Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Thank you mariana

by Intern_doc Feb 6, 2004 12:09PM PST

I did download the program and run it. Now when I ran the Antivirus again. It did not detect anymore infected files. Hopefully, it get rid of the files for good.

Thank you very much for your help

Tran

Discussion is locked

5 Posts
- Collapse + Expand Details
- Collapse -
(NT) Tran, You're Very Welcome ! Glad to hear you got it fixed :)
by Marianna Schmudlach Feb 6, 2004 12:54PM PST

.

- Collapse -
OH NO !! INFECTED AGAIN W/DIFF VIRUS
by Intern_doc Feb 6, 2004 2:43PM PST

Hi Marianna,
Sorry to bother you again. I went on MICROTREND to run a free scan and it detect 14 files infected with the following virus.

1. JAVA FEMAD.B
2. JAVA BYTEVER.A-1
3. HTML COUNTER.A
4. TROJ MENDWAR.A

Is this mean that my AVG antivirus does not work at all ? since it did NOT pick up these infected files at all. I did deleted all of 14 files already. Any suggestion at all ?

Thank you again

Tran

- Collapse -
You still have Microsoft VM on your computer??
by Marianna Schmudlach Feb 6, 2004 3:07PM PST

Tran,

JAVA FEMAD.B is the same as JAVA BYTEVER.A-1

Troj/Femad-B uses the byte verifier vulnerability in unpatched versions of Internet Explorer to drop and execute the file C:\web.exe.

Download and install Microsoft Security Bulletin MS03-011 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp

HTML_COUNTER.A
Aliases: COUNTER.A
This Trojan dropper, which usually resides in infected Web pages, calls the malware JAVA_BYTEVER.A to exploit a known vulnerability in Microsoft Virtua...
http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=HTML+COUNTER%2EA&alt=HTML+COUNTER%2EA


TROJ_MENDWAR.A
Aliases: Win32.Mendwar
This memory-resident Trojan connects to a certain Web site to notify a malicious user that it has infected a machine. It also retrieves a certain Web page for every two hours to check for ma...
http://www.trendmicro.com/vinfo/virusencyclo/default2.asp?m=q&virus=TROJ+MENDWAR%2EA&alt=TROJ+MENDWAR%2EA

Fix the first ones with the MS patch or what you also could do is - dump Microsoft VM and install Sun Java !
Download J2SE v 1.4.2_03 http://java.sun.com/j2se/1.4.2/download.html

After that I would recommend HijackThis - will make an extra post.

- Collapse -
HijackThis
by Marianna Schmudlach Feb 6, 2004 3:11PM PST

Tran,

after you fixed the items in my last e-mail:

Download and run HijackThis - get it here:

http://www.tomcoyote.org/hjt/


Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log")

Next, HijackThis | Config [button] | Misc Tools [button]
Click: Generate StartupList log [button] (generates: "startuplist.txt")

Next, go to the link below.

http://www.spywareinfo.com/forums/

and post your "hijackthis.log". There are the experts and they will tell you what to do.


Maybe a good idea is to also install:

http://www.javacoolsoftware.com/spywareblaster.html

http://www.wilderssecurity.net/spywareguard.html

Good Luck and pls. let us know how you are doing Happy

- Collapse -
Re:HijackThis
by Marianna Schmudlach Feb 7, 2004 1:36AM PST

Hi Tran,

I just saw your HijackThis log - yep, you have f.i. the Sandboxer Browser Redirect in it! They will tell you what to do Happy

Good Luck !

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info