Is being sent through Facebook messaging. Typical message reads from someone you know mentioning something about a video you should see. Of course the sender didn't send it, and the video does - you guessed it - lay the java/mugademel.A virus on you.
I learned the hard way - once infected your Security Center becomes - not there. No firewall, no anti-virus, no updating. nada. with constant prompts from UAC to let Windows Command Center run (don't let it).
Virus scanners catch it, cleanses it, but it returns - time after time.
I've just finished cleaning my system. This involved several things to do:
1. Set your system folders to 'see' system critical files (files that are hidden and system marked)
2. Boot into safe mode - no networking.
3. Locate under C:\Users\<username> a directory named: .jnana and delete the whole shebang.
4. Open MSCONFIG and under Startups locate an entry for Java Update with a directory location that includes .jnana in it's path. Mark this entry so it doesn't run on bootup.
5. Reboot to normal mode.
6. I used CCleaner to remove that startup entry just for safe measures.
Now it's gone.
Just wanted to share my experiences with this one.
Running just fine now - back to our regularly scheduled program...
.jnana directory - beware java/mugademel.A virus
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
.jnana directory - beware java/mugademel.A virus
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- Administrator
- Posts: 79365
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: .jnana directory - beware java/mugademel.A virus
Thanks! In a recent thread, a fellow Lounger reported that Microsoft Security Essentials removes this infection - see Microsoft Security Essentials. The Trojan is also mentioned on the Avira website, so I assume that this AV program also removes it, and no doubt there are others too.
Best wishes,
Hans
Hans
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: .jnana directory - beware java/mugademel.A virus
Yes Hans, Microsoft Essentials does recognize and delete this virus - but it's loader in this case was a java update (false) file that Essentials noted and cleaned. The .jnana directory was not caught in any scan, nor cleaned. It ran a ServicePack3.bat file on boot up - that file went out and brought the virus back and the cycle returned.
Things are not always cut and dry. \
Things are not always cut and dry. \
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- Administrator
- Posts: 79365
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: .jnana directory - beware java/mugademel.A virus
It's good to know that - thanks for the detailed information.
Best wishes,
Hans
Hans
-
- PlatinumLounger
- Posts: 3757
- Joined: 24 Jan 2010, 11:00
- Location: Lexington, KY, USA
Re: .jnana directory - beware java/mugademel.A virus
One question to be sure, Bob, since I'm a heavy Facebook user. It comes via a private message, rather than a wall post or someone's status update in News Feed?BobL wrote:Is being sent through Facebook messaging... <snip>
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: .jnana directory - beware java/mugademel.A virus
Sure does BigAl, I have mine set to forward to my email address as well, but these do come in via facebook's messaging system. The key phrase for me was 'video' most always via a link.Bigaldoc wrote:It comes via a private message, rather than a wall post or someone's status update in News Feed?
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- PlatinumLounger
- Posts: 3757
- Joined: 24 Jan 2010, 11:00
- Location: Lexington, KY, USA
Re: .jnana directory - beware java/mugademel.A virus
Thanks Bob. I see a lot of videos in the wall posts friends make and I usually pass those by as well. Although I've never gotten a PM with one, I think I'll start boycotting the posted ones as well.
-
- NewLounger
- Posts: 2
- Joined: 16 Sep 2010, 00:32
Re: .jnana directory - beware java/mugademel.A virus
I got nailed by this virus and it sent copies to all of my "friends List". I followed your instructions and LO they worked. Thanks for taking the time and effort to clear this up for us. My computer is back on track now.
-
- StarLounger
- Posts: 88
- Joined: 25 Jan 2010, 11:25
- Location: Maine USA
Re: .jnana directory - beware java/mugademel.A virus
for posting Rubbercrutch. The beauty of boards like this one is that sometime, somewhere, somehow - someone will benefit from some obscure incident from the past.
Oh, and welcome to Eileen's Lounge.
Oh, and welcome to Eileen's Lounge.
BobL
The Other Bob from Maine
The Other Bob from Maine
-
- PlatinumLounger
- Posts: 3757
- Joined: 24 Jan 2010, 11:00
- Location: Lexington, KY, USA
Re: .jnana directory - beware java/mugademel.A virus
I'm glad your post helped him - it DOES make one feel good when you see someone benefit from something posted like your travails.BobL wrote: for posting Rubbercrutch. The beauty of boards like this one is that sometime, somewhere, somehow - someone will benefit from some obscure incident from the past.
Oh, and welcome to Eileen's Lounge.
In addition to here in The Lounge I wrote a Note on my Facebook wall about what you said in hopes that it would make my circle of FB friends leery of private messages with video links. I have to smile when I say that it's not clear how much of what one writes ever gets seen by a lot of friends. A whole lot of FB users seem to be there just to accumulate hundreds and hundreds of friends and nothing more. I think when you do that, the News Feed is so cluttered that it would be impossible to read everything posted. Oh well ...
-
- NewLounger
- Posts: 2
- Joined: 16 Sep 2010, 00:32
Re: .jnana directory - beware java/mugademel.A virus
Thanks Again. I will post a thread to this site for my friends to see. I know that some of them were as frustrated as I was. It's great that you saw fit to tell us how to fix this. Now on to the next one. Each time, I get a little more cautious but the sneaks always seem to catch us just as we think w can avoid their ugly claws. Larry