Help! A lot of Sun/Java related infections!

Help! I seem to be having a lot of problems with malware lately!

At the bottom of this post is a screen shot of the results of an Emsisoft online malware scan where 17 infections where found! And as you can see from the screen shot, many of them were HIGH RISK!!!! (And the other 4 infected files that you couldn't see were probably high risk too, but the malware on my computer wouldn't allow me to launch my "Paint" tool so that I could paste the screen shot that I already had in my clipboard onto the "Paint" screen.)

Also, here are the list of infections from my saved report:

which are all Sun\Java related. Therefore, could someone help me to understand what is going on with all these infections? And yes, my Java software is up to date, but there seems to be some sort of a problem there. I go to secunia.com to scan for needed updates for my software, but half the time when secunia.com tells me that I need updates, when I click on software's site to download the update, the will tell me that the software is has already been updated. (Most of my software is set for automatic updates anyway, so it usually surprises me when secunia.com tells me that I need updates for some applications.)

Any help with this would be appreciated.

 

Hi RCGuy,
I'm no expert, but first thing I'd do is to run JavaRa, which searches for, and deletes outdated java remnants. It's from http://sourceforge.net/projects/javara/ and is highly recommended. Then I'd rescan with various products (I see you've got Prevx?), and if necessary
reinstall java or uninstall it completely and see if you're then clean.
Hope this might be of some help.

 

To minimize the chances of this sort of thing happening again, you need some sort of "containment" software, such as Sandboxie.

You should scan the PC with at least a couple of other Anti-Malware softwares. I suggest Malwarebytes Anti-Malware and SuperAntiSpyware Portable.

 

you can simply empty java cache
http://www.java.com/en/download/help/plugin_cache.xml

and only allow java and javascript on Trusted sites. Blocked elsewhere.

 

Hi, Dermot. I think I followed the order of your instructions incorrectly.

I first ran JavaRa and searched for and deleted outdated java remnants, but instead of rescanning, I went ahead and reinstalled the java JRE as instructed from JavaRa(but was I supposed to have uninstalled java first?).

Also, JavaRa's Oracale webpage description was a little bit different than what was on the Oracale webpage itself, therefore, I hope that the Java SE Runtime Environment 6u24 was I was suppose to have downloaded.

Also, do you know if I was suppose to have been concerned about the JDK or not?

 

Hi, TheKid7. I do use Sandboxie, but only sometimes. Like when I'm on this site, I don't use it, nor do I use it when I launch online scan websites such as Emsisoft's...but only when I'm surfing or visting a website or forum that I don't trust....and/or that has a lot of advertisments.

But, TK7, do you or anyone else have any idea as to what those high risk infections and trojans do that were detected by the Emsisoft scan? Do you know if any keylogging or file stealing was involved? Also, is there any way of finding out which site infected my computer? Although, there is a particular forum that I go to a lot that has a lot of advertisments....some which are very agressive where they highjack the forum pages to show their advertisements, and sometimes I get the little yellow information bar at the top of the page that tells me that content from the site that was trying to be downloaded into my computer has been blocked.

 

Hi, Cudni. Well, if I followed Dermot7's instructions correctly, I guess I won't need to empty the java cache.

But as far as only allowing java and javascript on Trusted sites and blocking elsewhere, could you explain to me how to do that?

 

Hello again RCGuy,
You would definitely be best advised to follow Cudni's advice since all the files
you list are "cache", and once cleared all should be ok. Then do a few scans
with e.g. MBAM, HitmanPro, Prevx to check all is well.
As I said first "I'm no expert" and was only trying to help, in that in my judgement you needed to clean up the Java installation, so I suggested JavaRa, which is a handy little app. Hope all is ok now. Take care

 

Okay, then back to Cudni.

Cudni, I clicked on your link and followed the instructions, however, on item #4, I didn't have the three options mentioned. See my screen shot below.

Also, I don't mean to sound ignorant, but how do you allow java and javascript on Trusted sites?

 

Also, I didn't clear the Java Plug-in cache as per instructd on your "How do I clear the Java cache?" page because I couldn't find the Cache tab on the Java Plug-in Control Panel.

 

RCGuy,
In Java Control Panel, under Temporary Internet Files:
Click Settings, Click Delete Files, Click OK.....et voila!

 

Just to add, to view cache...in JCP at Temporary Internet Files, click View, and see its set like screenshots:

 

Sorry about taking so long to get back to this thread, but thanks, Dermot7. Tis all clear....now.

Also, I don't know if you or anyone else can help me with this, but I still don't know how to only allow java and javascript on Trusted sites, while being blocked elsewhere as per Cudni's instructions in post #4.

Any help would be appreciated.

 

No one?(As he dusts off the cobwebs on the thread.)

 

Thanks.

 

This can be done in the Browser preferences. You don't say which browser you use, but here is how Opera does it 'per site' using Wilders as an example:

​

This is not a very sound security policy, IMO, since a large number of infections occur when redirected from a compromised "trusted" web site or from a search engine link. One's security should be monitoring at all times, it seems to me.

If you don't care for dealing with Sandboxie, many products will run in the background and intercept any attempt to install something unauthorized, such as Java malware:

​

regards,

-rich

 

I use IE, however, I have no idea how to get to Browser preferences, Site preferences.

I usually go to Tools-> Internet Options to change things, but I don't see neither of those there.

Thanks. But I have started using Sandboxie always again and have gotten less infections...actually almost none. Although, for some reason, I was regularly getting those darn Vundo.Trojan infections, but I haven't gotten any of those for awhile.

Plus, I was avoiding Sandboxie because it turned out that Sandboxie was causing my system to crash: Blue Screen Memory Dump.

But I desperately need more RAM memory, but in the meanwhile, I've deleted a few thiings from my computer that I really didn't need and it seemed to have helped a little.

 

You mean, not use it at all for a while? And if so, wouldn't I have some problems with certain functions?

 

Okay, thanks. I'll try that.

 

I have gone now for almost two years without Java. Don't miss it, don't
need it. You ll be better off and happier if you do get rid of it.

Bo

 

Hmmm. Interesting. Thanks.

 

Java is required for complete OpenOffice.org functionality.

http://wiki.services.openoffice.org/wiki/Java_and_OpenOffice.org