Hello,
I am running Avast! Free Home 4.8 on a Win2k OS.
Avast did a scan today and identified Sun’s Java: jucheck.exe as a Win32: Trogen-gen {Other} which was located in C:\Program Files\Java\jre1.6.0_01\bin.
I moved the file to quarantine but this appears to me to be a false positive since I have the same file in older & newer versions of Java\jre which Avast didn’t tag.
jucheck.exe is authored by Java & seems to be Java’s standard update .exe.
Can I restore this file safely?
Better if you can extract it to another folder, send it to www.virustotal.com and check.
Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.
First it is a bad practice to retain old versions of JAVA as your system could be exploited but something taking advantage of the vulnerabilities in the old version.
You should only retain an old version if there is an application that is absolutely essential and will only work with that version, you would then have to consider the risk Vs the need. Otherwise you should uninstall old versions prior to installing the latest version.
I had the same thing happen to me, except I’m running XP SP2. VirusTotal definitely points to a false positive (permalink for analysis of my file is http://www.virustotal.com/analisis/509da3f74304ea9cdeb3c0c20c66dd5d). VirusTotal is pretty cool; I’d never heard of it.
As for the practice of keeping older versions of Java around, that’s a red herring as far as this particular issue goes. The false positive is still a false positive and would generate a false alert for someone who had only that version of Java or who needed that particular version. And exploiting an executable file in Java 1.6.0_01 isn’t any harder or easier than 1.6.0_03. I do agree that uninstalling old, unneeded versions of Java is a good idea though to save disk space. I just don’t think the original poster should feel bad about having older versions installed.
I’m new to Avast, but so far it has a significantly smaller memory footprint (about 50% smaller) than the others I’ve used recently. So far, so good. Nice product and great value.
Regards,
Kevin
The version of JAVA wasn’t mentioned as a red herring as you say, but to alert the user to vulnerabilities which are being exploited on old versions of JAVA, not to make them feel bad or otherwise.
Tech had already given instructions to send to avast otherwise I would have, as I did in one of the other posts relating to detection of an old version of jusched.exe (jre1.6.0_01) the same as this one.
Any word on whether this can be restored?
Are there any complications that can arise due to the nonexecutability of this file while it resides in the virus chest?
Any file (if clean) can be restored from Chest.
Files can’t be executed into Chest. If you need, you have to restore it.
Chest is a safe (unharmful) place.
Had this happen here as well, on three of our 6 machines. -JW
I meant whether it can confidently be considered clean.
I’m not familiar with what complications can arise in the Java update if a file that expected to be available is no longer executable. I wondered if it can cause lasting effects that are not reversible even after restoring the file.
Whilst it can be considered clean, a) it needs to be sent to avast for analysis and correction of the VPS and b) I honestly don’t see the value in restoring it since it is part of an old version of JAVA which you should really uninstall using add remove programs (unless it is absolutely essential as mentioned in my first reply).
One other thing although this is the Java Update Scheduler, I have never seen this function work in all the time I have used JAVA and actively stop things like this connecting (even if it worked), so I retain control.
There would be zero effect if you didn’t restore this file based on what I said above it doesn’t work and you should be uninstalling out of date versions first before installing the latest version. So that file would be history anyway after the uninstall.
Ensure you have the latest version of JRE (JAVA Runtime Environment) because older versions can be vulnerable to malware. First remove All Older Versions From Add/Remove Programs.
Then get the latest update from here http://java.sun.com/javase/downloads/index.jsp
Or JRE version 6 update 6 http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html
Thank you. Will follow your advice with action.
You’re welcome.