Author Topic: JunkPoly Virus found  (Read 4359 times)

0 Members and 1 Guest are viewing this topic.

moorman20

  • Guest
JunkPoly Virus found
« on: February 05, 2010, 02:04:34 AM »
Saturday Avast began notifying me that a virus had been found.  The virus was identified as JunkPoly and I had alerts from Avast all day long.  The alerts continue despite the fact that I opted to send the virus to the chest.  SuperAnti-Spyware has located the virus and quarrantined it, yet it keep coming back.  Please advise.

pinnacle

  • Guest
Re: JunkPoly Virus found
« Reply #1 on: February 05, 2010, 02:21:56 AM »
here is info on this nasty  http://www.precisesecurity.com/blogs/2009/03/22/win32_junkpoly/  and manual instructions to get rid of it. http://forums.spybot.info/showthread.php?t=38963  here is where you can get spybot  http://www.safer-networking.org/en/index.html
« Last Edit: February 05, 2010, 02:24:17 AM by pinnacle »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87685
  • No support PMs thanks
Re: JunkPoly Virus found
« Reply #2 on: February 05, 2010, 02:24:27 AM »
If it keeps coming back, there is likely to be an undetected or hidden element to the infection that restores or downloads the file again. What is your firewall ?

If you haven't already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.4.6062 (build 23.4.8118.762) UI 1.0.762/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

moorman20

  • Guest
Re: JunkPoly Virus found
« Reply #3 on: February 05, 2010, 10:34:57 AM »
My firewall is Windows Defender.  I have run Malawares:

Malwarebytes' Anti-Malware 1.37
Database version: 2193
Windows 6.0.6001 Service Pack 1

2/5/2010 12:58:23 AM
mbam-log-2010-02-05 (00-58-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 270997
Time elapsed: 2 hour(s), 23 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe (Security.Hijack) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe (Security.Hijack) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\hosts (Trojan.Agent) -> No action taken.
C:\Windows\System32\hosts (Trojan.Agent) -> No action taken.

Derelict_AZ

  • Guest
Re: JunkPoly Virus found
« Reply #4 on: February 05, 2010, 02:43:22 PM »
Your version of Malwarebytes is old. The latest is 1.44 with database 3693. You may want to update and rescan, but it looks like you have some things already found that should be cleaned.

Sm3K3R

  • Guest
Re: JunkPoly Virus found
« Reply #5 on: February 05, 2010, 02:48:39 PM »
bdagent.exe
livesrv.exe
vsserv.exe
bdwizreg.exe
seccenter.exe

This are LEGIT BitDefender files .
Have you uninstalled it properly using their uninstall tool ?


Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87685
  • No support PMs thanks
Re: JunkPoly Virus found
« Reply #6 on: February 05, 2010, 04:05:40 PM »
@ moorman20
Windows Defender, isn't a firewall.

Vista is on service pack 2, so you are out of date there and could leave your system more vulnerable to attack - I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

Is this version of BidDefender antivirus resident (seems so) ?
Having two resident scanners installed is not recommended as rather than provide twice the protection it can cause conflicts that could leave you more vulnerable.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.4.6062 (build 23.4.8118.762) UI 1.0.762/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

moorman20

  • Guest
Re: JunkPoly Virus found
« Reply #7 on: February 06, 2010, 10:50:10 AM »
Sorry, could not get computer to operate as infection keeps  shutting me down.  I still need assistance though login may be sporadic.  I am update Malawares and removing bdagent.exe
livesrv.exe
vsserv.exe
bdwizreg.exe
seccenter.exe

thanks

Sm3K3R

  • Guest
Re: JunkPoly Virus found
« Reply #8 on: February 06, 2010, 11:59:37 AM »
Sorry, could not get computer to operate as infection keeps  shutting me down.  I still need assistance though login may be sporadic.  I am update Malawares and removing bdagent.exe
livesrv.exe
vsserv.exe
bdwizreg.exe
seccenter.exe

thanks

Those files are from a previous BitDefender installation and your JunkPoly alert may be a simple false pozitive.Unless you ve used a "non- ortodox" BD kit.
To remove all traces of BitDefender do like here and download the tool linked in the description -> http://www.bitdefender.com/KB333-en--How-to-uninstall-BitDefender.html