.jnana directory - beware java/mugademel.A virus

[BobL]

Is being sent through Facebook messaging. Typical message reads from someone you know mentioning something about a video you should see. Of course the sender didn't send it, and the video does - you guessed it - lay the java/mugademel.A virus on you.
I learned the hard way - once infected your Security Center becomes - not there. No firewall, no anti-virus, no updating. nada. with constant prompts from UAC to let Windows Command Center run (don't let it).
Virus scanners catch it, cleanses it, but it returns - time after time.
I've just finished cleaning my system. This involved several things to do:

1. Set your system folders to 'see' system critical files (files that are hidden and system marked)
2. Boot into safe mode - no networking.
3. Locate under C:\Users\<username> a directory named: .jnana and delete the whole shebang.
4. Open MSCONFIG and under Startups locate an entry for Java Update with a directory location that includes .jnana in it's path. Mark this entry so it doesn't run on bootup.
5. Reboot to normal mode.
6. I used CCleaner to remove that startup entry just for safe measures.

Now it's gone.
Just wanted to share my experiences with this one.

Running just fine now - back to our regularly scheduled program...

[HansV]

Thanks! In a recent thread, a fellow Lounger reported that Microsoft Security Essentials removes this infection - see Microsoft Security Essentials. The Trojan is also mentioned on the Avira website, so I assume that this AV program also removes it, and no doubt there are others too.

[BobL]

Yes Hans, Microsoft Essentials does recognize and delete this virus - but it's loader in this case was a java update (false) file that Essentials noted and cleaned. The .jnana directory was not caught in any scan, nor cleaned. It ran a ServicePack3.bat file on boot up - that file went out and brought the virus back and the cycle returned.
Things are not always cut and dry. \

[HansV]

It's good to know that - thanks for the detailed information.

[Bigaldoc]

Is being sent through Facebook messaging... <snip>

One question to be sure, Bob, since I'm a heavy Facebook user. It comes via a private message, rather than a wall post or someone's status update in News Feed?

[BobL]

It comes via a private message, rather than a wall post or someone's status update in News Feed?

Sure does BigAl, I have mine set to forward to my email address as well, but these do come in via facebook's messaging system. The key phrase for me was 'video' most always via a link.

[Bigaldoc]

Thanks Bob. I see a lot of videos in the wall posts friends make and I usually pass those by as well. Although I've never gotten a PM with one, I think I'll start boycotting the posted ones as well.

[Rubbercrutch]

I got nailed by this virus and it sent copies to all of my "friends List". I followed your instructions and LO they worked. Thanks for taking the time and effort to clear this up for us. My computer is back on track now.

[BobL]

for posting Rubbercrutch. The beauty of boards like this one is that sometime, somewhere, somehow - someone will benefit from some obscure incident from the past.
Oh, and welcome to Eileen's Lounge.

[Bigaldoc]

for posting Rubbercrutch. The beauty of boards like this one is that sometime, somewhere, somehow - someone will benefit from some obscure incident from the past.
Oh, and welcome to Eileen's Lounge.

I'm glad your post helped him - it DOES make one feel good when you see someone benefit from something posted like your travails.

In addition to here in The Lounge I wrote a Note on my Facebook wall about what you said in hopes that it would make my circle of FB friends leery of private messages with video links. I have to smile when I say that it's not clear how much of what one writes ever gets seen by a lot of friends. A whole lot of FB users seem to be there just to accumulate hundreds and hundreds of friends and nothing more. I think when you do that, the News Feed is so cluttered that it would be impossible to read everything posted. Oh well ...

[Rubbercrutch]

Thanks Again. I will post a thread to this site for my friends to see. I know that some of them were as frustrated as I was. It's great that you saw fit to tell us how to fix this. Now on to the next one. Each time, I get a little more cautious but the sneaks always seem to catch us just as we think w can avoid their ugly claws. Larry