First off, I want to thank, once again, purplecheese for his HUGE assistance in helping my last issue with a renegade Norton product. Now, I have a trojan. Lucky me.
I installed McAfee Internet Security, and despite repeated attempts, I could not get it to update my virus definitions. The product installed fine, and everything appears to work as needed, however updates just will not happen.
After getting off the phone with McAfee, I was recommended to log on to their web page, and do a scan from there, to see if their up to date list of known threats might identify a virus/trojan that could be effecting my PC.
It ran a full system scan and turned up a single trojan, JV/Zaak.
This is the description of the trojan:
JV/Zaak
Trojan Information
Discovery Date: 10/13/2003
Origin: Unknown
Length: 13,151 bytes
Type: Trojan
SubType: -
Minimum DAT: 4299 (10/22/2003)
Updated DAT: 4299 (10/22/2003)
Minimum Engine: 4.2.40
Description Added: 11/04/2003
Description Modified: 11/06/2003 2:58 PM (PT)
Trojan Characteristics:
This Java Applet alters Internet Explorer settings and makes changes to the system HOSTS file.
Symptoms
The trojan modifies the registry values :
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\1 "1C00" = 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\2 "1C00" = 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Zones\3 "1C00" = 0
This has the effect of disabling Java for the Local Intranet, Trusted Sites and Internet security zones used by Internet Explorer.
The trojan also sets the search page, and start page of Internet Explorer to the following address: http://www.kazaa-lite.ws. It also creates 2 URL Shortcuts in the Favorites folder, pointing to the same site.(No start page changes ever occured, and I found no additions in my Favorites folder)
The HOSTS file is modified to redirect users to a specified site.(this part never effected my PC)
Aliases:
Trojan.Java.Kazlite (AVP)
-----------------------
The removal section is, from where I sit, non-existant.
" Removal Instructions
Use current engine and DAT files for detection. Delete any file which contains this detection."
I have no idea what this means.
Can anyone assist me in ridding my PC of this trojan? Any ideas, or tools to do so would be a big help. Thanks in advance.