Nude Trojans

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by desme1111, Feb 8, 2005.

  1. desme1111

    desme1111 Private E-2

    Getting wild here.
    Looking for help from any Geeks for this Greek problem.

    NudeBox.class

    Run as far as I could go with the Spyware, Trojan and Virus removal posting instructions short of running Hijack (yet)

    Trojan was detected in NAV 2003 / updated with virus defs, but quarantine and delete failed to spike it and NAV still displays it's attention warning but will no longer detect this.

    NAV 2005 lists this trojan as being located at:
    Source: NudeBox.class
    Description: The compressed file NudeBox.class within C:\Documents and Settings\Ray\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-4e09e850-62e668f6.zip is infected with the Trojan Horse virus.

    Will this listing be a safe delete in Hijack?

    Thanx, desme1111 :rolleyes:
     
  2. desme1111

    desme1111 Private E-2

    Ignore the location indicated by NAV 2005 above it looks like an XP OS, mines a Win98SE
     
  3. TheOldThug

    TheOldThug First Sergeant

    Welcome :eek:

    Desme

    It is a file that you can probably delete through Windows explorer but wait until PP or Chaslang tells you what u should do with it. Are you having any other malware problems?
     
  4. TheOldThug

    TheOldThug First Sergeant

    Do you know when and how this was Downloaded. Don't delete anything with HJT until instructed. I doubt you would use HJT to delete it.
     
  5. desme1111

    desme1111 Private E-2

    Came in with a google image file search on some "landscape" image, thats when the warning popped up in NAV 2003.
     
  6. desme1111

    desme1111 Private E-2

    I don't know if I have any other malware issues but startup memory use is running a little high, 20% + or - but that could be just the crappy memory manager in SE.

    I have run a hijack and have a log file on this and a couple of listings look suspicious but I don't know enough to say for sure.

    Any help on this would be appreciated.

    Thanx.
     
  7. TheOldThug

    TheOldThug First Sergeant

    Why don't you try our READ ME TUTORIAL. One of the tools in it may take care of it. If not submit the HJT.

    This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

    Try this... you may find it's all you need. If not post your results and I am sure someone will help you. Everyone is quite busy, as you can see by the number of posts, so hang in there.
    Good Luck!! :)

    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT
     
  8. desme1111

    desme1111 Private E-2

    Sorry, I probably wasn't completely clear in my first post. I had run all of the "read me tutorial" and then some in try to track this down originally.

    Since my last post I have run the Hijack log through the suggested Help2Go Detective and Hijack This analysis sites. They picked up a couple of suspicious listing but nothing definitive, both asked to review the log further. I'm posting the log below as you requested to see if anyone has any further suguestions. Thanx.

    Logfile of HijackThis v1.99.0
    Scan saved at 7:59:11 AM, on 2/9/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
     
    Last edited by a moderator: Feb 9, 2005
  9. TheOldThug

    TheOldThug First Sergeant

    Hi Desme

    When u submit a HJT file we ask that it not be inline by rather as an attachment in .txt or .log form. Also make sure all browsers are closed when you run HJT. It looks to me that Firefox is open:

    C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

    Someone will probably delete your inline log. If possible do what I said above and repost.
     
  10. desme1111

    desme1111 Private E-2

    OOPS, sorry I forgot then remembered and was coming back to see if I could delete the last posting when I saw your message.

    I'm 99% sure all the browsers including Firefox were closed when I ran the posting but I'll re-run Hijack and get a new log just to be sure.

    Thanxs, desme1111
     
  11. desme1111

    desme1111 Private E-2

    I ran Hijack again and the log came up without the Firefox entry, don't know what happened thought I had it closed. I had looked in running programs in system info also and hadn't seen it.

    Anyway, please let me know if you see anything in the attached log file that should correct.

    Thanx, desme1111
     

    Attached Files:

  12. TheOldThug

    TheOldThug First Sergeant

    Desme

    Nothing jumps out at me in your log. Maybe a few 016 .cabs that could go but otherwise looks OK. I tend to think that you could just delete that .zip file but once again it is best if PP or Chaslang gives you the final answer. I asked Chas to look at it. I expect he will give you an answer sometime today.
     
  13. desme1111

    desme1111 Private E-2

    Thanx, I appreciate the look see at the Hijack log.

    By the way I'm trashing NAV 2003, it wouldn't clear it's attention warning settings after the infection was quarantined and deleted. I reinstalled but now it will not allow intenet access through it's firewall when it's enabled. I tried all the knowledge base solutions that address this and they didn't work. I refuse to pay them to go through it with one of their service reps and try to fix this, I'm not that fond of NAV anyway.

    But I am soliciting opinions for a replacement programs for NAV's Firewall and Anti-virus. I've got all the freeware anti-virus programs recommended in the spyware tutorial but I haven't gotten any freeware downloads yet.

    Any opinions on either freeware or pay for anti-virus and firewall programs would be appreciated.

    Thanx for all the help!

    desme1111
     
  14. TheOldThug

    TheOldThug First Sergeant

  15. TheOldThug

    TheOldThug First Sergeant

    Chaslang says that's it's OK to just delete the menu.jr-4e09e850-62e668f6.zip file. If you get an error when deleting the file, right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. If that doesn't work try deleying it in safe mode. Let me know what happens.
     
  16. desme1111

    desme1111 Private E-2

    Hey TheOldThug,

    Looks like that got it, thanxs for all the helps and tips.

    Have a good rest of your week!

    desme1111
     
  17. TheOldThug

    TheOldThug First Sergeant

    Glad you got it all fixed. ;)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds