We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
16 Viruses detected! - please will someone help?
Options
Savvybunny2009
Posts: 5,548 Forumite
Hi lovely people, I hope you can help me.
I have done a scan and Avira has thrown at me 16 virus detections and 1 warning. It has quarantined 4 but wont remove the others. I have tried to run malwarebytes but the database was corrupt or missing, on updating it it found nothing which makes me believe it could be compromised.
Any advice of how to clean my computer up would be very much appreciated and is this serious?
Here is Avira's results -
Version information:
BUILD.DAT : 10.2.0.707 36070 Bytes 25/01/2012 13:11:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 18/09/2011 12:21:20
AVSCAN.DLL : 10.0.5.0 47464 Bytes 18/09/2011 12:21:20
LUKE.DLL : 10.3.0.5 45416 Bytes 18/09/2011 12:21:20
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 18/09/2011 12:21:20
AVREG.DLL : 10.3.0.9 88833 Bytes 18/09/2011 12:21:20
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:53:55
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 09:26:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 14:38:47
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 08:52:41
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10/05/2012 13:32:56
VBASE006.VDF : 7.11.29.137 2048 Bytes 10/05/2012 13:32:56
VBASE007.VDF : 7.11.29.138 2048 Bytes 10/05/2012 13:32:56
VBASE008.VDF : 7.11.29.139 2048 Bytes 10/05/2012 13:32:56
VBASE009.VDF : 7.11.29.140 2048 Bytes 10/05/2012 13:32:56
VBASE010.VDF : 7.11.29.141 2048 Bytes 10/05/2012 13:32:56
VBASE011.VDF : 7.11.29.142 2048 Bytes 10/05/2012 13:32:56
VBASE012.VDF : 7.11.29.143 2048 Bytes 10/05/2012 13:32:56
VBASE013.VDF : 7.11.29.144 2048 Bytes 10/05/2012 13:32:56
VBASE014.VDF : 7.11.30.3 198144 Bytes 14/05/2012 09:19:06
VBASE015.VDF : 7.11.30.69 186368 Bytes 17/05/2012 09:36:53
VBASE016.VDF : 7.11.30.143 223744 Bytes 21/05/2012 08:52:36
VBASE017.VDF : 7.11.30.207 287744 Bytes 23/05/2012 08:52:38
VBASE018.VDF : 7.11.31.57 188416 Bytes 28/05/2012 07:56:04
VBASE019.VDF : 7.11.31.111 214528 Bytes 30/05/2012 12:13:01
VBASE020.VDF : 7.11.31.151 116736 Bytes 31/05/2012 12:13:01
VBASE021.VDF : 7.11.31.205 134144 Bytes 03/06/2012 12:13:01
VBASE022.VDF : 7.11.32.9 169472 Bytes 05/06/2012 12:13:02
VBASE023.VDF : 7.11.32.85 155648 Bytes 08/06/2012 08:16:17
VBASE024.VDF : 7.11.32.133 127488 Bytes 11/06/2012 09:04:33
VBASE025.VDF : 7.11.32.171 182784 Bytes 12/06/2012 09:04:35
VBASE026.VDF : 7.11.32.251 119296 Bytes 14/06/2012 09:04:37
VBASE027.VDF : 7.11.32.252 2048 Bytes 14/06/2012 09:04:37
VBASE028.VDF : 7.11.32.253 2048 Bytes 14/06/2012 09:04:37
VBASE029.VDF : 7.11.32.254 2048 Bytes 14/06/2012 09:04:37
VBASE030.VDF : 7.11.32.255 2048 Bytes 14/06/2012 09:04:37
VBASE031.VDF : 7.11.33.64 134656 Bytes 18/06/2012 09:38:24
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 06/06/2012 12:13:10
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 15/06/2012 09:05:23
AESCN.DLL : 8.1.8.2 131444 Bytes 29/01/2012 10:16:10
AESBX.DLL : 8.2.5.12 606578 Bytes 15/06/2012 09:05:27
AERDL.DLL : 8.1.9.15 639348 Bytes 17/09/2011 08:54:30
AEPACK.DLL : 8.2.16.18 807287 Bytes 15/06/2012 09:05:20
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 15/06/2012 09:05:13
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 15/06/2012 09:05:11
AEHELP.DLL : 8.1.21.0 254326 Bytes 11/05/2012 13:32:58
AEGEN.DLL : 8.1.5.30 422261 Bytes 15/06/2012 09:04:41
AEEXP.DLL : 8.1.0.52 82293 Bytes 15/06/2012 09:05:27
AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 06:53:14
AECORE.DLL : 8.1.25.10 201080 Bytes 06/06/2012 12:13:05
AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 06:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 06:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 18/09/2011 12:21:20
AVREP.DLL : 10.0.0.10 174120 Bytes 18/09/2011 12:21:20
AVARKT.DLL : 10.0.26.1 255336 Bytes 18/09/2011 12:21:20
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 18/09/2011 12:21:20
SQLITE3.DLL : 3.6.19.0 355688 Bytes 20/07/2011 15:40:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 06:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 06:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 18/09/2011 12:21:19
RCTEXT.DLL : 10.0.64.0 97640 Bytes 18/09/2011 12:21:19
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, Q:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Start of the scan: 20 June 2012 14:05
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\McAfee\symboliclinkvalue
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'avscan.exe' - '83' Module(s) have been scanned
Scan process 'avscan.exe' - '31' Module(s) have been scanned
Scan process 'avcenter.exe' - '98' Module(s) have been scanned
Scan process 'iexplore.exe' - '116' Module(s) have been scanned
Scan process 'iexplore.exe' - '116' Module(s) have been scanned
Scan process 'iexplore.exe' - '169' Module(s) have been scanned
Scan process 'iexplore.exe' - '176' Module(s) have been scanned
Scan process 'iexplore.exe' - '180' Module(s) have been scanned
Scan process 'SeaPort.exe' - '52' Module(s) have been scanned
Scan process 'UNS.exe' - '42' Module(s) have been scanned
Scan process 'LMS.exe' - '30' Module(s) have been scanned
Scan process 'FlashUtil32_11_2_202_235_ActiveX.exe' - '56' Module(s) have been scanned
Scan process 'companionuser.exe' - '33' Module(s) have been scanned
Scan process 'wlcomm.exe' - '99' Module(s) have been scanned
Scan process 'iexplore.exe' - '179' Module(s) have been scanned
Scan process 'iexplore.exe' - '139' Module(s) have been scanned
Scan process 'Roxio Burn.exe' - '125' Module(s) have been scanned
Scan process 'Updater.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '39' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '55' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'Monitor.exe' - '39' Module(s) have been scanned
Scan process 'ConduitHelper.exe' - '80' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'accuweather.exe' - '94' Module(s) have been scanned
Scan process 'RoxioBurnLauncher.exe' - '66' Module(s) have been scanned
Scan process 'brs.exe' - '23' Module(s) have been scanned
Scan process 'PDVD9Serv.exe' - '28' Module(s) have been scanned
Scan process 'WebcamDell2.exe' - '45' Module(s) have been scanned
Scan process 'uTorrent.exe' - '82' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '187' Module(s) have been scanned
Scan process 'robotaskbaricon.exe' - '66' Module(s) have been scanned
Scan process 'FF_Protection.exe' - '31' Module(s) have been scanned
Scan process 'STService.exe' - '55' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '84' Module(s) have been scanned
Scan process 'sftlist.exe' - '67' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '31' Module(s) have been scanned
Scan process 'sftvsa.exe' - '29' Module(s) have been scanned
Scan process 'sftservice.EXE' - '50' Module(s) have been scanned
Scan process 'daemonu.exe' - '40' Module(s) have been scanned
Scan process 'CommandService.exe' - '29' Module(s) have been scanned
Scan process 'BecHelperService.exe' - '41' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
Scan process 'avguard.exe' - '73' Module(s) have been scanned
Scan process 'armsvc.exe' - '25' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'Q:\'
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Starting to scan executable files (registry).
The registry was scanned ( '289' files ).
Starting the file scan:
Begin scan in 'C:\' <OS>
C:\Users\Mandy\AppData\Local\Temp\jar_cache2579060554189328925.tmp
[0] Archive type: ZIP
--> widget/FacebookApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/Socialize.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/TumblrApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/TwitterApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
C:\Users\Mandy\AppData\Local\Temp\jar_cache7489882535360974417.tmp
[0] Archive type: ZIP
--> expl4it/Aeie.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CA exploit
--> expl4it/AmicArray.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CK exploit
--> expl4it/Btos.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.AG Java virus
--> expl4it/ddjd.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CL exploit
--> expl4it/gvars.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CB exploit
--> expl4it/hpss.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CM exploit
--> expl4it/MCallXXA.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.AH Java virus
--> expl4it/MySt0art.class
[DETECTION] Contains recognition pattern of the EXP/2010-0840.P exploit
--> expl4it/o0mloader.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507.A.71 exploit
--> expl4it/Ull.class
[DETECTION] Contains recognition pattern of the EXP/2008-5353.AK exploit
C:\Users\Mandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\32d4ebbf-4c7414fc
[0] Archive type: ZIP
--> a/m_a.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507 exploit
C:\Users\Mandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\38bf60c9-4813d916
[DETECTION] Contains recognition pattern of the EXP/JAVA.Nanube.Gen exploit
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Access is denied.
Beginning disinfection:
C:\Users\Mandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\38bf60c9-4813d916
[DETECTION] Contains recognition pattern of the EXP/JAVA.Nanube.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '55267ec8.qua'.
C:\Users\Mandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\32d4ebbf-4c7414fc
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507 exploit
[NOTE] The file was moved to the quarantine directory under the name '4db75171.qua'.
C:\Users\Mandy\AppData\Local\Temp\jar_cache7489882535360974417.tmp
[DETECTION] Contains recognition pattern of the EXP/2008-5353.AK exploit
[NOTE] The file was moved to the quarantine directory under the name '1ffe0ba8.qua'.
C:\Users\Mandy\AppData\Local\Temp\jar_cache2579060554189328925.tmp
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '79c9446a.qua'.
End of the scan: 20 June 2012 15:25
Used time: 1:19:39 Hour(s)
The scan has been done completely.
34180 Scanned directories
483130 Files were scanned
16 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
483114 Files not concerned
4731 Archives were scanned
0 Warnings
5 Notes
462979 Objects were scanned with rootkit scan
1 Hidden objects were found
I have done a scan and Avira has thrown at me 16 virus detections and 1 warning. It has quarantined 4 but wont remove the others. I have tried to run malwarebytes but the database was corrupt or missing, on updating it it found nothing which makes me believe it could be compromised.
Any advice of how to clean my computer up would be very much appreciated and is this serious?
Here is Avira's results -
Version information:
BUILD.DAT : 10.2.0.707 36070 Bytes 25/01/2012 13:11:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 18/09/2011 12:21:20
AVSCAN.DLL : 10.0.5.0 47464 Bytes 18/09/2011 12:21:20
LUKE.DLL : 10.3.0.5 45416 Bytes 18/09/2011 12:21:20
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 18/09/2011 12:21:20
AVREG.DLL : 10.3.0.9 88833 Bytes 18/09/2011 12:21:20
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 06:53:55
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 09:26:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 14:38:47
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 08:52:41
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10/05/2012 13:32:56
VBASE006.VDF : 7.11.29.137 2048 Bytes 10/05/2012 13:32:56
VBASE007.VDF : 7.11.29.138 2048 Bytes 10/05/2012 13:32:56
VBASE008.VDF : 7.11.29.139 2048 Bytes 10/05/2012 13:32:56
VBASE009.VDF : 7.11.29.140 2048 Bytes 10/05/2012 13:32:56
VBASE010.VDF : 7.11.29.141 2048 Bytes 10/05/2012 13:32:56
VBASE011.VDF : 7.11.29.142 2048 Bytes 10/05/2012 13:32:56
VBASE012.VDF : 7.11.29.143 2048 Bytes 10/05/2012 13:32:56
VBASE013.VDF : 7.11.29.144 2048 Bytes 10/05/2012 13:32:56
VBASE014.VDF : 7.11.30.3 198144 Bytes 14/05/2012 09:19:06
VBASE015.VDF : 7.11.30.69 186368 Bytes 17/05/2012 09:36:53
VBASE016.VDF : 7.11.30.143 223744 Bytes 21/05/2012 08:52:36
VBASE017.VDF : 7.11.30.207 287744 Bytes 23/05/2012 08:52:38
VBASE018.VDF : 7.11.31.57 188416 Bytes 28/05/2012 07:56:04
VBASE019.VDF : 7.11.31.111 214528 Bytes 30/05/2012 12:13:01
VBASE020.VDF : 7.11.31.151 116736 Bytes 31/05/2012 12:13:01
VBASE021.VDF : 7.11.31.205 134144 Bytes 03/06/2012 12:13:01
VBASE022.VDF : 7.11.32.9 169472 Bytes 05/06/2012 12:13:02
VBASE023.VDF : 7.11.32.85 155648 Bytes 08/06/2012 08:16:17
VBASE024.VDF : 7.11.32.133 127488 Bytes 11/06/2012 09:04:33
VBASE025.VDF : 7.11.32.171 182784 Bytes 12/06/2012 09:04:35
VBASE026.VDF : 7.11.32.251 119296 Bytes 14/06/2012 09:04:37
VBASE027.VDF : 7.11.32.252 2048 Bytes 14/06/2012 09:04:37
VBASE028.VDF : 7.11.32.253 2048 Bytes 14/06/2012 09:04:37
VBASE029.VDF : 7.11.32.254 2048 Bytes 14/06/2012 09:04:37
VBASE030.VDF : 7.11.32.255 2048 Bytes 14/06/2012 09:04:37
VBASE031.VDF : 7.11.33.64 134656 Bytes 18/06/2012 09:38:24
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 06/06/2012 12:13:10
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 15/06/2012 09:05:23
AESCN.DLL : 8.1.8.2 131444 Bytes 29/01/2012 10:16:10
AESBX.DLL : 8.2.5.12 606578 Bytes 15/06/2012 09:05:27
AERDL.DLL : 8.1.9.15 639348 Bytes 17/09/2011 08:54:30
AEPACK.DLL : 8.2.16.18 807287 Bytes 15/06/2012 09:05:20
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 15/06/2012 09:05:13
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 15/06/2012 09:05:11
AEHELP.DLL : 8.1.21.0 254326 Bytes 11/05/2012 13:32:58
AEGEN.DLL : 8.1.5.30 422261 Bytes 15/06/2012 09:04:41
AEEXP.DLL : 8.1.0.52 82293 Bytes 15/06/2012 09:05:27
AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 06:53:14
AECORE.DLL : 8.1.25.10 201080 Bytes 06/06/2012 12:13:05
AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 06:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 06:53:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 18/09/2011 12:21:20
AVREP.DLL : 10.0.0.10 174120 Bytes 18/09/2011 12:21:20
AVARKT.DLL : 10.0.26.1 255336 Bytes 18/09/2011 12:21:20
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 18/09/2011 12:21:20
SQLITE3.DLL : 3.6.19.0 355688 Bytes 20/07/2011 15:40:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 06:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 06:53:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 18/09/2011 12:21:19
RCTEXT.DLL : 10.0.64.0 97640 Bytes 18/09/2011 12:21:19
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, Q:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Start of the scan: 20 June 2012 14:05
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\McAfee\symboliclinkvalue
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'avscan.exe' - '83' Module(s) have been scanned
Scan process 'avscan.exe' - '31' Module(s) have been scanned
Scan process 'avcenter.exe' - '98' Module(s) have been scanned
Scan process 'iexplore.exe' - '116' Module(s) have been scanned
Scan process 'iexplore.exe' - '116' Module(s) have been scanned
Scan process 'iexplore.exe' - '169' Module(s) have been scanned
Scan process 'iexplore.exe' - '176' Module(s) have been scanned
Scan process 'iexplore.exe' - '180' Module(s) have been scanned
Scan process 'SeaPort.exe' - '52' Module(s) have been scanned
Scan process 'UNS.exe' - '42' Module(s) have been scanned
Scan process 'LMS.exe' - '30' Module(s) have been scanned
Scan process 'FlashUtil32_11_2_202_235_ActiveX.exe' - '56' Module(s) have been scanned
Scan process 'companionuser.exe' - '33' Module(s) have been scanned
Scan process 'wlcomm.exe' - '99' Module(s) have been scanned
Scan process 'iexplore.exe' - '179' Module(s) have been scanned
Scan process 'iexplore.exe' - '139' Module(s) have been scanned
Scan process 'Roxio Burn.exe' - '125' Module(s) have been scanned
Scan process 'Updater.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '39' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '55' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'Monitor.exe' - '39' Module(s) have been scanned
Scan process 'ConduitHelper.exe' - '80' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'accuweather.exe' - '94' Module(s) have been scanned
Scan process 'RoxioBurnLauncher.exe' - '66' Module(s) have been scanned
Scan process 'brs.exe' - '23' Module(s) have been scanned
Scan process 'PDVD9Serv.exe' - '28' Module(s) have been scanned
Scan process 'WebcamDell2.exe' - '45' Module(s) have been scanned
Scan process 'uTorrent.exe' - '82' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '187' Module(s) have been scanned
Scan process 'robotaskbaricon.exe' - '66' Module(s) have been scanned
Scan process 'FF_Protection.exe' - '31' Module(s) have been scanned
Scan process 'STService.exe' - '55' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '84' Module(s) have been scanned
Scan process 'sftlist.exe' - '67' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '31' Module(s) have been scanned
Scan process 'sftvsa.exe' - '29' Module(s) have been scanned
Scan process 'sftservice.EXE' - '50' Module(s) have been scanned
Scan process 'daemonu.exe' - '40' Module(s) have been scanned
Scan process 'CommandService.exe' - '29' Module(s) have been scanned
Scan process 'BecHelperService.exe' - '41' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
Scan process 'avguard.exe' - '73' Module(s) have been scanned
Scan process 'armsvc.exe' - '25' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'Q:\'
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Starting to scan executable files (registry).
The registry was scanned ( '289' files ).
Starting the file scan:
Begin scan in 'C:\' <OS>
C:\Users\Mandy\AppData\Local\Temp\jar_cache2579060554189328925.tmp
[0] Archive type: ZIP
--> widget/FacebookApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/Socialize.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/TumblrApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/TwitterApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
C:\Users\Mandy\AppData\Local\Temp\jar_cache7489882535360974417.tmp
[0] Archive type: ZIP
--> expl4it/Aeie.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CA exploit
--> expl4it/AmicArray.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CK exploit
--> expl4it/Btos.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.AG Java virus
--> expl4it/ddjd.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CL exploit
--> expl4it/gvars.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CB exploit
--> expl4it/hpss.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CM exploit
--> expl4it/MCallXXA.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.AH Java virus
--> expl4it/MySt0art.class
[DETECTION] Contains recognition pattern of the EXP/2010-0840.P exploit
--> expl4it/o0mloader.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507.A.71 exploit
--> expl4it/Ull.class
[DETECTION] Contains recognition pattern of the EXP/2008-5353.AK exploit
C:\Users\Mandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\32d4ebbf-4c7414fc
[0] Archive type: ZIP
--> a/m_a.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507 exploit
C:\Users\Mandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\38bf60c9-4813d916
[DETECTION] Contains recognition pattern of the EXP/JAVA.Nanube.Gen exploit
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Access is denied.
Beginning disinfection:
C:\Users\Mandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\38bf60c9-4813d916
[DETECTION] Contains recognition pattern of the EXP/JAVA.Nanube.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '55267ec8.qua'.
C:\Users\Mandy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\32d4ebbf-4c7414fc
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507 exploit
[NOTE] The file was moved to the quarantine directory under the name '4db75171.qua'.
C:\Users\Mandy\AppData\Local\Temp\jar_cache7489882535360974417.tmp
[DETECTION] Contains recognition pattern of the EXP/2008-5353.AK exploit
[NOTE] The file was moved to the quarantine directory under the name '1ffe0ba8.qua'.
C:\Users\Mandy\AppData\Local\Temp\jar_cache2579060554189328925.tmp
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
[NOTE] The file was moved to the quarantine directory under the name '79c9446a.qua'.
End of the scan: 20 June 2012 15:25
Used time: 1:19:39 Hour(s)
The scan has been done completely.
34180 Scanned directories
483130 Files were scanned
16 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
483114 Files not concerned
4731 Archives were scanned
0 Warnings
5 Notes
462979 Objects were scanned with rootkit scan
1 Hidden objects were found
Comping wishlist for 2017
1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuff
The more you put into life, the more you get out
0
Comments
-
Without looking at yr Avira log, I would suggest that you download Malwarebytes and see if that deals with the issues outstanding:
http://www.filehippo.com/download_malwarebytes_anti_malware/0 -
Malwarebytes finds nothing, it didn't pick up on these 16 virus detections, Avira did though. I wonder if Malwarebytes has been compromised by the viruses?Comping wishlist for 2017
1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuffThe more you put into life, the more you get out0 -
Many of these AV programs report false positives - ie not a virus, they work on the way the software has been developed and if they see something similar to the pattern of a virus, they flag it.
If you want to check you can upload the suspicious file(s) to Virus Total and see what they report.
https://www.virustotal.com/
I would respect malwarebytes rather than Avira, but thats just my opinion.0 -
I know you can get false positives with Avira but 16 seems an awful lot of mistakes. I scan my computer every week and only this week it has found them, which coincides with my computer having issues with crashing and having applications, internet browser windows etc having to restart.
Also malwarebytes worked fine last week but today it had a corrupt or missing database which is very odd which leads me to beleive it has been compromised by a virus to stop detection? This has happened before a year or so ago with a virus so I do know it is possible.
I'm not sure how to locate recognition pattern detections as a file to scan, if you know how I would appreciate it.Comping wishlist for 2017
1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuffThe more you put into life, the more you get out0 -
Many of the items appear to be related to Java? What have you installed if anything since the previous scan?
If you can't identify the files it is questioning (eg could be registry items) to send to Virus total, then I would do the following
(i) Uninstall Java (many of the items appear related to Java) - re-install once finished
(ii) clean up the system by downloading and running Ccleaner - ie get rid of all the temp files. http://www.filehippo.com/download_ccleaner/
(iii) goto the Bleeping Computer website and seek their assistence or if you're confident, run their Combofix program
http://www.bleepingcomputer.com/combofix/how-to-use-combofix0 -
Savvybunny2009 wrote: »Malwarebytes finds nothing, it didn't pick up on these 16 virus detections, Avira did though. I wonder if Malwarebytes has been compromised by the viruses?
Did you do a full scan or a quick scan???
Better to do a full scan if you havn't already.0 -
They're not "viruses" themselves, but files (.class) within temp archives (.tmp) designed to exploit vulnerabilities in Java Runtime - with the end result being malware executed on the system IF the exploit is successful.
Any threat from these files can be mitigated by ensuring Java is up to date. If Java is up to date, the exploits won't work - hence any attempt to execute further malware is thwarted.
There are ones present detailed in this threat expert report that do appear to be malicious.
http://www.threatexpert.com/report.aspx?md5=9c2e3aacd6b804e5628d83e708a54646
Example VirusTotal report:
https://www.virustotal.com/file/070a253d20a31d23840f2ffb05f224c2c96cb0c8b4fda2c5d7c44ae1aaccbc9b/analysis/
Clear the Java cache as well as %temp%, or just use CCleaner as suggested above.
http://www.java.com/en/download/help/plugin_cache.xml
http://windows.microsoft.com/en-gb/windows-vista/Delete-files-using-Disk-Cleanup
Check your java version: http://www.java.com/en/download/installed.jsp
Have a read of this Technet blog.
http://blogs.technet.com/b/security/archive/2011/11/28/millions-of-java-exploit-attempts-the-importance-of-keeping-all-software-up-to-date.aspx
Some of them do look as though they could be false positives. EG. Facebookapi.class , Socialize.class , TumblrApi.class , TwitterApi.class0 -
The best thing to do, is install Kaspersky Internet Security 2012, activate the trial for free for 30 days, update it and do a full scan. This should help0
-
I've had paid Avira for few years and ran the free one for ten years before that, quarantine is nice but unless these are files you're going to miss just delete the four that it did catch.
Whatever you use to get rid of these trojans/exploits/etc once there's no more malware found, back up whatever you want to keep and just format and start again, as you will never know if there's something on your machine that's timed to go off/reactivate exactly a year after the last infection - unless you formatted back in 2011.
Think back to what you last installed or browsed that might have caused a problem as well?0 -
I'll clarify a bit more about what I said in post #8.
The reason there are 16 detections but only 4 files moved to quarantine is that the 4 quarantined (highlighted in red) are the archives - The 16 detections are the files within them.
To break them down:C:\Users\Mandy\AppData\Local\Temp\jar_cache2579060 554189328925.tmp
[0] Archive type: ZIP
--> widget/FacebookApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/Socialize.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/TumblrApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploit
--> widget/TwitterApi.class
[DETECTION] Contains recognition pattern of the EXP/JAVA.Mabowl.Gen exploitC:\Users\Mandy\AppData\Local\Temp\jar_cache7489882 535360974417.tmp
[0] Archive type: ZIP
--> expl4it/Aeie.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CA exploit
--> expl4it/AmicArray.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CK exploit
--> expl4it/Btos.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.AG Java virus
--> expl4it/ddjd.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CL exploit
--> expl4it/gvars.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CB exploit
--> expl4it/hpss.class
[DETECTION] Contains recognition pattern of the EXP/2012-0507.CM exploit
--> expl4it/MCallXXA.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Treams.AH Java virus
--> expl4it/MySt0art.class
[DETECTION] Contains recognition pattern of the EXP/2010-0840.P exploit
--> expl4it/o0mloader.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507.A.71 exploit
--> expl4it/Ull.class
[DETECTION] Contains recognition pattern of the EXP/2008-5353.AK exploitC:\Users\Mandy\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\63\32d4ebbf-4c7414fc
[0] Archive type: ZIP
--> a/m_a.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-0507 exploitC:\Users\Mandy\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\9\38bf60c9-4813d916
[DETECTION] Contains recognition pattern of the EXP/JAVA.Nanube.Gen exploit0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.9K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.9K Work, Benefits & Business
- 598.8K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards