Can't remove exploit:java/cve-2012-5076.gaa virus

[babylon5guy]

Hi, MSE removes this virus and it returns upon re-boot. Superantivirus, Malwarebytes and Emsisoft don't even detect it. Anyone know how to get rid of this thing?
Thanks

[rjfvillarosa]

Are you having the problem with the machine in your signature or another machine?
If it is a different machine to the one in your signature, is it a laptop or store bought PC?

[babylon5guy]

It's the one in my signature, I built myself. This is the first virus I've gotten I couldn't figure out how to get rid of. It doesn't seem to be causing any trouble but MS says it is severe and irregurardless I wouldn't leave any bug on my PC if I knew it was there. Searching Google there is really no solutions I could find, some company named Tee Support has many links on how to remove it, their manual instructions are BS, they want you to pay something, and researching them pretty much says they are a scam company. Microsoft says this is a bad bug but offers no way of removing other than the things I've already done.

[rjfvillarosa]

First thing I would do is slave the harddrive to another machine to run the usual scans. If Malwarebytes and Emsisoft are not even detecting it I think I would research the idea that it might be a false positive.
Where does MSE say the virus is located?
Have you installed any new software lately?

[babylon5guy]

When I get rid of these they will be back the next time I re-boot.
Well I attached what MSE says, hope it comes through. No I haven't loaded any new software lately.

[babylon5guy]

This is what MS says: Encyclopedia entry: Exploit:Java/CVE-2012-5076.GAA - Learn more about malware - Microsoft Malware Protection Center

[rjfvillarosa]

Quote:

Originally Posted by babylon5guy It doesn't seem to be causing any trouble

This is what is making me think you may have a false positive.
Have you tried using Ccleaner to all the temporary files before and after the scans and then rebooting?

[babylon5guy]

No, I've never used ccCleaner. I'll give it a try. Is it pretty self explanatory?

[rjfvillarosa]

It is a doddle to use.
Get a copy from FileHippo.com - Download Free Software and take a look.

[babylon5guy]

Thanks for your help rjfvillarosa let me try all these things, and I'll post back my results. False postitive or not I'd like to get rid of it.

[rjfvillarosa]

Panama Red and myself are doing a little research at the moment into the so called "you have been downloading illegally" viruses, please post back with whatever you find.

[babylon5guy]

Yes I will. If you mean that Ransom virus, I have had luck with Emsisoft, when nothing else worked, there are several variations of it, it was the worst I have encountered so far, even in safe mode it came up.

[rjfvillarosa]

The reason I asked you what machine the problem is on, is because we have both noticed that the "ransomeware" nonsense appears to be infecting the recovery partition on some branded machines.

[babylon5guy]

The PC I cleaned the Ransomware off of was an HP that was a couple of years old. I don't know if it had infected the recovery partition. I did successfully remove it, after serveral tries. I never had one that bad on my PC, I'm careful what I ok and where I go.

[rjfvillarosa]

The only way you will know if the recovery partition is infected is when you "Slave" the harddrive, you can then see all the partitions on the harddrive and you can select it to be scanned. Usually the recovery partition is hidden so any scanner you run from the Windows environment will not detect it.

[babylon5guy]

Yes the infection was so severe I did slave his hard drive to my PC, I had to, I could not do anything with it, but I really didn't take notice where all the files it had cleaned were.

[rjfvillarosa]

Have you tried Ccleaner on your machine yet?

[babylon5guy]

Not yet I slaved it and am scanning.

[babylon5guy]

Well ran ccleaner before and after full scans by superantispyware, emsisoft, malwarebytes and MSE on a slaved HD and exploit:java/cve-2012-5076.gaa is still there? This is a tough one.

[usnavyretired]

Have a look at this link for manual removal:
I can't remove exploit java/cve-2012-5076.gaa,it keeps coming - Microsoft Community

[babylon5guy]

Thanks usnavyretired I did see that site and cleared the Java Cache, and ccCleaner cleaned all the temporary files and none of that worked. I haven't uninstalled Java yet, I'm not sure I want to do that. With my luck the first site I go to will say I need it.

[babylon5guy]

Hey usnavyretired for the hell of it I emptied the Java cache again and with all the scans I did and total deletion of a lot of unnecessary files by ccCleaner. The virus is gone! Along with the above mentioned scans that found nothing I used aswMBR, and ESET which both found some things, which didn't look like the Exploit virus, but doing that and empting the Java cache again it's gone, MSE didn't detect it again and I'm a happy camper, Thanks rjfvillarosa and usnavyretired for you help.

[glc]

Note: When you use CCleaner, you need to go into Options: Advanced and uncheck the box to only delete temp files older than 24 hours. If you use MSE, you also have to go into Cleaner: Applications and uncheck MS AntiMalware, MS Management Console, and MS Security Client.

[babylon5guy]

Thanks glc, I didn't do that, it erased all my passwords, and my MSE would not go into protected mode, I had to uninstall it and re-install it. So I guess that explains that. I should have asked more on how to use it. Since I didn't do any of that is there anymore surprised waiting for me? I'm also going to uninstall Java and see if everything runs alright without it.