Jump to content

Trojan.JS.FakeAV!IK


Recommended Posts

Overnight scan showed Trojan.JS.FakeAV!IK. When I attempted to delete it I got a message that it could not be removed and to contact support. I have gone through the re-scan process via EEK and OTL and the risk is no longer reported. Can I know that the trojan has been removed and the message that it could not be removed was in error?

Link to comment
Share on other sites

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25 .
  • Click the "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the download link for your system and save it to your desktop. Do NOT use the Sun Download Manager:
    Windows x86 Offline (jre-6u25-windows-i586.exe)
    Windows Intel Itanium (jre-6u25-windows-ia64.exe)
    Windows x64 (jre-6u25-windows-x64.exe)
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")


The installed version of Adobe Reader on this computer is out-dated. Install the latest version of Adobe Reader available from Adobe.


Using Add or Remove Programs in the Control Panel; uninstall the following:

Adobe Reader 8.2.6
Java(TM) 6 Update 22
Java(TM) 6 Update 6


Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O32 - AutoRun File - [2008/12/30 17:01:55 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{7c25f16d-6f74-11e0-a199-00235a05f64b}\Shell - "" = AutoRun
    O33 - MountPoints2\{7c25f16d-6f74-11e0-a199-00235a05f64b}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
    [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] 
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:029E021F
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2A8A3140
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [ResetHosts]
    [start Explorer]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites

Thank you for your quick reply!

Installed new Adobe with no problem.

However, the Java doesn't list my OS (Vista 32 bit). Can you please point me to the correct version?

Will run the OTL after new Java is installed.

Removed Adobe 8.2.6

Removed Java 6 update 6

Thanks again,

Barb

Link to comment
Share on other sites

All done. Removed the last old Java and installed the new (thanks Lynx).

Ran the OTL again.

Only concern - had 2 warnings during this process that A Squared picked up on other trojans and removed the suspect files. My scan takes about 8-9 hours so will run the full scan again overnight and see if anything turns up.

Thanks for all your help!

Original question remains - How can I know if the original trojan was actually removed since the message I received when I attempted to delete it said it could not remove the file?

Hmmm do not see an option to attach the latest OTL file so pasting it here.

All processes killed

========== OTL ==========

F:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c25f16d-6f74-11e0-a199-00235a05f64b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c25f16d-6f74-11e0-a199-00235a05f64b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c25f16d-6f74-11e0-a199-00235a05f64b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c25f16d-6f74-11e0-a199-00235a05f64b}\ not found.

File E:\ToolLauncher-Bootstrap.exe not found.

C:\Windows\System32\uxt5CB0.tmp deleted successfully.

C:\Windows\msdownld.tmp folder deleted successfully.

ADS C:\ProgramData\TEMP:029E021F deleted successfully.

ADS C:\ProgramData\TEMP:2A8A3140 deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56507 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: OEM1

->Temp folder emptied: 1358953 bytes

->Temporary Internet Files folder emptied: 229602697 bytes

->Java cache emptied: 1628478199 bytes

->FireFox cache emptied: 58978261 bytes

->Flash cache emptied: 24002 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 118270866 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 75826153 bytes

Total Files Cleaned = 2,015.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: OEM1

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 05292011_144942

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to comment
Share on other sites

Things are back to normal. Thanks!

I know I haven't been cleaning this thing up like I should but since I have so much space and had just completed a defrag a few days ago I wasn't concerned...but now it is nice and clean so all is good.

Thanks so much for your help and follow through. I'm impressed with the support you offer. I have only had one or two other contacts with your group over the years but am always amazed at how easy it is to communicate with all of you. You folks deserve the price of the software for your support alone.

Thanks a bunch!

:thumbs::D

Link to comment
Share on other sites

Actually you don't want to use OTL in that manner. Cleanup only removes OTL and it's logs.

Now to remove most of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Empty the Recycle Bin

Download to your Desktop:

- CCleaner Portable

  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner

Run CCleaner

  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:
    4l5a4i.png
  • Click 16jox2o.png and choose 5x3nu8.gif
  • Uncheck amuvj8.gif
  • Then go back to 2jb4qyb.gif and click nf47ev.gif to run it.
  • Exit CCleaner.

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:

How to Protect Your Computer From Malware

How to keep you and your Windows PC happy

Web, email, chat, password and kids safety

10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!

Link to comment
Share on other sites

Wow.. that was difficult... Had to do a few uninstalls and reinstalls to get every thing working. Laptop decided at one point it just wasn't going to reboot. Would start and then shutdown again. Finally did F2 and selected the C: drive (which is where it should have been booting from all the time) and it finally went to a system restore and booted up.

Verified that all the "new" s/w was active. I had turned System Restore back on after installing the new versions of multiple programs after the OSI scan.

The one program I can't get rid of is macromedia flash.. isn't this a really old version since Adobe bought flash some time back? I have done a search and cannot find anything macromedia, and a flash search doesn't show it either. But OSI keeps saying it is there. I suspect this is no longer being used since I've had Adobe Flash for a long time. If I can't find it on my system, how in the world do I get rid of it? ---------I just now thought about searching the registry and have found macromedia there. Can I delete these entries and be done with it? Is there anything else macromedia besides flash that I might need?

This has really turned into an exercise for me, trying to pull on my (very) old knowledge about computers... haven't worked in the field for 7 years.

You guys are fantastic and so patient! thanks!!

Link to comment
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...