IPB

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> not-a-virus:WebToolbar.Win32.Asparnet.lx on java_sp.dll
Aaron Johnson FP
post 19.04.2017 20:15
Post #1


Member
**

Group: Members
Posts: 12
Joined: 6.10.2016




Hi,

This virus is showing on 2 of our Servers.
The result from Kaspersky is "Object not disinfected. Reason: writing is not supported. Object name: java_sp.dll/​/​data0001.res"

I have googled this but cannot find any information on this virus.

Need to get this cleaned up asap as one of the servers is our VCenter Box.

Please assist.
Go to the top of the page
 
+Quote Post
richbuff
post 19.04.2017 22:25
Post #2


Helper
*****************

Group: Global moderators

Posts: 1009753
Joined: 14.06.2007




1. Please post the full, complete detection details. File name, path, location.

2. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the second (2nd) Important topic.
There, you will find instructions for GSI and AVZ logs.

Please see the small print that is located at the bottom of this message.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Aaron Johnson FP
post 4.05.2017 17:35
Post #3


Member
**

Group: Members
Posts: 12
Joined: 6.10.2016




QUOTE(richbuff @ 19.04.2017 13:25) *
1. Please post the full, complete detection details. File name, path, location.

2. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the second (2nd) Important topic.
There, you will find instructions for GSI and AVZ logs.

Please see the small print that is located at the bottom of this message.


Attached is the full detail.

I'll run GSI here in a moment.


Attached File(s)
Attached File  5_4_2017_8_33_21_AM.png ( 37,75K ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
Aaron Johnson FP
post 4.05.2017 18:06
Post #4


Member
**

Group: Members
Posts: 12
Joined: 6.10.2016




QUOTE(richbuff @ 19.04.2017 13:25) *
1. Please post the full, complete detection details. File name, path, location.

2. Please see: Kaspersky Lab Forum > English User Forum > Virus-related issues > the second (2nd) Important topic.
There, you will find instructions for GSI and AVZ logs.

Please see the small print that is located at the bottom of this message.


Here is the KL_SYScure file,
the GSI is too big for your forum. its 6mb, you only allow 300k
Attached File(s)
Attached File  KL_syscure.zip ( 68,1K ) Number of downloads: 1
 
Go to the top of the page
 
+Quote Post
richbuff
post 4.05.2017 22:34
Post #5


Helper
*****************

Group: Global moderators

Posts: 1009753
Joined: 14.06.2007




5. This .zip needs to be uploaded to https://www.getsysteminfo.com/ and when finished you copy the link and add it to your post.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Aaron Johnson FP
post 4.05.2017 22:46
Post #6


Member
**

Group: Members
Posts: 12
Joined: 6.10.2016




QUOTE(richbuff @ 4.05.2017 13:34) *
5. This .zip needs to be uploaded to https://www.getsysteminfo.com/ and when finished you copy the link and add it to your post.


Here ya go
http://www.getsysteminfo.com/read.php?file...f5c68836d8716ae
Go to the top of the page
 
+Quote Post
richbuff
post 4.05.2017 23:23
Post #7


Helper
*****************

Group: Global moderators

Posts: 1009753
Joined: 14.06.2007




java_sp.dll/​/​data0001.res is not showing up in your logs.

Any clue where this file path/location is?

This could be maybe a false positive, or it may be part of a unwanted browser toolbar.



--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Aaron Johnson FP
post 5.05.2017 17:27
Post #8


Member
**

Group: Members
Posts: 12
Joined: 6.10.2016




QUOTE(richbuff @ 4.05.2017 14:23) *
java_sp.dll/​/​data0001.res is not showing up in your logs.

Any clue where this file path/location is?

This could be maybe a false positive, or it may be part of a unwanted browser toolbar.



I checked the browsers, no toolbars. And the path makes no sense to me either.
If this is a false-positive, is there anyway to stop this from blowing up my daily report? Its showing the same listing on both servers close to 2000 times, which really muddies up my reporting.

Thanks
Go to the top of the page
 
+Quote Post
richbuff
post 5.05.2017 23:20
Post #9


Helper
*****************

Group: Global moderators

Posts: 1009753
Joined: 14.06.2007




Please send detected file to the Lab, instructions are located in the third important topic located near the top of the Virus section of this forum. And here:
http://forum.kaspersky.com/index.php?showtopic=13881

QUOTE(harlan4096 @ 18.09.2016 02:07) *
Please send the .exe to KL VirusDesk,
if verdict in Infected [or Clean], click on Disagree button, and file will be sent as a [non] false positive to KL analysts, also You can give Your email address to get the final verdict,


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Aaron Johnson FP
post 8.05.2017 17:18
Post #10


Member
**

Group: Members
Posts: 12
Joined: 6.10.2016




QUOTE(richbuff @ 5.05.2017 14:20) *
Please send detected file to the Lab, instructions are located in the third important topic located near the top of the Virus section of this forum. And here:
http://forum.kaspersky.com/index.php?showtopic=13881



Thats the thing, I cannot find the file.... Kaspersky says its infected but I have no idea where "Java_sp.dll" exists.
Go to the top of the page
 
+Quote Post
richbuff
post 8.05.2017 22:32
Post #11


Helper
*****************

Group: Global moderators

Posts: 1009753
Joined: 14.06.2007




Please download AdwCleaner and save it on your Desktop.

Right click the file that you saved and Run as administrator, press the Scan button and wait for the scan to complete.

When the scan is complete, the report will be saved in the following location: C:\AdwCleaner\AdwCleaner[S0].Txt

Please attach AdwCleaner[S0].Txt to your next post.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
Aaron Johnson FP
post 10.05.2017 00:45
Post #12


Member
**

Group: Members
Posts: 12
Joined: 6.10.2016




QUOTE(richbuff @ 8.05.2017 13:32) *
Please download AdwCleaner and save it on your Desktop.

Right click the file that you saved and Run as administrator, press the Scan button and wait for the scan to complete.

When the scan is complete, the report will be saved in the following location: C:\AdwCleaner\AdwCleaner[S0].Txt

Please attach AdwCleaner[S0].Txt to your next post.


attached... Not much in there.
Attached File(s)
Attached File  AdwCleaner_S0_.txt ( 2,41K ) Number of downloads: 2
 
Go to the top of the page
 
+Quote Post
richbuff
post 10.05.2017 06:59
Post #13


Helper
*****************

Group: Global moderators

Posts: 1009753
Joined: 14.06.2007




Yes, not much more, let's see.

Close all browsers, then re-run AdwCleaner by right click > Run as administrator, check all detected, then click Clean and wait until removal is complete > reboot.
The report will be saved in the following location: C:\AdwCleaner\AdwCleaner[C0].Txt.
Attach the report to your next post.


Scan with Malwarebytes' Anti-Malware Free: https://www.malwarebytes.com/mwb-download/ Update it first, scan and attach its detection log, but Please Don't remove anything yet, until the log is reviewed.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



Lo-Fi Version Time is now: 25.06.2017 12:47