Java Exploit / Trojan magically re-appears even with a system re-image

Page 1 of 2 12 LastLast

  1. Posts : 6
    Windows 7 Home Premium 64-bit
       #1

    Java Exploit / Trojan magically re-appears even with a system re-image


    I re-imaged my system hard drive the other day after getting infected with a google redirect virus, and a lot of other nasty malware that was apparently smart enough to be able to tell what you're doing and shuts your system down after making it unbootable. Seems to have been a Java exploit.

    I re-imaged the drive with a system image I made when the computer was new, after I had installed all the programs I wanted, to make such things easier rather than always having to do a fresh install from discs.

    However, this time, after doing the re-image, (and updating Windows, plus removing Java) I did a scan with MSE and it detected

    Exploit:Java/Toniper (the same thing I had prior to the re-image) and
    TrojanDownloader:Java/OpenConnection.OU

    Both of these were detected on single files located in the Java 6 Cache, I assume from the Java SSV Helper browser plugin in IE9 since the Java 7+ cache was removed when uninstalling the actual Java program.

    There aren't any symptoms of the redirect or any other infections so far, I've run TDSSkiller and it comes up with nothing, so I'm just wondering if these are false positives, or if these things can really infect a system so badly that they can just resurrect themselves even after a re-image.

    There doesn't seem to be a whole lot of info out there on Java/Toniper, apparently these exploits are supposed to be old news, but MSE keeps letting stuff like this by, and by the time it does (or when a manual full scan is performed) the system to too compromised to salvage, and a re-image or fresh install is needed.
      My Computer


  2. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #2

    It is a possibility that you did inadvertently copy this virus to the image file.

    You might want to do a clean install and see if the same problem presents itself. Since you stated that your system had multiple infections, this would be the safest course of action.

    Clean Install Windows 7

    Another option is to d/l & run MS Safety Scanner to see if it finds the same thing.

    Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

    http://www.microsoft.com/security/po...nConnection.OU
      My Computer


  3. Posts : 6
    Windows 7 Home Premium 64-bit
    Thread Starter
       #3

    Is it possible for a system image file to be infected? That seems like a stretch to me, given the format it's in, but given how easy infection is these days, it does seem like anything is possible. Really these things fly by firewalls and antivirus/antimalware so easy it's amazing our rigs aren't just getting re-infected every few hours.

    I'm trying to avoid a re-install since the other software I'd have to re-install is a real hassle and would take a long, long time. Hence the system image. If a system image can be infected, maybe I'll have to keep one on external media. My guess was that if it wasn't just a false positive on some old Java cache files, the malware had somehow managed to just re-appear. If system images and backup files can be infected, it seems like nothing is safe, short of keeping a computer off the internet, which doesn't make any sense given the online nature of almost all modern software.

    Does the MS Safety Scanner do anything MSE or Windows Defender Offline doesn't?
      My Computer


  4. Posts : 24,479
    Windows 7 Ultimate X64 SP1
       #4

    Yes an image is a copy of the drive when created, including crapware. I also recommend a full new install on a secure erased drive.
    It is a huge hassle! I just did one one mine 2 days ago to correct some w7 corrupt files.
      My Computer


  5. Posts : 2,465
    Windows 7 Ultimate x64
       #5

    Everything can get infected if you're not careful, that's the main problem with the systemwide images, they copy absolute EVERYTHING, no matter what. That includes all your programs, configuration, registry garbage and viruses, just everything. I generally am against imaging because that very reason. It's better to just backup the installers of all your programs (which you know you downloaded from safe sources) and your personal data, then reformat and install from scratch. While it's more time consuming, it's the safest option and in addition you get a fresh copy of Windows.
      My Computer


  6. Posts : 6
    Windows 7 Home Premium 64-bit
    Thread Starter
       #6

    Just to clarity, the system image I used was made when the computer was new, before it ever had any trace of malware or viruses on it. I'm well aware that a system image made when files are infected will still have those infected files. I'm wondering if there is actually malware that can inject itself into an exisiting non-infected hard drive image, since it was brought up. I don't think that's the case here, unless my rig has something truly nasty that is so tricky it can hide from anything, doesn't show any symptoms, and can jump into other drives and image files to stay alive.

    My rig (Alienware notebook) has a factory recovery partition, so I could always use that to wipe and re-install back to the original as-shipped state rather than install from scratch, but the programs are still too much hassle to re-install and re-configure, short of no other alternative.

    Part of the reason I got another hard drive was to have enough space and a seperate physical drive for recovery images for this kind of thing, rather than rely on restore points. If images and backup files on connected hard drives aren't safe, short of being on media that is disconnected from a computer until it's needed, what's the best option?

    Too bad we can't just have a small system drive for just the OS and browsers, so when it all gets infected, we just restore it from a clean image and keep going, with the programs all on another drive.
      My Computer


  7. Posts : 126
    Windows 7 Professional x64
       #7

    It could be possible that you were infected with a boot sector virus - in that case a system image will replace the contents of your hard drive, but it will not replace whatever is in the MBR.

    I'm not great with this but I would try reinstalling Windows from the setup disk and allowing it to rewrite a new boot record. After this you can restore the system image if you want, assuming you're just running Windows with no other OS.
      My Computer


  8. Posts : 6
    Windows 7 Home Premium 64-bit
    Thread Starter
       #8

    That'd really be something, though I doubt it's the case since boot sectors on such modern PCs are write-protected, aren't they? Everything this particular rig has had, or at least everything MSE has found is just java-related exploits and trojans, hence ditching java altogether is my new solution.

    That's a GREAT idea for if it is a boot sector virus though, I'll keep that in mind if anything else magically appears.
      My Computer


  9. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #9

    Just keep in mind that anything or everything that is or has been hooked to your computer or installed can be infected. MBR, modems, routers some printers with memory, CD's/DVD's, memory sticks, BIOS, recovery partitions, programs, restore points,ect. Don't under estimate the jerks that create these infections.
    PS. I removed Java along time ago because of its problems with infections.
      My Computer


  10. Posts : 6
    Windows 7 Home Premium 64-bit
    Thread Starter
       #10

    I was impressed years ago after getting Windows 7 when the first exploit made it's way in, disabled MSE, disabled the firewall, and basically took over. Had to re-image that time, too. In a lot of ways I miss the days of Windows XP when I had Norton and then Kaspersky, those seemed to catch anything.

    I've been reading up on viruses that can jump drives, but can't find any exploits that do the same thing, unless they install a virus. Can't seem to find anything that shows a clean system image file can be compromised by a virus, either.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:26.
Find Us