Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Is this for real?

  1. #1
    jatoubes Guest

    Default Is this for real?

    The last few days, I have been getting this on my daily anti-virus scan
    Trojan-Downloader.Java.Agent.c


    Says on the info on it about May 17 and that is when I see it.
    It is auto quarantined
    and then shows up again after deleted.
    Is there any other information .
    I can delete it, but it keeps coming back .

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Is this for real?

    Hi!and where is located?Haveyou cleaned your temp folder (including Java)?Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    jatoubes Guest

    Default Re: Is this for real?

    Yes, I have cleared out the file.

    Everytime it is detected I get:C:\Documents and Sttings\Owner\Application Data\Sun\Java|Deployment\cache\6.0\9\3c0ee598-6c826005
    I am also kind of
    wondering why it is showing up in the first place, My Zonealarm settings are pretty tight, yet.. this shouldn't be happening.

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Is this for real?

    Hi!this is the location wherejavascript are saved before execution, so everytime you write/load an infected javascript (by visiting a malicious or compromised web site) you get this warning...See the same issueat kaspersky forum: http://forum.kaspersky.com/index.php?showtopic=38418Fax

    Message Edited by fax on 05-20-2007 12:12 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    jatoubes Guest

    Default Re: Is this for real?

    Any idea on why it is getting through the firewall?

    Suggestion on settings.
    I am also using for the browser IE7.



    I would have hoped that ZA would block this from loading to my machine....

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Is this for real?

    Hi!Javascript has nothing to do with the firewall.... this is via the WEB, it is the scripting language used in web browsers.See here for more information about "javascript"http://en.wikipedia.org/wiki/JavaScriptYou can block Javascript with ZA privacy control, mobile control. But many sites will not work properly if you block Javascript.You can customise ZA to block/allow javascript for specific sites you visit. See here a brief tutorial on how to customise ZA privacy control:http://zonealarm.donhoover.net/privacy.htmlEDIT: By the way, ZASS AV has already protected you by blocking the malicious javascript.Cheers,Fax

    Message Edited by fax on 05-20-2007 06:25 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    jatoubes Guest

    Default Re: Is this for real?

    Ok..
    then I need to figure out the offending site.

    I generally go to the same old sites so it must be something new such as...http://www.spotternetwork.org/google.php


    .

    It shows tracking sites of storm chasers
    and could be the offender...
    I'll play around with it for a while to see if it is coming
    from that..
    Anyway.. I appreciate the assistance and consider this thread done, unless anyone else has something to add.:8}

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Is this for real?

    Hi!Just tried the site you posted... and go no warning...Must be somewhere else.Well, good hunting! :8}Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    waltwarren Guest

    Default Re: Is this for real?

    On my weekly scan, I got the same thing today.
    But I got it in 3 different places.
    c:\documents and settings\user\application data\sun\java\deployment\cache\javapi\v1.0\jar\FcP red.jar-{random}.zip
    The other two are the same doc's-n-settings path inside an old backup folder that hasn't been touched in a year and a half.
    The IDX files left behind after the quarantine
    show that the version of this file in the old backup folder
    date back to 2004.
    The IDX for the other is from March of this year.
    Apparently this is a new signature that's detecting these old files.
    The web paths in the IDX files are from a website called hints.netflame.cc and ssl-hings.netflame.cc.
    That's not a site I've knowningly visited.
    A little more checking within my Google Desktop timeline shows that on 3/31/07
    at 4:27:08pm I visited www.lavasoftusa.com and at 4:27:11, the FcPred zipfile and idx file arrived.

    Message Edited by waltwarren on 05-20-200706:04 PM

  10. #10
    oddjob Guest

    Default Re: Is this for real?

    This is indicative of the JavaBytever virus. Clearing out the java deployment cache will, as has already been mentioned, probably fix the problem.

    NOTE >> the location is in a "hidden" folder.


    If you still have it do the following ...

    1. expose all hidden files & folders ... here is help if you're not sure how to do that ...

    http://www.microsoft.com/windowsxp/u...ddenfiles.mspx


    2. Go to the java cahce location usually ...

    C:\Documents and Settings\\Application Data\Sun\Java\Deployment\cache\

    ....and delete everything in the cache folders NOT the folders themselves.


    When done remember to reverse the "Show hidden files & folders" routine to re-hide them.

    ****************

    A JavaBytever virus infection could have been caused by an out of date version of java. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

    Download the latest version here ....

    http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6

    Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications"

    Click the Download button to the right.
    Check the box that says Accept License Agreement.
    The page will refresh.
    Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    Close any programs you may have running - especially your web browser.
    Go to Start > Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
    Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then, from your desktop, double-click the "jre-6u1-windows-i586-p.exe" file to install the newest version.


    OJ

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •