Unknown svchost.exe DNS port 53 network activity


R

Raffi

First off sorry for cross posting. I'm not sure what this is although
it resembles a trojan.

I noticed heavy activity on my router as well as my workstation LAN
connection icon in the tray. After some digging appears to be a svchost
process that is listening on port 53 with a remote address of my ISP's
DNS server. My router is not set to forward DNS traffic to a specific
system.

I have run the following without any success in catching this bug

AntiVir antivirus
Avast antivirus
Spybot S&D
Ad Aware
AVG antispyware

I got the following information for the related process from Port
Explorer

Command line: c:\windows\system32\svchost.exe -k Network Service

Any help in identifying this bug and cleaning will be greatly
appreciated.

Thanks,
Raffi
 
Ad

Advertisements

D

David H. Lipman

From: "Raffi" <thegrizzzly@yahoo.com>

| First off sorry for cross posting. I'm not sure what this is although
| it resembles a trojan.
|
| I noticed heavy activity on my router as well as my workstation LAN
| connection icon in the tray. After some digging appears to be a svchost
| process that is listening on port 53 with a remote address of my ISP's
| DNS server. My router is not set to forward DNS traffic to a specific
| system.
|
| I have run the following without any success in catching this bug
|
| AntiVir antivirus
| Avast antivirus
| Spybot S&D
| Ad Aware
| AVG antispyware
|
| I got the following information for the related process from Port
| Explorer
|
| Command line: c:\windows\system32\svchost.exe -k Network Service
|
| Any help in identifying this bug and cleaning will be greatly
| appreciated.
|
| Thanks,
| Raffi

Yaeh exxcessive Cross-Posting for Domain Name Resolution !

Unless you can prove that there is something causing DNS calls outside your ISP Domain, this
is NORMAL.
 
R

Raffi

David said:
From: "Raffi" <thegrizzzly@yahoo.com>

| First off sorry for cross posting. I'm not sure what this is although
| it resembles a trojan.
|
| I noticed heavy activity on my router as well as my workstation LAN
| connection icon in the tray. After some digging appears to be a svchost
| process that is listening on port 53 with a remote address of my ISP's
| DNS server. My router is not set to forward DNS traffic to a specific
| system.
|
| I have run the following without any success in catching this bug
|
| AntiVir antivirus
| Avast antivirus
| Spybot S&D
| Ad Aware
| AVG antispyware
|
| I got the following information for the related process from Port
| Explorer
|
| Command line: c:\windows\system32\svchost.exe -k Network Service
|
| Any help in identifying this bug and cleaning will be greatly
| appreciated.
|
| Thanks,
| Raffi

Yaeh exxcessive Cross-Posting for Domain Name Resolution !

Unless you can prove that there is something causing DNS calls outside your ISP Domain, this
is NORMAL.
It turns out it wasn't normal. I had recently installed a P2P program
on my PC and it had added a ton of entries in my hosts file. I'm
surprised none of the spyware programs gave me even the slightest
warning about these entries.

Raffi
 
D

David H. Lipman

From: "Raffi" <thegrizzzly@yahoo.com>


| It turns out it wasn't normal. I had recently installed a P2P program
| on my PC and it had added a ton of entries in my hosts file. I'm
| surprised none of the spyware programs gave me even the slightest
| warning about these entries.
|
| Raffi

Still normal. The ONLY way this would be abnormal is if a DNSChanger Trojan was installed
and the PC was NOT using the ISP provided DNS servers but a tainted, malicious, set of DNS
servers.

Now having entries .\etc\hosts file will circumvent DNS calls. Based upon a Registry
setting that sets the order of name to address resolution, first the OS calls the hosts
files and if a name to IP address is listed the IP address of the .\etc\hosts table will be
used. If a name (alias) is not in that hosts table then the TCP/.IP stack will cause a DNS
call to a DNS server which will then return the IP address.

The way you have your original post worded SVCHOST was found to communicate with your ISP's
DNS server.

One can only go by the wording of your original post and p\based upon what I read, I saw no
normality. While having modifications to the hosts table can be indicative of malicious
software, that is NOT always true. The owner/operator can apply the MVP Hosts file to their
computer to block malicious sites and the application is not malicious. If you can post
actuall FireWall logs of DNS activitry, Netstat dumps and the whol or extracts of the hosts
table, one can make a more definite determination of malware.
 
R

Raffi

David said:
From: "Raffi" <thegrizzzly@yahoo.com>


| It turns out it wasn't normal. I had recently installed a P2P program
| on my PC and it had added a ton of entries in my hosts file. I'm
| surprised none of the spyware programs gave me even the slightest
| warning about these entries.
|
| Raffi

Still normal. The ONLY way this would be abnormal is if a DNSChanger Trojan was installed
and the PC was NOT using the ISP provided DNS servers but a tainted, malicious, set of DNS
servers.

Now having entries .\etc\hosts file will circumvent DNS calls. Based upon a Registry
setting that sets the order of name to address resolution, first the OS calls the hosts
files and if a name to IP address is listed the IP address of the .\etc\hosts table will be
used. If a name (alias) is not in that hosts table then the TCP/.IP stack will cause a DNS
call to a DNS server which will then return the IP address.

The way you have your original post worded SVCHOST was found to communicate with your ISP's
DNS server.

One can only go by the wording of your original post and p\based upon what I read, I saw no
normality. While having modifications to the hosts table can be indicative of malicious
software, that is NOT always true. The owner/operator can apply the MVP Hosts file to their
computer to block malicious sites and the application is not malicious. If you can post
actuall FireWall logs of DNS activitry, Netstat dumps and the whol or extracts of the hosts
table, one can make a more definite determination of malware.
Thanks for the reply. Removing the P2P software and clearing the
\etc\hosts file did not correct the issue after all. I just logged in
with the administrator account and the network activity is no longer
there. This seems to be happenning only when I log into my personal
account. During my last login, SERVICES.EXE was making the connections
rather than SVCHOST.EXE. Is there a way to determine if these files
have been tampered with?

I'll try to get more information from netstat etc.

Raffi
 
Ad

Advertisements

D

David H. Lipman

From: "Raffi" <thegrizzzly@yahoo.com>

|
| Thanks for the reply. Removing the P2P software and clearing the
| \etc\hosts file did not correct the issue after all. I just logged in
| with the administrator account and the network activity is no longer
| there. This seems to be happenning only when I log into my personal
| account. During my last login, SERVICES.EXE was making the connections
| rather than SVCHOST.EXE. Is there a way to determine if these files
| have been tampered with?
|
| I'll try to get more information from netstat etc.
|
| Raffi

Yes. Download and use Process Explorer
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

And look at not only the file name SERVICES.EXE but the fully qualified name and path.

SERVICES.EXE and SVCHOST.EXE should ONLY be executed from the folder; %windir%\system32
If they are executed from any other location it is a sure sign of malware.

Also, there are DLLs that can be loaded and use SERVICES.EXE and SVCHOST.EXE such that the
legitimate SERVICES.EXE and/or SVCHOST.EXE are being loaded and used but are loading
malicuious DLL files.

You can also run MSCONFIG.EXE and compare what is loaded as administrator vs. what is loaded
in you everyday account. You indicated the activity stopped when you logged on as admin.
thus what may be loaded to cause the activity is being loaded by that personal account.
 
R

Raffi

David said:
From: "Raffi" <thegrizzzly@yahoo.com>

|
| Thanks for the reply. Removing the P2P software and clearing the
| \etc\hosts file did not correct the issue after all. I just logged in
| with the administrator account and the network activity is no longer
| there. This seems to be happenning only when I log into my personal
| account. During my last login, SERVICES.EXE was making the connections
| rather than SVCHOST.EXE. Is there a way to determine if these files
| have been tampered with?
|
| I'll try to get more information from netstat etc.
|
| Raffi

Yes. Download and use Process Explorer
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx

And look at not only the file name SERVICES.EXE but the fully qualified name and path.

SERVICES.EXE and SVCHOST.EXE should ONLY be executed from the folder; %windir%\system32
If they are executed from any other location it is a sure sign of malware.

Also, there are DLLs that can be loaded and use SERVICES.EXE and SVCHOST.EXE such that the
legitimate SERVICES.EXE and/or SVCHOST.EXE are being loaded and used but are loading
malicuious DLL files.

You can also run MSCONFIG.EXE and compare what is loaded as administrator vs. what is loaded
in you everyday account. You indicated the activity stopped when you logged on as admin.
thus what may be loaded to cause the activity is being loaded by that personal account.
Dave,

Thanks for all the help and suggestions. I took the easy way out this
time. I created a new user and transferred all important files
(documents etc) to the new user. Then I deleted the original account.
This fixed the issue.

My guess is that this was some sort of malware. I did download process
explorer for future use. Sorry I couldn't chase this any longer but
this is my main workstation and I have alot of work to do which had
been on hold while I was chasing this.

Thanks,
Raffi
 
A

Alun Jones

Raffi said:
Dave,

Thanks for all the help and suggestions. I took the easy way out this
time. I created a new user and transferred all important files
(documents etc) to the new user. Then I deleted the original account.
This fixed the issue.

My guess is that this was some sort of malware. I did download process
explorer for future use. Sorry I couldn't chase this any longer but
this is my main workstation and I have alot of work to do which had
been on hold while I was chasing this.
Since the problem is "fixed" by running under a different user, that really
strongly points the finger at malware.

However, I would definitely recommend that you not view this as being
"fixed".

It isn't.

You still have that malware, and the "work" that you do on it is now exposed
to the author of that malware, and anyone he chooses to share it with.

Your most reliable bet would be to "flatten" the machine - take your work
off to a backup device, reinstall the OS and your applications, and restore
your work.

And don't be running P2P applications on your work machine. P2P
"file-sharing" is a great way to pick up malware, because you're downloading
and then executing untrusted data and applications from unknown and
untrusted third parties. Is it any wonder you got infected? Unless you
remove the infection, and stop doing the things that got you infected,
you'll stay infected, and you'll get infected again with the next thing that
comes along. Eventually, your "work" will be spread around the world for
everyone to enjoy. I don't think you want that.

Alun.
~~~~
 
R

Raffi

Alun said:
Since the problem is "fixed" by running under a different user, that really
strongly points the finger at malware.

However, I would definitely recommend that you not view this as being
"fixed".

It isn't.

You still have that malware, and the "work" that you do on it is now exposed
to the author of that malware, and anyone he chooses to share it with.

Your most reliable bet would be to "flatten" the machine - take your work
off to a backup device, reinstall the OS and your applications, and restore
your work.

And don't be running P2P applications on your work machine. P2P
"file-sharing" is a great way to pick up malware, because you're downloading
and then executing untrusted data and applications from unknown and
untrusted third parties. Is it any wonder you got infected? Unless you
remove the infection, and stop doing the things that got you infected,
you'll stay infected, and you'll get infected again with the next thing that
comes along. Eventually, your "work" will be spread around the world for
everyone to enjoy. I don't think you want that.

Alun.
~~~~
The "problem" was back overnight. I'll post more information soon.

Raffi
 
D

David H. Lipman

From: "Raffi" <thegrizzzly@yahoo.com>


|
| The "problem" was back overnight. I'll post more information soon.
|
| Raffi



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
 
Ad

Advertisements

R

Raffi

David said:
From: "Raffi" <thegrizzzly@yahoo.com>


|
| The "problem" was back overnight. I'll post more information soon.
|
| Raffi



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being exploited.

It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1


For non-viral malware...

Please download, install and update the following software...

* Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/
http://www.lavasoft.de/ms/index.htm

* SpyBot Search and Destroy v1.4
http://security.kolla.de/
http://www.safer-networking.org/microsoft.en.html

* SuperAntiSpyware
http://www.superantispyware.com/superantispywarefreevspro.html

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

* BHODemon

http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d

For viral malware...

* Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *
I have found the process responsible for the Port 53 traffic.
Suspending this process in Process Explorer stops the network activity.
Resuming it restarts the activity. Below are the details.

Process: svchost.exe Pid: 944

Type Name
Desktop \Default
Directory \KnownDlls
Directory \Windows
Directory \BaseNamedObjects
File C:\WINDOWS\system32
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\NamedPipe\net\NtControlPipe5
File \Device\Tcp
File \Device\Ip
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File C:\WINDOWS\system32\drivers\etc
File \Device\Tcp
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File \Device\NamedPipe\lsarpc
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\Udp
File \Device\Afd\Endpoint
File \Device\Udp
Key HKLM
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Linkage
Key HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5
KeyedEvent \KernelObjects\CritSecOutOfMemoryEvent
Mutant \BaseNamedObjects\DCS_grd
Port \RPC Control\DNSResolver
Process svchost.exe(944)
Section \BaseNamedObjects\DCS_raw
Section \BaseNamedObjects\DCS_LOGraw
Semaphore \BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Thread svchost.exe(944): 948
Thread svchost.exe(944): 3036
Thread svchost.exe(944): 972
Thread svchost.exe(944): 976
Thread svchost.exe(944): 3036
Thread svchost.exe(944): 460
Thread svchost.exe(944): 460
Thread svchost.exe(944): 1344
Thread svchost.exe(944): 3548
Thread svchost.exe(944): 3548
Thread svchost.exe(944): 1392
Thread svchost.exe(944): 1392
Thread svchost.exe(944): 1404
Thread svchost.exe(944): 1708
Thread svchost.exe(944): 1404
Thread svchost.exe(944): 1708
WindowStation \Windows\WindowStations\Service-0x0-3e4$
WindowStation \Windows\WindowStations\Service-0x0-3e4$
 
