Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded Latest Java


  • Please log in to reply
17 replies to this topic

#1 Dennis H

Dennis H

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 12 February 2007 - 02:35 PM

Howdy,

I recently downloaded the latest version of Java and removed the older version. I just ran a scan with AVG Anti Spyware and it picked up 2 trojans.

Java classloader.g and Java classloader.f

I tried to quarantine them, but got a window saying they were embedded and was asked if I wanted to quarantine the entire archive. (What ever that means) so I clicked yes.

Here is what is now quarantined:AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:34:51 PM 2/12/2007

+ Scan result:



C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-73d04c00-65e38c10.zip/VaaaaaaaBaa.class -> Trojan.ClassLoader.f : Cleaned with backup (quarantined).
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-73d04c00-65e38c10.zip/Dex.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-73d04c00-65e38c10.zip/Dix.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-73d04c00-65e38c10.zip/Dux.class -> Trojan.ClassLoader.g : Cleaned with backup (quarantined).


::Report end

Where do I go from here ?? Should I uninstall Java and try a reinstall ?? I thought I was on a secure site when I down loaded, but maybe I was not.


Thanks for your time,

Dennis :thumbsup:

Edited by Dennis H, 12 February 2007 - 02:48 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:05 PM

Posted 12 February 2007 - 05:56 PM

First off, from looking at the infected files, the version listed for Java doesn't match the current Java version at all unless I'm completely misinterpreting what I see.

Definitely uninstall everything to do with Java from Add/Remove programs.

Go here: http://java.sun.com/javase/downloads/index.jsp to download and install the new version of Java. Unless you are into programming, choose the JRE download which is the fourth one in the list.

By the way, what site did you download from?

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 12 February 2007 - 06:02 PM

Thanks for the reply Orange Blossom.

When I click on my Java icon it says I have the Standard 6 version. 1.6.0 (build 1.6.0-b105 ??

Anyway, I will get rid of it right now. I found the site here on Bleeping computer after I had asked if someone could verify if I had the current version. I will find the post and list it here.


Here is that post. http://www.bleepingcomputer.com/forums/t/79687/do-i-have-the-latest-java-update/

Just to double check after I click on JRE 6, which platform should I download ?

Windows XP,SP2,IE-7



Thanks Again,

Dennis :thumbsup:

Edited by Dennis H, 12 February 2007 - 07:10 PM.


#4 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:08:05 AM

Posted 12 February 2007 - 11:14 PM

I usually do the offline installation.

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#5 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:01:05 PM

Posted 12 February 2007 - 11:22 PM

As I remember, the two Java items are actually POTENTIALLY a problem, not actually malware in itself.
You should download and install the latest JavaRuntimeEnvironment for Windows, making sure to delete previous versions,then clear the Java Cache from the Java Control Panel.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:05 PM

Posted 13 February 2007 - 03:22 AM

Okay:

1) I did misinterpret what I saw, and you indeed had the latest version. :duncecap image:

2) The site you downloaded from before is the same as the link I provided, so no problem there.

As for which platform. If your answer to "Do I do programming is?" is "No" then you want this one:

Java Runtime Environment (JRE) 6
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.

which is the fourth one down the list.

I also agree with tink that you should do the off-line installation and with jgweed to clear the Java cache.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:05 PM

Posted 13 February 2007 - 03:26 AM

To add to previous post:

Once you click on the download button, you will be taken to another page. Unless you have 64 bit Windows - which I doubt, you will want to install the first one listed under Windows Platform. This will be the off-line installation.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 13 February 2007 - 06:23 AM

Thanks for the replies. I have a few more questions, if you folks have the patience.

I went to add/remove and removed Java. I then went to the control panel, but I do not know how to remove the Java cache. Probably because I do not know what the heck Java cache means. I see the Java icon in the control panel. If I click on it nothing happens. I suppose that is because I have removed the program ??



When I get to the second page on the download site, I do not see anything regarding offline installation. Apparently I (as usual) am missing something. Do you mean download the program to a file ,get offline and then install ?

Thanks again for the help. I just want to make sure I do it correctly this time around.



Thanks,

Dennis :thumbsup:

#9 tink536

tink536

    **pixie in training**


  • Members
  • 1,853 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Honolulu, Hawaii
  • Local time:08:05 AM

Posted 13 February 2007 - 06:28 AM

Delete all files and subfolders within the cache folder below.

