What is jaucheck.exe?

Discussion in 'other software & services' started by Percival, Jan 26, 2010.

Thread Status:
Not open for further replies.
  1. Percival

    Percival Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    47
    What is jaucheck.exe? Is it a valid part of Java doing the same as jucheck.exe?

    I have searched for jaucheck.exe with Yahoo and Google but I can't find any relevant information.

    I know jucheck.exe very well, and for the few out there that does not know it, here is what WinPatrol has to say about it:
    I first encountered jaucheck.exe a few days ago when it asked the firewall to access the router, I had just updated Java. When I could not find any information on jaucheck.exe anywhere, I uninstalled Java yesterday and searched through the system for manually deleting everything that had to do with Java.
    Then I downloaded Java and installed it again.

    Now jaucheck.exe asks the firewall to access the router. The automated Java updater is not scheduled to update now.

    The path to jaucheck.exe is the same now as it was before:
    C:\Programfiler\Fellesfiler\Java\Java Update which is normal.

    In the same folder there are several exe files:
    jaucheck.exe
    jaureg.exe
    jucheck.exe
    jusched.exe

    All these files was created when I installed Java, and if they are virues then the java.com website must be infected.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    what version of windows do you use and what language?

    java should be located at C:\program files\java\jre6 (32bit windows) or C:\program files (x86)\java\jre6 (64bit versions of windows
    I delete the autorun of the java update since i update manually so I cant tell you the location of that.

    what java did you download?
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I tried VirusTotal and only VBA32 thought it was bad: suspected of Win32.Trojan.Downloader (http://...)

    That said, I don't know what jaucheck.exe does. BTW this is from Java SE Runtime Environment 6u18 (downloaded from Sun website).
     
  5. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    where was the file located?
     
  6. Percival

    Percival Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    47
    Windows XP, Norwegian.
    The folder names are not wrong, the path is correct. It's just a language thing.

    I downloaded Java 6 Update 18 here:
    http://www.java.com/sv/download/manual.jsp
    And I chose the offline installation (15.9 MB).

    Edit, the download page I linked to is Swedish. You'll find the English version of the page here.
     
    Last edited: Jan 26, 2010
  7. Percival

    Percival Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    47
    Thank you. I tried this virus scan, and only one of the 20 scanners found a virus.
    VBA reported "Win32.Trojan.Downloader".
    Probably a false positive but I can't be sure.

    Out of the 20 scanners I only recognized AVG, Panda and Kapersky. The rest are unknown names to me.

    I have Norton installed and it does not find a virus.
     
  8. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
    Do a search on your hard drive for each of those .exe files. They should all be digitally signed by Sun.
     
  10. Percival

    Percival Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    47
    It is signed and my PC tells me the signature is OK, but what does it mean? If someone made a virus and masked it as the Java updater, couldn't they just add a signature?

    For all I know digital signatures are almost worthless. I don't understand them.


    Edit,
    I sent the file (jaucheck.exe) to Symantec.
     
    Last edited: Jan 26, 2010
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas
  12. Percival

    Percival Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    47
  13. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    I had to install Java today. None of those files are in my Java folder except the jusched.exe
     
  14. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    The file is certainly not malicious. As the internal name implies (Java Update Client Checker), I would imagine it is an update checker for clients on a network. The offline installer itself contains an .msi installer [checked that in v18] as a mean for centralized distrubution method in Active Directory environments. See here.
    The only other place where I saw jaucheck mentioned is here.

    Of course, this is all me guessing.
     
  15. Percival

    Percival Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    47
    So you and I didn't install the same?


    Thanks for the info.

    -----------------------------------------

    I have received answer from Symantec Security Response automation.

    My note:
    The Java updater is supposed to be jucheck.exe not jaucheck.exe. I uninstalled Java and manually deleted all Java and Sun folders. Then I downloaded Java again and jaucheck.exe is back in the Java folder.

    Symantec's note:
    jaucheck.exe - Our automation was unable to identify any malicious content in this submission.
    The file will be stored for further human analysis.



    The file was investigated by a "robot" - possibly NAV. I have no choice but to trust the robot.
     
  16. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    I lied. I was premature. I found the file and it was installed with Java. Its clean as long as its in the right folder.
     
  17. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Let's drop anti-malware scanners for a moment and assume the file is 100% clean.
    I have the file (jaucheck.exe), as well as others who have JRE installed. But it does not run on my system, neither when I start Java cpl applet, nor when I try to update it. Why does it need to run on your system?
    fwiw, my auto-updates are manual and QuickStart service (whatever the name was) is disabled.
     
    Last edited: Jan 29, 2010
  18. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    its a normal file and is clean its part of the update checker as already stated. dont worry about it. i delete the entry from start up anyway since i dont like things calling out to update on startup anyway.
     
  19. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    zfactor,

    does the file run on your system when you run Java or try to update it? If so, does it try to connect out?
     
  20. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    ill check for you and let you know
     
  21. reactivate

    reactivate Registered Member

    Joined:
    Feb 1, 2010
    Posts:
    1
    That would explain why my Norton 360 statistical submission identified it as a possible Trojan Horse. My firewall has now created a rule for this file which appears to be an update checker for the version of Java you have installed. It seems it came with the latest update SE 6 U18. Norton 360 shows communication allowed Outbound TCP www-http. I manually updated the Java update as direct install failed, rather strangely when I tried to install manually it failed again, but on reboot it showed as installed.
     
  22. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    yes when java first runs it does try to call out to update. i have removed the startup procc for when the system starts though so it doesnt do it when it boots
     
  23. Percival

    Percival Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    47
    jaucheck.exe is not running now, I'm not sure when it ran last time, but I have not noticed it for a long time now. jucheck.exe is running. I have jucheck.exe on delayed auto startup (by using WinPatrol).

    I have Java set to check for updates every Sunday at 03 am (if my pc happens to be on at that time...).

    I just tried to update manually. I click the Java uptade button in the Java control panel and nothing happens! o_O
    I checked the Norton firewall and the updater is not blocked. And I found nothing in the Norton log files. I don't understand this.

    By the way, what means fwiw?
     
  24. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    personally i delete the java at startup as long as you are willing to check once in a while for updates is does NOT need to even be there, you can use ccleaner or something like jv16 and simply delete it from startup.

    fwiw = for what its worth as far as i always knew
     
Loading...
Thread Status:
Not open for further replies.