java exploit problem...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am sorry to bother you folks.. I have CA and am at whits end trying to
find out how to contact them for support.. hence, why I hope you can help in
the meantime...

Scans continually identify 6 infected files and Etrust doesn't do anything
about them.. quaratine, delete...
Please tell me, what is my next step?

thank you...


C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache.08d8a81-3bfbac0f <BaaaaBaa.class> -
Java/ByteVerify!exploit trojan. Infected.
C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache.08d8a81-3bfbac0f <VaaaaaaaBaa.class> -
Java/ByteVerify!exploit trojan. Infected.

C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache.08d8a81-3bfbac0f <Baaaaa.class> -
Java/Shinwow.BJ trojan. Infected.

C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
<BaaaaBaa.class> - Java/ByteVerify!exploit trojan. Infected.

C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
<VaaaaaaaBaa.class> - Java/ByteVerify!exploit trojan. Infected.

C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
<Baaaaa.class> - Java/Shinwow.BJ trojan. Infected.


--
B'rgds,

Vinnie



Re: java exploit problem...

I think I got them... I googled, found a little bit about them... applied a
patch to XP, and deleted temporarly Java files, as well as the one crtdc...
jar file (actually 2).. all scans clean...

thanks!  Hope I did it right...!

Uncle Vinnie wrote:
Quoted text here. Click to load it
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
Quoted text here. Click to load it
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
Quoted text here. Click to load it
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
Quoted text here. Click to load it

--
B'rgds,

Vinnie



Re: java exploit problem...


| I think I got them... I googled, found a little bit about them... applied a
| patch to XP, and deleted temporarly Java files, as well as the one crtdc...
| jar file (actually 2).. all scans clean...
|
| thanks!  Hope I did it right...!
|


Yes.  You must delete the Java Jars (ZIP type files).


If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java
JRE/JSE
Version 6.0 update 1 (jre 6u1)

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0_01

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: java exploit problem...

Thank you Dave...

1.6.01 is there.. should I delete all the others?? There are 4 folders of
various 1.5 releases??



David H. Lipman wrote:
Quoted text here. Click to load it

--
B'rgds,

Vinnie



Re: java exploit problem...


| Thank you Dave...
|
| 1.6.01 is there.. should I delete all the others?? There are 4 folders of
| various 1.5 releases??
|

Remove ALL old versions from the Control Panel applet "Add/Remove Programs"
first.

Then if there are remnants you can delete them manually from...
C:\Program Files\Java

But leave the latest alone;  C:\Program Files\Java\jre1.6.0_01


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: java exploit problem...


Quoted text here. Click to load it
of
Programs" first.
Quoted text here. Click to load it

Hey Dave,

Trying to remove the old versions of JAVA through the CONTROL PANEL -
ADD/REMOVE list.
Everytime I try, it wants to access the internet and install the old
versions again. Get message that version is already installed.

How do you remove the old versions? I have the new version dl'd and ready to
install.

Thanks, Dennis



Re: java exploit problem...





| Hey Dave,

| Trying to remove the old versions of JAVA through the CONTROL PANEL -
| ADD/REMOVE list.
| Everytime I try, it wants to access the internet and install the old
| versions again. Get message that version is already installed.

| How do you remove the old versions? I have the new version dl'd and ready to
| install.

| Thanks, Dennis


Never let Sun Java auto-update.  Do it manually.

Copntrol panel --> Java --> Update
Uncheck teh box for;  "Check for updates auto matically"



--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: java exploit problem... - OT


Dave,

May I drop you a PVT?

TIA,
J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom

Re: java exploit problem... - OT


|
| Dave,
|
| May I drop you a PVT?
|
| TIA,
| J

Yes.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: java exploit problem... - OT


|
| Dave,
|
| May I drop you a PVT?
|
| TIA,
| J

Nothing was received.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: java exploit problem... - OT

_x54i.2243$YW1.1466@trnddc04:

Quoted text here. Click to load it
Thanks -- it's on its way (I've been away).

J
--
Replies to: Nherr1professor2doktor31109(at)Oyahoo(dot)Tcom

Re: java exploit problem...

David and Others...
Thanks for all of the great info here. I just found two instances of the
'crtdcghcn.jar' trojan on my machine and will use your advice to clean my
machine.

Please tell tho... What do these trojan do in my system? Have I be
vulerable to password leaks or other problems?  Do I need to be worried
about cancelling credit cards and bank accounts?

Thanks for your help!

shharkbait


Re: java exploit problem...

Shharkbait wrote:
Quoted text here. Click to load it

it's not possible to tell from a filename (crtdcghcn.jar is the file
name of a java archive file) what you have or what it does... if your
scanner doesn't detect it then submit it to an anti-virus vendor for
analysis...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: java exploit problem...

"it's not possible to tell from a filename (crtdcghcn.jar is the file
name of a java archive file) what you have or what it does... if your
scanner doesn't detect it then submit it to an anti-virus vendor for
analysis..."
---------------------------------------
Thanks... In the examples I have seen in this forum and else where, a long
series of numbers and letters follows the 'crtdcghcn.jar', always a
different number sequence...  I am hoping to find out if these trojans are
responsible for an excessively large amount of data downloadng into my
system.

Thanks for your input.

Shharkbait




Re: java exploit problem...

Shharkbait wrote:
Quoted text here. Click to load it

You are trying to find out what that is, right? Nobody needs a child
pornography charge.

Re: java exploit problem...



| Thanks... In the examples I have seen in this forum and else where, a long
| series of numbers and letters follows the 'crtdcghcn.jar', always a
| different number sequence...  I am hoping to find out if these trojans are
| responsible for an excessively large amount of data downloadng into my
| system.
|
| Thanks for your input.
|
| Shharkbait
|

If there is a Trojan or exploit code, it is a .CLASS file in the Java Jar which
is a ZIP
type file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: java exploit problem...

I think my system is clean...

Did not find a .class fiel in the Java Jar, nor did I find a .ZIP file...

Thank you for your help...

shharkbait


Site Timeline