New
#1
Trojan Virus = Java errors??
A few weeks ago MSE picked up 3 instances of "Trojan:JS/Redirector.EV"
Explanation - Encyclopedia entry: Trojan:JS/Redirector.EV - Learn more about malware - Microsoft Malware Protection Center
It just occured to me NOW that I have an error at some point every day that reads:
Do you think I'm getting this error becuz of this Trojan? It deleted the trojan twice, but allowed it once. I have scanned my system like crazy with MSE, Malware bytes and ESET online scanner 3 or 4 times and nothing shows up. I thought it was gone, but now I wonder becuz of these error messages saved to my desktop.Code:# # A fatal error has been detected by the Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0xcccccccc, pid=4284, tid=1660 # # JRE version: 6.0_29-b11 # Java VM: Java HotSpot(TM) Client VM (20.4-b02 mixed mode, sharing windows-x86 ) # Problematic frame: # C 0xcccccccc # # If you would like to submit a bug report, please visit: # HotSpot Virtual Machine Error Reporting Page # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # --------------- T H R E A D --------------- Current thread (0x054f8400): JavaThread "AWT-Windows" daemon [_thread_in_native, id=1660, stack(0x02740000,0x02840000)] siginfo: ExceptionCode=0xc0000005, reading address 0xcccccccc Registers: EAX=0x6d0c013a, EBX=0x00000001, ECX=0x05557110, EDX=0x00000004 ESP=0x0283faa0, EBP=0x0283facc, ESI=0x054f8528, EDI=0x05557110 EIP=0xcccccccc, EFLAGS=0x00210293 Top of Stack: (sp=0x0283faa0) 0x0283faa0: 6d09ccc0 00000000 6d09c780 00000000 0x0283fab0: 0283fb48 00000000 054f8528 0283faa4 0x0283fac0: 0283fb60 6d0c0628 00000001 0283faf8 0x0283fad0: 75fa62fa 00080662 0000981a 05557110 0x0283fae0: 00000000 6d09c780 dcbaabcd 00000000 0x0283faf0: 00000000 6d09c780 0283fb70 75fa6d3a 0x0283fb00: 6d09c780 00080662 0000981a 05557110 0x0283fb10: 00000000 c0f7ab24 0283fc04 0283fbfc Instructions: (pc=0xcccccccc) 0xccccccac: [error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005] Register to memory mapping: EAX=0x6d0c013a is an unknown value EBX=0x00000001 is an unknown value ECX=0x05557110 is an unknown value EDX=0x00000004 is an unknown value ESP=0x0283faa0 is pointing into the stack for thread: 0x054f8400 EBP=0x0283facc is pointing into the stack for thread: 0x054f8400 ESI=0x054f8528 is an unknown value EDI=0x05557110 is an unknown value Stack: [0x02740000,0x02840000], sp=0x0283faa0, free space=1022k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) C 0xcccccccc C [USER32.dll+0x162fa] gapfnScSendMessage+0x332 C [USER32.dll+0x16d3a] GetThreadDesktop+0xd7 C [USER32.dll+0x177c4] CharPrevW+0x138 C [USER32.dll+0x1788a] DispatchMessageW+0xf Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) j sun.awt.windows.WToolkit.eventLoop()V+0 j sun.awt.windows.WToolkit.run()V+52 v ~StubRoutines::call_stub --------------- P R O C E S S --------------- Java Threads: ( => current thread ) 0x0acfc000 JavaThread "TickTimer" daemon [_thread_blocked, id=352, stack(0x0b860000,0x0b8b0000)] 0x08a7f000 JavaThread "ITimer" daemon [_thread_blocked, id=5236, stack(0x0a3f0000,0x0a440000)] 0x08a83000 JavaThread "ScrollBar" daemon [_thread_blocked, id=5716, stack(0x0b570000,0x0b5c0000)] 0x08a82800 JavaThread "TextField" daemon [_thread_blocked, id=5160, stack(0x0b4e0000,0x0b530000)] 0x08a82000 JavaThread "ScrollBar" daemon [_thread_blocked, id=5152, stack(0x0b450000,0x0b4a0000)] 0x08a81c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=4760, stack(0x0b3c0000,0x0b410000)] 0x08a81400 JavaThread "ScrollBar" daemon [_thread_blocked, id=5900, stack(0x0b330000,0x0b380000)] 0x08a81000 JavaThread "ScrollBar" daemon [_thread_blocked, id=2316, stack(0x0b2a0000,0x0b2f0000)] 0x08a80800 JavaThread "ScrollBar" daemon [_thread_blocked, id=4508, stack(0x0b210000,0x0b260000)] 0x08a80400 JavaThread "TickTimer" daemon [_thread_blocked, id=3872, stack(0x0b180000,0x0b1d0000)] 0x08a7fc00 JavaThread "ScrollBar" daemon [_thread_blocked, id=3024, stack(0x0a360000,0x0a3b0000)] 0x08a7e800 JavaThread "BadgeStorage" daemon [_thread_blocked, id=5980, stack(0x083a0000,0x083f0000)] 0x08a7dc00 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=5148, stack(0x0a090000,0x0a0e0000)] 0x08a7d800 JavaThread "Direct Clip" daemon [_thread_blocked, id=5680, stack(0x0a000000,0x0a050000)] 0x0550b800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=2632, stack(0x09740000,0x09790000)] 0x05509000 JavaThread "thread applet-com.pogo.game.client2.color.ColorApplet-5" [_thread_blocked, id=5296, stack(0x08160000,0x081b0000)] 0x05509800 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-4" [_thread_blocked, id=5796, stack(0x07f20000,0x07f70000)] 0x05505800 JavaThread "thread applet-com.pogo.game.client2.shell.ShellApplet-3" [_thread_blocked, id=5204, stack(0x07890000,0x078e0000)] 0x05509c00 JavaThread "AWT-EventQueue-4" [_thread_in_native, id=5188, stack(0x081f0000,0x08240000)] 0x05506400 JavaThread "AWT-Shutdown" [_thread_blocked, id=5256, stack(0x07210000,0x07260000)] 0x05506c00 JavaThread "Applet 4 LiveConnect Worker Thread" [_thread_blocked, id=5492, stack(0x07e00000,0x07e50000)] 0x05508400 JavaThread "Applet 3 LiveConnect Worker Thread" [_thread_blocked, id=5664, stack(0x07430000,0x07480000)] 0x05507000 JavaThread "JVM[id=0]-Heartbeat" daemon [_thread_blocked, id=5696, stack(0x07e90000,0x07ee0000)] 0x05506000 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=5584, stack(0x07d20000,0x07d70000)] 0x05505400 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=5604, stack(0x07770000,0x077c0000)] 0x05504c00 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=5612, stack(0x076e0000,0x07730000)] 0x05501400 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=5600, stack(0x07650000,0x076a0000)] 0x054ab800 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=5348, stack(0x056a0000,0x056f0000)] =>0x054f8400 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1660, stack(0x02740000,0x02840000)] 0x054f5400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=5628, stack(0x07180000,0x071d0000)] 0x0265f400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=5444, stack(0x05730000,0x05780000)] 0x054ab400 JavaThread "Timer-0" [_thread_blocked, id=6084, stack(0x053b0000,0x05400000)] 0x02627400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=6028, stack(0x05170000,0x051c0000)] 0x025ef000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=5732, stack(0x04f00000,0x04f50000)] 0x025e8400 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=2540, stack(0x04e70000,0x04ec0000)] 0x025e7400 JavaThread "Attach Listener" daemon [_thread_blocked, id=5580, stack(0x04de0000,0x04e30000)] 0x025e6800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5292, stack(0x04d50000,0x04da0000)] 0x025dc400 JavaThread "Finalizer" daemon [_thread_blocked, id=5420, stack(0x02a40000,0x02a90000)] 0x025db000 JavaThread "Reference Handler" daemon [_thread_blocked, id=6100, stack(0x02940000,0x02990000)] 0x0273ac00 JavaThread "main" [_thread_blocked, id=6064, stack(0x005c0000,0x00610000)] Other Threads: 0x0259e400 VMThread [stack: 0x02660000,0x026b0000] [id=4772] 0x025f0800 WatcherThread [stack: 0x04f90000,0x04fe0000] [id=2628] VM state:not at safepoint (normal execution) VM Mutex/Monitor currently owned by a thread: None Heap def new generation total 39296K, used 3051K [0x2c550000, 0x2eff0000, 0x2eff0000) eden space 34944K, 7% used [0x2c550000, 0x2c7e5288, 0x2e770000) from space 4352K, 9% used [0x2e770000, 0x2e7d5c68, 0x2ebb0000) to space 4352K, 0% used [0x2ebb0000, 0x2ebb0000, 0x2eff0000) tenured generation total 87424K, used 80361K [0x2eff0000, 0x34550000, 0x34550000) the space 87424K, 91% used [0x2eff0000, 0x33e6a448, 0x33e6a600, 0x34550000) compacting perm gen total 12288K, used 5322K [0x34550000, 0x35150000, 0x38550000) the space 12288K, 43% used [0x34550000, 0x34a82b20, 0x34a82c00, 0x35150000) ro space 10240K, 51% used [0x38550000, 0x38a7d0b8, 0x38a7d200, 0x38f50000) rw space 12288K, 54% used [0x38f50000, 0x395e9570, 0x395e9600, 0x39b50000) Code Cache [0x02ae0000, 0x02ed0000, 0x04ae0000) total_blobs=2059 nmethods=1815 adapters=178 free_code_cache=29452608 largest_free_block=256 Dynamic libraries: 0x00400000 - 0x00424000 C:\Program Files (x86)\Java\jre6\bin\java.exe 0x76fb0000 - 0x77130000 C:\Windows\SysWOW64\ntdll.dll 0x764f0000 - 0x76600000 C:\Windows\syswow64\kernel32.dll 0x75a60000 - 0x75aa6000 C:\Windows\syswow64\KERNELBASE.dll 0x76250000 - 0x762f0000 C:\Windows\syswow64\ADVAPI32.dll 0x756f0000 - 0x7579c000 C:\Windows\syswow64\msvcrt.dll 0x754a0000 - 0x754b9000 C:\Windows\SysWOW64\sechost.dll 0x76600000 - 0x766f0000 C:\Windows\syswow64\RPCRT4.dll 0x746a0000 - 0x74700000 C:\Windows\syswow64\SspiCli.dll 0x74690000 - 0x7469c000 C:\Windows\syswow64\CRYPTBASE.dll 0x72a30000 - 0x72a7c000 C:\Windows\system32\apphelp.dll 0x6dec0000 - 0x6df4d000 C:\Windows\AppPatch\AcLayers.DLL 0x75f90000 - 0x76090000 C:\Windows\syswow64\USER32.dll 0x757a0000 - 0x75830000 C:\Windows\syswow64\GDI32.dll 0x75cd0000 - 0x75cda000 C:\Windows\syswow64\LPK.dll 0x75ef0000 - 0x75f8d000 C:\Windows\syswow64\USP10.dll 0x747c0000 - 0x7540a000 C:\Windows\syswow64\SHELL32.dll 0x76490000 - 0x764e7000 C:\Windows\syswow64\SHLWAPI.dll 0x754c0000 - 0x7561c000 C:\Windows\syswow64\ole32.dll 0x75410000 - 0x7549f000 C:\Windows\syswow64\OLEAUT32.dll 0x73090000 - 0x730a7000 C:\Windows\system32\USERENV.dll 0x72d10000 - 0x72d1b000 C:\Windows\system32\profapi.dll 0x72d30000 - 0x72d81000 C:\Windows\system32\WINSPOOL.DRV 0x6dea0000 - 0x6deb2000 C:\Windows\system32\MPR.dll 0x75ab0000 - 0x75b10000 C:\Windows\system32\IMM32.DLL 0x75620000 - 0x756ec000 C:\Windows\syswow64\MSCTF.dll 0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll 0x6d7f0000 - 0x6da9f000 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll 0x72880000 - 0x728b2000 C:\Windows\system32\WINMM.dll 0x6d7a0000 - 0x6d7ac000 C:\Program Files (x86)\Java\jre6\bin\verify.dll 0x6d320000 - 0x6d33f000 C:\Program Files (x86)\Java\jre6\bin\java.dll 0x6d000000 - 0x6d14c000 C:\Program Files (x86)\Java\jre6\bin\awt.dll 0x72610000 - 0x727ae000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll 0x723e0000 - 0x72460000 C:\Windows\system32\uxtheme.dll 0x6d7e0000 - 0x6d7ef000 C:\Program Files (x86)\Java\jre6\bin\zip.dll 0x71b90000 - 0x71d53000 C:\Windows\system32\d3d9.dll 0x72460000 - 0x72469000 C:\Windows\system32\VERSION.dll 0x73080000 - 0x73086000 C:\Windows\system32\d3d8thk.dll 0x72a10000 - 0x72a23000 C:\Windows\system32\dwmapi.dll 0x73740000 - 0x737f9000 C:\Windows\system32\aticfx32.dll 0x73070000 - 0x7307b000 C:\Windows\system32\atiu9pag.dll 0x6e6a0000 - 0x6eabf000 C:\Windows\system32\atiumdag.dll 0x6ead0000 - 0x6eed4000 C:\Windows\system32\atiumdva.dll 0x6d420000 - 0x6d426000 C:\Program Files (x86)\Java\jre6\bin\jp2native.dll 0x6d1d0000 - 0x6d1e3000 C:\Program Files (x86)\Java\jre6\bin\deploy.dll 0x75850000 - 0x7596d000 C:\Windows\syswow64\CRYPT32.dll 0x75830000 - 0x7583c000 C:\Windows\syswow64\MSASN1.dll 0x75b10000 - 0x75c2a000 C:\Windows\syswow64\WININET.dll 0x76f80000 - 0x76f83000 C:\Windows\syswow64\Normaliz.dll 0x76090000 - 0x76248000 C:\Windows\syswow64\iertutil.dll 0x75d70000 - 0x75e80000 C:\Windows\syswow64\urlmon.dll 0x6d6a0000 - 0x6d6e6000 C:\Program Files (x86)\Java\jre6\bin\regutils.dll 0x6d600000 - 0x6d613000 C:\Program Files (x86)\Java\jre6\bin\net.dll 0x75970000 - 0x759a5000 C:\Windows\syswow64\WS2_32.dll 0x75840000 - 0x75846000 C:\Windows\syswow64\NSI.dll 0x74170000 - 0x741ac000 C:\Windows\system32\mswsock.dll 0x74150000 - 0x74156000 C:\Windows\System32\wship6.dll 0x6d620000 - 0x6d629000 C:\Program Files (x86)\Java\jre6\bin\nio.dll 0x74380000 - 0x74388000 C:\Windows\system32\Secur32.dll 0x742f0000 - 0x74334000 C:\Windows\system32\dnsapi.DLL 0x74240000 - 0x7425c000 C:\Windows\system32\iphlpapi.DLL 0x74230000 - 0x74237000 C:\Windows\system32\WINNSI.DLL 0x6d230000 - 0x6d27f000 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll 0x74160000 - 0x74165000 C:\Windows\System32\wshtcpip.dll 0x74120000 - 0x74147000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL 0x75eb0000 - 0x75eb5000 C:\Windows\syswow64\PSAPI.DLL 0x74020000 - 0x74026000 C:\Windows\system32\rasadhlp.dll 0x73fa0000 - 0x73fd8000 C:\Windows\System32\fwpuclnt.dll 0x6d510000 - 0x6d535000 C:\Program Files (x86)\Java\jre6\bin\jsound.dll 0x6d540000 - 0x6d548000 C:\Program Files (x86)\Java\jre6\bin\jsoundds.dll 0x72800000 - 0x72872000 C:\Windows\system32\DSOUND.dll 0x727d0000 - 0x727f5000 C:\Windows\system32\POWRPROF.dll 0x762f0000 - 0x7648d000 C:\Windows\syswow64\SETUPAPI.dll 0x75e80000 - 0x75ea7000 C:\Windows\syswow64\CFGMGR32.dll 0x75cb0000 - 0x75cc2000 C:\Windows\syswow64\DEVOBJ.dll 0x72590000 - 0x725c9000 C:\Windows\system32\MMDevAPI.DLL 0x71930000 - 0x71a25000 C:\Windows\system32\PROPSYS.dll 0x71a90000 - 0x71ac0000 C:\Windows\system32\wdmaud.drv 0x727b0000 - 0x727b4000 C:\Windows\system32\ksuser.dll 0x72600000 - 0x72607000 C:\Windows\system32\AVRT.dll 0x71a50000 - 0x71a86000 C:\Windows\system32\AUDIOSES.DLL 0x72580000 - 0x72588000 C:\Windows\system32\msacm32.drv 0x724e0000 - 0x724f4000 C:\Windows\system32\MSACM32.dll 0x72570000 - 0x72577000 C:\Windows\system32\midimap.dll 0x75ce0000 - 0x75d63000 C:\Windows\syswow64\CLBCatQ.DLL 0x6d440000 - 0x6d465000 C:\Program Files (x86)\Java\jre6\bin\jpeg.dll 0x71b70000 - 0x71b86000 C:\Windows\system32\CRYPTSP.dll 0x71b30000 - 0x71b6b000 C:\Windows\system32\rsaenh.dll 0x741c0000 - 0x741d0000 C:\Windows\system32\NLAapi.dll 0x6df80000 - 0x6df90000 C:\Windows\system32\napinsp.dll 0x6df60000 - 0x6df72000 C:\Windows\system32\pnrpnsp.dll 0x6df50000 - 0x6df58000 C:\Windows\System32\winrnr.dll VM Arguments: jvm_args: -D__jvm_launched=27024890823 -Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar -Dsun.awt.warmup=true -Xmx128m -Dsun.plugin2.jvm.args=-D__jvm_launched=27024890823 "-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes" -Dsun.awt.warmup=true --- -- -Xmx128m java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid4656_pipe3,read_pipe_name=jpi2_pid4656_pipe2 Launcher Type: SUN_STANDARD Environment Variables: PATH=C:\Program Files (x86)\Internet Explorer;;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\ USERNAME=Leah OS=Windows_NT PROCESSOR_IDENTIFIER=AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD --------------- S Y S T E M --------------- OS: Windows 7 , 64 bit Build 7601 Service Pack 1 CPU:total 4 (4 cores per cpu, 1 threads per core) family 16 model 4 stepping 3, cmov, cx8, fxsr, mmx, sse, sse2, sse3, popcnt, mmxext, 3dnow, 3dnowext, lzcnt, sse4a Memory: 4k page, physical 8387700k(6038552k free), swap 16773552k(14392164k free) vm_info: Java HotSpot(TM) Client VM (20.4-b02) for windows-x86 JRE (1.6.0_29-b11), built on Oct 3 2011 01:01:08 by "java_re" with MS VC++ 7.1 (VS2003) time: Fri Nov 18 07:32:30 2011 elapsed time: 981 seconds --------------------------------------------------------------------------
The trojan that was allowed, I can't find the path that leads to where it is to manually delete anything fishy.
Thanks
Quote