Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Java Infecting My Computers


  • Please log in to reply
8 replies to this topic

#1 Dennis H

Dennis H

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 17 August 2010 - 08:09 AM

Howdy,

I ran a Microsoft Essential Security scan yesterday. It picked up 3 severe infections and removed them. They are all Java related.

I just checked and saw that Java updated itself yesterday. Could these infections be coming from the Java site itself ?

I am running XP Home, IE-8,SP-3.

As a side note, I bought a laptop which has Windows 7 installed.

A week ago I went to the Java site to see which version I should download. I ended up not downloading anything.

The next day when I ran Microsoft Security Essentials on that computer it picked up 5 instances of Java malware similar to the 3 in the screen shot of my computer below.

I checked with the Microsoft web site and there is very little information about these infections.

Do you think that the Java site is passing on this malware ?



Posted Image


Thanks for your time.


Dennis :thumbsup:

BC AdBot (Login to Remove)

 


#2 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 17 August 2010 - 05:44 PM

Anyone else having this problem ?

I would like to download Java to my wife's new laptop but I am afraid to at this point.

Thanks,

Dennis :thumbsup:

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 17 August 2010 - 07:42 PM

Remove all old ones and install the latest.. Here's the instructions.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-s.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 17 August 2010 - 08:04 PM

Thanks for the reply.

I have already taken care of what you have suggested on my PC. The new version uploaded automatically yesterday.

I checked in add/remove today and an old version was their which I removed.

Hopefully that will clear up the problem on this computer.


I did not see any version of Java pre-installed on the new laptop. I went to C-Net downloads last week and than to the Java web site from there. I just looked over the site to see what bit I should download. The laptop is 64 bit.

Anyway the Java site said it recognized my computer as running 32 bit. (maybe it meant the IE browser ??)

I got confused and did not download anything. The next day when I ran a scan 5 severe infections showed up, hence my concern with Java.

My trouble on the PC with Java did not start until this latest auto update.


Dennis :thumbsup:

Edited by Dennis H, 17 August 2010 - 08:09 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 17 August 2010 - 10:41 PM

The XP is the infected machine and now updated and old removed.
Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.
Before you save it rename it to say zztoy.exe


alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
Which version of Java should I download for my 64-bit Windows operating system?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 18 August 2010 - 07:32 AM

Thanks for the reply.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4445

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/18/2010 7:23:27 AM
mbam-log-2010-08-18 (07-23-27).txt

Scan type: Quick scan
Objects scanned: 176300
Time elapsed: 22 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I am trying to confirm on the if I am running 32 or 64 bit Explorer 8 browser on the laptop.

I know the system itself is 64 bit.

I followed these instructions from your link.


Verify if you are using 32-bit or 64-bit IE browser.
Follow these steps to verify whether you are using 32-bit or 64-bit browser.
a.Launch Internet Explorer browser.
b.Click on the Help tab at the top.
c.Select About Internet Explorer which will bring up an information window.
d.If version of IE displays 64-bit Edition, then it is 64-bit IE, otherwise it is 32-bit browser.



After clicking on 'About Internet Explorer" a window pops up that says Explorer 8.

In the window it says: Version 8.0 7600.18385 Cipher Strength 256.bit

No mention of 64 bit or 32 bit.

I am assuming I have the 64 bit version although when I go to the Java site it says "You may be running the 32 bit version"


My main concern was picking up those Java related threats while just visiting the Java site last week( August 9th). Maybe they were false positives but I thought it odd that both computers had some form of them now that this PC automatically updated Version 6 u21.

I suppose if there is a problem with the latest version there would be posts other than mine about it. Maybe they are false positives generated by Microsoft Security Essentials as I run that on both computers.

Thanks,

Dennis :thumbsup:

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 18 August 2010 - 12:08 PM

d.If version of IE displays 64-bit Edition, then it is 64-bit IE, otherwise it is 32-bit browser
yours says the same as mine and is 32

Hows the XP now?

Edited by boopme, 18 August 2010 - 12:09 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 18 August 2010 - 12:23 PM

XP is running fine, thanks.

Last questions.

As far as the bit 32 or 64.

If I click on help on this PC and then About Internet Explorer the same windows pops up as the laptop. In the window it says cipher strength 128. I know this computer has 32 bit. Since the laptop showed cipher 256 I thought it was 64 bit IE.

Nowhere does it say 64 or 32 bit when I click on About Internet Explorer on either computer.

I am sure I am misunderstanding you.

Last question about Java. Do you think it is possible that I was on a bogus Java site when I picked up the infections on the laptop ?


Dennis

Edited by Dennis H, 18 August 2010 - 12:24 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:53 PM

Posted 19 August 2010 - 01:57 PM

I cannot find a better answer my self. Only that the ecryption cipher has nothing to do with whether your PC is 64 bit. It is only the IE that the cipher rating is attached to.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users