Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Java Exploit / Trojan magically re-appears even with a system re-image

15 Jan 2013   #11

win 7 X64 Ultimate SP1
Adobe PDF Reader

Some time ago I got a virus through PDF reader. It was nasty it corrupted my OS and the MBR. At first I tried just reloading an image to a clean disk. No go, one boot and it was all over again. I found out the culprit file had installed itself on a data disk and it would just wait till I booted a clean image. I don't know if you could call that jumping disks but I know it was on a data disk instead of the operating disk.

My System SpecsSystem Spec
15 Jan 2013   #12
Microsoft MVP

Windows 7 Ultimate 32bit SP1

Download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps.

Next, if you are using Java and have not updated to JRE 7U11 (curret version) .... follow these instructions:

Update Java:
  • Download the latest version of Java Runtime Environment (JRE) 7u 11.
    Java SE Downloads
  • Scroll over to the right (JRE)
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u11-windows-i586-p.exe to install the newest version.

After you have done all the above, run an online scan with ESET:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

One thing to mention about TrojanDownloader:Java/OpenConnection.OU, is that it is a backdoor Trojan. Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.

They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

I would suggest that you make a new, clean image of your system when you have done all of the above and toss the old re-image disk away!
My System SpecsSystem Spec
18 Jan 2013   #13

Microsoft Windows 8.1 Enterprise 64-bit

My System SpecsSystem Spec

18 Jan 2013   #14
Microsoft MVP

Windows 7 Ultimate X64 SP1

Norton sent out emails on this exploit saying they have it covered. It must have been serious, I don't recall such an email from them in the past.
My System SpecsSystem Spec

 Java Exploit / Trojan magically re-appears even with a system re-image

Thread Tools

Similar help and support threads
Thread Forum
Restore: only one system image appears in list!
Hello everyone, First, the machines: 1. The oldest, a Getac B300; Windows 7 Professional 64-bit, running fine. 2. My main machine, a Dell Latitude E6420; Windows 7 Professional 32-bit, running fine. 3. My most recent purchase, a Toshiba Tecra R940 I bought less than a month ago. I...
Backup and Restore
look out for Exploit.drop.GSLAD trojan
looks like a "drive-by" Trojan - and it's a real nasty.. it hi-jacks your Windows installation and denies you access, it pops up with some message purporting to be from an official police site warning you that you've been downloading illegal music/film files and child porn.. it even has...
System Security
JAVA Exploit Remedy?
Scanning the web today I still do not see a credible "all clear" signal regarding the JAVA exploit. This team came up with a patch: Researcher Develops Patch for Java Zero-Day, Puts Pressure on Oracle to Deliver its Fix | threatpost but I don't see affirmative Greenlight from the major 3rd...
System Security
repeated start up prbs after Exploit and Java Trojan's 'removed'
hi there I'm not sure if this is the right place to post this plea... About a week ago i removed Explot:Java/CVE-20100840.JA and TrojanDownloader@Java/Openconnection using MSE. 3 days ago I was attaching a word document to a hotmail email and the system froze and never woke up. I used the...
System Security
Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B
Help! I ran the Windows Safety Scanner. It detected four issues, but apparently, the scanner cannot clean three: Exploit:Java/CVE-2008-5353.B Trojan:Java/Selace.A Trojan:Java/Selace.B There is no concrete information on how to get rid of these unwanted visitors and prevent them from...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:00.
Twitter Facebook Google+