I get this Trojan Horse all the time..

Puckot92 · ‎05-05-2010

Hi all here on the community.

I have a problem, according to Norton Internet Security I have a Trojan Horse each time I scan my PC.

The virus name are: c:\users\administrator\appdata\locallow\sun\java\deployment\cache\6.0\52\31bba1f4-34215e0a

I don't know where it comes from.. And I have no idea what to do really, I'm getting paniced..

Please, if you know what I should do, please i beg for your help.

According to Norton this is a High security threat.

Regards / Puckot

floplot · ‎04-11-2009

Hello Puckot92

This looks like you are getting it from Java. I would go to control panel and hit java and empty out the temp files from there.

What operating system and service pack are you using? What is your year and version of NIS installed now? What version of Java do you have installed now? I would suggest getting a fresh new install of Java even if you have the latest version installed.

You could also run a scan with the free version of Malwarebytes and post the log here when it is finished.

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because some malware creators have large lists of sites that they block. Please be careful to down load the correct program ----the FREE version of MALWAREBYTES

(Thanks to Delph for providing the alternative site)

Please come back and let us know how you made out. Thanks.

Success always occurs in private and failure in full view.

delphinium · ‎11-21-2008

Hi Puckot92:

You need to download the latest Java update from Sun Microsystems, and remove all older versions from your system.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

bjm_ · ‎09-07-2008

FWIW ~ IMO

you may consider JavaRa

http://raproducts.org/javara.html

http://lifehacker.com/5513669/javara-updates-and-removes-old-and-redundant-java-versions

Puckot92 · ‎05-05-2010

floplot thanks for your reply.

I have emptied the Temp files and disabled temp files for Java.

I am using Vista and the Service pack are Service Pack 2.

I have the latest Java installed.

I will run the Malware bytes.

Here are the result:

Norton: No virus.

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databasversion: 4070

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

2010-05-06 13:40:34
mbam-log-2010-05-06 (13-40-34).txt

Skanningstyp: Fullständig skanning (C:\|D:\|G:\|I:\|)
Antal skannade objekt: 389631
Förfluten tid: 5 timme(ar), 30 minut(er), 40 sekund(er)

Infekterade minnesprocesser: 0
Infekterade minnesmoduler: 0
Infekterade registernycklar: 2
Infekterade registervärden: 0
Infekterade registerdataposter: 0
Infekterade mappar: 2
Infekterade filer: 3

Infekterade minnesprocesser:
(Inga illasinnade poster hittades)

Infekterade minnesmoduler:
(Inga illasinnade poster hittades)

Infekterade registernycklar:
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

Infekterade registervärden:
(Inga illasinnade poster hittades)

Infekterade registerdataposter:
(Inga illasinnade poster hittades)

Infekterade mappar:
C:\Users\puckot\AppData\Roaming\RegTool (Rogue.RegTool) -> No action taken.
C:\Users\puckot\AppData\Roaming\RegTool\Logs (Rogue.RegTool) -> No action taken.

Infekterade filer:
C:\Users\puckot\AppData\Roaming\RegTool\spy_ignore.db (Rogue.RegTool) -> No action taken.
C:\Users\puckot\AppData\Roaming\RegTool\Logs\2009-04-21 15-07-010.log (Rogue.RegTool) -> No action taken.
C:\Windows\Tasks\RegTool Scan.job (Rogue.RegTool) -> No action taken.

After this I cleaned the Java Temp folder.

And I disabled Java from saving Temporary files on my PC.

Can this have solved the problem? Because if it can't save Temporary files, then I should'nt be able to get such kind of viruses, right? Because it can't be saved.

Also I wonder what may have caused this virus.. could it have been any website coded in Java?

Regards/ Puckot

Puckot92 · ‎05-05-2010

Thanks for your reply.

Yes this I have already done this.

Please read my other post with the Malware scan.

regards/Puckot

Puckot92 · ‎05-05-2010

I'm pretty sure that the problem are solved.

First I run NIS and it showed me that I had 1 Trojan Horse, the "Vmain Java Virus".

So I removed it with Norton.

After this I used Malwarebytes Antimalware and removed several virus which Norton did'nt detect.

After this I updated my Java and Cleaned the Temp folder and disabled Java from saving Temporary-files.

Then I run CCleaner and cleaned all cookies/history etc..

And I use Firefox so I added a couple of addons which block Java-scripted sites untill I allow them. "NoScript".

Also I removed all the old Java versions on the Firefox add-ons and just saved the current; "6.0.20".

I hope this have solved my problem, I will wait for another week and see the result.

//Puckot

floplot · ‎04-11-2009

Hello Puckot92

It sounds like you should be in good shape now. Remember to check Java and Adobe for updates frequently as those programs do update quite often for security reasons. Don't rely on automatic notices about newer versions. That can take several weeks before they get around to notifying you. Make it a habit to check those sites for updates along with any other programs that get updated. Also, make it a habit to run the free version of malwarebytes like once a week, the quick version is fine for that. It's a good on demand scanner to double check what Symantec might miss and also to clean up after what Symantec does fix. Be careful though when you use programs like Ccleaner. You really have to know what you are doing when you use registry cleaners. One wrong item removed and you could end up with a computer which you can't use again without reinstalling everything.

We'll be waiting to hear if your computer remains clean and that you have solved your problem.

Success always occurs in private and failure in full view.

Puckot92 · ‎05-05-2010

Thanks for your reply again.

I will check for updates manually like you said and run Malwarebytes weekly.

Is there any other program you think might delete what Norton can't?

Yes we will have to wait 1 week.

I thank you for your help very much.

Regards/ Puckot

bjm_ · ‎09-07-2008

why does Rogue.RegTool display

HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> No action taken.

wouldn''t this be better ?

HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.