hurrimark

Gen:Variant.kazy.67595(crkzbes.exe) and exploit,java.CVE-2012

Recommended Posts

 

Hi there.

 

I just did a deep computer scan and received these 2 items as high risk, I have no idea what the first one is, in particular.

Both are in my local app data.

 

cheers.

 

Share this post


Link to post
Share on other sites

Lets get a log from ComboFix as well. Please download ComboFix from this link and follow the instructions below to run it. Note that some infections will block it from running if you save it as ComboFix so you may wish to rename it in order to prevent this. Make sure you remember what you changed the name to.

* IMPORTANT !!! Save ComboFix to your Desktop

  • Disable your AntiVirus, AntiSpyware, and Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    See HERE for help

  • Double click on the ComboFix icon on your desktop (it has a red and white icon that looks like a white cat's head in a red circle) and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, ComboFix will produce a log.

    Note:

    1. Do not click in ComboFix's window while it's running. That may cause it to stall!

    2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

    Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

    • ComboFix (C:\combofix.txt)
    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

OK, lets try a check for rootkits. Please get me a log from TDSSKiller by following the instructions below:

  • Download TDSSKiller from this link and save it on your desktop.

  • Run the TDSSKiller download that you saved.

  • Click on Change parameters as it shows in the following screenshot:

    tdsskiller_report_001.png

  • Make sure that Verify digital signatures and Detect TDLFS file system are checked as in the following screenshot, and then click OK:

    tdsskiller_report_002.png

  • Click the Start scan button as in the following screenshot:

    tdsskiller_report_003.png

  • You will see the following as the scan runs:

    tdsskiller_report_004.png

  • If there are any threats or malicious items detected, then make sure the option to the right of each item is set to Skip as in the following screenshot (it is very important that TDSSKiller not be allowed to Cure, Quarantine, or Delete these detections!), note that you can click on the selection action to open a list and change it if it is not set to Skip automatically, and then click Continue at the bottom when everything is set to Skip:

    tdsskiller_report_005.png

  • Click on Report in the upper-right corner, as in the following screenshot:

    tdsskiller_report_006.png

  • You will see a report similar to the one in the following screenshot. Please click in the report somewhere, then hold down the Ctrl key on your keyboard and tap the A key to select the entire report.

    tdsskiller_report_007.png

  • Once everything is selected, then it should look similar to the following screenshot, and you will be able to hold down the Ctrl key on your keyboard and tap the C key to copy the entire report.

    tdsskiller_report_008.png

  • Open Notepad by clicking on the Start button, going to All Programs (or just Programs in Windows 7 and Vista), then Accessories, and clicking on Notepad in the list.

  • Once Notepad has opened, click on Edit to open the Edit menu, and then click Paste, as in the following screenshot:

    tdsskiller_report_009.png

  • Once the report has been pasted into Notepad, click File to open the File menu, and then click Save as, as in the following screenshot. Please save the report on your desktop and attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply.

    tdsskiller_report_010.png

Share this post


Link to post
Share on other sites

Thank you very much. It found 1 threat from that scan - 'Ebeam' which is an interactive teaching tool I use for my job, likely a false one - or perhaps it's been corrupted somehow.

Share this post


Link to post
Share on other sites

That's not showing any indication of a rootkit. What happens if you start your computer in Safe Mode With Networking (instructions at this link) and then try to run ComboFix?

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either http://support.emsisoft.com/index.php?/user/47-shadowputerdude/'>ShadowPuterDude, http://support.emsisoft.com/user/23145-elise/'>Elise, or http://support.emsisoft.com/user/18745-gt500/'>GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only.  Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.  Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled http://support.emsisoft.com/index.php?/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/'>START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.