Перейти к содержимому


Фото
- - - - -

False Detection Of C:\program Files\java\jre6\bin\jusched.exe?


  • Please log in to reply
11 ответов в этой теме

#1 piXie

piXie

    Newbie

  • Posters
  • 24 Сообщений:

Отправлено 20 Январь 2010 - 00:11

Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.

It detect: Trojan.PWS.Multi.76
...when I know everything, I stop asking...

#2 Eugeny Gladkih

Eugeny Gladkih

    the Spirit of the Enlightenment

  • Dr.Web Staff
  • 5 228 Сообщений:

Отправлено 20 Январь 2010 - 00:24

Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.

It detect: Trojan.PWS.Multi.76


I've done that for you. it's the false alarm

#3 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 20 Январь 2010 - 00:25

Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.
It detect: Trojan.PWS.Multi.76

Will you show us logs?
С уважением,
Борис А. Чертенко aka Borka.

#4 Eugeny Gladkih

Eugeny Gladkih

    the Spirit of the Enlightenment

  • Dr.Web Staff
  • 5 228 Сообщений:

Отправлено 20 Январь 2010 - 00:29

Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.
It detect: Trojan.PWS.Multi.76

Will you show us logs?


why?! it's the real false alarm

#5 Stefan Dashich

Stefan Dashich

    Downshifter

  • Virus hunters
  • 992 Сообщений:

Отправлено 20 Январь 2010 - 00:29

Here you go

19-01-2010 22:11:14 Engine Version: 5.0 (5.0.1.12222)
19-01-2010 22:11:14 Core API Version: 2.02
19-01-2010 22:11:14
19-01-2010 22:11:15 Scanning processes: 38 processes and 507 unique modules
19-01-2010 22:11:15
19-01-2010 22:11:39 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - infected with Trojan.PWS.Multi.76
19-01-2010 22:11:57 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - renamed


http://forum.drweb.com/index.php?showtopic=287903
"That's thirty minutes away. I'll be there in ten."

#6 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 20 Январь 2010 - 00:34

Dr.Web SS 5.0.1.11171 alert me for c:\Program Files\Java\jre6\bin\jusched.exe. I think it's false detection. I try to send it to Dr.Web support direct My Dr.WEB or try test it on virustotal, but DrWSS detect and stop this connection.
It detect: Trojan.PWS.Multi.76

Will you show us logs?

why?! it's the real false alarm

I did not see what you've posted before I asked logs.
С уважением,
Борис А. Чертенко aka Borka.

#7 piXie

piXie

    Newbie

  • Posters
  • 24 Сообщений:

Отправлено 20 Январь 2010 - 00:38

spidernt.log

19-01-2010 22:02:36 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - infikované Trojan.PWS.Multi.76
19-01-2010 22:05:10 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - nedá sa presunúť
19-01-2010 22:05:10 [PR] C:\Program Files\Java\jre6\bin\jusched.exe - premenované

info of last update:

drwebupw.log

2010-01-19, 21:46:00 =============================================================================
2010-01-19, 21:46:00 Dr.Web Update pre Windows v5.00.9 (5.00.9.11180)
2010-01-19, 21:46:00 © Doctor Web, Ltd., 1992-2009
2010-01-19, 21:46:00 Príkazový riadok: C:\Program Files\DrWeb\DrWebUpW.exe /go /st /qu /reg- /rp+drwebupw.log
2010-01-19, 21:46:00 Operačný systém: Windows XP Professional x86 (Build 2600), Service Pack 3
2010-01-19, 21:46:00 =============================================================================
2010-01-19, 21:46:00 Súbor s licenčným kľúčom: C:\Program Files\DrWeb\drweb32.key
2010-01-19, 21:46:00 Číslo licenčného kľúča: 00xx87xx21
2010-01-19, 21:46:00 Registrované na meno: PKD Invest, s.r.o.
2010-01-19, 21:46:00 Licenčný kľúč aktivovaný: 2009-06-09
2010-01-19, 21:46:00 Licenčný kľúč vyprší: 2010-06-11

2010-01-19, 21:46:00 DRL súbor analyzovaný (C:\Program Files\DrWeb\update.drl, 9 URL adresy)
2010-01-19, 21:46:00 Create network session
2010-01-19, 21:46:00 Pripájanie na hostiteľa: http://update.us1.drweb.com/500/sspace/windows/ (209.160.24.136)
2010-01-19, 21:46:00 Hľadanie drweb32.flg...
2010-01-19, 21:46:01 Hľadanie drweb32.lst.lzma...
2010-01-19, 21:46:02 Prenášanie drweb32.lst.lzma...
2010-01-19, 21:46:03 drweb32.lst.lzma prenesené
2010-01-19, 21:46:03 Hľadanie timestamp.patch_58b0660c_0870fa93...
2010-01-19, 21:46:03 Hľadanie timestamp.lzma...
2010-01-19, 21:46:03 Hľadanie timestamp...
2010-01-19, 21:46:03 Prenášanie timestamp...
2010-01-19, 21:46:03 timestamp prenesené
2010-01-19, 21:46:04 ru-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 bg-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 cn-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 cn-tom-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 cs-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 de-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 el-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 eo-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 es-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 et-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 fr-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 hu-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 it-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 lt-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 lv-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 nl-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 pl-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 pt-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 tr-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 uk-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 zh-drweb.dwl - neinštalované, preskočené
2010-01-19, 21:46:04 ru-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 bg-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 cn-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 cs-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 de-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 el-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 es-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 et-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 fr-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 hu-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 lt-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 lv-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 pl-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 pt-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 uk-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 zh-drweb.chm - neinštalované, preskočené
2010-01-19, 21:46:04 Hľadanie dwfmlw00.dws.patch_64ea9f25_572a45bd...
2010-01-19, 21:46:04 Prenášanie dwfmlw00.dws.patch_64ea9f25_572a45bd...
2010-01-19, 21:46:06 dwfmlw00.dws.patch_64ea9f25_572a45bd prenesené
2010-01-19, 21:46:07 Hľadanie dwfprn18.dws.patch_a9eaa14a_11007d42...
2010-01-19, 21:46:07 Prenášanie dwfprn18.dws.patch_a9eaa14a_11007d42...
2010-01-19, 21:46:08 dwfprn18.dws.patch_a9eaa14a_11007d42 prenesené
2010-01-19, 21:46:08 Hľadanie drwtoday.vdb.patch_9a81641b_01c9212b...
2010-01-19, 21:46:08 Hľadanie drwtoday.vdb.lzma...
2010-01-19, 21:46:08 Hľadanie drwtoday.vdb...
2010-01-19, 21:46:09 Prenášanie drwtoday.vdb...
2010-01-19, 21:46:22 drwtoday.vdb prenesené
2010-01-19, 21:46:22 Súbory prenesené
2010-01-19, 21:46:22 Aktualizácia súborov...
2010-01-19, 21:46:22 EXEC(C:\Program Files\DrWeb\drwreg.exe) = 1 (rc = 0)
2010-01-19, 21:46:22 Odpojené

2010-01-19, 21:46:26 =============================================================================

...when I know everything, I stop asking...

#8 Stefan Dashich

Stefan Dashich

    Downshifter

  • Virus hunters
  • 992 Сообщений:

Отправлено 20 Январь 2010 - 11:19

Fixed
"That's thirty minutes away. I'll be there in ten."

#9 piXie

piXie

    Newbie

  • Posters
  • 24 Сообщений:

Отправлено 20 Январь 2010 - 15:29

Yes, it looks fixed. Thanks for very fast reaction.

What now I can do with jusched.#xe? Simple rename back to jusched.exe in ie. TotalCommander?
...when I know everything, I stop asking...

#10 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 20 Январь 2010 - 15:32

Yes, it looks fixed. Thanks for very fast reaction.
What now I can do with jusched.#xe? Simple rename back to jusched.exe in ie. TotalCommander?

Yes.
С уважением,
Борис А. Чертенко aka Borka.

#11 piXie

piXie

    Newbie

  • Posters
  • 24 Сообщений:

Отправлено 20 Январь 2010 - 16:47

A lamer question, sorry. Quarantine dialog windows is available at this only in beta version?

Thanks.
...when I know everything, I stop asking...

#12 Borka

Borka

    Забанен за флуд

  • Moderators
  • 19 512 Сообщений:

Отправлено 20 Январь 2010 - 16:51

A lamer question, sorry. Quarantine dialog windows is available at this only in beta version?

AFAIR x86 - beta, x64 - release.
С уважением,
Борис А. Чертенко aka Borka.


Читают тему: 1

0 пользователей, 1 гостей, 0 скрытых