Ok - did the following as per your instructions and while no viruses were
found durind safeboot, upon re-running Trend Micro's sysclean in normal
mode, Avast found the vbs.redlof virus in the sysclean.exe file, which I
understand has happened before to several people. I was able to move it to
the chest, though. I'm assuming this is a false positive - correct? I'm
running a Windows 2000 Pro OS.
Anyway, here's the only errors in the sysclean log. These errors occurred
in both the safe and normal boots. I substituted admin for the name of the
user:
2005-03-31, 08:57:50, An error occurred while scanning file "E:\Documents
and Settings\admin\NTUSER.DAT": Access is denied.
2005-03-31, 08:57:50, An error occurred while scanning file "E:\Documents
and Settings\admin\ntuser.dat.LOG": Access is denied.
2005-03-31, 08:59:13, An error occurred while scanning file "E:\Documents
and Settings\admin\Local Settings\Application Data\Microsoft\Windows
\UsrClass.dat": Access is denied.
2005-03-31, 08:59:13, An error occurred while scanning file "E:\Documents
and Settings\admin\Local Settings\Application Data\Microsoft\Windows
\UsrClass.dat.LOG": Access is denied.
2005-03-31, 09:03:59, An error was detected on "E:\System Volume
Information\*.*": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\default": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\default.LOG": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SAM": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SAM.LOG": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SECURITY": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SECURITY.LOG": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\software": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\software.LOG": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\system": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SYSTEM.ALT": Access is denied.
2005-03-31, 09:06:49, An error occurred while scanning file "E:\WINNT
\Temp\JET3712.tmp": Access is denied.
From: "Moe Hair" <
[email protected]>
| Bootscan checks by my Avast program has been consistently finding
| viruses such as the following in my Sun/Java directories such as the
| following:
|
| 3/26/2005 4:35:28 PM SYSTEM 600 Sign of "JS:NoCheat-2" has been found
| in "C:\Documents and Settings\Application
| Data\Sun\Java\Deployment\cache
| \javapi\v1.0\file\BlackBox.class-2ca97015-1848c13f.class" file.
| 3/26/2005 4:39:06 PM SYSTEM 600 Sign of "VBS:Malware [Gen]" has been
| found in "C:\Documents and Settings\Application
| Data\Sun\Java\Deployment
| \cache\javapi\v1.0\file\Dummy.class-4e92308d-1c5bde93.class" file.
|
| Anybody experiencing the same?
I haven't experienced one infected .CLASS file or a .CLASS file in a
Java Jar with a Trojan but I have assisted many who have.
1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options -->
delete files
2) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache
--> clear
or
Start --> settings --> control panel --> Java applet -->
general --> settings --> delete files
3) Download the following two items...
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp
Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt518.zip
Extract the contents of the ZIP file and place the contents in the
same directory as SYSCLEAN.COM .
4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
5) Reboot your PC into Safe Mode then shutdown as many
applications as possible. 6) Using the Trend Sysclean utility,
perform a Full Scan of your platform and
clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your
platform 8) Re-enable System Restore and re-apply any System
Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) Create a new Restore point
* Please report back your results *