S

Stefan Kanthak

David H. Lipman said:
From: "Raffi" <thegrizzzly@yahoo.com>


|
| The "problem" was back overnight. I'll post more information soon.
|
| Raffi



If you are using any version of Sun Java that is prior to JRE Version 6.0,
then you are strongly urged to remove any/all versions.
There are vulnerabilities in them and they are actively being exploited.
Stop spreading FUD!
1.5.0_10 as well as 1.4.2_13 have no known vulnerabilities!
It is highly suggested that you update to the latest version which is Sun Java JRE/JSE
Version 6.0
It's completely sufficient to have the latest version of 1.5.0 or 1.4.2
installed and all previous versions (manually!) removed.
There are still quite some applets and java applications out there which
won't run with JRE6 or even JRE5!
Simple check, look under...
C:\Program Files\Java
| dir "C:\Program Files\"
|
| File not found

When will you learn to use "%ProgramFiles%"?
The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.6.0

http://java.sun.com/javase/downloads/index.jsp
http://www.java.com/en/download/manual.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102622-1


For non-viral malware...

Please download, install and update the following software...
Alun already gave the ONLY CORRECT advice: flatten and rebuild.

Stefan

fup microsoft.public.security
 
G

Gabriele Neukam

T

Tom Willett

The most current version of JRE is now 6.0
https://sdlc6e.sun.com/ECom/EComActionServlet;jsessionid=A740E8BE890BC3FA02F50ACBEE0FC574

| On this special day, David H. Lipman wrote :
|
| > If you are using any version of Sun Java that is prior to JRE Version
6.0,
| > then you are strongly urged to remove any/all versions.
|
| You should replace the six with a nine or ten.
|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
|
| are the newest alerts by Sun.
|
|
| Gabriele Neukam
|
| (e-mail address removed)
|
| --
| Bei Windows haut man raus was man nicht braucht.
| Bei Linux haut man rein was man braucht.
| (René 'vollmi' Vollmeier in de.comp.security.misc)
|
|
 
D

David H. Lipman

From: "Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de>

| On this special day, David H. Lipman wrote :
||
| You should replace the six with a nine or ten.
|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
|
| are the newest alerts by Sun.
|
| Gabriele Neukam
|
| (e-mail address removed)
|

I'm sorry Gabriele but Sun is f'd up and confusing.

v6 is the latest and based upon ALL the problems with Sun not being forthcoming with
Vulnerability statements, v6 is the suggested version. It is a complete re-write.

In the middle of the following page...
"Java Runtime Environment (JRE) 6"
http://java.sun.com/javase/downloads/index.jsp
 
Ad

Advertisements

D

David H. Lipman

From: <jmatt@webace.com.au>

|
| Here is a very good free online scan from world leaders in security.
| It will let you know what needs securing ( updating ) & what needs
| removing ( security risk )
| Secunia Software Inspector
| http://secunia.com/software_inspector

It is very good and it is highly suggested.
 
R

Raffi

David said:
From: "Gabriele Neukam" <Gabriele.Spamfighter.Neukam@t-online.de>

| On this special day, David H. Lipman wrote :
|
|
| You should replace the six with a nine or ten.
|
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102729-1
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102731-1
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1
|
| are the newest alerts by Sun.
|
| Gabriele Neukam
|
| (e-mail address removed)
|

I'm sorry Gabriele but Sun is f'd up and confusing.

v6 is the latest and based upon ALL the problems with Sun not being forthcoming with
Vulnerability statements, v6 is the suggested version. It is a complete re-write.

In the middle of the following page...
"Java Runtime Environment (JRE) 6"
http://java.sun.com/javase/downloads/index.jsp
I did have older versions of JRE, J2SE and J2ME SDK and uninstalled
them as well as deleting all related folders. The problem is still
there.

As I mentioned before, I have run a few anivirus and antispyware
programs both in normal and safe mode and they haven't identified any
issues. Of course all software were properly updated before running.

At this poing I'm starting to consider reinstalling Windows XP.

Raffi
 
Ad

Advertisements

D

David H. Lipman

From: "Raffi" <thegrizzzly@yahoo.com>

|
| I did have older versions of JRE, J2SE and J2ME SDK and uninstalled
| them as well as deleting all related folders. The problem is still
| there.
|
| As I mentioned before, I have run a few anivirus and antispyware
| programs both in normal and safe mode and they haven't identified any
| issues. Of course all software were properly updated before running.
|
| At this poing I'm starting to consider reinstalling Windows XP.
|
| Raffi

Replacing Sun Java was NOT part of the solution for you.

Since there are so many vulnerabilities in older version, upgrading and replacing them with
the latest version will help mitigate malware which may exploit those vulnerablities and
help prevent future problems.

Plaese run the anti malware scans and software I suggested.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top