Trojan-Downloader.Java.Agent.c

[sasha gottfried]

Kapersky on line scanner finds: Trojan-Downloader.Java.Agent.c in:
C:\Documents and Settings\HP_Administrator\Application
Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-79fdbbd6/FcPred.class
Infected: Trojan-Downloader.Java.Agent.c
skipped





Please advise,

Thanks,

marc

 

[David H. Lipman]

From: "sasha gottfried" <[email protected]>

| Kapersky on line scanner finds: Trojan-Downloader.Java.Agent.c in:
| C:\Documents and Settings\HP_Administrator\Application
| Data\Sun\Java\Deployment\cache\6.0\9\3c0ee589-79fdbbd6/FcPred.class
| Infected: Trojan-Downloader.Java.Agent.c
| skipped
|
| Please advise,
|
| Thanks,
|
| marc
|


If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are numerous vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0 update 1 (jre 6u1)

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0_01

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1



1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Control panel --> Java applet --> cache --> clear
or
Control panel --> Java applet --> general --> settings --> delete files

4) Re-scan your system using your anti virus software.


* * * Please report back your results * * *

 

[sasha gottfried]

Hi,

I'm using the latest version JRE: 1.6.0_01 but there are several folders of
earlier 1.5 versions. Should I just delete those earlier versions from the
Java folder?

Marc

 

[Heather]

Hi,

I'm using the latest version JRE: 1.6.0_01 but there are several
folders of earlier 1.5 versions. Should I just delete those earlier
versions from the Java folder?

David will be along, but I am sure he will say this......

Go to Add/Remove and see how many versions are in there of Java. It
would be preferable to remove those first. Then go to Program Files and
remove any folder that is other than your latest one.

However, you can wait to see what Mr. Lipman (G) has to say on the
subject.

Heather

 

[David W. Hodgins]

I'm using the latest version JRE: 1.6.0_01 but there are several folders of
earlier 1.5 versions. Should I just delete those earlier versions from the
Java folder?

Use the control panel, add/remove programs to remove the related registry
entries, as well as the files.

If, after removing the 1.5 versions, using the control panel, you find there
are still older versions in the java directory, then delete those manually.

Regards, Dave Hodgins

 

[David H. Lipman]

From: "sasha gottfried" <[email protected]>

| Hi,
|
| I'm using the latest version JRE: 1.6.0_01 but there are several folders of
| earlier 1.5 versions. Should I just delete those earlier versions from the
| Java folder?
|
| Marc
|

Heather and Dave provided you with the correct information.

 

[sasha gottfried]

Okay..........just one question. Java, in their FAQ states that: "The latest
version of the Java Runtime Environment (JRE) contains updates to previous
versions. There might be some applications or applets written and tested
against a specific version of the JRE.
It is recommended that you keep older versions of the JRE on your system. If
you are running low on disk space, you can uninstall older versions of the
JRE."

So what is the risk or problem with removing the earlier versions? Why do
they recommend keeping them?

Marc

 

[David W. Hodgins]

So what is the risk or problem with removing the earlier versions? Why do
they recommend keeping them?

The faq was written before sun released a version, that patched a
security vulerability, without releasing patches for the older versions.

It is not safe to keep older versions anymore, as they are no longer
being maintained.

I've yet to encounter an applet that failed to run on newer versions,
with the exception of malware, designed to take advantage of the
exploits available in the older versions.

Regards, Dave Hodgins

 

[Heather]

Okay..........just one question. Java, in their FAQ states that: "The
latest version of the Java Runtime Environment (JRE) contains updates
to previous versions. There might be some applications or applets
written and tested against a specific version of the JRE.
It is recommended that you keep older versions of the JRE on your
system. If you are running low on disk space, you can uninstall older
versions of the JRE."

So what is the risk or problem with removing the earlier versions? Why
do they recommend keeping them?

If I recall David Lipman's explanation correctly, there are security
holes in the older version (I happen to run 1.5.0_11 myself). Which is
why you should remove them. You have already had an example of that.

As for why they recommend keeping them?? Because they are IDIOTS and
don't understand the problems. (to put it bluntly, grin).

Cheers.......Heather

 

[David H. Lipman]

From: "sasha gottfried" <[email protected]>

| Okay..........just one question. Java, in their FAQ states that: "The latest
| version of the Java Runtime Environment (JRE) contains updates to previous
| versions. There might be some applications or applets written and tested
| against a specific version of the JRE.
| It is recommended that you keep older versions of the JRE on your system. If
| you are running low on disk space, you can uninstall older versions of the
| JRE."
|
| So what is the risk or problem with removing the earlier versions? Why do
| they recommend keeping them?
|
| Marc

Marc:

Please read...
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102760-1


There are secutity hioles, vulnerabilities, in older versions and there is code (and I have
seen it in action) that will seek out older versions and test them for vulnerabilities and
subsequently exploit them. Laeving old versions leaves your PC, and your data, "at risk".

 

[Heather]

So what is the risk or problem with removing the earlier versions? Why
do they recommend keeping them?

OK......so now you have the same answer from 3 diverse people, each in
their own unique style, grin.

Remove the older versions and make sure their folders are gone in
Programs. IIRC, they will still be there.

Cheers.....Heather

 

[sasha gottfried]

Thanks.......All!


marc

OK......so now you have the same answer from 3 diverse people, each in
their own unique style, grin.

Remove the older versions and make sure their folders are gone in
Programs. IIRC, they will still be there.

Cheers.....Heather

 

[David W. Hodgins]

Remove the older versions and make sure their folders are gone in
Programs. IIRC, they will still be there.

If I remember correctly (I rarely use windows, anymore), the folder will
be deleted, if you clear the cache first. If there's anything in the
folder, that wasn't created during the install, then the folders will
be kept, but with all of the files created during the install, having
been deleted by the uninstall.

Regards, Dave Hodgins

 

[David H. Lipman]

From: "David W. Hodgins" <[email protected]>


|
| If I remember correctly (I rarely use windows, anymore), the folder will
| be deleted, if you clear the cache first. If there's anything in the
| folder, that wasn't created during the install, then the folders will
| be kept, but with all of the files created during the install, having
| been deleted by the uninstall.
|
| Regards, Dave Hodgins
|

No really. The cache is stored in the user's profile.

 

[David W. Hodgins]

No really. The cache is stored in the user's profile.

Thanks for the correction.

Regards, Dave Hodgins

 

[Heather]

From: "David W. Hodgins" <[email protected]>


|
| If I remember correctly (I rarely use windows, anymore), the folder
will
| be deleted, if you clear the cache first. If there's anything in
the
| folder, that wasn't created during the install, then the folders
will
| be kept, but with all of the files created during the install,
having
| been deleted by the uninstall.
|
| Regards, Dave Hodgins
|

No really. The cache is stored in the user's profile.

Yep......and I clean it out every day or two. You know I am an addicted
Pogo player (G) and it sure fills up the cache fast. Another way I
sometimes empty it is via Control Panel/Java.....and I delete all in the
bottom box.

Cheers......Heather

 

[James Egan]

If I recall David Lipman's explanation correctly, there are security
holes in the older version (I happen to run 1.5.0_11 myself). Which is
why you should remove them. You have already had an example of that.

1.5.0_11 should have auto updated itself to 1.6.0_1 a few weeks back
(unless you told it not to, of course) so it looks like they're
finally getting their act together on that one.


Jim.

 

[Heather]

1.5.0_11 should have auto updated itself to 1.6.0_1 a few weeks back
(unless you told it not to, of course) so it looks like they're
finally getting their act together on that one.

Yes.....I disabled it after being bugged to download the latest one. I
tried it and prefer the older one, which I don't believe has any
security holes. They changed their method of clearing the cache,
IIRC......and it was a pain.

Night.....Heather

 

[Ant]

Okay..........just one question. Java, in their FAQ states that: "The latest
version of the Java Runtime Environment (JRE) contains updates to previous
versions. There might be some applications or applets written and tested
against a specific version of the JRE.
It is recommended that you keep older versions of the JRE on your system. If
you are running low on disk space, you can uninstall older versions of the
JRE."

So what is the risk or problem with removing the earlier versions?

Some applications and applets may no longer work as intended.

Why do they recommend keeping them?

For exactly the reason they say above. However, if you only want Java
for sites that use applets in web pages and you are concerned about
security, you should ignore their advice.

At work, we need to use a particular version of Java for some
applications on our corporate network. This isn't a big risk because
Java on external sites (i.e. the Internet) is blocked by the firewall.

 

[Virus Guy]

1.5.0_11 should have auto updated itself to 1.6.0_1

Maybe I'm wrong about this, but wasn't (isin't) the JRE being
maintained in two separate lines, the 1.5.x and 1.6.x, the difference
being that 1.6.x is open-source?

(thereby making it very difficult for an end user to know which one is
more "current" - or secure?)