Trojan.Downloader.Java.OpenConnection

Discussion in 'malware problems & news' started by ronny, Mar 8, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Trojan.Downloader.Java.OpenConnection
    Does anyone knows what this is? o_O Trojan remover1.6.8 found it on my pc.But the others (Kaspersky,TDS-3,Norton,TrendMicro's Housecall, Trojan Hunter3.85,...) didn't found or mentioned it.
    I've submitted the "infected" file.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi ronny,

    Do you have a full path and filename for where it was found?

    Regards,

    Pieter
     
  3. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I do.It is:
    "C:\DocumentsandSettings\[username]\Application Data\Sun\Java\Deployment\cache\javapi\v.1.0\jar\loader.jar-2bae108e-17f70dba.zip"

    Thank you Pieter!
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi ronny,

    Could you send that loader.jar to the address in my profile?
    It could be a ByteVerify (or related) file.
    It should be safe to delete it even if it is a false positive.
    Also check this thread: http://www.wilderssecurity.com/showthread.php?t=13039 on how to empty your Sun Java cache.

    Regards,

    Pieter
     
  5. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I just got the following message from Nigel, the maker of Trojan Remover 6.1.8
    "I can confirm that the report on the file you sent, MATRIX.CLASS, as
    containing Trojan.Downloader.Java.OpenConnection, is a FALSE POSITIVE.
    Please accept my apologies for this - you should take no action on the file.
    The false positive will be corrected in the next database update."

    So... no need to worry anymore. A compliment by the way for the quick response I got from Nigel :)
     
  6. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Heeeelp, i 'm getting mad...or at least confused. :eek:

    Now Gavin from TDS-3 analysed the file and he said it is a REAl Positive! He is probably gonna add it to the database.
    This is exciting! :D
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Well, as for me I never doubted Gavin's skills ;) Would you mind contacting Nigel and ask him to drop Gavin an email?

    regards.

    paul
     
  8. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I already sent him an e-mail (after all, HE found a real trojan,but removed it of his database after my first e-mail) ,but i didn't asked him to contact Gavin.
    I thought that would be inappropriate because they are "competitors".

    Sometimes i regret this ,because it seems to me they are both so dedicated and enthusiastic about their products, but i suppose not everyone is gonna buying TDS-3 AND Trojan Remover. :(

    By the way ,i didn't receive a reply from Nigel yet.
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nice going ;)

    Not at all - those competitors frequently have contact; they aren't enemies ;)

    There's room for every good antitrojan software developer - the better/best ones will come on top in the end anyway.

    Give him some time, and drop a reminder in a day or so ;)

    regards.

    paul
     
  10. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I 've good news: Nigel has taken a second look to the file and can confirm it is malicious.He has re-added it to the database of Trojan Remover .
    The bad guy came from a pornsite (of course!), shame on me :oops:. (And i even don't like porn at all!)
    Thank you Nigel ,Thank you Gavin. Trojans stand little chance when they are around ;)

    P.S.:Trojan Remover 6.1.8 is now 6.1.9
     
Thread Status:
Not open for further replies.