Rootkit attempts though java update. Requesting patching help.

Page 2 of 2 FirstFirst 12

  1. Posts : 122
    Windows 7 Home Premium x64
    Thread Starter
       #11

    It's Java launching from the installed location. In the files it attempts to download contains the rookit. I don't know the literal name of it, but it's the one that puts the ZeroAccess malware on your computer. There's not much point in scanning, I know my system is clean at the moment. I think it was exploiting a vulnerability in an older Java version.
      My Computer


  2. Posts : 2,362
    Win7 H.Prem. 32bit+SP1
       #12

    vpwin7 said:
    Roderunner said:
    I use this instead of the normal Java. Never had any trouble. Attachment 207080
    Additionally, all scanners come clean. I only get alerts if I were to accept the Java update. I'm looking mostly for preventative measures. But since you suggest manually updating Java, I probably already chose the right path.
    Its not advisable to use 2 different Java programs.
      My Computer


  3. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #13

    The fact that you keep getting these pop up messages indicates a good possibility that something on your system has been compromised and is still attempting to get you to d/l a malicious software package.

    It might be advisable to clean out all your older versions of Java.

    JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).

    Usually older versions of programs are removed during the install of new versions but Sun (the owner of Java) has somehow decided not to do this. The result is that a number of different versions of the JRE may exist on your computer. These older versions potentially pose a threat to your sense of security due to the possible vulnerabilities or security holes that may exist in them.
    JavaRa | Free System Administration software downloads at SourceForge.net
      My Computer


  4. Posts : 2,523
    -
       #14

    In order to help the original poster, the specific name and type of the rootkit infection would help greatly in order to clean up the infection. I am dropping Corrine a line via PM - Corrine is one of our anti-malware experts on this forum and has cleaned up more computers (including mine) than I can imagine ;-)
    vpwin7: in the meantime, by all means do not use your computer for bank transactions, exchange of personal/confidential data or the like, and do not attempt to remove the malware on your own. You will need expert hands to guide you through this.
      My Computer


  5. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #15

    Thank you, Athene.

    Borg 386 said:
    The fact that you keep getting these pop up messages indicates a good possibility that something on your system has been compromised and is still attempting to get you to d/l a malicious software package.

    It might be advisable to clean out all your older versions of Java.

    JavaRa is a simple tool that does a simple job: it removes old and redundant versions of the Java Runtime Environment (JRE).

    Usually older versions of programs are removed during the install of new versions but Sun (the owner of Java) has somehow decided not to do this. The result is that a number of different versions of the JRE may exist on your computer. These older versions potentially pose a threat to your sense of security due to the possible vulnerabilities or security holes that may exist in them.
    JavaRa | Free System Administration software downloads at SourceForge.net
    FYI: Since SourceForce.net is still referencing RaProducts, I suggest going to the source for JavaRa. JavaRa | SingularLabs

    Download links: Download JavaRa | SingularLabs

    BTW, Fred deVries is still working on JavaRa, blog post about latest beta: Freš še Vries: [Released] JavaRa 2.0 Beta3

    vpwin7 said:
    Roderunner said:
    I use this instead of the normal Java. Never had any trouble. Attachment 207080
    That is actually what I did awhile ago and I continued to get false update notices. I didn't uninstall other Java entries though since I figured it would overwrite them. After finding an older version of Java today in my control panel I uninstalled it; the fact that it was there seemed a little odd to me.

    I haven't had any update pops lately but it only occurs every once in awhile and they're never legitimate.

    Additionally, all scanners come clean. I only get alerts if I were to accept the Java update. I'm looking mostly for preventative measures. But since you suggest manually updating Java, I probably already chose the right path.
    Hi, vpwin7.

    Uninstalling old versions is important and, since you updated to Version 7, I suspect that the previous version was left behind. For some reason, the update to 7 does not remove JRE6.

    Running JavaRa, as suggested by Borg 386 is an excellent idea. Generally, the "complaints" about Java are from the Java cache. If you haven't run JavaRa, I suggest you follow that advice.

    If you use Firefox, it may also be necessary to remove the old Java Consoles. Make sure you already have the most recent version of Java Runtime Environment (JRE) using JavaRa.

    Go to C:\Program Files > Mozilla Firefox > extensions. Delete the folders "{CAFEEFAC-0016-0000-xxxx-ABCDEFFEDCBA}", where xxxx is the number of the JRE-version. Keep the highest number as this is the latest version.

    Next, download TFC by Old Timer from here (direct download): http://www.itxassociates.com/OT-Tools/TFC.exe

    • First, save any files as TFC will close ALL open programs including your browser!
    • Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
    • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
    • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


    More info:
    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

    Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
    -- TFC only cleans temp folders.
    -- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

    TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

    After restarting your computer, update MSE and do a full system scan. Let me know if MSE finds anything or if you get any additional pop-ups.
      My Computer


 
Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:32.
Find Us