Javaw.exe variant, hundreds of conhost, svchost, netsh, etc

Solved
By Nyroc
Feb 23, 2013
  1. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    Sorry, I dont mean to be a pain. I live outside of a small ski town, and have no land based internet connection here.There is no local wireless available either, I use a program called EasyTether to "tether" my phones 3G to my computer and use it for my internet connection. Since I am somewhat "grandfathered" in with Verizon, I have truly unlimited data on my phone, so no excessive data charges... Like I said previously, the laptop, for whatever reason, does not recognize my phone. I will have to go to town or somewhere with an open wireless signal with the laptop, if an internet connection is necessary. My plan was to update everything prior to turning it over to my coworker, but perhaps this was a bad choice in judgement. Please lemme know how I should I proceed. I suppose I didn't follow directions to the T. Apologies for any extra headache or inconvenience I may be causing you.
  2. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    Just got off the phone with a neighbor, may take me a bit but I'm gonna go over there and use his internet and get the scan completed. I'll be back soon, thank you for your patience.
  3. Broni

    Broni Malware Annihilator Posts: 46,167   +251

  4. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    F-Secure required a Java Runtime update, which I did from their website. Afterwards, F-Secure ran fine

    Scanning Report
    Monday, February 25, 2013 19:43:32 - 19:46:06
    Computer name: JANI-PC
    Scanning type: Quick scan
    Target: System


    --------------------------------------------------------------------------------

    No malware found

    --------------------------------------------------------------------------------

    Statistics
    Scanned:
    Files: 5453
    System: 5453
    Not scanned: 0
    Actions:
    Disinfected: 0
    Renamed: 0
    Deleted: 0
    Not cleaned: 0
    Submitted: 0

    --------------------------------------------------------------------------------

    Options
    Scanning engines:

    --------------------------------------------------------------------------------

    Copyright © 1998-2009 Product support | Send virus sample to F-Secure
    F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  5. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    [​IMG] Update Adobe Flash Player: http://get.adobe.com/flashplayer/
    Make sure you UN-check Yes, install McAfee Security Scan Plus

    NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
    NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =======================================

    [​IMG] Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
  6. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    The laptop seems to be doing good again. Runs great on the internet with no hiccups. Here is the last log:

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: jani
    ->Temp folder emptied: 592879077 bytes
    ->Java cache emptied: 37858 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 506 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 789761 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 4154 bytes

    Total Files Cleaned = 566.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: jani
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: jani
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.69.0 log created on 02252013_201428

    Files\Folders moved on Reboot...
    C:\Users\jani\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  7. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Way to go!! [​IMG]
    Good luck and stay safe :)
    Nyroc likes this.
  8. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    I was curious about a couple things.

    I've always wondered, for those of us who may practice P2P, is there a way to create a secure folder that inhibits any execution of files within it, say for downloading unknown files into. I personally use VirtualBox, and run a separate version of Windows to download all of my files from the internet, scan them there, then transfer them eventually to my main system. But, for my friend, who has kids that may not listen so well, is there another option to "sandbox" files for later scanning with updated AV/Malware software? I realize that most software does this automatically, and I'm going to remove Chrome and install Comodo Dragon due to it's increased security, but any added protection is always better imo.

    Second, I use Comodo I.S. and Malwarebytes, and installed both on the laptop. What do you use, if you dont mind my asking? Are there other sources than the ones you've provided in previous posts?

    Lastly, I program on the side, and have had an interest in further education on detecting / fighting malware and the such, are you aware of any specific sites, besides Google, that you might suggest I visit? I have a strong interest in furthering my coding education, but I've had trouble finding organized information online.

    Your assistance has been much appreciated, as well as your patience. I'm rather broke right now, but I will definitely be contributing in the future. Is there somewhere I can give you some kudos? I've seen some other posts where you helped folks, and if it has not been put out there I believe you deserve some recognition.

    Thanks again! Quite satisfied!
  9. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    1. I'd be against this forum rules to advice on P2P programs other than uninstall them.

    2. I use Avast and Windows firewall plus free version of MBAM.

    3. There are free schools available: http://www.uniteagainstmalware.com/schools.php

    4.
    You just did :)
  10. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    Ohh.. One last thing, I know I'm pushin it on this post, I use Auslogics, but I've been lately disappointed with them, any suggestions for an alternative?
  11. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    What program from Auslogics?
     
  12. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    Boostspeed
  13. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    Just looking for something that clears old files, cache, temp folders and the registry in a user friendly manner. Boostspeed used to be free, I'd like to offer him something that doesn't require a fee.
  14. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    Uninstall it.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

  15. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    All you need is to run TFC weekly and you'll be good to go.
  16. Nyroc

    Nyroc Newcomer, in training Topic Starter Posts: 25

    Nice, good to know, I think that about covers all my questions/concerns. Thanks again for all of your dedication and help man, you're a rockstar!:) Broni = huge(y)!
  17. Broni

    Broni Malware Annihilator Posts: 46,167   +251

    You're very welcome [​IMG]


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.