Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Trojan Virus = Java errors??

19 Nov 2011   #1

Windows 7 Professional 64 bit
Trojan Virus = Java errors??

A few weeks ago MSE picked up 3 instances of "Trojan:JS/Redirector.EV"

Explanation - Encyclopedia entry: Trojan:JS/Redirector.EV - Learn more about malware - Microsoft Malware Protection Center

It just occured to me NOW that I have an error at some point every day that reads:

# A fatal error has been detected by the Java Runtime Environment:
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0xcccccccc, pid=4284, tid=1660
# JRE version: 6.0_29-b11
# Java VM: Java HotSpot(TM) Client VM (20.4-b02 mixed mode, sharing windows-x86 )
# Problematic frame:
# C 0xcccccccc
# If you would like to submit a bug report, please visit:
# HotSpot Virtual Machine Error Reporting Page
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
--------------- T H R E A D ---------------
Current thread (0x054f8400): JavaThread "AWT-Windows" daemon [_thread_in_native, id=1660, stack(0x02740000,0x02840000)]
siginfo: ExceptionCode=0xc0000005, reading address 0xcccccccc
EAX=0x6d0c013a, EBX=0x00000001, ECX=0x05557110, EDX=0x00000004
ESP=0x0283faa0, EBP=0x0283facc, ESI=0x054f8528, EDI=0x05557110
EIP=0xcccccccc, EFLAGS=0x00210293
Top of Stack: (sp=0x0283faa0)
0x0283faa0: 6d09ccc0 00000000 6d09c780 00000000
0x0283fab0: 0283fb48 00000000 054f8528 0283faa4
0x0283fac0: 0283fb60 6d0c0628 00000001 0283faf8
0x0283fad0: 75fa62fa 00080662 0000981a 05557110
0x0283fae0: 00000000 6d09c780 dcbaabcd 00000000
0x0283faf0: 00000000 6d09c780 0283fb70 75fa6d3a
0x0283fb00: 6d09c780 00080662 0000981a 05557110
0x0283fb10: 00000000 c0f7ab24 0283fc04 0283fbfc 
Instructions: (pc=0xcccccccc)
[error occurred during error reporting (printing registers, top of stack, instructions near pc), id 0xc0000005]
Register to memory mapping:
EAX=0x6d0c013a is an unknown value
EBX=0x00000001 is an unknown value
ECX=0x05557110 is an unknown value
EDX=0x00000004 is an unknown value
ESP=0x0283faa0 is pointing into the stack for thread: 0x054f8400
EBP=0x0283facc is pointing into the stack for thread: 0x054f8400
ESI=0x054f8528 is an unknown value
EDI=0x05557110 is an unknown value
Stack: [0x02740000,0x02840000], sp=0x0283faa0, free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0xcccccccc
C [USER32.dll+0x162fa] gapfnScSendMessage+0x332
C [USER32.dll+0x16d3a] GetThreadDesktop+0xd7
C [USER32.dll+0x177c4] CharPrevW+0x138
C [USER32.dll+0x1788a] DispatchMessageW+0xf
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
v ~StubRoutines::call_stub
--------------- P R O C E S S ---------------
Java Threads: ( => current thread )
0x0acfc000 JavaThread "TickTimer" daemon [_thread_blocked, id=352, stack(0x0b860000,0x0b8b0000)]
0x08a7f000 JavaThread "ITimer" daemon [_thread_blocked, id=5236, stack(0x0a3f0000,0x0a440000)]
0x08a83000 JavaThread "ScrollBar" daemon [_thread_blocked, id=5716, stack(0x0b570000,0x0b5c0000)]
0x08a82800 JavaThread "TextField" daemon [_thread_blocked, id=5160, stack(0x0b4e0000,0x0b530000)]
0x08a82000 JavaThread "ScrollBar" daemon [_thread_blocked, id=5152, stack(0x0b450000,0x0b4a0000)]
0x08a81c00 JavaThread "ScrollBar" daemon [_thread_blocked, id=4760, stack(0x0b3c0000,0x0b410000)]
0x08a81400 JavaThread "ScrollBar" daemon [_thread_blocked, id=5900, stack(0x0b330000,0x0b380000)]
0x08a81000 JavaThread "ScrollBar" daemon [_thread_blocked, id=2316, stack(0x0b2a0000,0x0b2f0000)]
0x08a80800 JavaThread "ScrollBar" daemon [_thread_blocked, id=4508, stack(0x0b210000,0x0b260000)]
0x08a80400 JavaThread "TickTimer" daemon [_thread_blocked, id=3872, stack(0x0b180000,0x0b1d0000)]
0x08a7fc00 JavaThread "ScrollBar" daemon [_thread_blocked, id=3024, stack(0x0a360000,0x0a3b0000)]
