Possible Java-related virus?

  • Thread starter Thread starter CaptMike
  • Start date Start date
C

CaptMike

My desktop PC started acting weird today and I think I might've gotten
a virus of some sort... maybe not. I'm using AVG free edition and
update daily. What I noticed was that when I opened my browser
(Firefox) the screen immediately started increasing in size to where a
single line of text was the whole height of the screen. It seemed to
be "growing" on the fly. If I used explorer or Infranview to look at
a thumbnail, the picture would continue to zoom to the point where I'd
only see a few dozen pixels. If I look at plain details, the text
seems to get jittery.

I ran a scan in AVG and it told me something like 8 objects or files
were infected. Most could be moved to the virus vault, but one could
not. There was an option that said to select the file so I did, and
it was a branch of a Java folder. I figured that I could always
reinstall Java, so I deleted the entire folder. I haven't re-booted
yet, and I'm rescanning with AVG right now.

I looked in the vault and the files are named WebDialer3.zip and
WebDialer8.zip, also Central1.zip, VLoading1.zip, WebDialer2.zip,
runit.vbs, and VLoading1.zip. Does any of this make sense to anyone?
Is ther anything I should do with regard to repairing anything these
files might've done?

Thanks in advance for the help.
 
From: "CaptMike" <CaptMikey>

| My desktop PC started acting weird today and I think I might've gotten
| a virus of some sort... maybe not. I'm using AVG free edition and
| update daily. What I noticed was that when I opened my browser
| (Firefox) the screen immediately started increasing in size to where a
| single line of text was the whole height of the screen. It seemed to
| be "growing" on the fly. If I used explorer or Infranview to look at
| a thumbnail, the picture would continue to zoom to the point where I'd
| only see a few dozen pixels. If I look at plain details, the text
| seems to get jittery.
|
| I ran a scan in AVG and it told me something like 8 objects or files
| were infected. Most could be moved to the virus vault, but one could
| not. There was an option that said to select the file so I did, and
| it was a branch of a Java folder. I figured that I could always
| reinstall Java, so I deleted the entire folder. I haven't re-booted
| yet, and I'm rescanning with AVG right now.
|
| I looked in the vault and the files are named WebDialer3.zip and
| WebDialer8.zip, also Central1.zip, VLoading1.zip, WebDialer2.zip,
| runit.vbs, and VLoading1.zip. Does any of this make sense to anyone?
| Is ther anything I should do with regard to repairing anything these
| files might've done?
|
| Thanks in advance for the help.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
OK, I tried your suggestion, however it seemed to hang-up after a few
moments of checking. Here's where it stopped in both regular and safe
modes:

Scanning C: []
C:\pagefile.sys ... file could not be opened
C:\scanning C:\*.*
C:\Documents and Settings\Administrator\Application
Data\Thunderbird\Profil

Now one last thing. In my original Post I noted I'm using AVG as my
Anti-Virus, so there is no selection on that menu for AVG just a few
others. Can I use any of those or am I stuck?

Mike

From: "CaptMike" <CaptMikey>

| My desktop PC started acting weird today and I think I might've gotten
| a virus of some sort... maybe not. I'm using AVG free edition and
| update daily. What I noticed was that when I opened my browser
| (Firefox) the screen immediately started increasing in size to where a
| single line of text was the whole height of the screen. It seemed to
| be "growing" on the fly. If I used explorer or Infranview to look at
| a thumbnail, the picture would continue to zoom to the point where I'd
| only see a few dozen pixels. If I look at plain details, the text
| seems to get jittery.
|
| I ran a scan in AVG and it told me something like 8 objects or files
| were infected. Most could be moved to the virus vault, but one could
| not. There was an option that said to select the file so I did, and
| it was a branch of a Java folder. I figured that I could always
| reinstall Java, so I deleted the entire folder. I haven't re-booted
| yet, and I'm rescanning with AVG right now.
|
| I looked in the vault and the files are named WebDialer3.zip and
| WebDialer8.zip, also Central1.zip, VLoading1.zip, WebDialer2.zip,
| runit.vbs, and VLoading1.zip. Does any of this make sense to anyone?
| Is ther anything I should do with regard to repairing anything these
| files might've done?
|
| Thanks in advance for the help.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
Click to expand...
 
From: <[email protected]>

| OK, I tried your suggestion, however it seemed to hang-up after a few
| moments of checking. Here's where it stopped in both regular and safe
| modes:
|
| Scanning C: []
| C:\pagefile.sys ... file could not be opened
| C:\scanning C:\*.*
| C:\Documents and Settings\Administrator\Application
| Data\Thunderbird\Profil
|
| Now one last thing. In my original Post I noted I'm using AVG as my
| Anti-Virus, so there is no selection on that menu for AVG just a few
| others. Can I use any of those or am I stuck?
|
| Mike

That's the whole idea Mike !

The Multi AV Scanning ool provides "On Demand" scanners for only; McAfee, Sophos, Trende
Micro and Kaspersky. None of which have to pre-exist on your PC.

It is meant to remove those infectors that have not been removed by software such as AVG.

Try another scanner form the menu.
 
David...

I am truly in a fog when it comes to these things. I rebooted after
the two previous scans and although it only went as far as I
indicated, it apparently fixed everything?

