Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

shinwow.bh buried in java cache files [RESOLVED]


  • This topic is locked This topic is locked

#1
micha

micha

    Member

  • Member
  • PipPip
  • 24 posts
My computer shows the following infections:

c:/documentsandsettings/defaultuser/application data/Sun/Java/deployment/cache/6.0/56/3c28cc78-369889c4<HipointinstallsheildRT.class>
c:/documentsandsettings/Default User/application data/Sun/Java/Deployment/cache/javapi /v1.0/jar/eRT.jar-27406485-620c90b7.zip<HipointsheildRT.class>
c:/documentsand settings/owner/application data/sun/java/deployment/cache/6.0/56/3c28cc78-36989c4<hipointinstallshieldRT.class>
c:/documentsand settings/owner/application data/sun/java/deployment/cache/javapi
/v1.0/jar/eRT.jar27406485-620c90b7.zip<hipointinstallshield.RT.class>
c:/windows/system32/config/systemprofile/applicationdata/sun/java/deployment/cache
/6.0/56/3c28cc78-369899c4<hipointinstallshieldRT.class>
c:/windows/system32/config/systemprofile/applicationdata/sun/java/deployment/cache
/javapi/v1.0/jar/eRT.jar-27406485-620c907b7.zip<hipointinstallsheildRT.class>

My internet provider's CA cannot eliminate this virus. I get pop ups telling me I have encountered a problem and need to close, my computer slows down, until recently, I have even had excessive redirecting from a requested 'search' and it has been two years of fighting with this virus.
I was originally told I had a bad CA download, it was uninstalled and reinstalled.
I ran several scans and it, the virus still exists...
I have a 6yr old HP Pavillion with XP capability.
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please read this topic and post your HijackThis log here when ready.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
New to this site, so forgive me If I make 'replying or posting' mistakes...

I tried to download Combofix...
My computer says... "cannot rename Combofix...and then says cannot rename to Combofix2"(???)

I have Vundofix, LSPFix, and Winsockxpfix on my 'desktop'...
they are 'repair' scann and fix items offered from my CA, and Microsoft for my problems...
Also can these scanner's fight against each other and cause more havoc in my comp,
as they have helped some...I no longer have the 'error, windows needs to close prompts'...
:)
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you download ComboFix completely yet before trying to rename it? Make sure it's completely downloaded. If you want, restart the computer and try renaming it again. If it still gives you problems, leave it alone and just run it.

For the other tools you mentioned on your desktop, you may delete all of them. Those are only per use tools so they are only needed for a specific task.
  • 0

#5
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Combofix never appeared in 'downloads', never appeared in add or remove programs, and never made it to my desktop?
I'm assuming it never completed it's download?
But still confused as to why my comp informed me it was trying to rename combofix, as if it downloaded and is hidden?

CA says shinwow.bh (trojan) is a low threat supposedly...besides its annoying daily appearance as an 'infection', can it do damage, to my comp if I leave it alone?
I see others on the internet aggravated by its appearance, and it's difficulty in removing...

Oh, I found the java plug in console and cleaned the 'cache', as recommended by CA from my frontier provider,
and it removed one of the above trojans:
c:/documentsand settings/owner/applicationsdata/sun/java/deployment/cache/6.0/56/3c28cc78-36989c4<hipointinstallshieldRT.class>
:)
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
If the only threat found is in the Java cache, I guess we can just aim to get rid of that part....

Go to http://www.java.com/.../5000020300.xml and see how to clear your Java cache or follow the instructions below:

Go into the Control Panel and double-click the Java icon (looks like a coffee cup).

- Under Temporary Internet Files, click the Delete Files button.
- There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
- Downloaded Applications
- Other Files
- Click OK on Delete Temporary Files window (Note: This deletes ALL the Downloaded Java Applications and Applets from the CACHE.)
- Click OK to leave the Java Control Panel.

See if you still have any issues after that.
  • 0

#7
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Well that was grounds for a mini heart attack...lol
I went into Java, and completed the deletions requested.
Then I did a shutdown with startup...my 6 yr old HP Pavillion comp freaked!
It bounced back n forth between starting up and shutting down.
After watching this for a few minutes I acknowledged the black screens request to put it into safe mode,
and checked a few operating systems, and did another shut down with startup.
It came back up okay...this is the reason why I'm late in replying...
I'll run another scan of my c drive and see if anythings changed...
:) :) :)
  • 0

#8
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ran virus scan in c drive and nothing has changed...
still have the same 5 shinwow.bh trojans trapped...

:) ...rofl
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you make sure to select delete temporary files?
  • 0

#10
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
yes...temporary internet files... within java control panel, under general...

right?
  • 0

Advertisements


#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yep, that's the one. If it still won't delete them, try deleting them manually to see if it helps:

c:\Documents and Settings\default user\application data\Sun\Java\deployment\cache\6.0\56\3c28cc78-369889c4
c:\Documents and Settings\Default User\application data\Sun\Java\Deployment\cache\javapi \v1.0\jar\eRT.jar-27406485-620c90b7.zip
c:\documentsand settings\owner\application data\sun\java\deployment\cache\6.0\56\3c28cc78-36989c4
c:\documents and settings\owner\application data\sun\java\deployment\cache\javapi\v1.0\jar\eRT.jar27406485-620c90b7.zip
c:\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4
c:\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c907b7.zip

  • 0

#12
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
That I have been looking for, and never am sure if I am in the right place...
Can you give me a location to go and the DYI explanation?
With your help I have eliminated 1 of the original 6...
So know I very much appreciate your time and patience!
:)
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Were you able to locate any of those? Go into My Computer and C: drive. You can probably follow from there into the deeper folders and delete the specified files.
  • 0

#14
micha

micha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, I chased down my computer, pulled up c drive...
Was amazed by the info I got to see...but no files with the numbers or info I was looking for...
Could it be buried deeper within my system, thought I looked at every file...
Any other suggestions...another place to go, did I miss something...
:)
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Give this a try...

Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

c:\Documents and Settings\default user\application data\Sun\Java\deployment\cache\6.0\56\3c28cc78-369889c4
c:\Documents and Settings\Default User\application data\Sun\Java\Deployment\cache\javapi \v1.0\jar\eRT.jar-27406485-620c90b7.zip
c:\documentsand settings\owner\application data\sun\java\deployment\cache\6.0\56\3c28cc78-36989c4
c:\documents and settings\owner\application data\sun\java\deployment\cache\javapi\v1.0\jar\eRT.jar27406485-620c90b7.zip
c:\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\6.0\56\3c28cc78-369899c4
c:\windows\system32\config\systemprofile\application data\sun\java\deployment\cache\javapi\v1.0\jar\eRT.jar-27406485-620c907b7.zip

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP