| View previous topic :: View next topic |
| Author |
Message |
will70
Corporal
Joined: Jul 19, 2005
Posts: 65
Location: Netherlands
|
 Posted: Wed Jul 20, 2005 11:09 am Post subject: Trojan and virusses embedded in archives in Sun-Java map |
|
|
A virus scan normally finds nothing on my pc.
As I encountered all kind of strange and serious deviations, yesterday’s AVG scan found as much as 13 trojans and virusses embedded in archives located in the Sun – Java map.
These archives are not in a new Java install, like I checked.
How do they come there?
Why did a kept-up-to-date AVG (free) not stop them at the gate?
|
|
| Back to top |
|
 |
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Wed Jul 20, 2005 8:21 pm Post subject: |
|
|
Hi,
Most probably, it's Java Byte Verify. This is a vulnerability in the Microsoft VM which uses Java. Whenever an applet is run by Browser, Java Runtime Environment stores the applet in it's cache. These applets may contain malicious codes and hence these are detected by AntiViruses.
You can get rid of these applets by clearin the cache of JRE. You can do this by following these steps:-
1] Go to Control Panel. Double click on Java or Java Plug In.
2] Click "Cache" tab, and click "Clear" button.
If you can not find the "Cache" tab, then click "General" tab, and click "Delete Files" button inside the "Temporary Internet Files" option box. Then click "OK" to delete the applets, applications and other cache files.
3] Exit from Control Panel.
Microsoft has released a patch for this exploit. You can directly download it here:-
http://www.microsoft.com/security/bulletins/200304_windows.mspx
Or, you can get technical information along with download link about it here:-
http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
will70
Corporal
Joined: Jul 19, 2005
Posts: 65
Location: Netherlands
|
| Posted: Wed Jul 20, 2005 9:43 pm Post subject: |
|
|
| swatkat wrote: | | Hi,and so on |
Thank you for reaction, which actually is not fully clear to me.
I do not know which control panel is meant?
However by using TotalCommander I do know how to delete files which are involved.
Based on what I read on a Dutch forum I yesterday have removed the Sun/Java map and instead installed Windows VM.
This is v 35.00.3810 in which the mentioned vulnerability has been taken
care of.
|
|
| Back to top |
|
|
swatkat
Security Expert
Joined: Mar 04, 2005
Posts: 2039
|
| Posted: Thu Jul 21, 2005 7:50 pm Post subject: |
|
|
Hi,
Sorry, that i was not clear to you! It's the Control Panel in Windows. You can go there by doing this: Start Menu > Control Panel ( For Windows 98, go to Start Menu > Settings > Control Panel ).
Once you are in Control Panel, if you are using Windows XP, you have to click "Switch to Classic View" to reveal all the icons in Control Panel. Then you can click on the "Java Plug In" ( or "Java" ) icon to clean the cache as said by me in the previous post.
Since you have updated the Microsoft VM, there would not be any problems with it, now 
_________________
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
- Albert Einstein
|
|
| Back to top |
|
|
will70
Corporal
Joined: Jul 19, 2005
Posts: 65
Location: Netherlands
|
| Posted: Thu Jul 21, 2005 8:39 pm Post subject: |
|
|
| swatkat wrote: | Once you are in Control Panel, if you are using Windows XP, you have to click "Switch to Classic View" to reveal all the icons in Control Panel. Then you can click on the "Java Plug In" ( or "Java" ) icon to clean the cache as said by me in the previous post.
Since you have updated the Microsoft VM, there would not be any problems with it, now |
Yes! I found the route and I am a little wiser again.
Thank you very much for explaining.
Often it is a bit complicated, since I use Windows XP Pro in Dutch and I must guess where I have to go or what to do based on the English
denominations.
Kindest regards,
Will
|
|
| Back to top |
|
|
taniel
Sergeant
Joined: Jul 06, 2005
Posts: 100
Location: Canada
|
| Posted: Fri Jul 22, 2005 5:49 am Post subject: |
|
|
| swatkat wrote: | | Most probably, it's Java Byte Verify. This is a vulnerability in the Microsoft VM which uses Java. Whenever an applet is run by Browser, Java Runtime Environment stores the applet in it's cache. These applets may contain malicious codes and hence these are detected by AntiViruses. |
Hello all. Just a FYI. There is a page that explains this (and what steps to take) at java.com:
Virus found in the Java Runtime Environment (JRE) cache directory
http://java.com/en/download/help/cache_virus.xml
Sun Java is far more secure and functional than MS-JVM. If you intend to use MS-java you must be sure Windows is fully updated. There is currently a serious known vulnerabilty:
| Microsoft wrote: | JView Profiler Vulnerability - CAN-2005-2087:
A remote code execution vulnerability exists in JView Profiler. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. |
Microsoft Security Bulletin MS05-037
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)
Published: July 12, 2005 | Updated: July 20, 2005
http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx
Personally, I feel much safer with Sun JRE but to each his own. 
taniel
|
|
| Back to top |
|
|
will70
Corporal
Joined: Jul 19, 2005
Posts: 65
Location: Netherlands
|
| Posted: Fri Jul 22, 2005 8:57 am Post subject: |
|
|
[quote="taniel]
Hello all. Just a FYI.
[/quote]
Well your message certainly gives interesting additional information to the subject.
I visited the various sites and saved them for eventual later use
or may be to be able to help some friends of mine if required.
I thank you very much as well.
|
|
| Back to top |
|
|
taniel
Sergeant
Joined: Jul 06, 2005
Posts: 100
Location: Canada
|
| Posted: Sat Jul 23, 2005 3:25 am Post subject: |
|
|
You are welcome. 
|
|
| Back to top |
|
|
Acheton
Forums Admin
Premium Member
Joined: Sep 04, 2003
Posts: 8925
Location: Uk
|
| Posted: Mon Jul 25, 2005 8:54 pm Post subject: |
|
|
I've locked this thread since the issue is resolved. Please pm a mod if you have any questions.
thanks,
ach
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
