I'm running XP Home SP2 and Sygate 5.6. I'm not sure what more to do about this entry in Sygate's security log today. Any help will be very much appreciated.
Security Type: Executable File; Severity: Major; Direction: Outgoing Protocol: TCP; Remote Host: 84.16.255.208 Application has changed since the last time you opened it, process id: 3316 Filename: C:\\Program Files\\Java\\jre6\\bin\\java.exe The change was denied by user ---- Modules changed: 1 ---- C:\\Program Files\\Java\\jre6\\bin\\java.exe ---- New modules: 0 ---- stopped
The message seems to be saying contradictory things: 1) the application has changed and 2) change denied by user. Did malware from the remote host change java.exe or did I stop it?
Around the time Sygate's icon began flashing red, the java icon appeared on my taskbar, though I didn't launch it and was not running a program that should have launched it.
What I did so far: I closed all programs (which had all become very slow to respond), rebooted without being connected to the net, and performed quick scans of my c: drive with recently updated versions of Malwarebytes, Superantispyware, and Avast. They all turned up no malware or viruses. Scans with Malwarebytes and Avast of c:\\program files\\java and c:\\program files\\JRE launched from the right click menu in windows explorer also turned up no malware of viruses.
Is there anything else I should do?
The remote host (netdirekt.de) is a known distributor of malware according to web of trust (mywot.com)
Other Questions: Could this have anything to do with jusched.exe, which is set to check monthly?
Could it have anything to do with the Firefox add-on Java Quick Starter Service, which I thought I disabled, but is now enabled. I don't know when that changed?
There was no traffic to or from the remote host in Sygate's traffic log. I guess it goes in one log or the other?
Thank you again for any help.
Ellen