Malware and Virus RemovalProblems removing malware/viruses? Get help from our Malware removal experts.
Mission Statement
WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.
Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.
I need help in removing this bugger. I ran a AVG Anti-Virus scan and found it. It was moved to the Virus Vault but after rebooting and running the scan again POW!!! there it was again. Only this time there were three files found. I'm afraid to keep trying to remove it, fearing it will just keep multiplying.
P.S. This thing has shown up on my work computer as well (I carry files back and forth on a flash drive). I have run a scan on the flash but the scan shows it to be clean.
I have no clue as to what you look for in the Hijack This file but I know that you always seem to ask for one, so here's mine.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:37 PM, on 8/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
If the flash drive is infected it needs to be cleaned. Is there data on it that can be replaced? other wise you will just keep infecting yourself and any machine that you plug the flash drive into.
You seem to be running 3 anti virus programs. this is not a good idea, they can conflict with each other and actually give you less protection and cause system problems.
PC Tools AntiVirus
Authentium AntiVirus
AVG7
2 of them need to be removed.
Boonty Games seems to be very undesirable, did you read their Privacy Policy?
See this. http://www.castlecops.com/O23.html
Are you willing to remove it?
Let me know about the flash drive and Boonty Games and remove 2 of the AV programs, then post a new HJT log and we can go from there.
Ok, I removed PC Tools AntiVirus, I could not find Authentium AntiVirus or Boonty Games in the add/remove programs folder. Could HJT be finding something that was left behind when these programs were removed. Do you have any suggestions on how I can remove them?
Regarding the flash drive data, the data which is now on the flash drive is also on both my work computer and my home computer. So to answer your question, if the data is infected, then its infected everywhere. But as I stated previously, I scanned the flash drive and it appears that the files and folders on it are OK.
Heres the new HJT results:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:13 AM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Click Start> Run and type (or paste) the following lines one at a time into the run box. hit enter after each line.
sc stop "Boonty Games"
sc stop dvpapi
sc delete "Boonty Games"
sc delete dvpapi
Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.
First step:
Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.
Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.
- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save Don't forget to re-enable it, when your computer is clean.
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
Hi
Virus Scan only showed cookies, no virus.
Here's the new HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:11 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Do this, just a little clean up see it if will delete.
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
Now close all windows other than HiJackThis, then click Fix Checked.
Close HJT.
Now lets get a second opinion with a on-line scan. please do this.
Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin
The rest are optional - if you want it to remove everything check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
Click on “Accept” If your pop –up blocker blocks any windows from opening.
Click Run on the window that opens. Windows Vista users you must open the web browser using the Run as Administrator command.
The program will launch and then begin downloading the latest definition files:
Under Scan on the left side.Click on My Computer
This will start the program and scan your system.
Click the “Scan Report” On the left side.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
Save the text file to your desktop.
Copy and paste that information in your next post.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 24, 2008 04:42:56
Records in database: 1139021
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 82595
Threat name: 4
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:34:55
File name / Threat name / Threats count
C:\Documents and Settings\David Barber\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-77cba243 Infected: Exploit.Java.Gimsh.a 1
C:\Documents and Settings\David Barber\Desktop\New Briefcase\MC live.exe Infected: Trojan-Dropper.Win32.Joiner.fa 1
C:\Documents and Settings\David Barber\Incomplete\T-3545425-tim mcgraw like christopherson(1).mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Documents and Settings\David Barber\Shared\black crows sexy girl has shaking orgasm during sex.mp3 Infected: Trojan-Downloader.WMA.Wimad.o 1
C:\Documents and Settings\David Barber\Shared\christopherson tim mcgraw.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
Your Java cache has an infection. and it needs updated anyway. so do this.
Please download JavaRa and save the file to your desktop.
Right click and Extract All
Once extracted, open and run JavaRa.exe
Click Search For Updates
Select Update Using jucheck.exe
Click Search
If a newer version is found, allow it to be installed
Uncheck the Google Toolbar option. (if you don't want the Google tool bar)
When complete, click Remove Older Versions in the JavaRa interface and allow it to proceed
When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
Exit the tool when complete.
Read and then You can delete the gpl-2.0.txt file.
Now do this.
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
C:\Documents and Settings\David Barber\Desktop\New Briefcase\MC live.exe
Now these 3 songs are infected and need to be deleted.
T-3545425-tim mcgraw like christopherson(1).mp3
black crows sexy girl has shaking orgasm during sex.mp3
christopherson tim mcgraw.mp3
Empty your recycle bin or run ATF Cleaner again.
Let me know that they were deleted and how things are running.
Geri
Now a word on P2P.
P2P software ( Limewire, BitTorrent uTorrent etc… ) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.
References for the risk of these programs are here, here and here.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.
Ok as per your instructions I downloaded and installed JavaRa.exe. However there was a problem in removing the older version. The removal log is below. I have tried to delete the remaining file, but I just get the error message "Cannot delete awt.dll: Access is denied"
The 4 files you indicated have been deleted. (My son has been informed that unless he wishes to lose the use of the 10 fingers he was born with it would be best not to use MY computer for his P2P downloads).
I took it upon myself (I hope no damage was done) to run another Kaspersky Scan after the java download and the deleting of the files. As you see from the log there's still something in the Java cache.
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sun Aug 24 10:27:57 2008
Found and removed: C:\Program Files\Java\j2re1.4.2_03
Found and removed: C:\Program Files\Java\jre1.5.0_03
Found and removed: C:\Program Files\Java\jre1.5.0_06
There was an error removing C:\Program Files\Java\jre1.6.0_03. The error returned was 32.
Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\j2re1.4.2-b28
Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142030}
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4
Found and removed: Software\JavaSoft\Java2D\1.5.0_03
Found and removed: Software\JavaSoft\Java2D\1.5.0_06
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510003
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Classes\JavaPlugin.150_03
Found and removed: SOFTWARE\Classes\JavaPlugin.150_06
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150030}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331 866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142030}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410203
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410203
Found and removed: SOFTWARE\Classes\JavaPlugin.142_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06
Found and removed: Software\Classes\JavaPlugin.142_03
Found and removed: Software\Classes\JavaPlugin.160_03
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
Found and removed: Software\JavaSoft\Java2D\1.6.0_03
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Sun Aug 24 10:30:16 2008
There was an error removing C:\Program Files\Java\jre1.6.0_03. The error returned was 32.
------------------------------------
Finished reporting.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 24, 2008 14:54:39
Records in database: 1140518
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Files scanned: 81329
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:32:21
File name / Threat name / Threats count
C:\Documents and Settings\David Barber\Application Data\Sun\Java\Deployment\cache\6.0\25\650d0659-77cba243 Infected: Exploit.Java.Gimsh.a 1
Hi
Sorry for the delay in replying but I had problems logging back in.
I have tried to remove it two ways: (1) through the contol panel - add/remove programs (its not there). What is there is Java(TM) 6 update 7 which I assume is the new version (2) I went to explore then to java then to the JRE1.6.0_03 folder and tried there with the same error window.
Hi
OK Please reboot and do this part again.
Open the JavaRa interface
click Remove Older Versions in the JavaRa interface and allow it to proceed
When that is complete, click Additional Tasks, then select Remove Useless JRE Files and click Go
Exit the tool when complete.
I turned TeaTime and Defender on and everything seems to be working. How do you feel about AVG anti-virus? Do you ever make recommendations for software.
Do you have any suggestions on how I can remove them?
