Java/OpenConnect.CF

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi everyone,


I have had the trojan Java/OpenConnect.CF more than once.
Has anyone had expierences with it
or know where it comes from.

Thanks in advance for all tips.

CU
John

Re: Java/OpenConnect.CF


| Hi everyone,


| I have had the trojan Java/OpenConnect.CF more than once.
| Has anyone had expierences with it
| or know where it comes from.

| Thanks in advance for all tips.

What AV vendor detected it and what is the fully qualified name and path of the
file is
deemed to be that Java based trojan ?


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Java/OpenConnect.CF

Hi Dave,


Am 17.12.2010 12:09, schrieb David H. Lipman:

Quoted text here. Click to load it


Avira AntiVir Personal Free Anivirus

The file 'C:\Users\John
Muehlhauser\AppData\LocalLow\Sun\Java\Deployment\cache.035a218-7bdc2ada'


Bye
John

Re: Java/OpenConnect.CF

Quoted text here. Click to load it

Could be a false positive.  This is probably not the best place to
ask, as there are a few people lurking here who probably want to sell
you some malware they wrote.

RL

Re: Java/OpenConnect.CF

RayLopez99 wrote:
Quoted text here. Click to load it

Why be such an asshole Ray?

There's no need for you to take your inability to understand simple
concepts out on innocent people seeking help.

To the OP - ignore the asshole RayLopez99.

Re: Java/OpenConnect.CF


| RayLopez99 wrote:
Quoted text here. Click to load it







| Why be such an asshole Ray?

| There's no need for you to take your inability to understand simple
| concepts out on innocent people seeking help.

| To the OP - ignore the asshole RayLopez99.

I didn't eve see Rutle's second post.  Only Lopez' reply.

That declraration in...  Sun\Java\Deployment\cache  is probably no false
positive and
inline with a Java based trojan.

Lopez' is defintely becoming PITA.



--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Java/OpenConnect.CF


Hi Ray,

Am 18.12.2010 19:25, schrieb RayLopez99:
   This is probably not the best place to
Quoted text here. Click to load it

I agree.
Somewhere I read one should completely uninstall Java
and afterward install the NEWEST.

I dont understand where it came from.
I was not swimming in dirty water :-)

Bye
John

Re: Java/OpenConnect.CF

Quoted text here. Click to load it

Yes, you are correct John.  I often have problems with Java Updates
and Firefox.  Best to uninstall and reinstall.  For Windows XP I find
"Revo Uninstaller Pro" (Free version) to be the best uninstaller--even
with "Aggressive" mode on, which gets rid of all entries of the
program in your Registry, I've not had a problem with it (but just in
case, always backup the Registry before using  the program in
Aggressive mode however).  And you'll note I was right about these
long term bitter netizens of this crummy group--they spent more time
flaming me than helping you, then they call *me* an asshole!  Pot.
Kettle. Black.  You'll note that they would not have even seen your
post had I not replied to it--since they screwed up their newsreader
filters with all the .killfile entries--their hate for everybody foams
out of their mouth and down their pants.  So they can't even read a
new poster's question since their .killfile is so large it gums up the
works.

You wonder what these clowns at alt.comp.anti-virus even hang out here
for, unless to pat each other on the back for being incompetent.

RL

Re: Java/OpenConnect.CF


Quoted text here. Click to load it

You sir are one incompetent person. Your knowledge is spewing out your arse and
definitely shows your lack of knowledge. You are a Troll and you should not be
fed.
Go away and get a life
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
This posting is provided "AS IS" with no warranties, and confers no rights.
http://www.microsoft.com/protect


Re: Java/OpenConnect.CF

RayLopez99 wrote:
Quoted text here. Click to load it

That's much better Ray, good information without your usual insults.

Quoted text here. Click to load it

Claiming that people here are selling malware just because you have
problems understanding how things work (and your noted lack of 'people
skills') made me label you as such.

Go away until you can conduct yourself properly, and I won't have to
warn people about your 'assholiness'.

