Periodic JAR Trojans quarantined - where from?

Mainframeguy

Mainframeguy

Debiant by way of Ubuntu
Joined
29 Aug 2002
Messages
3,763
since about six weeks ago (been on holidays meantime) I have been getting the following intercepted by my AV - see screenie attached.

This usually occurs whilst I am away from the machine, I think it always has actually. I believe the JAR file is the key and this is a JAVA Runtime of some sort, my question is if anyone could give me some idea of the origins? Scans of my machine come up clean after the interception so I don't think anything is getting through.

I believe cidaemon is a legitimate service - presumably this trojan is attempting to hijack it?

I run Adaware and Spybot regularly and will post a hijackthis! log if anyone thinks it will help.

Any ideas of lines to persue appreciated - or if anyone thinks my AV is simply doing it's job and I should continue without concern, equally useful information.
 

Attachments

  • JARtrojan.jpg
    JARtrojan.jpg
    198.3 KB · Views: 88
Maybe, and maybe I have been slightly idiotic (well it is a bit early for just the one coffee to kick in!) I am thinking what has happened is I have set my McAffe AV to move the files to a Quarantine folder - as you can maybe see - if the clean fails. What I think has been happening is that perioducally for some reason an access is made there and McAffee has been "refinding" the infected files in Quarantine.

I junked my quarantine folder, am rerunning a scan, expect problem to go away after....

If it does not I will resurrect thread.

Still curious where they came from, but will leave that as something better to forget in all probability.

Sorry for wasting anyones time - but hey, that's what computers do, right? ;)
 
My first coffee is just filtering now and I have been awake for 2 hours!! :eek:
 
You must log in or register to reply here.

Members online

No members online now.
Total: 246 (members: 0, guests: 246)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Steevo
Steevo
Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
•••
Steevo
Steevo
Any of the SP crew still out there?
•••
Xie
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••

Forum statistics

Threads
62,015
Messages
673,494
Members
5,623
Latest member
AndersonLo
Back