Help! A lot of Sun/Java related infections!

Discussion in 'malware problems & news' started by RCGuy, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Help! I seem to be having a lot of problems with malware lately!

    At the bottom of this post is a screen shot of the results of an Emsisoft online malware scan where 17 infections where found! :eek: And as you can see from the screen shot, many of them were HIGH RISK!!!! :eek: (And the other 4 infected files that you couldn't see were probably high risk too, but the malware on my computer wouldn't allow me to launch my "Paint" tool so that I could paste the screen shot that I already had in my clipboard onto the "Paint" screen.)

    Also, here are the list of infections from my saved report:

    which are all Sun\Java related. Therefore, could someone help me to understand what is going on with all these infections? And yes, my Java software is up to date, but there seems to be some sort of a problem there. I go to secunia.com to scan for needed updates for my software, but half the time when secunia.com tells me that I need updates, when I click on software's site to download the update, the will tell me that the software is has already been updated. :doubt: (Most of my software is set for automatic updates anyway, so it usually surprises me when secunia.com tells me that I need updates for some applications.)

    Any help with this would be appreciated.
     

    Attached Files:

  2. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Hi RCGuy,
    I'm no expert, but first thing I'd do is to run JavaRa, which searches for, and deletes outdated java remnants. It's from http://sourceforge.net/projects/javara/ and is highly recommended. Then I'd rescan with various products (I see you've got Prevx?), and if necessary
    reinstall java or uninstall it completely and see if you're then clean.
    Hope this might be of some help.
     
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    To minimize the chances of this sort of thing happening again, you need some sort of "containment" software, such as Sandboxie.

    You should scan the PC with at least a couple of other Anti-Malware softwares. I suggest Malwarebytes Anti-Malware and SuperAntiSpyware Portable.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  5. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Hi, Dermot. I think I followed the order of your instructions incorrectly.

    I first ran JavaRa and searched for and deleted outdated java remnants, but instead of rescanning, I went ahead and reinstalled the java JRE as instructed from JavaRa(but was I supposed to have uninstalled java first?).

    Also, JavaRa's Oracale webpage description was a little bit different than what was on the Oracale webpage itself, therefore, I hope that the Java SE Runtime Environment 6u24 was I was suppose to have downloaded.

    Also, do you know if I was suppose to have been concerned about the JDK or not?
     
  6. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Hi, TheKid7. I do use Sandboxie, but only sometimes. Like when I'm on this site, I don't use it, nor do I use it when I launch online scan websites such as Emsisoft's...but only when I'm surfing or visting a website or forum that I don't trust....and/or that has a lot of advertisments.

    But, TK7, do you or anyone else have any idea as to what those high risk infections and trojans do that were detected by the Emsisoft scan? Do you know if any keylogging or file stealing was involved? Also, is there any way of finding out which site infected my computer? Although, there is a particular forum that I go to a lot that has a lot of advertisments....some which are very agressive where they highjack the forum pages to show their advertisements, and sometimes I get the little yellow information bar at the top of the page that tells me that content from the site that was trying to be downloaded into my computer has been blocked. :rolleyes:
     
  7. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Hi, Cudni. Well, if I followed Dermot7's instructions correctly, I guess I won't need to empty the java cache.

    But as far as only allowing java and javascript on Trusted sites and blocking elsewhere, could you explain to me how to do that?
     
  8. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Hello again RCGuy,
    You would definitely be best advised to follow Cudni's advice since all the files
    you list are "cache", and once cleared all should be ok. Then do a few scans
    with e.g. MBAM, HitmanPro, Prevx to check all is well.
    As I said first "I'm no expert" and was only trying to help, in that in my judgement you needed to clean up the Java installation, so I suggested JavaRa, which is a handy little app. Hope all is ok now. Take care :)
     
  9. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Okay, then back to Cudni. :)

    Cudni, I clicked on your link and followed the instructions, however, on item #4, I didn't have the three options mentioned. See my screen shot below.

    Also, I don't mean to sound ignorant, but how do you allow java and javascript on Trusted sites?
     

    Attached Files:

  10. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Also, I didn't clear the Java Plug-in cache as per instructd on your "How do I clear the Java cache?" page because I couldn't find the Cache tab on the Java Plug-in Control Panel.
     
  11. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    RCGuy,
    In Java Control Panel, under Temporary Internet Files:
    Click Settings, Click Delete Files, Click OK.....et voila! :)
     
  12. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Just to add, to view cache...in JCP at Temporary Internet Files, click View, and see its set like screenshots:
     

    Attached Files:

  13. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Sorry about taking so long to get back to this thread, but thanks, Dermot7. Tis all clear....now. :D

    Also, I don't know if you or anyone else can help me with this, but I still don't know how to only allow java and javascript on Trusted sites, while being blocked elsewhere as per Cudni's instructions in post #4.

    Any help would be appreciated. :D
     
  14. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    No one?(As he dusts off the cobwebs on the thread.) ;)
     
  15. yongsua

    yongsua Registered Member

    Joined:
    Feb 9, 2011
    Posts:
    474
    Location:
    Malaysia

    Thanks.:argh:
     
  16. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This can be done in the Browser preferences. You don't say which browser you use, but here is how Opera does it 'per site' using Wilders as an example:


    java-pref.gif

    java-pref2.gif

    java-pref4.gif


    This is not a very sound security policy, IMO, since a large number of infections occur when redirected from a compromised "trusted" web site or from a search engine link. One's security should be monitoring at all times, it seems to me.

    If you don't care for dealing with Sandboxie, many products will run in the background and intercept any attempt to install something unauthorized, such as Java malware:

    [​IMG]

    regards,

    -rich
     
  17. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    I use IE, however, I have no idea how to get to Browser preferences, Site preferences.

    I usually go to Tools-> Internet Options to change things, but I don't see neither of those there.



    Thanks. But I have started using Sandboxie always again and have gotten less infections...actually almost none. Although, for some reason, I was regularly getting those darn Vundo.Trojan infections, but I haven't gotten any of those for awhile.

    Plus, I was avoiding Sandboxie because it turned out that Sandboxie was causing my system to crash: Blue Screen Memory Dump.

    But I desperately need more RAM memory, but in the meanwhile, I've deleted a few thiings from my computer that I really didn't need and it seemed to have helped a little.
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Try uninstalling Java completely and see how things go for awhile.
     
  19. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    You mean, not use it at all for a while? And if so, wouldn't I have some problems with certain functions?
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Possibly. Most sites will work fine without Java.

    There shouldn't be any problems with your computer's operating system if Java is removed.

    Worth a try in my opinion.
     
  21. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Okay, thanks. I'll try that.
     
  22. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    I have gone now for almost two years without Java. Don't miss it, don't
    need it. You ll be better off and happier if you do get rid of it.

    Bo
     
  23. RCGuy

    RCGuy Registered Member

    Joined:
    Aug 7, 2005
    Posts:
    541
    Hmmm. Interesting. Thanks.
     
  24. GmG

    GmG Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    48
    Location:
    Italy
Loading...
Thread Status:
Not open for further replies.