0x08a7e800 JavaThread "BadgeStorage" daemon [_thread_blocked, id=5980, stack(0x083a0000,0x083f0000)]
0x08a7dc00 JavaThread "AsynchRasterManager.avatar" daemon [_thread_blocked, id=5148, stack(0x0a090000,0x0a0e0000)]
0x08a7d800 JavaThread "Direct Clip" daemon [_thread_blocked, id=5680, stack(0x0a000000,0x0a050000)]
0x0550b800 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=2632, stack(0x09740000,0x09790000)]
0x05509000 JavaThread "thread" [_thread_blocked, id=5296, stack(0x08160000,0x081b0000)]
0x05509800 JavaThread "thread" [_thread_blocked, id=5796, stack(0x07f20000,0x07f70000)]
0x05505800 JavaThread "thread" [_thread_blocked, id=5204, stack(0x07890000,0x078e0000)]
0x05509c00 JavaThread "AWT-EventQueue-4" [_thread_in_native, id=5188, stack(0x081f0000,0x08240000)]
0x05506400 JavaThread "AWT-Shutdown" [_thread_blocked, id=5256, stack(0x07210000,0x07260000)]
0x05506c00 JavaThread "Applet 4 LiveConnect Worker Thread" [_thread_blocked, id=5492, stack(0x07e00000,0x07e50000)]
0x05508400 JavaThread "Applet 3 LiveConnect Worker Thread" [_thread_blocked, id=5664, stack(0x07430000,0x07480000)]
0x05507000 JavaThread "JVM[id=0]-Heartbeat" daemon [_thread_blocked, id=5696, stack(0x07e90000,0x07ee0000)]
0x05506000 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=5584, stack(0x07d20000,0x07d70000)]
0x05505400 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=5604, stack(0x07770000,0x077c0000)]
0x05504c00 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=5612, stack(0x076e0000,0x07730000)]
0x05501400 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=5600, stack(0x07650000,0x076a0000)]
0x054ab800 JavaThread "SysExecutionTheadCreator" daemon [_thread_blocked, id=5348, stack(0x056a0000,0x056f0000)]
=>0x054f8400 JavaThread "AWT-Windows" daemon [_thread_in_native, id=1660, stack(0x02740000,0x02840000)]
0x054f5400 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=5628, stack(0x07180000,0x071d0000)]
0x0265f400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" daemon [_thread_in_native, id=5444, stack(0x05730000,0x05780000)]
0x054ab400 JavaThread "Timer-0" [_thread_blocked, id=6084, stack(0x053b0000,0x05400000)]
0x02627400 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=6028, stack(0x05170000,0x051c0000)]
0x025ef000 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=5732, stack(0x04f00000,0x04f50000)]
0x025e8400 JavaThread "C1 CompilerThread0" daemon [_thread_blocked, id=2540, stack(0x04e70000,0x04ec0000)]
0x025e7400 JavaThread "Attach Listener" daemon [_thread_blocked, id=5580, stack(0x04de0000,0x04e30000)]
0x025e6800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=5292, stack(0x04d50000,0x04da0000)]
0x025dc400 JavaThread "Finalizer" daemon [_thread_blocked, id=5420, stack(0x02a40000,0x02a90000)]
0x025db000 JavaThread "Reference Handler" daemon [_thread_blocked, id=6100, stack(0x02940000,0x02990000)]
0x0273ac00 JavaThread "main" [_thread_blocked, id=6064, stack(0x005c0000,0x00610000)]
Other Threads:
0x0259e400 VMThread [stack: 0x02660000,0x026b0000] [id=4772]
0x025f0800 WatcherThread [stack: 0x04f90000,0x04fe0000] [id=2628]
VM state:not at safepoint (normal execution)
VM Mutex/Monitor currently owned by a thread: None
def new generation total 39296K, used 3051K [0x2c550000, 0x2eff0000, 0x2eff0000)
eden space 34944K, 7% used [0x2c550000, 0x2c7e5288, 0x2e770000)
from space 4352K, 9% used [0x2e770000, 0x2e7d5c68, 0x2ebb0000)
to space 4352K, 0% used [0x2ebb0000, 0x2ebb0000, 0x2eff0000)
tenured generation total 87424K, used 80361K [0x2eff0000, 0x34550000, 0x34550000)
the space 87424K, 91% used [0x2eff0000, 0x33e6a448, 0x33e6a600, 0x34550000)
compacting perm gen total 12288K, used 5322K [0x34550000, 0x35150000, 0x38550000)
the space 12288K, 43% used [0x34550000, 0x34a82b20, 0x34a82c00, 0x35150000)
ro space 10240K, 51% used [0x38550000, 0x38a7d0b8, 0x38a7d200, 0x38f50000)
rw space 12288K, 54% used [0x38f50000, 0x395e9570, 0x395e9600, 0x39b50000)
Code Cache [0x02ae0000, 0x02ed0000, 0x04ae0000)
total_blobs=2059 nmethods=1815 adapters=178 free_code_cache=29452608 largest_free_block=256
Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files (x86)\Java\jre6\bin\java.exe
0x76fb0000 - 0x77130000 C:\Windows\SysWOW64\ntdll.dll
0x764f0000 - 0x76600000 C:\Windows\syswow64\kernel32.dll
0x75a60000 - 0x75aa6000 C:\Windows\syswow64\KERNELBASE.dll
0x76250000 - 0x762f0000 C:\Windows\syswow64\ADVAPI32.dll
0x756f0000 - 0x7579c000 C:\Windows\syswow64\msvcrt.dll
0x754a0000 - 0x754b9000 C:\Windows\SysWOW64\sechost.dll
0x76600000 - 0x766f0000 C:\Windows\syswow64\RPCRT4.dll
0x746a0000 - 0x74700000 C:\Windows\syswow64\SspiCli.dll
0x74690000 - 0x7469c000 C:\Windows\syswow64\CRYPTBASE.dll
0x72a30000 - 0x72a7c000 C:\Windows\system32\apphelp.dll
0x6dec0000 - 0x6df4d000 C:\Windows\AppPatch\AcLayers.DLL
0x75f90000 - 0x76090000 C:\Windows\syswow64\USER32.dll
0x757a0000 - 0x75830000 C:\Windows\syswow64\GDI32.dll
0x75cd0000 - 0x75cda000 C:\Windows\syswow64\LPK.dll
0x75ef0000 - 0x75f8d000 C:\Windows\syswow64\USP10.dll
0x747c0000 - 0x7540a000 C:\Windows\syswow64\SHELL32.dll
0x76490000 - 0x764e7000 C:\Windows\syswow64\SHLWAPI.dll
0x754c0000 - 0x7561c000 C:\Windows\syswow64\ole32.dll
0x75410000 - 0x7549f000 C:\Windows\syswow64\OLEAUT32.dll
0x73090000 - 0x730a7000 C:\Windows\system32\USERENV.dll
0x72d10000 - 0x72d1b000 C:\Windows\system32\profapi.dll
0x72d30000 - 0x72d81000 C:\Windows\system32\WINSPOOL.DRV
0x6dea0000 - 0x6deb2000 C:\Windows\system32\MPR.dll
0x75ab0000 - 0x75b10000 C:\Windows\system32\IMM32.DLL
0x75620000 - 0x756ec000 C:\Windows\syswow64\MSCTF.dll
0x7c340000 - 0x7c396000 C:\Program Files (x86)\Java\jre6\bin\msvcr71.dll
0x6d7f0000 - 0x6da9f000 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll
0x72880000 - 0x728b2000 C:\Windows\system32\WINMM.dll
0x6d7a0000 - 0x6d7ac000 C:\Program Files (x86)\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files (x86)\Java\jre6\bin\java.dll
0x6d000000 - 0x6d14c000 C:\Program Files (x86)\Java\jre6\bin\awt.dll
0x72610000 - 0x727ae000 C:\Windows\WinSxS\\COMCTL32.dll
0x723e0000 - 0x72460000 C:\Windows\system32\uxtheme.dll
0x6d7e0000 - 0x6d7ef000 C:\Program Files (x86)\Java\jre6\bin\zip.dll
0x71b90000 - 0x71d53000 C:\Windows\system32\d3d9.dll
0x72460000 - 0x72469000 C:\Windows\system32\VERSION.dll
0x73080000 - 0x73086000 C:\Windows\system32\d3d8thk.dll
0x72a10000 - 0x72a23000 C:\Windows\system32\dwmapi.dll
0x73740000 - 0x737f9000 C:\Windows\system32\aticfx32.dll
0x73070000 - 0x7307b000 C:\Windows\system32\atiu9pag.dll
0x6e6a0000 - 0x6eabf000 C:\Windows\system32\atiumdag.dll
0x6ead0000 - 0x6eed4000 C:\Windows\system32\atiumdva.dll
0x6d420000 - 0x6d426000 C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
0x6d1d0000 - 0x6d1e3000 C:\Program Files (x86)\Java\jre6\bin\deploy.dll
0x75850000 - 0x7596d000 C:\Windows\syswow64\CRYPT32.dll
0x75830000 - 0x7583c000 C:\Windows\syswow64\MSASN1.dll
0x75b10000 - 0x75c2a000 C:\Windows\syswow64\WININET.dll
0x76f80000 - 0x76f83000 C:\Windows\syswow64\Normaliz.dll
0x76090000 - 0x76248000 C:\Windows\syswow64\iertutil.dll
0x75d70000 - 0x75e80000 C:\Windows\syswow64\urlmon.dll
0x6d6a0000 - 0x6d6e6000 C:\Program Files (x86)\Java\jre6\bin\regutils.dll
0x6d600000 - 0x6d613000 C:\Program Files (x86)\Java\jre6\bin\net.dll
0x75970000 - 0x759a5000 C:\Windows\syswow64\WS2_32.dll
0x75840000 - 0x75846000 C:\Windows\syswow64\NSI.dll
0x74170000 - 0x741ac000 C:\Windows\system32\mswsock.dll
0x74150000 - 0x74156000 C:\Windows\System32\wship6.dll
0x6d620000 - 0x6d629000 C:\Program Files (x86)\Java\jre6\bin\nio.dll
0x74380000 - 0x74388000 C:\Windows\system32\Secur32.dll
