Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A question about the dangers of java


  • Please log in to reply
10 replies to this topic

#1 rp88

rp88

  • Members
  • 2,980 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 30 November 2014 - 02:15 AM

I've just restored from a system image and found my image, which worked fine, had java on it. I immediately uninstalled java but something of it has remained. Both firefox and chrome say that they have "noticed" it as a plugin and refer to a file

C:\Windows\SysWOW64\npDeployJava1.dll

Java as a program has gone (uninstalled) and the java plguins in both browsers are disabled (set to "never activate") but both browsers still list java as being installed as a plugin. Is there something i must do to remove the file
C:\Windows\SysWOW64\npDeployJava1.dll
or am i safe to leave it as it is? Java has been uninstalled (it doesn't show up under my list of programs in either "control panel-->programs and features" or under CCleaner's list of installed programs) and it is deactivated in both browsers but can the fact that there is still enough hanging around (that dll file and some empty folders within
C:\Users\(myname)\AppData\LocalLow
)to get it listed in the plugin lists of my browsers be a security risk?


System is a windows 8 64 bit laptop, toshiba hardware, AVG as main antivirus, MBAM as free secondary scanner, browsers used are chrome for gmail and BBC site and firefox for everything else IE is installed but never gets opened.
Thanks

Edited by rp88, 30 November 2014 - 02:15 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 NullPointerException

NullPointerException

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 30 November 2014 - 04:55 AM

You are being too paranoid. I have an old, outdated version of Java and yet I am not afraid. Yes, if the plug-in and even the JVM is uninstalled and disabled, then you have nothing to fear.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,264 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:53 PM

Posted 30 November 2014 - 09:29 AM

JavaRa checks if your computer has the latest version of Java Runtime Environment (JRE). If the version you have installed has been superseded by a newer version the program will download and install the newer version for you, then allows you to remove all possible older versions of this program. If you prefer to just remove JAVA, JavaRa completely removes all traces of the software.

JavaRa2.png

JavaRa by SingularLabs

JavaRa is an effective way to deploy, update and remove the Java Runtime Environment (JRE). It can assist in repairing or removing Java when other methods fail. Its most significant feature is the JRE Removal tool; which forcibly deletes files, directories and registry keys associated with the JRE.


How to Completely Remove Java Using JavaRa

Due to the frequent discovery of serious security flaws in Oracle’s Java Runtime Environment, many users have opted to completely purge JRE from their computers. Since JRE7; the built-in uninstaller tool has improved significantly; however outdated Java versions may not be completely removed. SingularLabs’ JavaRa provides the most thorough and straightforward method to complete remove Java from Windows.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 1PW

1PW

  • Members
  • 316 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North of the 38th parallel.
  • Local time:02:53 PM

Posted 30 November 2014 - 09:30 AM

If the legacy version (v1.1.6) of JavaRa, the purpose built Java uninstaller from SingularLabs, is properly used for cleanup, Java exposure threats will be moot.

 

https://singularlabs.com/software/javara/javara-download/


All viruses are malware but not all malware are viruses and if the malware doesn't self replicate it just isn't a virus.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,264 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:53 PM

Posted 30 November 2014 - 09:43 AM

Forgot to mention that both the Stable and Legacy versions of JavaRa also allow the use of Commandline Arguments which allow its functions to be operated with a script or across a network.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 rp88

rp88
  • Topic Starter

  • Members
  • 2,980 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 30 November 2014 - 11:20 AM

Thanks for the explanations on how to eradicate the last traces of java, but before i do so i ought to ask, seeing as the only remnanats of java on my system are


1)that dll file C:\Windows\SysWOW64\npDeployJava1.dll
and
2)some folders in appdata with tmep files and caches in them



is there actually any risk from those bits hanging around, if there isn't i probably don't need to bother with this javara download, if there is then i do need to use it.

Edited by rp88, 30 November 2014 - 11:21 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 NullPointerException

NullPointerException

  • Banned
  • 125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 AM

Posted 30 November 2014 - 12:17 PM

A single  DDL cannot do much without its other related DDLs and other files concerning it. Not sure about Appdata folders.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,264 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:53 PM

Posted 30 November 2014 - 04:08 PM


Remnants are typically harmless leftovers of files, folders and registry entries after removing a program (or malware). Many program uninstallers do not perform an adequate job of completely removing them. AppData (Application data) is a hidden sub-folder used to protect user data and settings from unwanted changes or deletion for any number of installed programs. User data that was previously stored in the %SystemDrive%\Documents and Settings directory in Windows XP is now stored in the %SystemDrive%\Users directory (for Vista and above) which includes a AppData folder. How you deal with remnants depends on how clean you want your system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 PM

Posted 30 November 2014 - 04:48 PM

npDeployJava1.dll is the Java Deployment Toolkit Plugin.

https://www.java.com/en/download/faq/deployment_toolkit.xml

 

Reading this description, I'm not so sure that this is a DLL that can not act on its own. I would remove it (rename or move it, so that I can put it back when this change breaks things).


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 rp88

rp88
  • Topic Starter

  • Members
  • 2,980 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:53 PM

Posted 30 November 2014 - 04:48 PM

Java's remnants on my system are that dll file (which has it's name listed in browsers and is reponsible for creating the entry on the plugins list for java, even though i should think that with no java exe files anywhere on my system such things could never run) and stuff in
C:\Users\(myname, i'm the administrator account my the way)\AppData\LocalLow\Sun\Java\Deployment\
within this deployment folder there are about a hundred empty folders piled upp into a complex tree of structure, amongst all of them there are only 4 files.
The files are "deployment.properties", a file with a random sounding title of file extension .idx, a file in the same folder as the idx file with the same name but with no extension, and a fourth file called "lastAccessed" which has no extension. If the single dll at
C:\Windows\SysWOW64\npDeployJava1.dll
can do no harm i doubt then that these temp files(the stuff in the AppData folder) can, they don't have any exe files, dll files or even archives amongst them. Probably easiest if i just leave them where thye are i suppose, as long as these aren't enough to let java run in the browser then i'm perfectly safe.


By the way Appdata is indeed "hidden" but back when i learnt to set windows to display full file extenions from within folder options i set it to display hidden files (though i continued to have "protected operating system files hidden(recommended)" ). The hidden nature of the AppData folder is indicated to me by the fact it is greyer than other folder icons when seen from
C:\Users\(myname, i'm the administrator account my the way)\ .

Thanks for your advice and suggestions.

Edited by rp88, 30 November 2014 - 04:49 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,264 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:53 PM

Posted 30 November 2014 - 05:30 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users