C:\Documents and Settings\<user_name>\Application Data\Sun\Java\Deployment\cache\

Posted Image
Posted Image
I search for Sjogrens Syndrome Foundation...Who will you search for?


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:05 PM

Posted 13 February 2007 - 11:23 AM

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 13 February 2007 - 12:59 PM

Thanks for all the replies.

Here is what I did. I removed Java yesterday evening. I then restarted the computer. The Java icon was no longer in the control panel.

I tried what tink536 suggested this morning and tried try to get the files and folders that I needed to delete to show up and could not get it done.

I then did a file search by typing in the key word Java. About 90 files showed up in the search. Some just said Java in the file names but many also had other names and jargon in the file names. I was hesitant to just start deleting all these files.

I decided just to download Java again and install it. I ran a scan and it came up clean.

Quiteman, is it a good idea to start again and follow your instructions on removing the cache, removing Java and doing another install ? If I do that will it get rid of all the unneeded files and folders from past versions ?

I have never tried to remove any files or folders after I have removed old versions and then installed the latest version available.

Should I just leave well enough alone ? :thumbsup:

Thanks,

Dennis :flowers:

#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 13 February 2007 - 01:00 PM

Hi Dennis,

I started writing this out before QM7 posted so sorry for the redundancy...

First, AVGAS cleaned up the files you are asking about, according to the log you posted. If it says Cleaned with backup (quarantined), (which it does) it means that the file has been removed from it's original location to AVGAS's quarantine folder where it is locked and won't affect you. The particular files in question are actually .zip folders. A zip folder is called an archive, so you did right to have AVGAS take care of the entire thing.

Second, uninstalling Java will not delete its cache. That folder will stay on your system unless you delete it manually. It's where tink536 indicated, and for you specifically it's here: C:\Documents and Settings\Dennis\Application Data\Sun\Java\Deployment\cache

While Java is uninstalled you can delete the entire cache folder with no problem. With Java installed it may be "in use" so cache should be cleaned out thru Java's interface.

Third, you didn't have the Java icon in your Control Panel that will allow you to clean out the cache correctly because at the time you had uninstalled Java. With Java installed, you will have an icon in your Control Panel that looks like a coffee cup; a bigger version of this: Posted Image


As John mentioned, items flagged in you Java cache are a potential threat--it doesn't mean you are actually infected, but you could be if a certain set of circumstances happen. So it is advisable to keep Java up to date and clean it's cache from time to time. To clean cache when Java is installed, see this page.

Lastly, those are the instructions for JRE versions 1.5.0 the latest version of which can be found on this page: http://www.java.com/en/download/manual.jsp

The page you've been told to download from is what I call the developer's page and it now shows version 6, which is a major upgrade. There is a lot of confusion about why the two pages show different versions as the latest available and Sun, which makes Java, is being roundly criticized for this. Security specialists keep finding holes in version five, it gets patched and Java claims it is safe--but version five, that is currently at Update 11, may be inherently vulnerable. On the other hand, version 6 may be buggy.

This is just to say that, once you do download version 6, the instructions for clearing cache may be different. I'll look into it in a bit to see if the they have changed. Hope I've cleared up some confusion except for the last part. :thumbsup:

The thing about people

is they change

when they walk away.--Mipso


#13 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 13 February 2007 - 01:05 PM

Thanks papakid !

Apparently I was typing as you were. Please see my above response and advise if you would.


Thanks again for everyones time !

Dennis :thumbsup:

#14 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,636 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:05 PM

Posted 13 February 2007 - 01:23 PM

Well, now that you have Java reinstalled, go to Control Panel and see if the instructions for clearing cache are still the same. Go ahead and clear them if so and let us know. Otherwise you should have no other problems. :thumbsup:

The thing about people

is they change

when they walk away.--Mipso


#15 Dennis H

Dennis H
  • Topic Starter

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 13 February 2007 - 01:34 PM

VICTORY !!

I bet you folks are tired of my "Javanese" banter. :thumbsup:



Thanks to everyone for your help !!




Dennis :flowers:

Edited by Dennis H, 13 February 2007 - 01:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users