java exploit problem...

[Uncle Vinnie]

I am sorry to bother you folks.. I have CA and am at whits end trying to
find out how to contact them for support.. hence, why I hope you can help in
the meantime...

Scans continually identify 6 infected files and Etrust doesn't do anything
about them.. quaratine, delete...
Please tell me, what is my next step?

thank you...


C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\6.0\1\748d8a81-3bfbac0f <BaaaaBaa.class> -
Java/ByteVerify!exploit trojan. Infected.
C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\6.0\1\748d8a81-3bfbac0f <VaaaaaaaBaa.class> -
Java/ByteVerify!exploit trojan. Infected.

C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\6.0\1\748d8a81-3bfbac0f <Baaaaa.class> -
Java/Shinwow.BJ trojan. Infected.

C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
<BaaaaBaa.class> - Java/ByteVerify!exploit trojan. Infected.

C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
<VaaaaaaaBaa.class> - Java/ByteVerify!exploit trojan. Infected.

C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-53c7de81-2b53548a.zip
<Baaaaa.class> - Java/Shinwow.BJ trojan. Infected.

 

[Uncle Vinnie]

I think I got them... I googled, found a little bit about them... applied a
patch to XP, and deleted temporarly Java files, as well as the one crtdc...
jar file (actually 2).. all scans clean...

thanks! Hope I did it right...!

 

[David H. Lipman]

From: "Uncle Vinnie" <[email protected]>

| I think I got them... I googled, found a little bit about them... applied a
| patch to XP, and deleted temporarly Java files, as well as the one crtdc...
| jar file (actually 2).. all scans clean...
|
| thanks! Hope I did it right...!
|


Yes. You must delete the Java Jars (ZIP type files).


If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0 update 1 (jre 6u1)

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0_01

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1

 

[Uncle Vinnie]

Thank you Dave...

1.6.01 is there.. should I delete all the others?? There are 4 folders of
various 1.5 releases??

 

[David H. Lipman]

From: "Uncle Vinnie" <[email protected]>

| Thank you Dave...
|
| 1.6.01 is there.. should I delete all the others?? There are 4 folders of
| various 1.5 releases??
|

Remove ALL old versions from the Control Panel applet "Add/Remove Programs" first.

Then if there are remnants you can delete them manually from...
C:\Program Files\Java

But leave the latest alone; C:\Program Files\Java\jre1.6.0_01

 

[Dennis Schmitz]

From: "Uncle Vinnie" <[email protected]>

| Thank you Dave...
|
| 1.6.01 is there.. should I delete all the others?? There are 4 folders of
| various 1.5 releases??
|

Remove ALL old versions from the Control Panel applet "Add/Remove Programs" first.

Then if there are remnants you can delete them manually from...
C:\Program Files\Java

But leave the latest alone; C:\Program Files\Java\jre1.6.0_01

Hey Dave,

Trying to remove the old versions of JAVA through the CONTROL PANEL -
ADD/REMOVE list.
Everytime I try, it wants to access the internet and install the old
versions again. Get message that version is already installed.

How do you remove the old versions? I have the new version dl'd and ready to
install.

Thanks, Dennis

 

[David H. Lipman]

From: "Dennis Schmitz" <[email protected]>




| Hey Dave,

| Trying to remove the old versions of JAVA through the CONTROL PANEL -
| ADD/REMOVE list.
| Everytime I try, it wants to access the internet and install the old
| versions again. Get message that version is already installed.

| How do you remove the old versions? I have the new version dl'd and ready to
| install.

| Thanks, Dennis


Never let Sun Java auto-update. Do it manually.

Copntrol panel --> Java --> Update
Uncheck teh box for; "Check for updates auto matically"

 

[me]

Dave,

May I drop you a PVT?

TIA,
J

 

[David H. Lipman]

From: <[email protected]>

| |
| Dave,
|
| May I drop you a PVT?
|
| TIA,
| J

Yes.

 

[David H. Lipman]

From: <[email protected]>

| |
| Dave,
|
| May I drop you a PVT?
|
| TIA,
| J

Nothing was received.

 

[me]

From: <[email protected]>

| |
| Dave,
|
| May I drop you a PVT?
|
| TIA,
| J

Nothing was received.

Thanks -- it's on its way (I've been away).

J

 

[Shharkbait]

David and Others...
Thanks for all of the great info here. I just found two instances of the
'crtdcghcn.jar' trojan on my machine and will use your advice to clean my
machine.

Please tell tho... What do these trojan do in my system? Have I be
vulerable to password leaks or other problems? Do I need to be worried
about cancelling credit cards and bank accounts?

Thanks for your help!

shharkbait

 

[kurt wismer]

David and Others...
Thanks for all of the great info here. I just found two instances of the
'crtdcghcn.jar' trojan on my machine and will use your advice to clean my
machine.

Please tell tho... What do these trojan do in my system? Have I be
vulerable to password leaks or other problems? Do I need to be worried
about cancelling credit cards and bank accounts?

it's not possible to tell from a filename (crtdcghcn.jar is the file
name of a java archive file) what you have or what it does... if your
scanner doesn't detect it then submit it to an anti-virus vendor for
analysis...

 

[Shharkbait]

"it's not possible to tell from a filename (crtdcghcn.jar is the file
name of a java archive file) what you have or what it does... if your
scanner doesn't detect it then submit it to an anti-virus vendor for
analysis..."
---------------------------------------
Thanks... In the examples I have seen in this forum and else where, a long
series of numbers and letters follows the 'crtdcghcn.jar', always a
different number sequence... I am hoping to find out if these trojans are
responsible for an excessively large amount of data downloadng into my
system.

Thanks for your input.

Shharkbait

 

[Offbreed]

"it's not possible to tell from a filename (crtdcghcn.jar is the file
name of a java archive file) what you have or what it does... if your
scanner doesn't detect it then submit it to an anti-virus vendor for
analysis..."
---------------------------------------
Thanks... In the examples I have seen in this forum and else where, a long
series of numbers and letters follows the 'crtdcghcn.jar', always a
different number sequence... I am hoping to find out if these trojans are
responsible for an excessively large amount of data downloadng into my
system.

You are trying to find out what that is, right? Nobody needs a child
pornography charge.

 

[David H. Lipman]

From: "Shharkbait" <[email protected]>


| Thanks... In the examples I have seen in this forum and else where, a long
| series of numbers and letters follows the 'crtdcghcn.jar', always a
| different number sequence... I am hoping to find out if these trojans are
| responsible for an excessively large amount of data downloadng into my
| system.
|
| Thanks for your input.
|
| Shharkbait
|

If there is a Trojan or exploit code, it is a .CLASS file in the Java Jar which is a ZIP
type file.

 

[Shharkbait]

I think my system is clean...

Did not find a .class fiel in the Java Jar, nor did I find a .ZIP file...

Thank you for your help...

shharkbait