Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: TomServo
I have JAVA.EXE on my system as follows:
---\program files\java\-- (3 ea)

---\system32\java.exe (1 ea)

I believe this has been on my "putter" for some time.

Thus, is this warning a hoax?
7 posted on 02/17/2005 3:29:30 PM PST by Tannerone
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Tannerone

http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ax@mm.html">http://securityresponse.symantec.com/avcenter/venc/data/w32.mydoom.ax@mm.html

When W32.Mydoom.AX@mm is executed, it performs the following actions:



Creates the following files:


%Windir%\java.exe
%Windir%\services.exe (this is a Trojan horse detected as Backdoor.Zincite.A)

Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.


Adds the values:

"JavaVM" = "%Winir%\java.exe "
"Services" = "%Windir%\services.exe"

to one of the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

so that it is executed every time Windows starts.


10 posted on 02/17/2005 3:38:53 PM PST by boxerblues
[ Post Reply | Private Reply | To 7 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson