08-13-2010 07:00 AM
Hi. I am running Norton Security Suite 184.108.40.206 on Vista Home Premium SP2, with two users set up, one with Admin rights.
Every so often, Norton finds files that it labels as a High Security Threat in the Users\"username"\appdata\locallow\sun\java\deploym
08-13-2010 10:41 AM - edited 08-13-2010 10:51 AM
Vulnerabilities in older versions of Java can allow malware to be installed. Follow the instructions in the link below to clear the Java cache which will remove the files that Norton is detecting. After you have done this in all user accounts go to the account with administrator privileges and reopen the Java Control Panel. Open the Update tab and click the Update Now button. If a new version is available, install it. Note the new version number. Once the installation has finished go to Add/Remove Programs and if you find any old versions of Java listed remove them, leaving just the latest version installed.
08-13-2010 08:15 PM
Thank you for the quick reply. I should have mentioned in my original email that a couple of weeks ago I did uninstall old versions of Java from all our computers, and the one we are running now 6 update 21 appears to be the most recent. The thing that worries me is that I do full scans routinely, almost compulsively now, and I did one just the day before this trojan was detected. I also scan on an ad hoc basis with Malwarebytes. And Norton/Malwarebytes don't seem to think the files are trojans when I run a file-level scan. Could it be a false positive? Our web-surfing is really pretty limited. I tried not having Java installed at all, but there were a few things my husband needed that require it.
08-13-2010 08:31 PM
Hi Jen 2010,
You do have the most recent version of Java. I am not sure why you got mixed scan results with this file. If you still have it, or if it comes back, you could upload it to VirusTotal to see if the AV scanners there can reach a consensus. As for doing away with Java entirely, at least one security expert is in agreement with you:
08-14-2010 05:23 AM
Thanks. I did empty the cache from the Java control panel, from both user accounts, but even after doing that, there are still many files in the appdata\locallow\sun\java\deployment\cache\6.0\ folders (within numbered folders) and also in appdata\locallow\sun\java\deployment\SystemCache\6
I did uncheck the "keep temporary files on my computer" box,but I am guessing that will cripple any Java app?
Other than doing a Norton scan from Safe Mode, with the scan set to "Full" rather than "Trusted" and a *full* Malwarebytes scan that took 7 hours (not from safe mode, they don't recommend it?) is there anything else I should do?
08-14-2010 09:43 AM
Here is an article about how to get control over Java settings.
If you don’t use Java that often, I recommend unchecking Keep temporary files on my computer. This will keep Windows from being clogged up with tons of Java application data, which can happen all too easily. As you can see from above, Java keeps its own cache directory for its own applications. You can save yourself the headache of clearing this out by having Java not save temporary files in the first place.
Again, this is only if you don’t use Java that often. If you do use it with a fair amount of freqency, Java will have to reload everything each time it starts. If not, leave the box above unchecked.
When done, click OK.
This was taken from the above article. So if you leave it unchecked, the program that uses java will reload it again, so it won't cripple your programs that use it. By leaving it unchecked, it may leave slow you down for a couple of seconds, but you will be safer in the long run. If you do use it frequently, then clean it out daily is my opinion.
Please read the rest of that article because it explains all the settings in Java; Thanks.
Success always occurs in private and failure in full view.
08-14-2010 09:54 AM
Browsing through the application data folder I am also finding the numbered folders you mention, so these are normal. I wouldn't worry about them. What you want to clear, and already have via the Java Control Panel, are the temporary internet files that Java keeps around. Unchecking "Keep temporary files on my computer" should not cripple the application. It should continue to work fine. I think you have done everything that needs to be done.
08-17-2010 10:34 AM
I get the same thing, it has happened the last 2 time java has updated. This was the last update javaupdateapplication.class and javaupdatemanager.class A full scan was done on sunday and computer was not used on monday but when started today this came up as virus threats. Idle quick scan showed no problem 20 min before idle full scan. I think this is a problem with norton and not a virus threat. Can anyone tell me different?
08-17-2010 02:12 PM
Welcome to the Norton Community Forum
Are you running the latest version of Java which is 21 now? Have you deleted the older versions from Add/remove? I would disable the auto update of Java and go to the Java website once a week and see if there are any updates available. Even though your computer was off or not used, new definitions are coming out and new pulse updates come out all the time also. I would also empty out the java temp files and empty the cache as explained in the posts in this thread.
You can also run a full scan with the free version of Malwarebytes as an on demand scanner which won't interfere with your Norton product.
Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.
You can find Malwarebytes here
It is a safer location to get the program from than malwarebytes themselves because some malware creators have large lists of sites that they block. Please be careful to down load the correct program ----the FREE version of MALWAREBYTES
(Thanks to Delph for providing the alternative site)
Please let us know if this shows anything and also please make sure your adobe products are up to date also.
Success always occurs in private and failure in full view.