Question

Trojans in Java Cache - Can't Download File with ANY browser

I am setting up a salesman's laptop to use our company VPN.
Compaq Presario (don't have the model number at hand right now)
Win XP home sp3
No obvious anti-virus software installed
<div>
His default browser is Firefox ( version 3.6.17), and, while he can connect to the VPN, the app he needs to run will not work as it should. I tried using Internet Explorer, but that won't even run (loads, then just terminates).

Discussion is locked
Follow
Reply to: Trojans in Java Cache - Can't Download File with ANY browser
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Trojans in Java Cache - Can't Download File with ANY browser
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
Some things to try..

tomstrong..

In some instances the malware will change the settings to use a proxy server. To see if this is the case:

Open Internet Explorer. Go to Tools>Internet Options>Connections Tab. Click on the "LAN Settings" button. IF there is a check in the box next to "Use a proxy server for your LAN", uncheck it. Click "OK". Then "OK", again.

Open Firefox. Go to Tools>Options>Advanced. Click on the "Network" tab. To the right of where you see "Configure how Firefox connects to the Internet", click on the "Settings" button. Put a tick mark next to "No proxy". Click "OK". Then "OK", again.

If the settings hadn't been changed, try the following tools, in case malware is still posing a problem.

Download the below and save them to his laptop. If you're unable to do so, you're going to have to use another computer and transfer the tools to his. (Using a CD/DVD or Flash Drive)

Download and run the "Rkill" tool. You only need to launch one file, in order for it work. If you have no success running rkill.exe, try the next. When Rkill runs you will see a command prompt window similar to this. IF one DOES work for you (immediately) run a Scan with Malwarebytes' Anti-Malware. (See below) Do NOT reboot after running Rkill.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Rkill's purpose is to terminate offending/malicious processes. A more detailed explanation of what Rkill "does and doesn't do", can be found at the bottom of the Rkill download page.

You're also going to scan with Malwarebytes' Anti-Malware (free). The direct links for the installer and manual updater are listed below. To avoid any problems, rename the installer, prior to transferring it to his laptop. Rename the mbam-setup.exe to something such as toms.exe, if you wish. Don't forget to update, after the transfer.

Malwarebytes' Installer
http://www.besttechie.net/tools/mbam-setup.exe

Manual Update link
http://data.mbamupdates.com/tools/mbam-rules.exe

I would also suggest scanning with SUPERAntiSpyware. SUPERAntiSpyware FREE Edition can be downloaded from here.

If you run into any problems, please post back and let us know..
Carol

- Collapse -
In reply to Carol's Reply

In some instances the malware will change the settings to use a proxy server. Not the Case. Firefox is not trying to use a proxy. It renders web pages correctly, but will not allow manual downloading of any non-html file (I believe this includes client-side scripting files like javascript [.js] -- and I know it includes .pdf files)
To see if this is the case:Open Internet Explorer. Go to Tools>Internet Options>Connections Tab. Click on the "LAN Settings" button. IF there is a check in the box next to "Use a proxy server for your LAN", uncheck it. Click "OK". Then "OK", again. As I said in the original post, Internet Explorer will not open. It terminates as soon as it finishes loading.

I will try your other suggestions as soon as this guy brings the machine back to me. Until his machine is fixed he won't be able to send in any orders over the Internet unless we give him a laptop, smart phone or netbook, (Part of his hiring deal included his having his own mobile computing capability).

Thanks for your input!

TW

- Collapse -
Even if MSIE doesn't open, YOU ...

can check to see how FireFox is configured now for using or not using a proxy server set by malware.

Click the Tools menu then Options then the Advanced Icon. Now the Network tab and the settings button. Now select the NO PROXY radio button.

- Collapse -
Answer
Torjans

Try using CCleaner , and SuperMalware to check for the malware

- Collapse -
SuperMalware

What is that?

Mark

CNET Forums