Have a question or want to start a discussion? Post it! No Registration Necessary. Now with pictures!
November 22, 2009, 2:42 am
rate this thread
I'm running XP Home SP2 and Sygate 5.6. I'm not sure what more to do
about this entry in Sygate's security log today. Any help will be very
Security Type: Executable File; Severity: Major; Direction: Outgoing
Protocol: TCP; Remote Host: 220.127.116.11
Application has changed since the last time you opened it, process
Filename: C:\\Program Files\\Java\\jre6\\bin\\java.exe
The change was denied by user
---- Modules changed: 1 ----
---- New modules: 0 ----
The message seems to be saying contradictory things: 1) the application
has changed and 2) change denied by user. Did malware from the remote
host change java.exe or did I stop it?
Around the time Sygate's icon began flashing red, the java icon appeared
on my taskbar, though I didn't launch it and was not running a program
that should have launched it.
What I did so far: I closed all programs (which had all become very slow
to respond), rebooted without being connected to the net, and performed
quick scans of my c: drive with recently updated versions of
Malwarebytes, Superantispyware, and Avast. They all turned up no malware
or viruses. Scans with Malwarebytes and Avast of c:\\program files\\java
and c:\\program files\\JRE launched from the right click menu in windows
explorer also turned up no malware of viruses.
Is there anything else I should do?
The remote host (netdirekt.de) is a known distributor of malware
according to web of trust (mywot.com)
Could this have anything to do with jusched.exe, which is set to check
Could it have anything to do with the Firefox add-on Java Quick Starter
Service, which I thought I disabled, but is now enabled. I don't know
when that changed?
There was no traffic to or from the remote host in Sygate's traffic log.
I guess it goes in one log or the other?
Thank you again for any help.
- » NYC local event: Unigroup's 17-Oct-2019 Meeting: SDN/SDP - So...
- — Newest thread in » Networking Firewalls
- » Section 889 Chinese Telecommunication Restrictions Update [telecom]
- — The site's Newest Thread. Posted in » General Telecommunications Forum