Veevo

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I run Bitdefender and I constantly get:

C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo=>(Embedded EXE g)    Infected Trojan.Veevo.B
C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo=>(Embedded EXE g)    Copy failed
C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo=>(Embedded EXE g)    Move failed

I can't seem to get rid of this Veevo.  Each time I run Bitdefender I
get the same results.

Any solutions?


Re: Veevo


| I run Bitdefender and I constantly get:
|
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo=>(Embedded EXE g) Infected Trojan.Veevo.B
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo=>(Embedded EXE g) Copy failed
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo=>(Embedded EXE g) Move failed
|
| I can't seem to get rid of this Veevo.  Each time I run Bitdefender I
| get the same results.
|
| Any solutions?



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java
JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
  http://www.lavasoft.de /
  http://www.lavasoftusa.com /
  http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
  http://security.kolla.de /
  http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
  http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser
Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
  http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Veevo

wrote:
Quoted text here. Click to load it
http://java.sun.com/javase/downloads/index.jsphttp://www.java.com/en/download/manual.jsp
Quoted text here. Click to load it
FYI:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Thanks.  I removed the old version of Java like you said---- I did
have two version.  I thought that would do the trick.  It didn't.  I
switched by Bitdefender action to delete and got the following
results:

C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo=>(Embedded EXE g)    Infected Trojan.Veevo.B
C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo=>(Embedded EXE g)    Deleted
C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo    Update failed

Seems like that little bugger is still lurking.  I will now try your
other steps.  By the way, I have Adaware and Spybot and they never
catch this Veevo guy.





Re: Veevo



|
| Thanks.  I removed the old version of Java like you said---- I did
| have two version.  I thought that would do the trick.  It didn't.  I
| switched by Bitdefender action to delete and got the following
| results:
|
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo=>(Embedded EXE g) Infected Trojan.Veevo.B
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo=>(Embedded EXE g) Deleted
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo Update failed
|
| Seems like that little bugger is still lurking.  I will now try your
| other steps.  By the way, I have Adaware and Spybot and they never
| catch this Veevo guy.
|


Making sure Sun Java was up-to-date was't a fix for the malware, it was a
suggestion to deal
with a possible point of exploitation.

Since you mention you have Ad-aware SE (hopefully v1.06) and SpyBot S&D
(hopefully v1.4) you
should now try SuperAntiSpyware which was in the list of suggested tools.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Veevo

wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Okay, just to be sure I rean Bitdefender again and got:
C:\WINDOWS\SYSTEM32\VeevoPack
000000-0000-0000-0000-000000000000.current    OK
C:\WINDOWS\SYSTEM32\VeevoPack62ea7e-0a95-496e-
bb82-49bd10998eec.library    OK
C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo    OK
C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo=>(Embedded EXE g)    Infected Trojan.Veevo.B
C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo=>(Embedded EXE g)    Deleted
C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
b03d-9da31d3cc4a0.combo    Update failed

I ran the SuperAntiSpyware and it didn't even detect Veevo.  I am
ready for the next step.


Re: Veevo



|
| Okay, just to be sure I rean Bitdefender again and got:
| C:\WINDOWS\SYSTEM32\VeevoPack
| 000000-0000-0000-0000-000000000000.current OK
| C:\WINDOWS\SYSTEM32\VeevoPack62ea7e-0a95-496e-
| bb82-49bd10998eec.library OK
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo OK
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo=>(Embedded EXE g) Infected Trojan.Veevo.B
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo=>(Embedded EXE g) Deleted
| C:\WINDOWS\SYSTEM32\VeevoPackcc8a4b-dadf-4fcd-
| b03d-9da31d3cc4a0.combo Update failed
|
| I ran the SuperAntiSpyware and it didn't even detect Veevo.  I am
| ready for the next step.


Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is not required in the below before posting a log
http://www.thespykiller.co.uk/forum/?action=forum


NOTE: Registration is REQUIRED in any of the below before posting a log
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security /
http://forums.security-central.us/forumdisplay.php?f=13

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Veevo

near as i can tell 5.0 update 11 is the latest java.com
"JAVA SOFTWARE
MANUAL DOWNLOAD


Java Software         Java Runtime Environment Version 5.0 Update 11
Download other Java software versions

To complete the download of the Java Runtime Environment, please
select from the list below. Once you have Java software, you'll have
access to a whole new world of interactivity. Please note that
downloads are subject to our license agreement.


Windows Users: To see if your browser supports automatic installation,
please click here."
"AVA SOFTWARE for Your Computer

We detected your Java environment as follows;
Description     Your Environment
Java Runtime Vendor:

Sun Microsystems Inc.
Java Runtime Version

1.5.0_11


CONGRATULATIONS, you have the Latest version of Java!"


Re: Veevo


Quoted text here. Click to load it

Yes, I get the same message from Sun with my Version 5.0.11.  And I
prefer it over 6.0 so I am staying with it.  They changed some of the
*innards* in the newer version and while that is not life-threatening, I
prefer the old method of cleaning out my Java files.

Cheers.....Heather
Quoted text here. Click to load it



Re: Veevo


| near as i can tell 5.0 update 11 is the latest java.com
| "JAVA SOFTWARE
| MANUAL DOWNLOAD
|
| Java Software   Java Runtime Environment Version 5.0 Update 11
| Download other Java software versions
|
| To complete the download of the Java Runtime Environment, please
| select from the list below. Once you have Java software, you'll have
| access to a whole new world of interactivity. Please note that
| downloads are subject to our license agreement.
|
| Windows Users: To see if your browser supports automatic installation,
| please click here."
| "AVA SOFTWARE for Your Computer
|
| We detected your Java environment as follows;
| Description  Your Environment
| Java Runtime Vendor:
|
| Sun Microsystems Inc.
| Java Runtime Version
|
| 1.5.0_11
|
| CONGRATULATIONS, you have the Latest version of Java!"

It isn't the lastest Sun Java version except in the version 5 update xx family.

c:\>java -version
java version "1.6.0"
Java(TM) SE Runtime Environment (build 1.6.0-b105)
Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Veevo

wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Still can't get rid of veevo.  Any more suggestions?


Re: Veevo



|
| Still can't get rid of veevo.  Any more suggestions?

Please check the other branch in this thread for my latest suggestion.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Veevo

wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Tried those too, still no luck.


Re: Veevo



|
| Tried those too, still no luck.

You posted in one of ther anti malware forums I suggested ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Veevo

wrote:
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

I finally got rid of it.  How?  I contacted BitDefender via chat.
They led me through and deleted one file out of the Veevo folder.
That seems to do the trick.  BitDefender seems pretty good to me.


Re: Veevo

Quoted text here. Click to load it

Now that you finally got rid of it, could you possibly know were you
infected by this Veevo trojan?


Re: Veevo

wrote:
Quoted text here. Click to load it
http://java.sun.com/javase/downloads/index.jsphttp://www.java.com/en/download/manual.jsp
Quoted text here. Click to load it
FYI:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1
Quoted text here. Click to load it
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

How does this Veevo related to Java vulnerabilities?


Re: Veevo

wrote:
Quoted text here. Click to load it

Bitdefender scan said I was infected.  I am not such a computer geek
to know how I was infected.


Site Timeline