# Solved: Trojan Downloader



## foxrocks993 (Aug 16, 2005)

After a recent anti-virus and spyware scan, the following files showed up as being infected. The bolded files were unable to be deleted, disinfected or renamed. I am a Shaw Internet subscriber, Shaw provides a free anti-virus and internet security program to its subscribers, Shaw Secure 6.15 - part of the F-Secure family.

Result: 4 malware found

Trojan-Downloader.Java.Agent.c (virus)

*C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-29c216a1\FcPred.class* 
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-29c216a1 Action: deleted
*C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-10bfbdb3-3a5a231d.zip\FcPred.class *
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\FcPred.jar-10bfbdb3-3a5a231d.zip Action: deleted

I am running Windows XP Sp2
Shaw Secure 6.15 (Anti-Virus/Internet Security

Attatched you will find my Hijackthis Log File.

If there is any other info that is required, just ask and i would be happy to make it availible.

If someone could help me remove these two files it would be greatly appreciated.


----------



## cybertech (Apr 16, 2002)

Hi, Welcome to TSG!!

*Run HJT again and put a check in the following:*

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O15 - Trusted Zone: http://forum.canucks.com
O15 - Trusted Zone: http://www.cybertechhelp.com
O15 - Trusted Zone: http://support.dlink.com
O15 - Trusted Zone: http://www.google.ca
O15 - Trusted Zone: http://*.photobucket.com
O15 - Trusted Zone: http://www.shockwave.com
O15 - Trusted Zone: http://www.thinktorrent.com
O15 - Trusted Zone: http://www.torrenttyphoon.com
O15 - Trusted Zone: http://www.vpl.vancouver.bc.ca
O15 - Trusted Zone: http://www.vpl.ca
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab

*Close all applications and browser windows before you click "fix checked".*

Clear your java cache as described here: http://www.java.com/en/download/help/5000020300.xml


----------



## foxrocks993 (Aug 16, 2005)

I followed the steps that you suggested and it seems to have worked. Ran a scan on the directory where the infected files were found (C:\Documents and Settings\Owner\Application Data\Sun) and this directory is now clean of infection.

Thank you and your help is greatly appreciated.

Chris.


----------



## cybertech (Apr 16, 2002)

Great! You're welcome!


----------

