.jnana directory - beware java/mugademel.A virus

User avatar
BobL
StarLounger
Posts: 88
Joined: 25 Jan 2010, 11:25
Location: Maine USA

.jnana directory - beware java/mugademel.A virus

Post by BobL »

Is being sent through Facebook messaging. Typical message reads from someone you know mentioning something about a video you should see. Of course the sender didn't send it, and the video does - you guessed it - lay the java/mugademel.A virus on you.
I learned the hard way - once infected your Security Center becomes - not there. No firewall, no anti-virus, no updating. nada. with constant prompts from UAC to let Windows Command Center run (don't let it).
Virus scanners catch it, cleanses it, but it returns - time after time.
I've just finished cleaning my system. This involved several things to do:

1. Set your system folders to 'see' system critical files (files that are hidden and system marked)
2. Boot into safe mode - no networking.
3. Locate under C:\Users\<username> a directory named: .jnana and delete the whole shebang.
4. Open MSCONFIG and under Startups locate an entry for Java Update with a directory location that includes .jnana in it's path. Mark this entry so it doesn't run on bootup.
5. Reboot to normal mode.
6. I used CCleaner to remove that startup entry just for safe measures.

Now it's gone.
Just wanted to share my experiences with this one.
:hairout:
Running just fine now - back to our regularly scheduled program...
BobL
The Other Bob from Maine
Image

User avatar
HansV
Administrator
Posts: 79365
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: .jnana directory - beware java/mugademel.A virus

Post by HansV »

Thanks! In a recent thread, a fellow Lounger reported that Microsoft Security Essentials removes this infection - see Microsoft Security Essentials. The Trojan is also mentioned on the Avira website, so I assume that this AV program also removes it, and no doubt there are others too.
Best wishes,
Hans

User avatar
BobL
StarLounger
Posts: 88
Joined: 25 Jan 2010, 11:25
Location: Maine USA

Re: .jnana directory - beware java/mugademel.A virus

Post by BobL »

Yes Hans, Microsoft Essentials does recognize and delete this virus - but it's loader in this case was a java update (false) file that Essentials noted and cleaned. The .jnana directory was not caught in any scan, nor cleaned. It ran a ServicePack3.bat file on boot up - that file went out and brought the virus back and the cycle returned.
Things are not always cut and dry. :scratch: \
BobL
The Other Bob from Maine
Image

User avatar
HansV
Administrator
Posts: 79365
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: .jnana directory - beware java/mugademel.A virus

Post by HansV »

It's good to know that - thanks for the detailed information.
Best wishes,
Hans

User avatar
Bigaldoc
PlatinumLounger
Posts: 3757
Joined: 24 Jan 2010, 11:00
Location: Lexington, KY, USA

Re: .jnana directory - beware java/mugademel.A virus

Post by Bigaldoc »

BobL wrote:Is being sent through Facebook messaging... <snip>
One question to be sure, Bob, since I'm a heavy Facebook user. It comes via a private message, rather than a wall post or someone's status update in News Feed?

User avatar
BobL
StarLounger
Posts: 88
Joined: 25 Jan 2010, 11:25
Location: Maine USA

Re: .jnana directory - beware java/mugademel.A virus

Post by BobL »

Bigaldoc wrote:It comes via a private message, rather than a wall post or someone's status update in News Feed?
Sure does BigAl, I have mine set to forward to my email address as well, but these do come in via facebook's messaging system. The key phrase for me was 'video' most always via a link.
BobL
The Other Bob from Maine
Image

User avatar
Bigaldoc
PlatinumLounger
Posts: 3757
Joined: 24 Jan 2010, 11:00
Location: Lexington, KY, USA

Re: .jnana directory - beware java/mugademel.A virus

Post by Bigaldoc »

Thanks Bob. I see a lot of videos in the wall posts friends make and I usually pass those by as well. Although I've never gotten a PM with one, I think I'll start boycotting the posted ones as well.

Rubbercrutch
NewLounger
Posts: 2
Joined: 16 Sep 2010, 00:32

Re: .jnana directory - beware java/mugademel.A virus

Post by Rubbercrutch »

I got nailed by this virus and it sent copies to all of my "friends List". I followed your instructions and LO they worked. Thanks for taking the time and effort to clear this up for us. My computer is back on track now. :clapping: :fanfare: :thankyou:

User avatar
BobL
StarLounger
Posts: 88
Joined: 25 Jan 2010, 11:25
Location: Maine USA

Re: .jnana directory - beware java/mugademel.A virus

Post by BobL »

:thankyou: for posting Rubbercrutch. The beauty of boards like this one is that sometime, somewhere, somehow - someone will benefit from some obscure incident from the past.
Oh, and welcome to Eileen's Lounge.
BobL
The Other Bob from Maine
Image

User avatar
Bigaldoc
PlatinumLounger
Posts: 3757
Joined: 24 Jan 2010, 11:00
Location: Lexington, KY, USA

Re: .jnana directory - beware java/mugademel.A virus

Post by Bigaldoc »

BobL wrote: :thankyou: for posting Rubbercrutch. The beauty of boards like this one is that sometime, somewhere, somehow - someone will benefit from some obscure incident from the past.
Oh, and welcome to Eileen's Lounge.
I'm glad your post helped him - it DOES make one feel good when you see someone benefit from something posted like your travails.

In addition to here in The Lounge I wrote a Note on my Facebook wall about what you said in hopes that it would make my circle of FB friends leery of private messages with video links. I have to smile when I say that it's not clear how much of what one writes ever gets seen by a lot of friends. A whole lot of FB users seem to be there just to accumulate hundreds and hundreds of friends and nothing more. I think when you do that, the News Feed is so cluttered that it would be impossible to read everything posted. Oh well ...

Rubbercrutch
NewLounger
Posts: 2
Joined: 16 Sep 2010, 00:32

Re: .jnana directory - beware java/mugademel.A virus

Post by Rubbercrutch »

Thanks Again. I will post a thread to this site for my friends to see. I know that some of them were as frustrated as I was. It's great that you saw fit to tell us how to fix this. Now on to the next one. Each time, I get a little more cautious but the sneaks always seem to catch us just as we think w can avoid their ugly claws. Larry