TR/Femad.Java.3

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

A friend of mine JUST detected something called "TR/Femad.Java.3" on their
Win98SE system. They use AntiVir.

I can't seem to find anything much about this bug anywhere except at some
German-based sites.

There *are* a couple of other weird things happening on his computer too,
but it can't be easily duplicated. This is what prompted us to do a virus
scan.

AntiVir pops up with "arr3[1].jar, Infected archive". But then it says
"cannot delete ore repair archives".

Anyone have any experience with this particular nasty?

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

What antivirus application is your friend using? What other malware
scanners besides the antivirus?

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Ogg" <sorry-nopam-wanted@anywhere.com> wrote in message
news:MBb9e.8751$Jg5.501483@news20.bellglobal.com...
> A friend of mine JUST detected something called "TR/Femad.Java.3" on
their
> Win98SE system. They use AntiVir.
>
> I can't seem to find anything much about this bug anywhere except at
some
> German-based sites.
>
> There *are* a couple of other weird things happening on his computer
too,
> but it can't be easily duplicated. This is what prompted us to do a
virus
> scan.
>
> AntiVir pops up with "arr3[1].jar, Infected archive". But then it
says
> "cannot delete ore repair archives".
>
> Anyone have any experience with this particular nasty?
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

My apologies. I should have read more carefully. "AntiVir" *is* the
antivirus app.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Ogg" <sorry-nopam-wanted@anywhere.com> wrote in message
news:MBb9e.8751$Jg5.501483@news20.bellglobal.com...
> A friend of mine JUST detected something called "TR/Femad.Java.3" on
their
> Win98SE system. They use AntiVir.
>
> I can't seem to find anything much about this bug anywhere except at
some
> German-based sites.
>
> There *are* a couple of other weird things happening on his computer
too,
> but it can't be easily duplicated. This is what prompted us to do a
virus
> scan.
>
> AntiVir pops up with "arr3[1].jar, Infected archive". But then it
says
> "cannot delete ore repair archives".
>
> Anyone have any experience with this particular nasty?
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

AntiVir is a German product, which is why a search will turn up mostly
German language responses. Antivirus companies tend to name viruses
differently, which makes it difficult for users to cross-reference. I
would probably try Trend Micro's Housecall, just to see what they say
about the file. http://housecall.trendmicro.com/housecall/start_corp.asp

Most antivirus apps can detect viruses inside archives, but can't do
anything about them except suggest that you delete the archive. Which is
the thing to do in this case. Locate the file and delete it. If your
friend's Windows is up to date, I don't *think* the virus can actually
do what it's intended to do. As far as I can tell, it requires that an
outdated version of Java Machine be installed.

--
Gary S. Terhune
MS MVP Shell/User
http://www.grystmill.com/articles/cleanboot.htm
http://www.grystmill.com/articles/security.htm

"Ogg" <sorry-nopam-wanted@anywhere.com> wrote in message
news:MBb9e.8751$Jg5.501483@news20.bellglobal.com...
> A friend of mine JUST detected something called "TR/Femad.Java.3" on
their
> Win98SE system. They use AntiVir.
>
> I can't seem to find anything much about this bug anywhere except at
some
> German-based sites.
>
> There *are* a couple of other weird things happening on his computer
too,
> but it can't be easily duplicated. This is what prompted us to do a
virus
> scan.
>
> AntiVir pops up with "arr3[1].jar, Infected archive". But then it
says
> "cannot delete ore repair archives".
>
> Anyone have any experience with this particular nasty?
>
>

 

[Guest]

Archived from groups: microsoft.public.win98.gen_discussion (More info?)

From: "Ogg" <sorry-nopam-wanted@anywhere.com>

| A friend of mine JUST detected something called "TR/Femad.Java.3" on their
| Win98SE system. They use AntiVir.
|
| I can't seem to find anything much about this bug anywhere except at some
| German-based sites.
|
| There *are* a couple of other weird things happening on his computer too,
| but it can't be easily duplicated. This is what prompted us to do a virus
| scan.
|
| AntiVir pops up with "arr3[1].jar, Infected archive". But then it says
| "cannot delete ore repair archives".
|
| Anyone have any experience with this particular nasty?
|


1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of the Mozilla FireFox Cache
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

4) Download TrendMicro Sysclean by one of the following 2 methods

Trend Sysclean Method 1
---------------------------------------
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt584.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

5) Reboot your PC into Safe Mode and shutdown as many applications as possible.
6) Using Trend Sysclean utility, perform a Full Scan of your platform and clean/delete
any infectors/parasites found.
(a few cycles may be needed)
7) Restart your PC and perform a "final" Full Scan of your platform using the
Trend Sysclean utility.


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm