Huh ? Java VM Yes or NO ?

[Husky]

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx
the quoted below is from this link.
I got a hit on a java malware and this was the follow up.
1st M$ says I have the VM, then tells me how to verify it and get the version.
and then it tells me if nothing comes up I don't have it installed.
Well 2nd statement, I don't have it installed.
I even did a full machine search for jview.
I would have to say that maybe the machine fixed itself and removed the VM. But
basically I'm trying to track down where the JAVA_BYTEVER.A Trojan came from.
I'm not having any trouble with java other than this Trojan.

It says I picked it up in real time scan on the 7th of march and quarantined it
then.

Trouble is I just went back to reinstalling some java games and stuff to my
website, and the coincidence makes me wonder if it isn't coincidence.
The hit was in my java cache, not in any of my web site files.

2 completely separate parts of the HD.

 

[Guest]

Go to run,type:cmd In cmd type:jview If MJVM is installed it'll show.

 

[Husky]

Go to run,type:cmd In cmd type:jview If MJVM is installed it'll show.

I think that's what I said. And what the link said. and the title.
I'm just trying to track down the source of the bad java that made it to my
drive.
The issue with the link is that it says nothing worthwhile.
1st it says if I have OS xx, I have the VM.

Then after it tells me how to verify whether I have it or not, it says I don't
have it.
DO I need it ? Nothing on that page tells me one way or the other.

After several more hours there, it seems I'm ahead of the curve. the VM is
being phased out and replaced with Java from the main java web site. I
installed that thing ages ago.

That's why I don't have the VM.

 

[Tom]

I think that's what I said. And what the link said. and the title.
I'm just trying to track down the source of the bad java that made it to
my
drive.
The issue with the link is that it says nothing worthwhile.
1st it says if I have OS xx, I have the VM.

Then after it tells me how to verify whether I have it or not, it says I
don't
have it.
DO I need it ? Nothing on that page tells me one way or the other.

After several more hours there, it seems I'm ahead of the curve. the VM is
being phased out and replaced with Java from the main java web site. I
installed that thing ages ago.

That's why I don't have the VM.

MSVM more than likely would not have allowed the nasty to get on your
system. You read correctly about VM being phased out (by a court order), but
that was over two years ago. What you have is Sun's Java, and that version
(which is the copyright owner that MS stole and renamed VM, and why it got
sued to remove it for free download from Windows Updates), is so vulnerable,
it isn't funny. I found a nasty in the cache of Java in my profiles folder,
but was able to remove it. Unfortunately, Java is needed for the most part,
but I also use Firefox which is helpful in preventing these occurrences. MS
will sooner or later get into (or have to) preventing nasties through their
browser (especially allowing Active X scripts) by making something better
than IE6.

Anyway, Sun (with the money they got in the lawsuit from MS over the use of
Java), has done nothing to fix these vulnerabilities in their scripting, and
MS will take advantage of that sooner or later. In the meantime set the
cache limit to a minimum (you'll have to test as you go) of allowing how
much is stashed. Some site won't work properly, unless a sizeable amount is
allowed. I have mine set @ 75K MAX. If it causes problems, I will increase
it, but I haven't had any yet.

 

[Husky]

it isn't funny. I found a nasty in the cache of Java in my profiles folder,

I'll have no trouble removing it.
the 3 files found are

Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ <--- in this
directory

BlackBox.class-3e9d2116-21cb5956.class
Dummy.class-6085e18e-1ed5b672.class
VerifierBug.class-2b88a9a4-49885d79.class

Far as I know, I have no way to control the physical size of the cache, but
that wouldn't really do much of anything anyways.

Again their source is my concern. I use java on my website. I don't have any of
the 3 named above in my website or their jars, [I don't use jars, they can hide
stuff].

And the cache above is just from java links I've browsed. There might be dupes
in my ie6/web cache. It had all the missing children thumbnails, plus the games
images and thumbnails.
But these 3 files are a mystery. They were quarantined by trends realtime scan
back on the 7th of march. About the time I resumed installing java on my
website.

 

[Tom]

That is the directory! If you go into Control Panel, open the Java Plugin
icon, you can set changes under the Cache tab. It defaults to unlimited. If
you need to have these remain at more than a certain amount, periodically
empty the folder by clicking the "Clear" button.

But as far as there source, you really cannot control it, because of the
holes that Java has, and you can only find out where they come from, by
going back to places you typically visit (or have visited) to see if they
come back, sans without having your AV catch them first.. Stash the baddies
in your AV's qauratine folder for n ow, to ake comparisons for future
reference.

Or, you can have your AV program monitor more aggressively (I suppose
anyway) to watch every little file that gets added to your profile as you
browse the net, pay attention to the AV alert, and then the site you get
this from should then be evident. I can say that since I found my little
bug, I haven't gotten another nasty since, but that doesn't mean I will not
get one.

it isn't funny. I found a nasty in the cache of Java in my profiles
folder,

I'll have no trouble removing it.
the 3 files found are

Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ <--- in this
directory

BlackBox.class-3e9d2116-21cb5956.class
Dummy.class-6085e18e-1ed5b672.class
VerifierBug.class-2b88a9a4-49885d79.class

Far as I know, I have no way to control the physical size of the cache,
but
that wouldn't really do much of anything anyways.

Again their source is my concern. I use java on my website. I don't have
any of
the 3 named above in my website or their jars, [I don't use jars, they can
hide
stuff].

And the cache above is just from java links I've browsed. There might be
dupes
in my ie6/web cache. It had all the missing children thumbnails, plus the
games
images and thumbnails.
But these 3 files are a mystery. They were quarantined by trends realtime
scan
back on the 7th of march. About the time I resumed installing java on my
website.

but was able to remove it. Unfortunately, Java is needed for the most
part,
but I also use Firefox which is helpful in preventing these occurrences.
MS
will sooner or later get into (or have to) preventing nasties through
their
browser (especially allowing Active X scripts) by making something better
than IE6.

Anyway, Sun (with the money they got in the lawsuit from MS over the use
of
Java), has done nothing to fix these vulnerabilities in their scripting,
and
MS will take advantage of that sooner or later. In the meantime set the
cache limit to a minimum (you'll have to test as you go) of allowing how
much is stashed. Some site won't work properly, unless a sizeable amount
is
allowed. I have mine set @ 75K MAX. If it causes problems, I will increase
it, but I haven't had any yet.

 

[Husky]

That is the directory! If you go into Control Panel, open the Java Plugin
icon, you can set changes under the Cache tab. It defaults to unlimited. If
you need to have these remain at more than a certain amount, periodically
empty the folder by clicking the "Clear" button.

But as far as there source, you really cannot control it, because of the
holes that Java has, and you can only find out where they come from, by
going back to places you typically visit (or have visited) to see if they
come back, sans without having your AV catch them first.. Stash the baddies
in your AV's qauratine folder for n ow, to ake comparisons for future
reference.

If trend catches it again I'll know where it came from. trend pops up a
warning. I'm just thinking I didn't read these too closely when the warning
popup appeared.

I just want to put that site in my own memory to attempt to avoid it in the
future.

Or for that matter put it in trends list to lockout.

Aha 2 weeks ago I had to remove something calling itself purityscan. Another
problem. Possibly found something on it's site when I went investigating.

Or, you can have your AV program monitor more aggressively (I suppose
anyway) to watch every little file that gets added to your profile as you
browse the net, pay attention to the AV alert, and then the site you get
this from should then be evident. I can say that since I found my little
bug, I haven't gotten another nasty since, but that doesn't mean I will not
get one.

it isn't funny. I found a nasty in the cache of Java in my profiles
folder,

I'll have no trouble removing it.
the 3 files found are

Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ <--- in this
directory

BlackBox.class-3e9d2116-21cb5956.class
Dummy.class-6085e18e-1ed5b672.class
VerifierBug.class-2b88a9a4-49885d79.class

Far as I know, I have no way to control the physical size of the cache,
but
that wouldn't really do much of anything anyways.

Again their source is my concern. I use java on my website. I don't have
any of
the 3 named above in my website or their jars, [I don't use jars, they can
hide
stuff].

And the cache above is just from java links I've browsed. There might be
dupes
in my ie6/web cache. It had all the missing children thumbnails, plus the
games
images and thumbnails.
But these 3 files are a mystery. They were quarantined by trends realtime
scan
back on the 7th of march. About the time I resumed installing java on my
website.

but was able to remove it. Unfortunately, Java is needed for the most
part,
but I also use Firefox which is helpful in preventing these occurrences.
MS
will sooner or later get into (or have to) preventing nasties through
their
browser (especially allowing Active X scripts) by making something better
than IE6.

Anyway, Sun (with the money they got in the lawsuit from MS over the use
of
Java), has done nothing to fix these vulnerabilities in their scripting,
and
MS will take advantage of that sooner or later. In the meantime set the
cache limit to a minimum (you'll have to test as you go) of allowing how
much is stashed. Some site won't work properly, unless a sizeable amount
is
allowed. I have mine set @ 75K MAX. If it causes problems, I will increase
it, but I haven't had any yet.

 

[Tom]

I hope you sort it out, and use that to prevent future infections.

That is the directory! If you go into Control Panel, open the Java Plugin
icon, you can set changes under the Cache tab. It defaults to unlimited.
If
you need to have these remain at more than a certain amount, periodically
empty the folder by clicking the "Clear" button.

But as far as there source, you really cannot control it, because of the
holes that Java has, and you can only find out where they come from, by
going back to places you typically visit (or have visited) to see if they
come back, sans without having your AV catch them first.. Stash the
baddies
in your AV's qauratine folder for n ow, to ake comparisons for future
reference.

If trend catches it again I'll know where it came from. trend pops up a
warning. I'm just thinking I didn't read these too closely when the
warning
popup appeared.

I just want to put that site in my own memory to attempt to avoid it in
the
future.

Or for that matter put it in trends list to lockout.

Aha 2 weeks ago I had to remove something calling itself purityscan.
Another
problem. Possibly found something on it's site when I went investigating.

Or, you can have your AV program monitor more aggressively (I suppose
anyway) to watch every little file that gets added to your profile as you
browse the net, pay attention to the AV alert, and then the site you get
this from should then be evident. I can say that since I found my little
bug, I haven't gotten another nasty since, but that doesn't mean I will
not
get one.

it isn't funny. I found a nasty in the cache of Java in my profiles
folder,
I'll have no trouble removing it.
the 3 files found are

Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ <--- in
this
directory

BlackBox.class-3e9d2116-21cb5956.class
Dummy.class-6085e18e-1ed5b672.class
VerifierBug.class-2b88a9a4-49885d79.class

Far as I know, I have no way to control the physical size of the cache,
but
that wouldn't really do much of anything anyways.

Again their source is my concern. I use java on my website. I don't have
any of
the 3 named above in my website or their jars, [I don't use jars, they
can
hide
stuff].

And the cache above is just from java links I've browsed. There might be
dupes
in my ie6/web cache. It had all the missing children thumbnails, plus
the
games
images and thumbnails.
But these 3 files are a mystery. They were quarantined by trends
realtime
scan
back on the 7th of march. About the time I resumed installing java on my
website.


but was able to remove it. Unfortunately, Java is needed for the most
part,
but I also use Firefox which is helpful in preventing these occurrences.
MS
will sooner or later get into (or have to) preventing nasties through
their
browser (especially allowing Active X scripts) by making something
better
than IE6.

Anyway, Sun (with the money they got in the lawsuit from MS over the use
of
Java), has done nothing to fix these vulnerabilities in their scripting,
and
MS will take advantage of that sooner or later. In the meantime set the
cache limit to a minimum (you'll have to test as you go) of allowing how
much is stashed. Some site won't work properly, unless a sizeable amount
is
allowed. I have mine set @ 75K MAX. If it causes problems, I will
increase
it, but I haven't had any yet.

 

[John E. Carty]

MSVM more than likely would not have allowed the nasty to get on your
system. You read correctly about VM being phased out (by a court order),
but that was over two years ago.

What you have is Sun's Java,

Many people today still have Microsoft's version of Java installed as it is
a requirement for many development platforms. It's on my system, as well as
Sun's Java, since I have Visual Studio installed.

 

[Tom]

Many people today still have Microsoft's version of Java installed as it
is a requirement for many development platforms. It's on my system, as
well as Sun's Java, since I have Visual Studio installed.

I don't have it, and I don't want to have two versions. But I found Sun's
version to be more useful on sites I typically visit, where MSVM doesn't
work properly. Sun dropped the ball in security though, and I hope MS comes
back with their own version that is more functional than their previous. I
would loive nothing more than to rid of the holes that Sun Java creates.