|15 Jan 2013||#11|
| || |
Adobe PDF Reader
Some time ago I got a virus through PDF reader. It was nasty it corrupted my OS and the MBR. At first I tried just reloading an image to a clean disk. No go, one boot and it was all over again. I found out the culprit file had installed itself on a data disk and it would just wait till I booted a clean image. I don't know if you could call that jumping disks but I know it was on a data disk instead of the operating disk.
|My System Specs|
|15 Jan 2013||#12|
| || |
Download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps.
Next, if you are using Java and have not updated to JRE 7U11 (curret version) .... follow these instructions:
After you have done all the above, run an online scan with ESET:
One thing to mention about TrojanDownloader:Java/OpenConnection.OU, is that it is a backdoor Trojan. Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.
I would suggest that you make a new, clean image of your system when you have done all of the above and toss the old re-image disk away!
|My System Specs|
|Similar help and support threads for2: Java Exploit / Trojan magically re-appears even with a system re-image|
|look out for Exploit.drop.GSLAD trojan||System Security|
|JAVA Exploit Remedy?||System Security|
|Yet another Java exploit thread.||System Security|
|Exploit:Java/CVE-2010-0840.IO help.||System Security|
|repeated start up prbs after Exploit and Java Trojan's 'removed'||System Security|
|Malicious RTF Files Exploit Office Flaw to Install Trojan||Security News|
|Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B||System Security|