Author Topic: What do these viruses do?  (Read 7817 times)

Offline S0N1C

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
What do these viruses do?
« on: June 16, 2011, 07:17:26 AM »
I recently got:

Java:Agent-KU[Expl]   named    rotor/zalux$vrkr.class    in    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cashe\6.0\20\3ad12454-6614743f

Java:Agent-Kt[Expl]   named    rotor/zalux.class    in    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cashe\6.0\20\3ad12454-6614743f

Java:Agent-KV[Expl]   named    rotor/Zo666.class    in    C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\cashe\6.0\20\3ad12454-6614743f


Avast detected them and sent them to the chest. I think I got these with Razer's mouse drivers. I got the LACHESIS razer mouse and updated to the recent version of firmware and driver. Then I play game and my ping skyrockets to 1000 even though I never did before. I restarted my router, restarted my computer, uninstalled the drivers and didn't work. Then I ran a virus scan and detected the malware above. Played again and everything is back to normal. I am wondering if slowing the computer is the only thing that these malwares do or does it have another function. If so, is my computer still infected because they might have dl other malware that I am unaware of. Also, the mouse I bought was used. This sounds crazy, but is there any way that a virus could have been uploaded on the mouse? If not then razer should be informed that their drivers are infected AGAIN. Please help.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21731
  • Gender: Male
    • Personal Message (Offline)
Re: What do these viruses do?
« Reply #1 on: June 16, 2011, 07:27:19 AM »
you see the ending Java:Agent-KU[Expl] means it will exploit vulnerabilities in the OS or a program
if your OS and all programs are updated you should be safe, unless this is for a new vulnerability that is not patched yet

http://en.wikipedia.org/wiki/Exploit_(computer_security)

so the exact exploits these are looking fore i do not know........maybe somone form avast can tell you ?




also check for malware with this...run a quick scan


Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
always update so you have the latest signatures before you scan
click on the remove selected button to quarantine anything found

post the scan log here

« Last Edit: June 16, 2011, 07:41:58 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline S0N1C

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: What do these viruses do?
« Reply #2 on: June 16, 2011, 08:25:09 AM »
Here is my results for the full scan of Malewarebytes:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6866

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

6/16/2011 1:21:04 AM
mbam-log-2011-06-16 (01-21-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 342866
Time elapsed: 49 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I guess my computers clean now, but I'm sure the malware detected by Avast was linked to the razer mouse. Once again, it was used and is there any way that a virus could have been uploaded to it (I know it sounds crazy)? If not then its the driver on razer's website must be infected.
« Last Edit: June 16, 2011, 08:28:03 AM by S0N1C »

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69218
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: What do these viruses do?
« Reply #3 on: June 16, 2011, 10:48:37 AM »
Exploits in JAVA could mean you have an old version, seems you have 6.0.20 and the latest is 6.0.26:
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

luisbreva

  • Guest
Re: What do these viruses do?
« Reply #4 on: July 08, 2011, 04:26:48 PM »
I got one of the same virus! Java/Agent-KU, detected by avast during a boot scan.

I do not know how I got this. My #1 suspect is me misstyping the whirhpool.com site (I think I spelled it without an 'h'). It sent me to avery fishy site and I clicked a button that said "reset connection" b/c it looked like a legit firefox button.

Shortly after that, my yahoo acount send a spam email to all my contacts! I was logged into yahoo at the time. Pretty emabarrasing. I also got a misterious post on facebook (I was also logged into facebook) that said "Re:" as my status update.

First thing I did was change my yahoo password (this is what yahoo reccomended under help). I'm worried this was a mistake, could the virus have logged my key-strokes and now know my new password???

Next, I ran and avast full system scan. Nothing found! Then I requested a boot-time scan, rebboted, and now have a black screen saying that Java/Agent-KU is infected. I have the option to delete, etc by pressing a number key.

What should I do next? I'll be happy to post any logs, etc. Want to make sure I clean my computer and that this does not happen to tohers (I'm surprised the virus got through avast in the 1st place since I allways have it running).

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now