Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

javaav.exe or Adware.Virtumonde?

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

javaav.exe or Adware.Virtumonde?

Old 11-20-04, 04:08 PM
  #1  
DVD Talk Platinum Edition
Thread Starter
 
Join Date: Jan 2000
Location: Los Angeles, CA
Posts: 3,613
Likes: 0
Received 0 Likes on 0 Posts
javaav.exe or Adware.Virtumonde?

I have a process running called javaav.exe that always reappears whenever I end it. Norton AV identifies it as Adware.Virtumonde, yet NAV cannot delete. Even going into safemode, it cannot be deleted.

The path to the file is listed as C:/Windows/Assembly/javaav.exe, but even with hidden files shown, I cannot find that file anywhere in that folder or any other folder.

My startup processes list two registry keys for starting javaav.exe up. Whenever I delete those registry keys they immediately reappear. Spybot and Ad-aware don't find these files nor do anything about them. Again, going into safe mode doesn't do anything to help.

I've followed hints or leads I've found in terms of dealing with Virtumonde, but most people only suffer from sysupd.exe or sindowsupd.exe which are located in folders and can be found, hence deleted.

Any suggestions, beyond reformatting? This is driving me crazy. Thank you. If there's any information I can provide that would help someone make an assessment of the situation, please let me know.
Old 11-20-04, 04:27 PM
  #2  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
Post a HiJackthis Log.
Old 11-20-04, 05:05 PM
  #3  
DVD Talk Platinum Edition
Thread Starter
 
Join Date: Jan 2000
Location: Los Angeles, CA
Posts: 3,613
Likes: 0
Received 0 Likes on 0 Posts
Logfile of HijackThis v1.97.7
Scan saved at 5:03:44 PM, on 11/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\assembly\javaav.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\3M\PSNotes2\psn.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\PROGRA~1\3M\PSNotes2\PSNGive.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {02F96FB7-8AF6-439B-B7BA-2F952F9E4800} - C:\DOCUME~1\TALTON~1\LOCALS~1\Temp\vaavaj.dat
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [*javaav] C:\WINDOWS\assembly\javaav.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKLM\..\RunOnce: [*javaav] C:\WINDOWS\assembly\javaav.exe rerun
O4 - Global Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes2\psn.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095470622416
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/C...orLauncher.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://activex.microsoft.com/activex...oadcontrol.cab
O16 - DPF: {B817734E-046C-11D3-B674-00104BA25195} (PSNQuerySystem Class) - http://pmb001.3m.com/pub/psnotes/psnudate.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
Old 11-20-04, 08:28 PM
  #4  
DVD Talk Platinum Edition
Thread Starter
 
Join Date: Jan 2000
Location: Los Angeles, CA
Posts: 3,613
Likes: 0
Received 0 Likes on 0 Posts
well, i updated from nav 2004 to nav 2005 and that was able to fix the virus. then i went in to safe mode and cleared out all the rest.

case closed.
Old 11-20-04, 08:47 PM
  #5  
DVD Talk Gold Edition
 
Join Date: Jun 2004
Location: Houston, Tx.
Posts: 2,713
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by TLwizard
well, i updated from nav 2004 to nav 2005 and that was able to fix the virus. then i went in to safe mode and cleared out all the rest.

case closed.
Thanks for the update. I was working on it..Case Closed!

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.