MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 02-08-05, 17:16
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Nude Trojans

Getting wild here.
Looking for help from any Geeks for this Greek problem.

NudeBox.class

Run as far as I could go with the Spyware, Trojan and Virus removal posting instructions short of running Hijack (yet)

Trojan was detected in NAV 2003 / updated with virus defs, but quarantine and delete failed to spike it and NAV still displays it's attention warning but will no longer detect this.

NAV 2005 lists this trojan as being located at:
Source: NudeBox.class
Description: The compressed file NudeBox.class within C:\Documents and Settings\Ray\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-4e09e850-62e668f6.zip is infected with the Trojan Horse virus.

Will this listing be a safe delete in Hijack?

Thanx, desme1111 ::
Reply With Quote
Sponsored links
  #2  
Old 02-08-05, 17:36
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Ignore the location indicated by NAV 2005 above it looks like an XP OS, mines a Win98SE
Reply With Quote
  #3  
Old 02-08-05, 17:59
TheOldThug's Avatar
TheOldThug TheOldThug is offline
First Sergeant
 
Join Date: Dec 2004
Location: Illinois
Posts: 718
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Welcome :

Desme

It is a file that you can probably delete through Windows explorer but wait until PP or Chaslang tells you what u should do with it. Are you having any other malware problems?
Reply With Quote
  #4  
Old 02-08-05, 18:06
TheOldThug's Avatar
TheOldThug TheOldThug is offline
First Sergeant
 
Join Date: Dec 2004
Location: Illinois
Posts: 718
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Do you know when and how this was Downloaded. Don't delete anything with HJT until instructed. I doubt you would use HJT to delete it.
Reply With Quote
  #5  
Old 02-08-05, 18:11
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Came in with a google image file search on some "landscape" image, thats when the warning popped up in NAV 2003.
Reply With Quote
Sponsored links
  #6  
Old 02-08-05, 18:18
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

I don't know if I have any other malware issues but startup memory use is running a little high, 20% + or - but that could be just the crappy memory manager in SE.

I have run a hijack and have a log file on this and a couple of listings look suspicious but I don't know enough to say for sure.

Any help on this would be appreciated.

Thanx.
Reply With Quote
  #7  
Old 02-08-05, 21:05
TheOldThug's Avatar
TheOldThug TheOldThug is offline
First Sergeant
 
Join Date: Dec 2004
Location: Illinois
Posts: 718
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Why don't you try our READ ME TUTORIAL. One of the tools in it may take care of it. If not submit the HJT.

This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure someone will help you. Everyone is quite busy, as you can see by the number of posts, so hang in there.
Good Luck!!

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT
Reply With Quote
  #8  
Old 02-09-05, 08:54
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Sorry, I probably wasn't completely clear in my first post. I had run all of the "read me tutorial" and then some in try to track this down originally.

Since my last post I have run the Hijack log through the suggested Help2Go Detective and Hijack This analysis sites. They picked up a couple of suspicious listing but nothing definitive, both asked to review the log further. I'm posting the log below as you requested to see if anyone has any further suguestions. Thanx.

Logfile of HijackThis v1.99.0
Scan saved at 7:59:11 AM, on 2/9/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Last edited by PhilliePhan; 02-09-05 at 17:37.. Reason: Inline log removed
Reply With Quote
  #9  
Old 02-09-05, 09:24
TheOldThug's Avatar
TheOldThug TheOldThug is offline
First Sergeant
 
Join Date: Dec 2004
Location: Illinois
Posts: 718
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Hi Desme

When u submit a HJT file we ask that it not be inline by rather as an attachment in .txt or .log form. Also make sure all browsers are closed when you run HJT. It looks to me that Firefox is open:

C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE

Someone will probably delete your inline log. If possible do what I said above and repost.
Reply With Quote
  #10  
Old 02-09-05, 09:33
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

OOPS, sorry I forgot then remembered and was coming back to see if I could delete the last posting when I saw your message.

I'm 99% sure all the browsers including Firefox were closed when I ran the posting but I'll re-run Hijack and get a new log just to be sure.

Thanxs, desme1111
Reply With Quote
Sponsored links
  #11  
Old 02-09-05, 10:09
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Smile Re: Nude Trojans

Quote:
Originally Posted by desme1111
OOPS, sorry I forgot then remembered and was coming back to see if I could delete the last posting when I saw your message.

I'm 99% sure all the browsers including Firefox were closed when I ran the posting but I'll re-run Hijack and get a new log just to be sure.

Thanxs, desme1111
I ran Hijack again and the log came up without the Firefox entry, don't know what happened thought I had it closed. I had looked in running programs in system info also and hadn't seen it.

Anyway, please let me know if you see anything in the attached log file that should correct.

Thanx, desme1111
Attached Files
File Type: txt HijackThis log2.txt (7.3 KB, 2 views)
Reply With Quote
  #12  
Old 02-09-05, 10:34
TheOldThug's Avatar
TheOldThug TheOldThug is offline
First Sergeant
 
Join Date: Dec 2004
Location: Illinois
Posts: 718
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Desme

Nothing jumps out at me in your log. Maybe a few 016 .cabs that could go but otherwise looks OK. I tend to think that you could just delete that .zip file but once again it is best if PP or Chaslang gives you the final answer. I asked Chas to look at it. I expect he will give you an answer sometime today.
Reply With Quote
  #13  
Old 02-09-05, 15:39
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Thanx, I appreciate the look see at the Hijack log.

By the way I'm trashing NAV 2003, it wouldn't clear it's attention warning settings after the infection was quarantined and deleted. I reinstalled but now it will not allow intenet access through it's firewall when it's enabled. I tried all the knowledge base solutions that address this and they didn't work. I refuse to pay them to go through it with one of their service reps and try to fix this, I'm not that fond of NAV anyway.

But I am soliciting opinions for a replacement programs for NAV's Firewall and Anti-virus. I've got all the freeware anti-virus programs recommended in the spyware tutorial but I haven't gotten any freeware downloads yet.

Any opinions on either freeware or pay for anti-virus and firewall programs would be appreciated.

Thanx for all the help!

desme1111
Reply With Quote
  #14  
Old 02-09-05, 15:42
TheOldThug's Avatar
TheOldThug TheOldThug is offline
First Sergeant
 
Join Date: Dec 2004
Location: Illinois
Posts: 718
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Take a look at this.

Protect yourself from malware
Reply With Quote
  #15  
Old 02-09-05, 17:14
TheOldThug's Avatar
TheOldThug TheOldThug is offline
First Sergeant
 
Join Date: Dec 2004
Location: Illinois
Posts: 718
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Chaslang says that's it's OK to just delete the menu.jr-4e09e850-62e668f6.zip file. If you get an error when deleting the file, right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. If that doesn't work try deleying it in safe mode. Let me know what happens.
Reply With Quote
Sponsored links
  #16  
Old 02-09-05, 19:53
desme1111 desme1111 is offline
Private E-2
 
Join Date: Jan 2005
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Hey TheOldThug,

Looks like that got it, thanxs for all the helps and tips.

Have a good rest of your week!

desme1111
Reply With Quote
  #17  
Old 02-09-05, 22:45
TheOldThug's Avatar
TheOldThug TheOldThug is offline
First Sergeant
 
Join Date: Dec 2004
Location: Illinois
Posts: 718
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: Nude Trojans

Glad you got it all fixed.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:03.


MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous
|
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger