipPipPipPipPip
  • 2546 posts
  • LocationAustralia

Posted 06 May 2010 - 11:51 AM

Hi wagesoffear,

1) You should create new thread in the "Malware Removal help" section as it was suggested;

I will move it there

2) Ignore flagging of ISeeYouXP. That is False Positive.
Allow it to run
Many security Software will flag such Utilities and different malware removal Tools

{added} Next time if the report by Emsisoft will be requested do not quarantine/delete anything as per instruction
Cookies are harmless and never representing threats. Close all browser section prior to running CCleaner in order to delete cookies before scanning

My regards

XP Pro, SP3 (32-bit); EAM v8.1.0.40 (beta) ; Firewall: Comodo 3.14 FW only ("Defense+" HIPS)
Win 7 Home Premium x64, SP1; EAM v8.1.0.40 (beta); Firewall: Comodo as above

Win 7 Ultimate, SP1 (32-bit) testing EIS 9 beta


#5 wagesoffear

wagesoffear

    Member

  • Members
  • PipPip
  • 36 posts

Posted 07 May 2010 - 10:44 AM

Thx.

#6 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12698 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 07 May 2010 - 03:15 PM

The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u20 available from Sun Microsystems.

-----------------------------------------------------------

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java™ 6 Update 18
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

-----------------------------------------------------------

Clear your Java Cache. Instructions on how to do so, can be found at http://www.java.com/...lugin_cache.xml

-----------------------------------------------------------

Otherwise your logs show no malware.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#7 wagesoffear

wagesoffear

    Member

  • Members
  • PipPip
  • 36 posts

Posted 10 May 2010 - 12:40 PM

Thank you.

#8 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12698 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 11 May 2010 - 01:18 AM

Thread Closed

Reason:
Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users