Quoted text here. Click to load it

I have no killfile entries. Your claim of FP was premature, and your
further claim the anyone here trying to help the OP would try to sell or
even offer malware is absolutely an asshole move.

Quoted text here. Click to load it

...and just what is your purpose here?

You come asking questions and insulting those that try to answer you.
Then you show that you don't even have the prerequisite knowledge needed
to understand any of it - and then try to imply that *they* are the idiots.

Go away, or at least try to be civil.



Re: Java/OpenConnect.CF



| Hi Ray,

| Am 18.12.2010 19:25, schrieb RayLopez99:
|    This is probably not the best place to
Quoted text here. Click to load it


| I agree.
| Somewhere I read one should completely uninstall Java
| and afterward install the NEWEST.

| I dont understand where it came from.
| I was not swimming in dirty water :-)

John, the conept of uninstalling was prior to version 6 update x. I don't
rememeber the
reveion x number.
However, the file would be installed in parallel and you would have multiple
copies of Sun
Java and it would not uninstall the previous version/revison.

Subsequent to that version, x, the old version would be uninstalled and the
newest version
installed.

Your problem of having a trojan in a Sun Java cache has NOTHING to do with
uninstalling
Jave and re-installing it.

As I noted in Yesterday's reply, you could clear the cache by the Java Control
Panel
applet.

Ray did not provide you a answer worth a grain of salt.  Worse he wrote "This is
probably
not the best place to ask..."
This is the place to ask and he went on to Cross-Post a WiFi question on
security here
which shows he's a bubble off plumb.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Java/OpenConnect.CF


hi Dave,
Am 19.12.2010 14:54, schrieb David H. Lipman:
Quoted text here. Click to load it


You mean:

http://www.java.com/en/download/help/plugin_cache.xml

and


http://help.aol.com/help/microsites/microsite.do?cmd=displayKCPopup&docType=kc&externalId=15700



I never new that before .

Thanks
John



Re: Java/OpenConnect.CF



| hi Dave,
| Am 19.12.2010 14:54, schrieb David H. Lipman:


Quoted text here. Click to load it



| You mean:

| http://www.java.com/en/download/help/plugin_cache.xml

| I never new that before .

Yes.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Java/OpenConnect.CF

Turtle wrote:
Quoted text here. Click to load it

I hope that you are not agreeing with his contention that people here
are selling malware.

People here are generally very helpful to those who can ask the right
questions.

Quoted text here. Click to load it

Yes, the Java update methods will often leave outdated (or vulnerable)
files on the system. It is often best to do a 'spring cleaning'.

Quoted text here. Click to load it

There is no 'clean water'.


Re: Java/OpenConnect.CF

Hi,
Am 19.12.2010 14:57, schrieb FromTheRafters:
Quoted text here. Click to load it

That means I was not on any shady web sites.

CU
John



Re: Java/OpenConnect.CF

Turtle wrote:
Quoted text here. Click to load it

Understood. My comment meant that the crap can come from anywhere, not
just shady sites.


Re: Java/OpenConnect.CF

Hi,

Quoted text here. Click to load it
Yeah, maybe by installing some new programs. (or looking for them)

CU
John


Re: Java/OpenConnect.CF


| Hi Dave,


| Am 17.12.2010 12:09, schrieb David H. Lipman:

Quoted text here. Click to load it



| Avira AntiVir Personal Free Anivirus

| The file 'C:\Users\John
|
Muehlhauser\AppData\LocalLow\Sun\Java\Deployment\cache.035a218-7bdc2ada'


I had to use a different news server to see your reply.  It wasn't on NewsGuy.

Presumably you went to a site that hosting a malicious Java Jar.  That in turn
caused it
to be cached in ..\Sun\Java\Deployment\cache .

One can't really know what web site it came from unless you visited a web site
and Avira
flagged the trojan's presence at that moment.

Go into the Java Control panel applet and deleted the contents of the cache.
You may also
want to reduce the size of the cache.  I don't know why the default is so high.
I usually
go for 50MB ~ 100MB.

--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline