Trojan.Maljava - Keeps coming back

renala · ‎03-26-2012

Hello, and as my title states I have a sticky problem. I've read up on this trojan and it seems its a keylogger(Which doesn't help my paranoia..) and with this, it keeps.. Coming back. I had a major issue with it a few weeks ago, not knowing what it was and it was crashing my computer if I ran anything LARGE(Ex, large online game). I solved that issue, and now.. I keep regetting it. Yesterday I had 55 of it. Yes, 55. I don't know how I had so many clones of it, but I thought I was good now that I had scanned and gotten rid of them all. I had a full day and night of no issues, and then shut down and slept. Today, however, I booted up my computer, ate a donut, and opened a large game, and then after a few minutes.. Loe and behold it crashes in the tale-tell way.

So, here I am doing a full scan, which will take some time, to remove it... AGAIN.. but now I am also here fishing for information.

How does it origionate? Is it indeed a keylogger? Why does it keep coming back?

venkat0052 · ‎09-06-2011

Hi renala

Am sorry that you are getting the virus again . I suggest you to try scanning your computer using

Norton power eraser which is available at www.norton.com/npe

Run a scan using norton power eraser and let us know what is happening

-Venkat0052

renala · ‎03-26-2012

Finished the normal full scan with.. no results.

Anyway, got the NPE thing, ran it, and I have 3 results.

inventory.exe -- shortcut type -- bad status -- action remove.

hosts -- DNS entry -- bad status -- repair action

mumble.exe -- shortcut --unknown status -- no action. (This is a voice program, by the way.)

Going to do the fix button to fix it, and then restart as it prompts.

venkat0052 · ‎09-06-2011

Is it possible for you to attach host file

to access the host file

win key +R

type drivers

open etc

you can find the file named hosts

copy the file and attach with the thread

-Venkat0052

renala · ‎03-26-2012

Ok, sorry for delay, but appon trying to copy/paste it to link it, I get the error on the site..

"The file does not have a valid extension for an attachment. txt,log,lue are the valid extensions."

venkat0052 · ‎09-06-2011

COPY the file to desktop

open it using notepad

save it as text and attach the file :)

-Venkat0052

renala · ‎03-26-2012

Alright. I think this is it, then!... Also, this is the host file after the program was ran and fixed.

Quads · ‎07-21-2008

Does Norton keep dertecting the Trojan.Maljava in a location like "C:\Users\a0187798\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0..............................."??

Quads

renala · ‎03-26-2012

It doesn't real-time find it, but on scans its ALWAYS in temp folder

Quads · ‎07-21-2008

So something keeps creating a file(s) in the TEMP folder that gets detected.

Please read carefully

1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back