Virus / Trojan elimination... Win 7 64 - registry questions

DarkSideA8

Limp Gawd
Joined
Apr 13, 2005
Messages
254
I got a java exploit virus/trojan recently - either through a fake update or hitting the "x" on one of those annoying pop-ups.

Anyway, I've run Trend Micro & Security Essentials and both tell me they've found the problem & have cleaned it... daily.

Meaning, there is something hiding which those programs cannot find.

I found a couple of suspicious entries in "hkey_current_user software microsoft windows currentversion internet settings\zonemap\domains" - and want to be sure they're configured corrrectly - or whether I should delete them.

The sites listed are ones I plugged into the restricted cookies section under IE - but they are not all of the sites listed in IE.

The registry DWord value is "4" (0x00000004 (4)), but I am not certain that means "block" or not - and, I am not sure why only these 5 sites show up in the 'Domains' registry, and not all of the sites on my IE restrictions page (suspicious).

Thoughts?
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,198
Take the HDD out and scan it on another PC. Once it's cleaned off all it can find then put the HDD back in, boot up and run Combofix on it to clean up the last bits and any app/Registry changes.

Nigh on impossible to clean virus/trojans off a running PC once infected. You dont get everything.
 

Snowknight26

Supreme [H]ardness
Joined
May 8, 2005
Messages
4,226
Zone 4 is 'Restricted Sites Zone,' obviously. If you see other sites there, check under HKLM as well.
 

DarkSideA8

Limp Gawd
Joined
Apr 13, 2005
Messages
254
Thanks, guys.

Any idea how to find information on these:

" Exploit:Java/CVE-2012-0507.BR!ldr
~or~
TrojanDownloader:Java/OpenStream.BO

I tried googling, but it seems like a lot, if not most of the sites talking about viruses are highly suspicious themselves. Prior to HackThis getting snatched up by (and languishing under) Trend, there used to be good sites that helped figure where these things were hiding...

@ daglesj: I'll try your suggestion, thanks.
 
Top