dring

Log from Webroot: 6/14/2010 3:12:36 PM: Sweep initiated using definitions version 1719 6/14/2010 3:12:07 PM: ApplicationMinimized - EXIT 6/14/2010 3:12:07 PM: ApplicationMinimized - ENTER 6/14/2010 3:09:50 PM: Restore from quarantine completed. Elapsed time 00:00:00 6/14/2010 3:09:50 PM: Processing: trojan-relayer-jolleee 6/14/2010 3:09:50 PM: Restore from quarantine initiated 6/14/2010 3:08:32 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:28:34 PM: IE Favorites Shield: Entry Allowed: http://secunia.com/community/forum/thread/show/4504/trojan_relayer_jolleee_webroot_piriform'>http://secunia.com/community/forum/thread/show/4504/trojan_relayer_jolleee_webroot_piriform 6/14/2010 2:28:34 PM: IE Favorites Shield: Entry Allowed: http://secunia.com/community/forum/thread/show/4504/trojan_relayer_jolleee_webroot_piriform 6/14/2010 2:26:13 PM: ApplicationMinimized - EXIT 6/14/2010 2:26:13 PM: ApplicationMinimized - ENTER 6/14/2010 2:26:09 PM: Deletion from quarantine completed. Elapsed time 00:00:00 6/14/2010 2:26:09 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:26:09 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:26:09 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:26:09 PM: Deletion from quarantine initiated 6/14/2010 2:25:55 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:25:55 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:25:55 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:25:17 PM: Restore from quarantine completed. Elapsed time 00:00:00 6/14/2010 2:25:17 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:25:17 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:25:17 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:25:17 PM: Restore from quarantine initiated 6/14/2010 2:23:44 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:23:43 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:23:42 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:15:52 PM: ApplicationMinimized - EXIT 6/14/2010 2:15:52 PM: ApplicationMinimized - ENTER 6/14/2010 2:15:51 PM: None 6/14/2010 2:15:51 PM: Traces Found: 0 6/14/2010 2:15:50 PM: Memory Sweep Complete, Elapsed Time: 00:00:31 6/14/2010 2:15:50 PM: Sweep Cancelled 6/14/2010 2:15:19 PM: Starting Memory Sweep 6/14/2010 2:15:01 PM: Start Full Sweep 6/14/2010 2:15:01 PM: Sweep initiated using definitions version 1719 6/14/2010 2:14:40 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities 6/14/2010 2:14:40 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities 6/14/2010 2:14:37 PM: Informational: Loaded AntiVirus Engine: 3.7.1; SDK Version: 4.53E; Virus Definitions: 06/14/2010 16:44:22 (GMT) 6/14/2010 2:14:30 PM: License Check Status (0): Success 6/14/2010 2:14:19 PM: Webroot Software 6.1.0.145 started 6/14/2010 2:14:19 PM: | Start of Session, Monday, June 14, 2010 | *************** 6/14/2010 2:11:22 PM: ApplicationMinimized - EXIT 6/14/2010 2:11:22 PM: ApplicationMinimized - ENTER 6/14/2010 2:11:21 PM: Deletion from quarantine completed. Elapsed time 00:00:00 6/14/2010 2:11:21 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:11:21 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:11:21 PM: Deletion from quarantine initiated 6/14/2010 2:10:56 PM: ApplicationMinimized - EXIT 6/14/2010 2:10:56 PM: ApplicationMinimized - ENTER 6/14/2010 2:10:50 PM: None 6/14/2010 2:10:50 PM: Traces Found: 0 6/14/2010 2:10:50 PM: Context Folder Sweep has completed. Elapsed time 00:00:01 6/14/2010 2:10:50 PM: File Sweep Complete, Elapsed Time: 00:00:01 6/14/2010 2:10:49 PM: Starting File Sweep 6/14/2010 2:10:49 PM: Start Context Folder Sweep 6/14/2010 2:10:49 PM: Sweep initiated using definitions version 1719 6/14/2010 2:10:48 PM: Removal process completed. Elapsed time 00:00:01 6/14/2010 2:10:47 PM: Quarantining All Traces: trojan-relayer-jolleee 6/14/2010 2:10:47 PM: Removal process initiated 6/14/2010 2:10:05 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:10:05 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:09:59 PM: ApplicationMinimized - EXIT 6/14/2010 2:09:59 PM: ApplicationMinimized - ENTER 6/14/2010 2:09:39 PM: Traces Found: 1 6/14/2010 2:09:39 PM: Context File Sweep has completed. Elapsed time 00:00:00 6/14/2010 2:09:39 PM: File Sweep Complete, Elapsed Time: 00:00:00 6/14/2010 2:09:39 PM: C:\Documents and Settings\Legacy\Local Settings\Temporary Internet Files\Content.IE5\30o5rt79\index_32[1].jpg (ID = 5380529) 6/14/2010 2:09:39 PM: Found Trojan Horse: trojan-relayer-jolleee 6/14/2010 2:09:38 PM: Starting File Sweep 6/14/2010 2:09:38 PM: Start Context File Sweep 6/14/2010 2:09:38 PM: Sweep initiated using definitions version 1719 6/14/2010 2:08:50 PM: Restore from quarantine completed. Elapsed time 00:00:00 6/14/2010 2:08:50 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:08:50 PM: Processing: trojan-relayer-jolleee 6/14/2010 2:08:50 PM: Restore from quarantine initiated 6/14/2010 2:07:20 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:07:19 PM: File System Shield: found: Trojan Horse: trojan-relayer-jolleee, version 1.0.0.0 6/14/2010 2:07:06 PM: ApplicationMinimized - EXIT 6/14/2010 2:07:06 PM: ApplicationMinimized - ENTER

I did manage to duplicte it on another machine so 6th case. My work box has Nod32, and my home box is Kaspersky. I do not run Webroot on my home machine, but I installed it to see what would happen..., and it did.

Hello all, same thing happening to me using CCleaner and Webroot. Identified trojan relayer jolleee, and is usaully in ie tempoary internet files,and is always a 18.5k file. Can be a png,jpg,etc, and one time a log file from combofix that just happened to be 18.5k in my root directory. I went to google images and searched "fish 18.5k" then ran CCleaner and Webroot hit a few of the images as jolleee trojan. I'm trying to see if it is a setting like 1,3 or whatever file deletion I pick problem,or some other setting. I uninstalled it a couple of times and reinstalled from Pirifrm site not File Hippo and still have it happening........... So far I have got jolleee from Webroot after run cleaner from visiting Daily tech, drudge roeport, google etc., but it is not a trojan just something else I think.