Howdy,

I recently downloaded the latest version of Java and removed the older version. I just ran a scan with AVG Anti Spyware and it picked up 2 trojans.

Java classloader.g and Java classloader.f

I tried to quarantine them, but got a window saying they were embedded and was asked if I wanted to quarantine the entire archive. (What ever that means) so I clicked yes.

Here is what is now quarantined:AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:34:51 PM 2/12/2007

+ Scan result:



C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-73d04c00-65e38c10.zip/VaaaaaaaBaa.class -> Trojan.ClassLoader.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-73d04c00-65e38c10.zip/Dex.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-73d04c00-65e38c10.zip/Dix.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-73d04c00-65e38c10.zip/Dux.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).


::Report end

Where do I go from here ?? Should I uninstall Java and try a reinstall ?? I thought I was on a secure site when I down loaded, but maybe I was not.


Thanks for your time,

Dennis

First off, from looking at the infected files, the version listed for Java doesn't match the current Java version at all unless I'm completely misinterpreting what I see.

Definitely uninstall everything to do with Java from Add/Remove programs.

Go here: http://java.sun.com/javase/downloads/index.jsp to download and install the new version of Java. Unless you are into programming, choose the JRE download which is the fourth one in the list.

By the way, what site did you download from?

Orange Blossom

Thanks for the reply Orange Blossom.

When I click on my Java icon it says I have the Standard 6 version. 1.6.0 (build 1.6.0-b105 ??

Anyway, I will get rid of it right now. I found the site here on Bleeping computer after I had asked if someone could verify if I had the current version. I will find the post and list it here.


Here is that post. http://www.bleepingcomputer.com/forums/topic79687.html

Just to double check after I click on JRE 6, which platform should I download ?

Windows XP,SP2,IE-7



Thanks Again,

Dennis

I usually do the offline installation.

As I remember, the two Java items are actually POTENTIALLY a problem, not actually malware in itself.
You should download and install the latest JavaRuntimeEnvironment for Windows, making sure to delete previous versions,then clear the Java Cache from the Java Control Panel.
Regards,
John

Okay:

1) I did misinterpret what I saw, and you indeed had the latest version. :duncecap image:

2) The site you downloaded from before is the same as the link I provided, so no problem there.

As for which platform. If your answer to "Do I do programming is?" is "No" then you want this one:

which is the fourth one down the list.

I also agree with tink that you should do the off-line installation and with jgweed to clear the Java cache.

Orange Blossom

To add to previous post:

Once you click on the download button, you will be taken to another page. Unless you have 64 bit Windows - which I doubt, you will want to install the first one listed under Windows Platform. This will be the off-line installation.

Orange Blossom

Thanks for the replies. I have a few more questions, if you folks have the patience.

I went to add/remove and removed Java. I then went to the control panel, but I do not know how to remove the Java cache. Probably because I do not know what the heck Java cache means. I see the Java icon in the control panel. If I click on it nothing happens. I suppose that is because I have removed the program ??



When I get to the second page on the download site, I do not see anything regarding offline installation. Apparently I (as usual) am missing something. Do you mean download the program to a file ,get offline and then install ?

Thanks again for the help. I just want to make sure I do it correctly this time around.



Thanks,

Dennis

Delete all files and subfolders within the cache folder below.

C:\Documents and Settings\<user_name>\Application Data\Sun\Java\Deployment\cache\

To Clear the Java Runtime Environment (JRE) cache, do this:

• Click Start > Settings > Control Panel.
• Double-click the Java icon.
  -The Java Control Panel appears.
• Click "Settings" under Temporary Internet Files.
  -The Temporary Files Settings dialog box appears.
• Click "Delete Files".
  -The Delete Temporary Files dialog box appears.
  -There are three options on this window to clear the cache.
  • Delete Files
  • View Applications
  • View Applets
• Click "OK" on Delete Temporary Files window.
  -Note: This deletes all the Downloaded Applications and Applets from the cache.
• Click "OK" on Temporary Files Settings window.
• Close the Java Control Panel.

You can also view these instructions along with screenshots here.

Thanks for all the replies.

Here is what I did. I removed Java yesterday evening. I then restarted the computer. The Java icon was no longer in the control panel.

I tried what tink536 suggested this morning and tried try to get the files and folders that I needed to delete to show up and could not get it done.

I then did a file search by typing in the key word Java. About 90 files showed up in the search. Some just said Java in the file names but many also had other names and jargon in the file names. I was hesitant to just start deleting all these files.

I decided just to download Java again and install it. I ran a scan and it came up clean.

Quiteman, is it a good idea to start again and follow your instructions on removing the cache, removing Java and doing another install ? If I do that will it get rid of all the unneeded files and folders from past versions ?

I have never tried to remove any files or folders after I have removed old versions and then installed the latest version available.

Should I just leave well enough alone ?

Thanks,

Dennis

Hi Dennis,

I started writing this out before QM7 posted so sorry for the redundancy...

First, AVGAS cleaned up the files you are asking about, according to the log you posted. If it says Cleaned with backup (quarantined), (which it does) it means that the file has been removed from it's original location to AVGAS's quarantine folder where it is locked and won't affect you. The particular files in question are actually .zip folders. A zip folder is called an archive, so you did right to have AVGAS take care of the entire thing.

Second, uninstalling Java will not delete its cache. That folder will stay on your system unless you delete it manually. It's where tink536 indicated, and for you specifically it's here: C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache

While Java is uninstalled you can delete the entire cache folder with no problem. With Java installed it may be "in use" so cache should be cleaned out thru Java's interface.

Third, you didn't have the Java icon in your Control Panel that will allow you to clean out the cache correctly because at the time you had uninstalled Java. With Java installed, you will have an icon in your Control Panel that looks like a coffee cup; a bigger version of this:


As John mentioned, items flagged in you Java cache are a potential threat--it doesn't mean you are actually infected, but you could be if a certain set of circumstances happen. So it is advisable to keep Java up to date and clean it's cache from time to time. To clean cache when Java is installed, see this page.

Lastly, those are the instructions for JRE versions 1.5.0 the latest version of which can be found on this page: http://www.java.com/en/download/manual.jsp

The page you've been told to download from is what I call the developer's page and it now shows version 6, which is a major upgrade. There is a lot of confusion about why the two pages show different versions as the latest available and Sun, which makes Java, is being roundly criticized for this. Security specialists keep finding holes in version five, it gets patched and Java claims it is safe--but version five, that is currently at Update 11, may be inherently vulnerable. On the other hand, version 6 may be buggy.

This is just to say that, once you do download version 6, the instructions for clearing cache may be different. I'll look into it in a bit to see if the they have changed. Hope I've cleared up some confusion except for the last part.

Thanks papakid !

Apparently I was typing as you were. Please see my above response and advise if you would.


Thanks again for everyones time !

Dennis

Well, now that you have Java reinstalled, go to Control Panel and see if the instructions for clearing cache are still the same. Go ahead and clear them if so and let us know. Otherwise you should have no other problems.

VICTORY !!

I bet you folks are tired of my "Javanese" banter.



Thanks to everyone for your help !!




Dennis

Sorry for that.


I just found these directions and meant to post them. But, too late!

In any case, glad to hear everything worked out Dennis!

Thanks tink536. I do not think I was using the right spacing between words as I was typing when using your directions.

Thanks for the help.


Dennis

Well, you're welcome for my bit part in this!