Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes found sunjavaupdatesched & jusched.exe and quarantined


  • Please log in to reply
6 replies to this topic

#1 mich2394

mich2394

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 12 September 2009 - 04:28 PM

Hi there!

I am using version 1.41 of Malwarebytes. I have Windows Vista 32 bit, sp1, home edition.

I did a quick scan on malwarebytes and it found the following saying 1 registry item and 1 file infected:

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> Quarantined and deleted successfully.


Files Infected:
C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Agent) -> Delete on reboot.


Program told me to restart and I did and it quarantined the two found and then I reran full scan after that and all was gone.

I don't know anything about Java as these Trojans appear to be about Java.

I know I updated Java a few weeks back when users were being told to update Adobe flash and Java.

I run Malwarebytes every day or so and so what it caught was a recent infection, at least I hope. :thumbsup:

I would like help to know what these are that Malwarebytes caught and if I have to do anything further - as well do I have to do something with Java.

I ran nis2009 and superantispyware as well and they were clean also.

So all is clean, I just need help with what these two infections are/were about as well would like to know if I need do anything with Java as it appears to be about Java.

I have very limited experience with the pc and appreciate any help.

Take care
:flowers: Michelle

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 12 September 2009 - 06:43 PM

Hello Michelle.

You were correct in identifying those were Java registry entries and files. It is possible that the file had been infected by something. Please follow the directions below to restore the file and upload it to me.

Since we will not be restoring the loading point, even if the file is malicious, it will not start up.
  • Launch MBAM.
  • Click on the Update tab.
  • Take note of the database version number.
  • Click on the Quarentine Tab.
  • Select the File "C:\Program Files\Java\jre6\bin\jusched.exe" and click Restore.
  • Exit MBAM
Then, upload the file.
  • Open to the Submission Channel.
  • Under Link to topic where this file was requested, input:
    http://www.bleepingcomputer.com/forums/t/257176/malwarebytes-found-sunjavaupdatesched-juschedexe-and-quarantined/
  • Click the Browse button. Locate and select the following files:
  • C:\Program Files\Java\jre6\bin\jusched.exe
  • (If more than one file is listed, do one at a time.)
  • Under the comments section, say that Panda asked for the submission.
Please post back here when the file is uploaded.

With Regards,
The Panda

#3 mich2394

mich2394
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 13 September 2009 - 01:23 AM

Dear Panda,

Hi! I have uploaded the file per your instructions. Thank you as they were very clear directions.

I think I did it correctly. I only saw the one by that name.

The Malwarebytes database version is #2788.

Thank you so much for your help!

Michelle :thumbsup:

#4 mich2394

mich2394
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 13 September 2009 - 01:53 AM

Hi again!

I just wanted to add something.

I use noscript (on firefox) and since malwarebytes found the infection Friday I have not temp allowed javascript on any sites that have video.

So I have not viewed any video since this problem as am not sure if it is okay to enable javascript to do so.

I thought this might be information you would need to know though not sure.

Take care,
Michelle :thumbsup:

Edited by mich2394, 13 September 2009 - 01:58 AM.


#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 13 September 2009 - 08:20 AM

Hello Michelle.

I can confirm that the file you uploaded is the legit Java file. You can safely restore that as well as the registry entry relating to it.

From the MBAM forums, you can see the the issue will be fixed in the next update.
http://www.malwarebytes.org/forums/index.p...st&p=125661

With Regards,
The Panda

#6 mich2394

mich2394
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:04 AM

Posted 13 September 2009 - 10:40 AM

Dear Panda,

Wow..thank you so very much for looking into this and resolving it. I am so very thankful to you and appreciate your help. :thumbsup:

I updated and restored the registry entry and restarted and did a quick scan and it did not show up, and so they already fixed the problem which was quick!

So relieved that there isn't more problems. Big weight off my shoulders for sure.

Thank you so very much Panda!

Take care,
Michelle

Edited by mich2394, 13 September 2009 - 10:41 AM.


#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:04 AM

Posted 13 September 2009 - 11:17 AM

Glad to help :thumbsup: .

The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users