java problem and more

[Gerald]

We can take and a few beers in Funchal for the reasons you have solved your PC prob.

[Reece]

I had almost the same thing with Java, it effected firefox, every time I fired it up it tried to update some application, had to exit quickly, this was a while ago, I tried uninstalling firefox and reinstalling, fired it up and the same thing starts, both avira and ad-aware didn't find anything so I just saved my Outlook Express, game saves etc then re-ghosted my machine, best thing in the long run I reckon!

[HunterICX]

Same here, had a similiar malware that injected itself in some key system files mostly in the System32 folder so the virus just wouldn't die untill I did some heavy cleaning and restoring a bit frustrating and it really made me want to hurt people that create this kind of garbage.

HunterICX

[Gerald]

And what they get paid, to develop PC infections

[Rhodes]

Ideed. But now, I opened this thread and got the same virus from the first time detected by nod32 and and java console pop up. But it's strange, subsim is not infected! I am not seeing any site apart from this.

PS: 29-09-2010 10:34:24 HTTP filter file http://drerlre.co.cc/1.zip a variant of Java/Mugademel.A trojan connection terminated - quarantined RHODES\Administrador Threat was detected upon access to web by the application: C:\Programas\Java\jre6\bin\java.exe.
Its was this that appear!

[HunterICX]

Odd, seems there's some traces left that is enough to restore the whole Virus.

I would do the following -

Disconnect the Internet
Do a full clean sweep with the scanners you have installed, use the tools you can find to get rid of the specific virus.
(perhaps Uninstall JAVA again and reinstall later when you have internet restored and there's no traces to be found of the virus)
perhaps you might want to tighten your security (enable Windows Firewall)
restore internet connection.

btw are you using Firefox yet? if not get it and use the No-Script plug in.
also CCleaner is a nice tool, I use it everytime before I close down my PC so it's fresh at start up.

also on the bottom of this page are 2 links to fix the vulnerability in Java: http://www.microsoft.com/security/po...tid=2147637327

HunterICX

[Gerald]

No-Script is a good choice and firefox of course

[Rhodes]

Thanks. No, I still use IE8!

PSid a full scan with out my internet connection enable and notting. Scann with the program that erase the malware, noting also.

Came here and had the anti-irus pop up window about the same zip file trying to get in. I do not get it. For one view, this site has a java virus that etc,etc,etc. On the other hand, this never happend here and this forum is one of the safetest that I know.
Well, if it's detected and it do not enters my pc and infects, it's fine!
Damn those who invented such things...

[SeaWolf U-57]

Today when I log into SubSim I was told I needed to install Java ok never had that before.
And then the next time I went to log in My nod 32 antivirus software went crazy and warned me that this site was trying to send Trojans to my computer
What gives

[HunterICX]

my scanners have kept quiet and so did Java.
@Work : AVG
@Home : Avast

I think you ran into a malware that exploits the vulnerability of Java and infests it.
They just hit you at random, mostly through banners, ads and scripted advertising.

has NOD32 been able to identify the malware? and what web browser are you using?

EDIT: someone else on this forum caught the same problem when visiting a different website:
http://www.subsim.com/radioroom/showthread.php?t=175495

HunterICX

[SeaWolf U-57]

I Found this in my quarantine folder of Nod32it was never allowed to install


29/09/2010 …. drerlre.co.cc/client.zip… java/TrojanDownloader.agent.NBU trojan
29/09/2010 … drerlre .co.cc/1.zip ….. A variant of java/Mugade


(I removed the http:// to stop them being active links)


I connected using my Firefox browser

Edit ...... why did subsim ask for java to be installed in the first place ???

[Jimbuna]

Nothing to do with SS but I upgraded a Java applet about a month ago and ended up having to reformat a machine

[SeaWolf U-57]

Quote:

Originally Posted by jimbuna

Nothing to do with SS but I upgraded a Java applet about a month ago and ended up having to reformat a machine

Hhmmm Ok but I just un-installed Firefox and ran some hitman software that found nothing but would not un-install again.
So Restored my machine to before today’s java up data check all was ok then started up IE 64bit version check around the sites I used no problems so far.
But opened the SubSim forum and you guessed it these pages use a version of java to view them NFW am I doing that again the pages load ok without it

[SeaWolf U-57]

I hit the red cross on the up-date and left the forum and just returned but the message did not re-appear

[JScones]

I started getting this message this afternoon. Now it pops up everytime I touch this site, and ONLY this site.