Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help I'm Infected!


  • Please log in to reply
3 replies to this topic

#1 MaxoxaM

MaxoxaM

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 October 2010 - 05:38 AM

All day today my 20 mbps internet was running slow with very high latency and packet loss. I noticed the router light going non-stop even know nothing was open or even running so I installed WireShark and ran it for a few minutes.

Averaging around 250 packets a sec. Mostly UDP packets from my computer to IP's all over the world.

I'm running Windows 7. Avast is running with all protection on and updated. I just did a Spybot S&D scan and nothing came up. I'm doing a Malwarebytes scan right now but its taking forever with 2 TB's worth of data to check...

Anything else I should try while Malwarebytes is running?

Thanks

BC AdBot (Login to Remove)

 


#2 MaxoxaM

MaxoxaM
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 October 2010 - 06:29 AM

Malwarebytes came up with nothing....

But I found the problem. ZoneAlarm is showing it as java.exe

What do I do?

Edited by MaxoxaM, 07 October 2010 - 06:29 AM.


#3 MaxoxaM

MaxoxaM
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 October 2010 - 07:45 AM

Well I got rid of it. I had to uninstall Java.

I can't believe none of the programs detected it... Scary.

Windows Defender - NOPE
Avast! - NOPE
Malwarebytes - NOPE
SpyBot S&D - NOPE
ESET Online Scanner - NOPE

Thank God for ZoneAlarm. :thumbsup:

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:20 PM

Posted 07 October 2010 - 08:43 AM

Well I got rid of it. I had to uninstall Java.

When a Java program is invoked using a batch file, executable jar, or Java Web Start/JNLP), the operating system runs a Java launcher from the JRE. The Windows version of the JRE has separate launchers for command-line and GUI applications called java.exe and javaw.exe respectively. Java.exe is the main executable for Sun Java Runtime Environment. Javaw.exe does the same thing except that it does not open the Java controls. Why is that important? Because, using the Java controls can effect how Java runs, and with many programs that use Java, changing how Java runs can crash the program, Java or even Windows itself. As such, Java offers the alternative of using either of those two executables to use Java within a program and the programmer needs to decide whether it is desirable and/or safe to allow the user to change how Java will execute within that program. For more specific information, please refer to Custom Java Launchers And Wrappers (scroll down).

As part of its installation, Java will add jusched.exe to startup when Windows loads. This process is related to Java Update, a feature which connects to java.com at a scheduled time and checks to see if there is an update available. It is not necessarily to load at startup and can be safely disabled with a Startup Manager to save resources and improve performance.

The Java Quick Starter (jqs.exe) is also installed by default.

The Java Quick Starter (JQS.exe) improves the initial startup time of Java applets and applications by periodically prefetching some of the most heavily used Java Runtime Environment files into memory (occupying no more than 20Mb of RAM). Later, when Java is launched, much less disk I/O is required and as a result, startup is much faster.

What is Java Quick Starter (JQS)?

JQS is not necessary and can be disabled: See How to Disable the JQS service


I can't believe none of the programs detected it... Scary

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a common file like java.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program (java.exe). In your case, you determined the legitimate java file to be responsible for your particular issue. Since it was the legitimate file, that explains why it was not detected as malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users