Trojan Discovered - AVG Scheduled Scan

Journeyer · Jul 17, 2005

Windows XP SP1 System. Trojan Horse Java/ClassLoader was identified by a regularly scheduled AVG scan. AVG could neither fix nor move to the Vault.

This system has Spyware Blaster installed and regular scans are done with Spybot S&D (Teatimer is disabled) plus AdAware SE. WinPatrol is also installed and active.

Here are the results from the Sticky post guidelines...

Housecall (the Java version)
Detected three instances of Java_Bytevera.a. Housecall could not fix these.

CCleaner
Run and removed about 450mb of stuff

Avert Stinger
Clean

Spybot S&D
Clean

AdAware SE
Removed two objects of win32.TorjanDownLoader.Agent.de and one object of Coulomb Dialer.

BitDefender
Detected miniclipGameLoader.dll infected with Trojan Downloader.3069A. Disinfection failed. Reported deleted by BitDefender

Repeat AVG Scan
Clean

I would appreciate the ok to post a Hijack This V1.99.1 log to see if problems still remain. Thanks.

chaslang · Jul 17, 2005

Please note that the sticky now requires BitDefender and RavAntivirus online scans to be run. Trend Micro in now in the Alternative scans section.

Did you run the online scans in safe mode?

Question: Are you saying you are now clean but want to post a HJT log as a follow up? If so, go ahead but make sure it is per the below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

Journeyer · Jul 17, 2005

Chaslang ... Thanks for the quick response.

The BitDefender and RavAntivirus comment noted. Thanks.

The online scans were not run in safe mode. A serious oversight on my part.

The final AVG scan was clean. An earlier AVG scan made the first detection, so running the indicated clean-up programs seems to have helped. I would appreciate a HJT follow-up ... thanks very much.

The log is attached.

chaslang · Jul 18, 2005

There are no major problems but you can have HijackThis fix the below (do not fix until all browsers are closed):

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/miniclipGameLoader.dll

Also, you should get your OS updated to SP2. See step 1 in: How to Protect yourself from malware!

Journeyer · Jul 18, 2005

Chaslang ...

Thanks very much for taking a look. I'll clean up he HJT items you indicated. And thanks for the SP2 reminder jab.

This system runs a home office operation (my daughter's) and she has been a little reluctant to make such a "major" upgrade to a critical system. I have the SP2 CD and will press a little harder. It absolutely needs to be done.

The support from MajorGeeks is most appreciated.

chaslang · Jul 18, 2005

You're welcome.

If you are that worried about the SP2 upgrade causing problems on a system that is critical, you can stick with SP1, but that is not really a good idea in the long run due to all the malware that exists. While SP2 is not perfect, many more secuirty wholes have been fixed since SP1.

However, if proper precautions are taken most people can run problem free with SP1. It is just living on the edge.

Journeyer · Jul 18, 2005

Yep. We're due to bite the bullet on that SP1 system.

I procrastinated for quite some time on another critical system. One day I just made sure it was clean, shut down all startup on boot items, held my breath and stuck in the SP2 CD. It was all over in about 20 minutes.

The update did break one application that uses a loopback address other than 127.0.0.1 ... but I had a heads up on that one and a patch was available. All in all not so bad. I'll just have to hold my breath one more time.

Thanks again for your help and comments.

chaslang · Jul 18, 2005

You're welcome.

Log in or Sign up

Trojan Discovered - AVG Scheduled Scan

Journeyer Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Journeyer Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Journeyer Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Journeyer Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Log in or Sign up

Trojan Discovered - AVG Scheduled Scan

Journeyer Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Journeyer Private E-2

Attached Files:

hijackthis.log

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Journeyer Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Journeyer Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches