Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Rootkit attempts though java update. Requesting patching help.

14 Apr 2012   #11
vpwin7

Windows 7 Home Premium x64
 
 

It's Java launching from the installed location. In the files it attempts to download contains the rookit. I don't know the literal name of it, but it's the one that puts the ZeroAccess malware on your computer. There's not much point in scanning, I know my system is clean at the moment. I think it was exploiting a vulnerability in an older Java version.


My System SpecsSystem Spec
.
14 Apr 2012   #12
Roderunner

Win7 H.Prem. 32bit+SP1
 
 

Quote   Quote: Originally Posted by vpwin7 View Post
Quote   Quote: Originally Posted by Roderunner View Post
I use this instead of the normal Java. Never had any trouble. Attachment 207080
Additionally, all scanners come clean. I only get alerts if I were to accept the Java update. I'm looking mostly for preventative measures. But since you suggest manually updating Java, I probably already chose the right path.
Its not advisable to use 2 different Java programs.
My System SpecsSystem Spec
16 Apr 2012   #13
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

The fact that you keep getting these pop up messages indicates a good possibility that something on your system has been compromised and is still attempting to get you to d/l a malicious software package.

It might be advisable to clean out all your older versions of Java.

Quote:
JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).

Usually older versions of programs are removed during the install of new versions but Sun (the owner of Java) has somehow decided not to do this. The result is that a number of different versions of the JRE may exist on your computer. These older versions potentially pose a threat to your sense of security due to the possible vulnerabilities or security holes that may exist in them.
JavaRa | Free System Administration software downloads at SourceForge.net
My System SpecsSystem Spec
.

20 Apr 2012   #14
Athene

 

In order to help the original poster, the specific name and type of the rootkit infection would help greatly in order to clean up the infection. I am dropping Corrine a line via PM - Corrine is one of our anti-malware experts on this forum and has cleaned up more computers (including mine) than I can imagine ;-)
vpwin7: in the meantime, by all means do not use your computer for bank transactions, exchange of personal/confidential data or the like, and do not attempt to remove the malware on your own. You will need expert hands to guide you through this.
My System SpecsSystem Spec
20 Apr 2012   #15
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Thank you, Athene.

Quote   Quote: Originally Posted by Borg 386 View Post
The fact that you keep getting these pop up messages indicates a good possibility that something on your system has been compromised and is still attempting to get you to d/l a malicious software package.

It might be advisable to clean out all your older versions of Java.

Quote:
JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).

Usually older versions of programs are removed during the install of new versions but Sun (the owner of Java) has somehow decided not to do this. The result is that a number of different versions of the JRE may exist on your computer. These older versions potentially pose a threat to your sense of security due to the possible vulnerabilities or security holes that may exist in them.
JavaRa | Free System Administration software downloads at SourceForge.net
FYI: Since SourceForce.net is still referencing RaProducts, I suggest going to the source for JavaRa. JavaRa | SingularLabs

Download links: Download JavaRa | SingularLabs

BTW, Fred deVries is still working on JavaRa, blog post about latest beta: Freš še Vries: [Released] JavaRa 2.0 Beta3

Quote   Quote: Originally Posted by vpwin7 View Post
Quote   Quote: Originally Posted by Roderunner View Post
I use this instead of the normal Java. Never had any trouble. Attachment 207080
That is actually what I did awhile ago and I continued to get false update notices. I didn't uninstall other Java entries though since I figured it would overwrite them. After finding an older version of Java today in my control panel I uninstalled it; the fact that it was there seemed a little odd to me.

I haven't had any update pops lately but it only occurs every once in awhile and they're never legitimate.

Additionally, all scanners come clean. I only get alerts if I were to accept the Java update. I'm looking mostly for preventative measures. But since you suggest manually updating Java, I probably already chose the right path.
Hi, vpwin7.

Uninstalling old versions is important and, since you updated to Version 7, I suspect that the previous version was left behind. For some reason, the update to 7 does not remove JRE6.

Running JavaRa, as suggested by Borg 386 is an excellent idea. Generally, the "complaints" about Java are from the Java cache. If you haven't run JavaRa, I suggest you follow that advice.

If you use Firefox, it may also be necessary to remove the old Java Consoles. Make sure you already have the most recent version of Java Runtime Environment (JRE) using JavaRa.

Go to C:\Program Files > Mozilla Firefox > extensions. Delete the folders "{CAFEEFAC-0016-0000-xxxx-ABCDEFFEDCBA}", where xxxx is the number of the JRE-version. Keep the highest number as this is the latest version.

Next, download TFC by Old Timer from here (direct download): http://www.itxassociates.com/OT-Tools/TFC.exe
  • First, save any files as TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

More info:
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
-- TFC only cleans temp folders.
-- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

After restarting your computer, update MSE and do a full system scan. Let me know if MSE finds anything or if you get any additional pop-ups.
My System SpecsSystem Spec
Reply

 Rootkit attempts though java update. Requesting patching help.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Multiple failed Windows Update attempts, error 8024200D file KB2836502
Hello all! This is my first post to this forum and, I must say, after perusing a few posts I'm excited to post my question. It looks like this is a great community. I recently reformatted my computer due to intermittent crashes during resource intensive application sessions. The crashes have...
Windows Updates & Activation
Computer attempts the same update on every shutdown
Hi, For the last months i have been having this problem when shutting down the system. It says i have an update and it attempts to update while taking quite a while it seems to complete and then the system goes off. However, next time i shut the computer down i have the same update which is...
Windows Updates & Activation
Where is the Java Update tab in the Java Control Panel?
I've been doing some reading about Java and how it relates to system security and vulnerability. Been thinking about removing it altogether, but not ready to do that just yet. I would at least like to make sure my Java is set to check for updates every day. However the Update tab is missing from...
Software
Java Update-Now I get a security warning for programs that run java
Updated Java to v7 Update 11, websites that use java are coming up with a security warning asking if I want to run this application? It says: An application from the location below is requesting permission to run. Location: www.time.gov/.../java Then I have to click "Run" so the program will...
General Discussion
Endless Update Attempts On PC Shutdown
Hello, Every time I shut down the PC, Windows 7 tries to install 9 updates. Next day, when I shut down again, I find it is again trying to install 9 updates. It keeps doing this over and over, forever. Yesterday, the number went up to 11. It looks like something causes the update procedure to...
Windows Updates & Activation


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 00:16.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App