# [WARNING] Read this if you have Java



## MxPhenom 216 (Aug 1, 2012)

Last night after play some DayZ with erocker, ducky, Haru and Alex logged out and and exitted out of all my programs to shut down for the night and down by the clock Java icon came up like it was updating.....................

Well it wasn't updating it was actually installing Live Security Platinum a Hoax anti virus program that throws false positives out like you have a viruses and such. It also puts a proxy on your internet and disables all exe programs so nothing works.

There are a ton of ways to get rid of it, but it comes down to finding the one that will work well.

Just thought id let everyone know. There is definitely a Java exploit going around and its nasty.

Once I figure out how to get rid of it I will let you all know.


----------



## stinger608 (Aug 2, 2012)

yea, keep us updated man!!!


----------



## 95Viper (Aug 2, 2012)

nvidiaintelftw said:


> Once I figure out how to get rid of it I will let you all know.



Maybe, this will help.
Link is to a guide at bleepingcomputer.com:
Remove Live Security Platinum (Uninstall Guide)

Or, this one at Malwarebytes:
Removal instructions for Live Security Platinum


----------



## Jstn7477 (Aug 2, 2012)

lol, "Trojan.LameShield"

Hope nobody else gets this as it does sound rather annoying to remove (like most fake AV programs).


----------



## LAN_deRf_HA (Aug 2, 2012)

This seems similar to the thousand and one variants of fake security center infections. Malwarebytes in safemode usually get's rid of this stuff but the damage can remain. Might need to use system restore, and you should always run ccleaner's registry repair afterwards.


----------



## MxPhenom 216 (Aug 2, 2012)

LAN_deRf_HA said:


> This seems similar to the thousand and one variants of fake security center infections. Malwarebytes in safemode usually get's rid of this stuff but the damage can remain. Might need to use system restore, and you should always run ccleaner's registry repair afterwards.



I think im just going to be re imaging my system. this thing wrecks havoc on Windows main service.exe files so damage will always be there.


----------



## MxPhenom 216 (Aug 2, 2012)

its going to be a pain, but its what I got to do to for peace of mind that my system is healthy. no messed up files.


----------



## TheMailMan78 (Aug 2, 2012)

You went somewhere or downloaded something you shouldn't have. Only go to safe sites and stay off of torrents. I know you hate anti-virus programs but now you see why MS built one into win 8.


----------



## MxPhenom 216 (Aug 2, 2012)

TheMailMan78 said:


> You went somewhere or downloaded something you shouldn't have. Only go to safe sites and stay off of torrents. I know you hate anti-virus programs but now you see why MS built one into win 8.



Yeah downloaded and installed Java a long time ago lol. the only thing ive downloaded recently and installed was DayZ commander.


----------



## TheMailMan78 (Aug 2, 2012)

nvidiaintelftw said:


> Yeah downloaded and installed Java a long time ago lol. the only thing ive downloaded recently and installed was DayZ commander.


Java doesn't just randomly download a virus. You have to visited an infected site or installed something.


----------



## Sir B. Fannybottom (Aug 2, 2012)

nvidiaintelftw said:


> Yeah downloaded and installed Java a long time ago lol. the only thing ive downloaded recently and installed was DayZ commander.



Just stop being an emo and just use an anti virus, loosing 10mbs of ram is better than needing to reformat every 6 months.


----------



## MxPhenom 216 (Aug 2, 2012)

TheMailMan78 said:


> Java doesn't just randomly download a virus. You have to visited an infected site or installed something.



Like I said the last thing I installed with DayZ commander, and I only go to facebook, newegg, TPU, OCN, and then pinkbike a big mountain bike forum.


----------



## TheMailMan78 (Aug 2, 2012)

Facebook could be it right there. Also I once went to Hardware Canucks and just clicking on the forums I was hit with a Java exploit from one of their advertisers. JS.Black Hole from what I remember that downloads things like fake virus scanners. Most JS exploits come from shady advertisers and there is ZERO you can do about it......except keeping MSE updated.


Edit: It wasnt JS. Black Hole it was VirTool:JS/Obfuscator.BN.
http://www.microsoft.com/security/p...=VirTool:JS/Obfuscator.BN&threatid=2147646584

I even made a thread about it here.............over a year ago.
http://www.techpowerup.com/forums/showthread.php?t=148036


----------



## MxPhenom 216 (Aug 2, 2012)

TheMailMan78 said:


> Facebook could be it right there. Also I once went to Hardware Canucks and just clicking on the forums I was hit with a Java exploit from one of their advertisers. JS.Black Hole from what I remember that downloads things like fake virus scanners. Most JS exploits come from shady advertisers and there is ZERO you can do about it......except keeping MSE updated.
> 
> 
> Edit: It wasnt JS. Black Hole it was VirTool:JS/Obfuscator.BN.
> ...



yeah this stuff sucks ass. Last night on TS i was talking about this stuff with Dave and Alex and they were like you are becoming Mailman with virus paranoia


----------



## TheMailMan78 (Aug 2, 2012)

nvidiaintelftw said:


> yeah this stuff sucks ass. Last night on TS i was talking about this stuff with Dave and Alex and they were like you are becoming Mailman with virus paranoidia.



Its only paranoia if no one is out to get you........they are.


----------



## MxPhenom 216 (Aug 3, 2012)

So i got a USB flash drive. Going to wipe my system clean and install Windows 8


----------



## brandonwh64 (Aug 3, 2012)

I use AVG and it has stopped many of the auto installer java/flash scripts that are in FB and other websites. Its virtually quite and never bugs me about anything but detecting possible harm.


----------



## MxPhenom 216 (Aug 3, 2012)

brandonwh64 said:


> I use AVG and it has stopped many of the auto installer java/flash scripts that are in FB and other websites. Its virtually quite and never bugs me about anything but detecting possible harm.



dude AVG went to shit after the last few years. 

Update:

So I was not able to install windows 8! My sound card doesn't have Windows 8 drivers, and the WIndows 7 ones don't work. Back to Windows 7. Good to have my rig back


----------



## brandonwh64 (Aug 3, 2012)

nvidiaintelftw said:


> dude AVG went to shit after the last few years.



I have never had an issue out of it???? Seems to be protecting me just fine. Same install of windows 7 for over 2 years


----------



## OneMoar (Aug 3, 2012)

I quit using AV ages ago so long as you are not a idiot you will NEVER have a problem


----------



## TheMailMan78 (Aug 3, 2012)

OneMoar said:


> I quit using AV ages ago so long as you are not a idiot you will NEVER have a problem



Yup. An idiot that will never know hes infected. So sure. You never have a problem because you have no way to tell. Its like having AIDS but saying your clean because you were never tested.


----------



## OneMoar (Aug 3, 2012)

TheMailMan78 said:


> Yup. An idiot that will never know hes infected. So sure. You never have a problem because you have no way to tell. Its like having AIDS but saying your clean because you were never tested.



no way to tell ? Orly 
I take it you don't monitor your running processes or know how you're machine behaves under normal use then ... I don't need some software to tell me that something is running on my machine that should't be


----------



## TheMailMan78 (Aug 3, 2012)

OneMoar said:


> no way to tell ? Orly
> I take it you don't monitor your running processes or know how you're machine behaves under normal use then ... I don't need some software to tell me that something is running on my machine that should't be



Yes because all malware shows up under your task manager.


----------



## OneMoar (Aug 3, 2012)

TheMailMan78 said:


> Yes because all malware shows up under your task manager.


I am not gonna argue with you you are wrong just because you are not a
s good as I am and are not capable of understanding it on the same level as me does not make you correct ... or even close. I have worked on plenty of AV infected machines and have very rarely resorted to having to use a AV scanner to resolve the issue if you belive there exists a single malware or virus or rootkit that can go undetected with out some crappy bloated Av software telling you that my computer should not be establishing a connection on port 31337 to some ip in china well then I feel sorry for you or need to have it tell me that i should not have processes attempting to hook into system services with strange handles 
you have a ways to go before you get to my level


----------



## TheMailMan78 (Aug 3, 2012)

OneMoar said:


> I am not gonna argue with you you are wrong just because you are not a
> s good as I am and are not capable of understanding it on the same level as me does not make you correct ... or even close. I have worked on plenty of AV infected machines and have very rarely resorted to having to use a AV scanner to resolve the issue if you belive there exists a single malware or virus or rootkit that can go undetected with out some crappy bloated Av software telling you that my computer should not be establishing a connection on port 31337 to some ip in china well then I feel sorry for you or need to have it tell me that i should not have processes attempting to hook into system services with strange handles
> you have a ways to go before you get to my level



I guess ignorance is bliss. Carry on.


----------



## MxPhenom 216 (Aug 3, 2012)

OneMoar said:


> I am not gonna argue with you you are wrong just because you are not a
> s good as I am and are not capable of understanding it on the same level as me does not make you correct ... or even close. I have worked on plenty of AV infected machines and have very rarely resorted to having to use a AV scanner to resolve the issue if you belive there exists a single malware or virus or rootkit that can go undetected with out some crappy bloated Av software telling you that my computer should not be establishing a connection on port 31337 to some ip in china well then I feel sorry for you or need to have it tell me that i should not have processes attempting to hook into system services with strange handles
> you have a ways to go before you get to my level



dude go get malwarebytes and do a full system scan. I did that the night before this all happened and i didnt think I had malware but I had a few things on just a 2 year install of windows.


----------



## OneMoar (Aug 3, 2012)

nvidiaintelftw said:


> dude go get malwarebytes and do a full system scan. I did that the night before this all happened and i didnt think I had malware but I had a few things on just a 2 year install of windows.



sorry but virus's and malware and rootkits are not the big bad boogiemen mailman likes to pretend they are because he can't keep his system clean(must be all the p0rn toolbar's he installs)
I know for a FACT that my system is cleaner then the inside of a bottle of bleach
none of my personal machines have seen so much as a copy of mywebsearch since like 2004
just to humor you I will install mAb and run a system scan ...
if your system is properly setup and you use Chrome Or firefox with ADBlock+ it is DAM hard to get infected with anything unless you download something and execute it without looking


----------



## Fourstaff (Aug 3, 2012)

OneMoar said:


> sorry but virus's and malware and rootkits are not the big bad boogiemen mailman likes to pretend they are because he can't keep his system clean(must be all the p0rn toolbar's he installs)
> I know for a FACT that my system is cleaner then the inside of a bottle of bleach
> none of my personal machines have seen so much as a copy of mywebsearch since like 2004
> just to humor you I will install mAb and run a system scan ...
> if your system is properly setup and you use Chrome Or firefox with ADBlock+ it is DAM hard to get infected with anything unless you download something and execute it without looking



So much faith in yourself. I wish I can go back to those innocent days after reading up on professional hackers' exploits in the net. 

You have not seen a virus since 2004 does not mean your pc does not have any. Ask anyone with AIDS, they know better.


----------



## OneMoar (Aug 3, 2012)

Fourstaff said:


> So much faith in yourself. I wish I can go back to those innocent days after reading up on professional hackers' exploits in the net.
> 
> You have not seen a virus since 2004 does not mean your pc does not have any. Ask anyone with AIDS, they know better.


YES IT DOES
someone with aids will eventually display some symptoms I am sure of my self for a reason because I know I am right ... if I wasn't sure I would not post it 
id love to see these posts from this  "professional hacker" I could use a laugh 
protip anything that relies on known exploits or bugs in code was not written by a pro the "pros" don't share there exploits with other people not the black hats anyway


----------



## OneMoar (Aug 3, 2012)

the paranoia people get when the word "virus" or "Malware" is mentioned never ceases to astound and baffle me its a program like every-other bit of code it does what its written todo there is no "magic" or "scary evil hackers sitting in front of there monitor watching you" I attributed the over reaction to peoples lack of understanding on why virus's are created and what the majority are written todo 
http://cl.ly/IUkV so you can freak out and panic and run for the false comfort of you're AVG's and Nortans ill stick to monitoring my machine with good old administrator senses and my delete key

And FOR THE RECORD NO coder worth his keyboard bothers with screwing around in the MBR anymore its to much effort to inject code into the mbr and have it not brick a whole bunch of machines the goal is not usually to stop the machine from functioning the goal to either harvest data or turn the machine into a bot making it not boot would be counter productive


----------



## OneMoar (Aug 3, 2012)

the goal of a "hacker" is normally one of the following
1: turn the target machine into a bot todo his or her bidding
2: harvest data passwords login info cc's ect ect
3: denial of service/functionality 
4: finding exploits and seeing what kind entertaining and possibly menacing things you can do ... 
and more to the point very VERY VERY rarely is a Particular end-user specifically targeted unless you have valuable information OR access to valuable information OR you made the mistake of pissing said hacker's off and angered the hive ...


----------



## pantherx12 (Aug 3, 2012)

@ Onemore, there's plenty of viruses that don't have symptoms dude, just like IRL viruses they'll slowly work there way through your system causing mischief. ( I know it's caused by a bacteria, but Gonorrhea potentially has no symptoms and you can be fine for years and then go blind, huzzah! Computer viruses can function in a similar way)

And I don't mean to be mean, but how can you be so confident in your ability when you can't find the edit button 


Also I HATE java ( but it's needed for so much crap) The only bad virus I ever got was installed ( didn't even get a chance to react it was almost instantaneous)  via java ( was browsing a new pron site) and it very nearly royally fucked over my system.

( disabled EVERYTHING, just had a splash screen saying something along the lines of " YOU BROKE THE LAW, SEND MONEY! and had some fake police notice/logo etc) 


Took me 8 hours to get rid of the god-damn thing.



Note to other folks, considering decent anti viruses barely use any system resources and are not really very invasive it's always worth installing them.

I use Microsoft own ( MSE) and it does an outstanding job, even protects against web based attack and it's free.


----------



## Drone (Aug 3, 2012)

What is this all about?  "ZOMG there is a java exploit! People beware! We're all gonna die!" I mean what's the point? It's no news, there's a lot of exploits and there's a lot of unsavory people who's gonna click some unsavory links or run some exes which they find in their emails.


----------



## TheMailMan78 (Aug 3, 2012)

pantherx12 said:


> And I don't mean to be mean, but how can you be so confident in your ability when you can't find the edit button


 Shhhh Hes on a roll. Next he will be telling us about when the Germans bombed Pearl Harbor.


----------



## brandonwh64 (Aug 3, 2012)

Should we all don our tin foil hats?


----------



## Fourstaff (Aug 3, 2012)

OneMoar said:


> YES IT DOES
> someone with aids will eventually display some symptoms I am sure of my self for a reason because I know I am right ... if I wasn't sure I would not post it
> id love to see these posts from this  "professional hacker" I could use a laugh
> protip anything that relies on known exploits or bugs in code was not written by a pro the "pros" don't share there exploits with other people not the black hats anyway



Yup, by the time you see the symptoms its too late, the damage has been done. Luckily we live in a democratic world, so you can choose what you think is good for you. The worst which can happen to us is that you become a virus vector, in which case shame on us for not able to convince you to use some protection. 

Also, its exceedingly bad manners to triple post when you have 1.5k posts, unless someone set you up, in which case I apologise for my rudeness. 



brandonwh64 said:


> Should we all don our tin foil hats?


There is no need, just run MSE.


----------



## acerace (Aug 3, 2012)

TheMailMan78 said:


> Shhhh Hes on a roll. Next he will be telling us about when the Germans bombed Pearl Harbor.


----------



## MxPhenom 216 (Aug 3, 2012)

pantherx12 said:


> @ Onemore, there's plenty of viruses that don't have symptoms dude, just like IRL viruses they'll slowly work there way through your system causing mischief. ( I know it's caused by a bacteria, but Gonorrhea potentially has no symptoms and you can be fine for years and then go blind, huzzah! Computer viruses can function in a similar way)
> 
> *And I don't mean to be mean, but how can you be so confident in your ability when you can't find the edit button *
> 
> ...



I was just about to say the same exact thing lol.


----------



## pantherx12 (Aug 3, 2012)

@nvidiaintel

I think you messed your post up you added this to my quote instead of your post XD

"My system is up and running again with a clean install of windows 7 with MSE. I can't wait till Onemoar posts in this thread in the future saying he got a massive virus and that we were all right hahah! that'll make my day for days to come."


----------



## OneMoar (Aug 3, 2012)

pantherx12 said:


> @nvidiaintel
> 
> I think you messed your post up you added this to my quote instead of your post XD
> 
> "My system is up and running again with a clean install of windows 7 with MSE. I can't wait till Onemoar posts in this thread in the future saying he got a massive virus and that we were all right hahah! that'll make my day for days to come."


 I feel bad for you its gotta be tough not being as awesome as me 
also anyone that "blames java" for there "virus" problems is
... ignorant 
most java exploits are patched out fairly quick and back in the day the vast majority of java-born viruses where due to people allowing the applets to execute and and heaven forbid the countless holes in IE6/7/ff before sand-boxing was common in the browser-wars  

I don't get viruses ever sorry I know its hard to believe you like to think you know what you are doing and are :gud with cumputers:  you aren't Av software is for Users that blindly click though porn sites and download everything that offers access to free porn
or run outdated versions of windows xp with IE6. ..... or though there own folly execute something with infected with malware by your own admission the only "bad" virus you ever got what though your own doing ... and by the sound of if it AV would not have protected you


----------



## acerace (Aug 3, 2012)

@OneMoar I take it you also have a large lungs. I don't think there's anyone on Earth except you that can read that wall of text in one breath.


----------



## _JP_ (Aug 3, 2012)

OneMoar said:


> if your system is properly setup and you use Chrome Or firefox with ADBlock+ it is DAM hard to get infected with anything unless you download something and execute it without looking


I have ESET SS5, Firefox 13 and AdBlock+ updated every 1st day of the month and, unfortunately, Java 6 U 31.
Last Wednesday, I was at website that I visit frequently and out of nowhere, my firewall asks me for permition for a "Insertions 2008" executable to connect to to internet. Obviously, since I didn't know I had this executable, I blocked it (set a rule). Beforethat, no downloads, no prompts, nothing. It was a virus that took advantage of a Java exploit to enter my computer. 
This bastard, right here.
Busted, lol





The virus itself wasn't picked-up, because it's recent, I guess, but it was enough to make me quarantine my computer and almost nuke it.
The behavior of this one seems to be that, if it manages to connect to the internet, it will then download additional EXEs and start messing up your stuff.
Possible files/directories:


> C:\Users\<username>\Appdata\Roaming\Ycsuon\gyroof.exe
> C:\Users\<username>\AppData\Roaming\Caymsao\uzihaco.yxe


The thing is, it was late...around 2 AM, so I just sorta ignored it, closed firefox and ran CCleaner before I turned off my computer. The next day I ran pretty much every software at my disposable and found nothing. 
From that I can gather, if you don't let it connect to the internet, it will stay in the temp folder. I ran CCleaner, which deletes permanently all the stuff there. I guess that was what it made it go away.


----------



## Radical_Edward (Aug 3, 2012)

As I said before...



Radical_Edward said:


> I'm sorry, but not having an AV program of any sorts is like having is sex with a hooker in vegas without a condom. :shadedshu



The internet is a large and evil place, and using no AV of any sorts these days is just plain ignorant and reckless.


----------



## MxPhenom 216 (Aug 3, 2012)

Radical_Edward said:


> As I said before...
> 
> 
> 
> The internet is a large and evil place, and using no AV of any sorts these days is just plain ignorant and reckless.



Well put...


----------



## TheMailMan78 (Aug 3, 2012)

OneMoar said:


> I feel bad for you its gotta be tough not being as awesome as me
> also anyone that "blames java" for there "virus" problems is
> ... ignorant
> most java exploits are patched out fairly quick and back in the day the vast majority of java-born viruses where due to people allowing the applets to execute and and heaven forbid the countless holes in IE6/7/ff before sand-boxing was common in the browser-wars
> ...



You really don't understand how things work do you.


----------



## erocker (Aug 3, 2012)

Based off many comments my computer must have some form of internet AIDS. Thankfully my computer seems to have the conviction of Magic Johnson.


----------



## TheMailMan78 (Aug 3, 2012)

erocker said:


> Based off many comments my computer must have some form of internet AIDS. Thankfully my computer seems to have the conviction of Magic Johnson.



lol That reminds me of that south park episode.


----------



## erocker (Aug 3, 2012)

Granted if I actually had important documents/programs/whatever on this computer I would use an A/V.


----------



## _JP_ (Aug 3, 2012)

Obviously, if I only used my computer for games, I wouldn't need an A/V. And the default windows firewall would do the job just fine.


----------



## MxPhenom 216 (Aug 3, 2012)

_JP_ said:


> Obviously, if I only used my computer for games, I wouldn't need an A/V. And the default windows firewall would do the job just fine.



Thats what I thought lol.


----------



## stinger608 (Aug 3, 2012)

TheMailMan78 said:


> Shhhh Hes on a roll. Next he will be telling us about when the Germans bombed Pearl Harbor.



Didn't they???????


----------



## Raw (Aug 3, 2012)

*Psychiatric disorders*



TheMailMan78 said:


> You really don't understand how things work do you.



He's just baiting you MM, easier to ignore him.
LOL


----------



## scoutingwraith (Aug 4, 2012)

Ive found that using either Avast Free or Microsoft Security Essentials coupled with MalwareBytes does the job for almost anything at least. 

Also using No Scipt, Ad Block and Ghostery on Firefox for websites you dont know also can work as well.


----------