0x742f0000 - 0x74334000 C:\Windows\system32\dnsapi.DLL
0x74240000 - 0x7425c000 C:\Windows\system32\iphlpapi.DLL
0x74230000 - 0x74237000 C:\Windows\system32\WINNSI.DLL
0x6d230000 - 0x6d27f000 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll
0x74160000 - 0x74165000 C:\Windows\System32\wshtcpip.dll
0x74120000 - 0x74147000 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
0x75eb0000 - 0x75eb5000 C:\Windows\syswow64\PSAPI.DLL
0x74020000 - 0x74026000 C:\Windows\system32\rasadhlp.dll
0x73fa0000 - 0x73fd8000 C:\Windows\System32\fwpuclnt.dll
0x6d510000 - 0x6d535000 C:\Program Files (x86)\Java\jre6\bin\jsound.dll
0x6d540000 - 0x6d548000 C:\Program Files (x86)\Java\jre6\bin\jsoundds.dll
0x72800000 - 0x72872000 C:\Windows\system32\DSOUND.dll
0x727d0000 - 0x727f5000 C:\Windows\system32\POWRPROF.dll
0x762f0000 - 0x7648d000 C:\Windows\syswow64\SETUPAPI.dll
0x75e80000 - 0x75ea7000 C:\Windows\syswow64\CFGMGR32.dll
0x75cb0000 - 0x75cc2000 C:\Windows\syswow64\DEVOBJ.dll
0x72590000 - 0x725c9000 C:\Windows\system32\MMDevAPI.DLL
0x71930000 - 0x71a25000 C:\Windows\system32\PROPSYS.dll
0x71a90000 - 0x71ac0000 C:\Windows\system32\wdmaud.drv
0x727b0000 - 0x727b4000 C:\Windows\system32\ksuser.dll
0x72600000 - 0x72607000 C:\Windows\system32\AVRT.dll
0x71a50000 - 0x71a86000 C:\Windows\system32\AUDIOSES.DLL
0x72580000 - 0x72588000 C:\Windows\system32\msacm32.drv
0x724e0000 - 0x724f4000 C:\Windows\system32\MSACM32.dll
0x72570000 - 0x72577000 C:\Windows\system32\midimap.dll
0x75ce0000 - 0x75d63000 C:\Windows\syswow64\CLBCatQ.DLL
0x6d440000 - 0x6d465000 C:\Program Files (x86)\Java\jre6\bin\jpeg.dll
0x71b70000 - 0x71b86000 C:\Windows\system32\CRYPTSP.dll
0x71b30000 - 0x71b6b000 C:\Windows\system32\rsaenh.dll
0x741c0000 - 0x741d0000 C:\Windows\system32\NLAapi.dll
0x6df80000 - 0x6df90000 C:\Windows\system32\napinsp.dll
0x6df60000 - 0x6df72000 C:\Windows\system32\pnrpnsp.dll
0x6df50000 - 0x6df58000 C:\Windows\System32\winrnr.dll
VM Arguments:
jvm_args: -D__jvm_launched=27024890823 -Xbootclasspath/a:C:\\PROGRA~2\\Java\\jre6\\lib\\deploy.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\javaws.jar;C:\\PROGRA~2\\Java\\jre6\\lib\\plugin.jar -Dsun.awt.warmup=true -Xmx128m -Dsun.plugin2.jvm.args=-D__jvm_launched=27024890823 "-Xbootclasspath/a:C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\deploy.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\javaws.jar;C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\lib\\\\plugin.jar" "-Djava.class.path=C:\\\\PROGRA~2\\\\Java\\\\jre6\\\\classes" -Dsun.awt.warmup=true --- -- -Xmx128m 
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid4656_pipe3,read_pipe_name=jpi2_pid4656_pipe2
Launcher Type: SUN_STANDARD
Environment Variables:
PATH=C:\Program Files (x86)\Internet Explorer;;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\
PROCESSOR_IDENTIFIER=AMD64 Family 16 Model 4 Stepping 3, AuthenticAMD
--------------- S Y S T E M ---------------
OS: Windows 7 , 64 bit Build 7601 Service Pack 1
CPU:total 4 (4 cores per cpu, 1 threads per core) family 16 model 4 stepping 3, cmov, cx8, fxsr, mmx, sse, sse2, sse3, popcnt, mmxext, 3dnow, 3dnowext, lzcnt, sse4a
Memory: 4k page, physical 8387700k(6038552k free), swap 16773552k(14392164k free)
vm_info: Java HotSpot(TM) Client VM (20.4-b02) for windows-x86 JRE (1.6.0_29-b11), built on Oct 3 2011 01:01:08 by "java_re" with MS VC++ 7.1 (VS2003)
time: Fri Nov 18 07:32:30 2011
elapsed time: 981 seconds
Do you think I'm getting this error becuz of this Trojan? It deleted the trojan twice, but allowed it once. I have scanned my system like crazy with MSE, Malware bytes and ESET online scanner 3 or 4 times and nothing shows up. I thought it was gone, but now I wonder becuz of these error messages saved to my desktop.

The trojan that was allowed, I can't find the path that leads to where it is to manually delete anything fishy.


My System SpecsSystem Spec
19 Nov 2011   #2

Microsoft Community Contributor Award Recipient

Windows 7 x64

uninstall and reinstall java would seem to be the easiest fix for this.
It looks like something inside of java was damaged by the attack.
My System SpecsSystem Spec
19 Nov 2011   #3

Windows 7 Professional 64 bit

I did uninstall Java last night after putting up this thread. Now I can't reintall it. It gets some sort of error. I'll try again and get the message. Also I had malwarebytes and eset scan again before I went to bed ... I woke up to 7 infected files. 1 in temp folder, 7 in programs folder (I love how it doesn't tell me which program did this) and 1 in my registry key about Google. Oh, I just figured out which program did this! One of the virus protections already deleted it. I found that out when I tried to uninstall it myself. The virus was pup.fctplugin, which I haven't looked up yet.
My System SpecsSystem Spec

19 Nov 2011   #4

Windows 7 Professional 64 bit

I cleaned out the registry file and now Java can install.

My System SpecsSystem Spec

 Trojan Virus = Java errors??

Thread Tools

Similar help and support threads
Thread Forum
Java trojan?
Hi guys, I scanned my computer because of my Diablo 3 account&email getting hacked, scanning with Avast Bootscan it showed C:\Users\Dave\Appdata\locallow\sun\java\deployment\cache\6.0\59\47363e7b-24cb6107|>i\i.class threat: Javamalware-gen Avast scan results says its been removed i...
System Security
Want are the best afforable anti-virus for a trojan virus
what anti-virus would be great at getting rid of a trojan virus some of the anti virus i have used told me i had one but could not delete it.
System Security
Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B
Help! I ran the Windows Safety Scanner. It detected four issues, but apparently, the scanner cannot clean three: Exploit:Java/CVE-2008-5353.B Trojan:Java/Selace.A Trojan:Java/Selace.B There is no concrete information on how to get rid of these unwanted visitors and prevent them from...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 15:06.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App