Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java auto updater


  • Please log in to reply
1 reply to this topic

#1 Cluless

Cluless

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:07:52 PM

Posted 10 December 2010 - 04:59 AM

Hi Guys

I am running a laptop with windows 7 OS. I have started to get a pop up which is called:
JAVA auto updater,
publisher Sun microsystems.inc
File origin: Hard drive on this computer.

Sun seemed to check out on the internet, so I updated.

When I then ran a virus scan with AVG 2011 it picked up 2 applets as malicious and I deleted them. I am still getting the pop ups.


Can anyone give me some advice.

regards

Cluey

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:52 PM

Posted 10 December 2010 - 11:31 PM

As part of its installation, Java will add jusched.exe to startup when Windows loads. This process is related to Java Update, a feature which connects to java.com at a scheduled time and checks to see if there is an update available. It is not necessarily to load at startup and can be safely disabled with a Startup Manager or in the Java Control Panel to save resources and improve performance.

Since there are Fake Sun MicroSystems Java domains which can lead to infection, I prefer to disable automatic updates and manually check for them which helps to avoid a bogus update prompt.

When I then ran a virus scan with AVG 2011 it picked up 2 applets as malicious and I deleted them

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Step 9 recommends that you scan your computer using Malwarebytes Anti-Malware to remove any traces that may still be present. If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent Malwarebytes from removing all the malware. After performing that step, please post the complete results of your scan for review.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users