Trojan.Downloader.Java.OpenConnection

Discussion in 'malware problems & news' started by ronny, Mar 8, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Trojan.Downloader.Java.OpenConnection
    Does anyone knows what this is? o_O Trojan remover1.6.8 found it on my pc.But the others (Kaspersky,TDS-3,Norton,TrendMicro's Housecall, Trojan Hunter3.85,...) didn't found or mentioned it.
    I've submitted the "infected" file.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi ronny,

    Do you have a full path and filename for where it was found?

    Regards,

    Pieter
     
  3. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I do.It is:
    "C:\DocumentsandSettings\[username]\Application Data\Sun\Java\Deployment\cache\javapi\v.1.0\jar\loader.jar-2bae108e-17f70dba.zip"

    Thank you Pieter!
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi ronny,

    Could you send that loader.jar to the address in my profile?
    It could be a ByteVerify (or related) file.
    It should be safe to delete it even if it is a false positive.
    Also check this thread: http://www.wilderssecurity.com/showthread.php?t=13039 on how to empty your Sun Java cache.

    Regards,

    Pieter
     
  5. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I just got the following message from Nigel, the maker of Trojan Remover 6.1.8
    "I can confirm that the report on the file you sent, MATRIX.CLASS, as
    containing Trojan.Downloader.Java.OpenConnection, is a FALSE POSITIVE.
    Please accept my apologies for this - you should take no action on the file.
    The false positive will be corrected in the next database update."

    So... no need to worry anymore. A compliment by the way for the quick response I got from Nigel :)
     
  6. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Heeeelp, i 'm getting mad...or at least confused. :eek:

    Now Gavin from TDS-3 analysed the file and he said it is a REAl Positive! He is probably gonna add it to the database.
    This is exciting! :D
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Well, as for me I never doubted Gavin's skills ;) Would you mind contacting Nigel and ask him to drop Gavin an email?

    regards.

    paul
     
  8. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I already sent him an e-mail (after all, HE found a real trojan,but removed it of his database after my first e-mail) ,but i didn't asked him to contact Gavin.
    I thought that would be inappropriate because they are "competitors".

    Sometimes i regret this ,because it seems to me they are both so dedicated and enthusiastic about their products, but i suppose not everyone is gonna buying TDS-3 AND Trojan Remover. :(

    By the way ,i didn't receive a reply from Nigel yet.
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nice going ;)

    Not at all - those competitors frequently have contact; they aren't enemies ;)

    There's room for every good antitrojan software developer - the better/best ones will come on top in the end anyway.

    Give him some time, and drop a reminder in a day or so ;)

    regards.

    paul
     
  10. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I 've good news: Nigel has taken a second look to the file and can confirm it is malicious.He has re-added it to the database of Trojan Remover .
    The bad guy came from a pornsite (of course!), shame on me :oops:. (And i even don't like porn at all!)
    Thank you Nigel ,Thank you Gavin. Trojans stand little chance when they are around ;)

    P.S.:Trojan Remover 6.1.8 is now 6.1.9
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.