False Detection Of C:\program Files\java\jre6\bin\jusched.exe?
#1
Отправлено 20 Январь 2010 - 00:11
It detect: Trojan.PWS.Multi.76
#2
Отправлено 20 Январь 2010 - 00:24
Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.
It detect: Trojan.PWS.Multi.76
I've done that for you. it's the false alarm
#3
Отправлено 20 Январь 2010 - 00:25
Will you show us logs?Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.
It detect: Trojan.PWS.Multi.76
Борис А. Чертенко aka Borka.
#4
Отправлено 20 Январь 2010 - 00:29
Will you show us logs?Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.
It detect: Trojan.PWS.Multi.76
why?! it's the real false alarm
#5
Отправлено 20 Январь 2010 - 00:29
19-01-2010 22:11:14 Engine Version: 5.0 (5.0.1.12222)
19-01-2010 22:11:14 Core API Version: 2.02
19-01-2010 22:11:14
19-01-2010 22:11:15 Scanning processes: 38 processes and 507 unique modules
19-01-2010 22:11:15
19-01-2010 22:11:39 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - infected with Trojan.PWS.Multi.76
19-01-2010 22:11:57 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - renamed
http://forum.drweb.com/index.php?showtopic=287903
#6
Отправлено 20 Январь 2010 - 00:34
I did not see what you've posted before I asked logs.why?! it's the real false alarmWill you show us logs?Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.
It detect: Trojan.PWS.Multi.76
Борис А. Чертенко aka Borka.
#7
Отправлено 20 Январь 2010 - 00:38
19-01-2010 22:02:36 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - infikované Trojan.PWS.Multi.76
19-01-2010 22:05:10 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - nedá sa presunúť
19-01-2010 22:05:10 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - premenované
info of last update:
drwebupw.log
2010-01-19, 21:46:00 =============================================================================
2010-01-19, 21:46:00 Dr.Web Update pre Windows v5.00.9 (5.00.9.11180)
2010-01-19, 21:46:00 © Doctor Web, Ltd., 1992-2009
2010-01-19, 21:46:00 Príkazový riadok: C:\Program Files\DrWeb\DrWebUpW.exe /go /st /qu /reg- /rp+drwebupw.log
2010-01-19, 21:46:00 Operačný systém: Windows XP Professional x86 (Build 2600), Service Pack 3
2010-01-19, 21:46:00 =============================================================================
2010-01-19, 21:46:00 Súbor s licenčným kľúčom: C:\Program Files\DrWeb\drweb32.key
2010-01-19, 21:46:00 Číslo licenčného kľúča: 00xx87xx21
2010-01-19, 21:46:00 Registrované na meno: PKD Invest, s.r.o.
2010-01-19, 21:46:00 Licenčný kľúč aktivovaný: 2009-06-09
2010-01-19, 21:46:00 Licenčný kľúč vyprší: 2010-06-11
2010-01-19, 21:46:00 DRL súbor analyzovaný (C:\Program Files\DrWeb\update.drl, 9 URL adresy)
2010-01-19, 21:46:00 Create network session
2010-01-19, 21:46:00 Pripájanie na hostiteľa: http://update.us1.drweb.com/500/sspace/windows/ (209.160.24.136)
2010-01-19, 21:46:00 Hľadanie drweb32.flg...
2010-01-19, 21:46:01 Hľadanie drweb32.lst.lzma...
2010-01-19, 21:46:02 Prenášanie drweb32.lst.lzma...
2010-01-19, 21:46:03 drweb32.lst.lzma prenesené
2010-01-19, 21:46:03 Hľadanie timestamp.patch_58b0660c_0870fa93...
2010-01-19, 21:46:03 Hľadanie timestamp.lzma...
2010-01-19, 21:46:03 Hľadanie timestamp...
2010-01-19, 21:46:03 Prenášanie timestamp...
2010-01-19, 21:46:03 timestamp prenesené
2010-01-19, 21:46:04 ru-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 bg-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 cn-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 cn-tom-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 cs-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 de-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 el-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 eo-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 es-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 et-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 fr-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 hu-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 it-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 lt-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 lv-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 nl-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 pl-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 pt-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 tr-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 uk-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 zh-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 ru-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 bg-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 cn-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 cs-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 de-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 el-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 es-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 et-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 fr-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 hu-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 lt-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 lv-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 pl-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 pt-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 uk-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 zh-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 Hľadanie dwfmlw00.dws.patch_64ea9f25_572a45bd...
2010-01-19, 21:46:04 Prenášanie dwfmlw00.dws.patch_64ea9f25_572a45bd...
2010-01-19, 21:46:06 dwfmlw00.dws.patch_64ea9f25_572a45bd prenesené
2010-01-19, 21:46:07 Hľadanie dwfprn18.dws.patch_a9eaa14a_11007d42...
2010-01-19, 21:46:07 Prenášanie dwfprn18.dws.patch_a9eaa14a_11007d42...
2010-01-19, 21:46:08 dwfprn18.dws.patch_a9eaa14a_11007d42 prenesené
2010-01-19, 21:46:08 Hľadanie drwtoday.vdb.patch_9a81641b_01c9212b...
2010-01-19, 21:46:08 Hľadanie drwtoday.vdb.lzma...
2010-01-19, 21:46:08 Hľadanie drwtoday.vdb...
2010-01-19, 21:46:09 Prenášanie drwtoday.vdb...
2010-01-19, 21:46:22 drwtoday.vdb prenesené
2010-01-19, 21:46:22 Súbory prenesené
2010-01-19, 21:46:22 Aktualizácia súborov...
2010-01-19, 21:46:22 EXEC(C:\Program Files\DrWeb\drwreg.exe) = 1 (rc = 0)
2010-01-19, 21:46:22 Odpojené
2010-01-19, 21:46:26 =============================================================================
#8
Отправлено 20 Январь 2010 - 11:19
#9
Отправлено 20 Январь 2010 - 15:29
What now I can do with jusched.#xe? Simple rename back to jusched.exe in ie. TotalCommander?
#10
Отправлено 20 Январь 2010 - 15:32
Yes.Yes, it looks fixed. Thanks for very fast reaction.
What now I can do with jusched.#xe? Simple rename back to jusched.exe in ie. TotalCommander?
Борис А. Чертенко aka Borka.
#11
Отправлено 20 Январь 2010 - 16:47
Thanks.
#12
Отправлено 20 Январь 2010 - 16:51
AFAIR x86 - beta, x64 - release.A lamer question, sorry. Quarantine dialog windows is available at this only in beta version?
Борис А. Чертенко aka Borka.
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых