Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Java Exploit / Trojan magically re-appears even with a system re-image

15 Jan 2013   #11

win 7 X64 Ultimate SP1
 
 
Adobe PDF Reader

Some time ago I got a virus through PDF reader. It was nasty it corrupted my OS and the MBR. At first I tried just reloading an image to a clean disk. No go, one boot and it was all over again. I found out the culprit file had installed itself on a data disk and it would just wait till I booted a clean image. I don't know if you could call that jumping disks but I know it was on a data disk instead of the operating disk.


My System SpecsSystem Spec
.

15 Jan 2013   #12
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps.

Next, if you are using Java and have not updated to JRE 7U11 (curret version) .... follow these instructions:

Update Java:
  • Download the latest version of Java Runtime Environment (JRE) 7u 11.
    Java SE Downloads
  • Scroll over to the right (JRE)
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u11-windows-i586-p.exe to install the newest version.

After you have done all the above, run an online scan with ESET:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

One thing to mention about TrojanDownloader:Java/OpenConnection.OU, is that it is a backdoor Trojan. Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.

They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

I would suggest that you make a new, clean image of your system when you have done all of the above and toss the old re-image disk away!
My System SpecsSystem Spec
18 Jan 2013   #13

Microsoft Windows 8.1 Enterprise 64-bit
 
 

My System SpecsSystem Spec
.


18 Jan 2013   #14
Microsoft MVP

Windows 7 Ultimate X64 SP1
 
 

Norton sent out emails on this exploit saying they have it covered. It must have been serious, I don't recall such an email from them in the past.
My System SpecsSystem Spec
Reply

 Java Exploit / Trojan magically re-appears even with a system re-image




Thread Tools



Similar help and support threads for2: Java Exploit / Trojan magically re-appears even with a system re-image
Thread Forum
look out for Exploit.drop.GSLAD trojan System Security
JAVA Exploit Remedy? System Security
Yet another Java exploit thread. System Security
Exploit:Java/CVE-2010-0840.IO help. System Security
repeated start up prbs after Exploit and Java Trojan's 'removed' System Security
Malicious RTF Files Exploit Office Flaw to Install Trojan Security News
Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:39 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33