My browser is now normal, and I even updated from Firefox v.1.0.7 to
v.1.5 and that seemed to work. My MS auto update told me to install a
couple of new updates then reboot... so I did that and for the moment
at least... everything seems normal.

I use Comcast cable, and perhaps you'd be so kind as to advise me...
they are offering a free firewall and AV for free to comcast
subscribers... so should I switch from Zone Alarm and AVG?

Mike
 
From: "CaptMike" <CaptMikey>

| David...
|
| I am truly in a fog when it comes to these things. I rebooted after
| the two previous scans and although it only went as far as I
| indicated, it apparently fixed everything?
|
| My browser is now normal, and I even updated from Firefox v.1.0.7 to
| v.1.5 and that seemed to work. My MS auto update told me to install a
| couple of new updates then reboot... so I did that and for the moment
| at least... everything seems normal.
|
| I use Comcast cable, and perhaps you'd be so kind as to advise me...
| they are offering a free firewall and AV for free to comcast
| subscribers... so should I switch from Zone Alarm and AVG?
|
| Mike
|

Zone Alarm is excellent.

CA eTrust -
http://www.my-etrust.com/microsoft/index.cfm - FREE for one year.
{ Free offer extended indefinitely }
 
Linked right off the survival history page is a very easy step-by-step
read: "Windows XP: Surviving the First Day" in PDF format.

The direct link is http://www.sans.org/rr/papers/index.php?id=1298 in
the SANS reading room. This tells how to get an XP compy online safely
in order to download and install good firewall and antivirus tools, free
or not.
 
David...

For a few days now, everything seemed back to normal. This morning, I
had a very brief re-occurence of the same zooming thing. I restarted
and all seems well again. Can you or soemone else answer these
questions:

1. Is this in fact a virus of some sort, and exactly what should I be
looking for when I do a virus scan with AVG?

2. Is there a permanent way to rid my PC of this problem?

3. Is FireFox any more likely than IE to attract viruses like this?

I always use a firewall like Zone Alarm, plus I'm behind a linkSys
router, and always use AVG updated on a daily basis. The question I
had about Comcast's offering of a free McAfee Anti-Virus and Free
McAfee Firewall was more to the effect of whether the Grisoft free AVG
and free ZoneAlarm were better or easier to maintain than similar
programs from McAfee... or vice-versa?

Just for the record, I'm using Windows 2000 Professional with SP4
installed (not Windows XP), and this was a fresh W2K install on a new
HDD about 4 months ago. I've tried to keep program/utility additions
to a minimum as best I can.

Thanks again for all the help.

Mike
 
On that special day said:
This morning, I
had a very brief re-occurence of the same zooming thing. I restarted
and all seems well again
Click to expand...

Well, my system zooms letters, if I press the CTRL key and turn the
wheel of my mouse. Perhaps it is your wireless keyboard, that has
a problem.


Gabriele Neukam

(e-mail address removed)
 
Gabriele...

Oh baby... if its something that dumb then I deserve 30 lashes with a
wet noodle. I will definitely watch that. Thanks for the thought.

Mike
 
CaptMike said:
3. Is FireFox any more likely than IE to attract viruses like this?
Click to expand...

Far less likely. <g> Though if you still have an outdated Java version
installed, all bets are off.
 
BTS...

So how does one check the version of Java employed by Firefox?

BTW, I switched my home PC over to the complimentary McAfee Firewall
and AV. Hopefully it'll be reasonable protection. Is a router like
my LinkSys a sort of "hardware firewall" too? That was my
understanding, and the software firewall helps the overall situation.
But the IT guy that comes in once in a while when we have a problem at
work told me a while back that relying on LinkSys and nothing else is
foolish.

Mike
 
What Version of Java Are You Using?

(http://javatester.org/version.html)

And keep an eye on this:

(http://secunia.com/search/?search=Java)

If you use Java, you must keep on top of it due to the prevalence of
exploits. And make sure it gets installed properly. I have seen
reports that you can't install a new version over an old one.
Click to expand...

Many people don't require Java, and IMO it's best to simply not have
it installed. I know that some financial institutions require it, and
unfortunately, some will work only with IE. Such IE-only sites should
be shunned since MS Java VM is obsolete and unsupported.

MS Java VM can be removed with a MS utility which MS no longer
offers. One download site which has it is Majorgeeks:

http://www.majorgeeks.com/download.php?det=4158

Art




http://home.epix.net/~artnpeg
 
BTS...

So how does one check the version of Java employed by Firefox?
Click to expand...

The other guys already answered that one. Firefox will use whatever
version of Java is installed on your computer.
BTW, I switched my home PC over to the complimentary McAfee Firewall
and AV. Hopefully it'll be reasonable protection. Is a router like
my LinkSys a sort of "hardware firewall" too? That was my
understanding, and the software firewall helps the overall situation.
Click to expand...

A router is .. sorta .. like a firewall, in that your local IP is
different than your publically-seen IP. It's better than nothing. Well,
it's a lot better than most DSL/cable people who plug in directly. No
router, no firewall, zombied in twelve minutes.

Personally, I recommend a software firewall on the PC as well, so you
can monitor OUTgoing traffic, and learn if something wants to phone
home.
But the IT guy that comes in once in a while when we have a problem at
work told me a while back that relying on LinkSys and nothing else is
foolish.
Click to expand...

He's not wrong. :-)
 
Back
Top