116 replies to this topic

[Avohir]

correct me if I'm wrong here... but unless you go in and manually activate that .jar file, that virus is benign, unable to be executed during normal functioning, yes? Edit: not arguing, just trying to make sure I understand everything right

Edited by Avohir, 19 March 2005 - 03:43 PM.

[Zero]

News flash: visting sites stores files in your cache!!! Its amazing, it does this in IE and Firefox and opera and and and.... Open the java console, go to options, turn off Enable Caching, clear cache, go back to the site, look, its not in your cache.

Edited by Zero, 19 March 2005 - 05:46 PM.

[southernlady]

After all, I'm willing to bet theres a slew of people across all the ASAP sites who are excellent spyware / malware removers, but may not know the first thing about fiddling with default java settings - and in some respects, you could say, why should they? Most spyware infections have always been able to be canned with HJT, and maybe a bit of registry tweaking. Occasionally, you migth have to pull out the batch tools and other custom builders.

And I am one of them...maybe not EXCELLENT but working on it but you're right, paperghost. Until THIS thread, I didn't know the first thing about java settings or the java cache but I AM learning. Liz

[nlinecomputers]

This has had so many responses in the past few days that I may have over looked this in the discussion here: Are we not missing the point here? As I understand it, and I not a Java programmer so correct me if I err, this Java applet only pops up it warning at all because it fails to have a properly signed and trusted certificate? If the certificate had been valid we wouldn't have got a prompt at all. The dang thing would just install in blind mode without user interaction. A drive by download. Does that not make it an exploit as the Java Sandbox is supposed to prevent that very thing. Calling users dumb IMHO is irrelvent in this case. This only happend because a Java programmer was sloppy. It is very likely that this very exploit is being used without any prompts at all. I have couple of clients that are using FF that have managed to reinstall various malware onto the system and they claim no dialog boxes popped up at all. I originally thought that they were lying to me(or the clients kids were....) but now I need to reaccess that.

Edited by nlinecomputers, 20 March 2005 - 10:58 AM.

[Zero]

"Zero, once again you've missed the point completely - unlike Avohir, which is why i was careful to state that you simply end up with a virus on board - I didn’t say its actually doing anything. but the point remains - its still there."

And to the average user, a .jar file that is a "virus" and does nothing unless they go to the java console and activates it, affects them how? It doesn’t unless they code something else to activate it. (in which case if it activates the jar file without user knowledge, that would be an exploit)

"and the point youre mising in all of this Zero - is that with default settings on for both java and whatever browser you happen to be using at the time, you will end up with the java popup, the openstream, the active x prompt, the very real possibility of being infected by something."

If you're using the internet the very real possibility of being infected by something is high, that is common sense.

"Telling people in this thread how to switch off the cache is great, but to the millions of people who will never see the original article, much less this thread, or wonder why so much effort went into what the word "exploit" means, it doesn’t mean a hill of beans and their default settings will remain intact."

Again, it doesn’t actually harm their computer, unless they click yes (but that is going round in circles in this discussion). The jar file in this case, because of the users default settings, just sits there, doesn’t do a thing; malicious it may be, however, it does nothing like a normal good little cache file.

Edited by Zero, 20 March 2005 - 11:26 AM.

[Zero]

And that's why every PC I fix I give them a copy of CCleaner http://www.ccleaner.com free. It cleans the Java Cache and much much more. It gets run roughly 3 - 4 times a week.

Files being stored in cache isn't much to be alarmed over. It can be turned off, cleared, etc, so I don't even consider the fact its stored in cache that big of a concern. If a real exploit is devoloped that is purpsoly targeted at the .jar file stored in the cache, then I'll be alarmed.

[Siggyx]

Play nice everyone.

[The Computer Valet]

If I buy new antivirus software today, perform a scan, and this scan finds a file on my system that's infected with a virus, but the file was not running nor was ever acted upon, am I infected?

[Zero]

That depends on your defintion of 'infected'. Generally, when a virus or trojan is executed, and embeds itself to the registry, or generates its payload, then you are infected.

[aad]

And that's why every PC I fix I give them a copy of CCleaner http://www.ccleaner.com free. It cleans the Java Cache and much much more. It gets run roughly 3 - 4 times a week.

Files being stored in cache isn't much to be alarmed over. It can be turned off, cleared, etc, so I don't even consider the fact its stored in cache that big of a concern. If a real exploit is devoloped that is purpsoly targeted at the .jar file stored in the cache, then I'll be alarmed.

I use that program and it is an excellent program. Just be sure to tell your customers to allow the program to make up a backup copy of their registry before they clean out "supposed" unneeded registry entries that are identified. The program would always identify unneeded file extensions in registry. Well, one of them wasn't so unneeded after all. It was needed to run by Anti-Trojan(TDS-3) program. I soon realized this, because everytime I would run ccleaner and allow it to delete all "unneeded" registry entries, I could no longer run TDS-3 and had to reinstall the whole program again. It took me a while to figure out that deletion of the necessary TDS-3 license file extension, via ccleaner, was responsible for this problem. When I stopped deleting that entry, TDS-3 started up problem free.

[Zero]

Thats a bummer, but I never charge anyone for fixing (the most I do is make them sign a sheet for volunteer hours for school )... They usually phone me or catch me on IM when they want to know what reg file is ok to remove and whatnot.