Java_nocheat.a

[scarecrowdr]

This Little Pig of a trojan keeps Getting into my comp...6 times in one session last week, once today...JAVA_NOCHEAT.A
I think it is comeing in from one person through Hotmail...(Why has Hotmails Virus checker not worked), this person keeps trying to join my Group on MSN under different names then posteing Porno within the Group.....Not 100% certain it is through Hotmail, but I think 90% certain.....If i'm wrong Please Tell Me.....What does This Trojan/Virus Do?!!
For Some Un-Known Stupid Reason it keeps getting Passt NORTONS, n thats doing my head in..Whats the Point of paying for Nortons if its No ruddy Good! I run "Nortons AntiVirus & Nortons Internet Security"....
Trend Micro Online Scan is only one that Detects it.....I went to Microcrap to download the Java Patch, but cant find it....Anyone know which un it is PLEASE....
Many Thanks All...Take Care....Dennis..

[scarecrowdr]

Now I'm Stumped! & Baffled, so hope someone here can EDUCATE ME!!!!!....
After doing some more reading in this Forum I went to My "Regedit" n did a Find for "JAVA_NOCHEAT.A" to make sure it was All Gone....Well I got rather Baffled in there cause this is What i found Alltogether.......from begining.....
HKEY_USERS---S-1-5-21-2052111302-688789844-1060284298-1003 (phew, didn't know that kind of thing existed)then to SOFTWARE-Microsoft-Search Assistant-ACMru/folder5603....In there are Quite a few columns numbered from 00 to 20 or more...This is what i found in there besides normal Programs....
JAVA_NOCHEAT.A
MSBLAST.EXE (think thats the patch but not sure)
W32_BLASTER.WORM
JS.EXCEPTION (deleted that yonks ago)
TROJAN_SMALL.M (also deleted that yonks ago)
Hosts
Cracker
Win32.pifi
besides them there are "Office XP setup, DX.Diag, n other progys..
Have NEVER Had the Blaster worm but did put the Patch in, is that why its there?!...SHOULD I DELETE ALL OF THEM or NOT!!
PLEASE EDUCATE ME!!.....(I thought I knew where to find whats Not Needed in my REG, but that above is NEW to ME)Thanks All...Dennis...

[BIG JOHN]

Hi sc, This malware is the detection for a collection of Java Classes that makes use of a Java Virtual Machine exploit in Windows. The exploit allows this malware set to modify the Windows registry and consequently modify Internet Explorer settings.

This Trojan only works on Windows systems with unpatched installations of Java Virtual Machine.

Go to the site below & run an online scan & it should be able to take care of it for you. BJ

CLICK HERE

[scarecrowdr]

Hi BIGJOHN, Thanks for Replying so quickly.....Have done That Scan a few times, Shows Clean at moo... but What i would like to know is, Why are those Named Viri in the HKEY_USERS, Should they be there, Should I Delete or Leave Alone...Where Can I get that PATCH for the JAVA VIRTUAL MACHINE....Have Looked for it in Past, but can't find it for some reason......Thanks, Dennis..

[DuaneB]

The Java patch should be available at your Windows Update site. It's been out for a year. It's called MS02-052 (Q329077).

Here's some info on the Java VM security flaw.
http://securityadvisor.info/doc/11130

Here's Microsoft's security bulletin and two KBs:
http://www.microsoft.com/technet/tre...n/MS02-052.asp
http://support.microsoft.com/?kbid=329077
http://support.microsoft.com/default...b;EN-US;810030

[Murray S.]

Howdy:

You don't say which OS you are running, but if it is ME or XP, are you disabling System Restore BEFORE you run the cleaners and patches?? That IS a MUST !!! System Restore will simply re-install the virii at first chance.. that is why all av programs etc. state explicitly to disable System Restore first !!

Murray

[markp62]

Why are those Named Viri in the HKEY_USERS,

The reason that they are there is explained in the part of the name of the key, while that is not the complete key name, Microsoft-Search Assistant, you did a search for those. Harmless in that key, perhaps TweakUI for Xp or TweakUI for 9x, ME would help you clear out the recently searched for names.

[scarecrowdr]

Hi DuaneB, Thank You for Replying n giveing us the Patch number..
It is appreciated....I will look for it n Download it today...

Hi Murray S, It is XP Pro that I'm running, and System Restore has been Immobalized since Installing....I Don't Use cause it never works when ya want it to....Done ALL TWEEKS n System Runs Like an Ostrich, (Good, Steady n Fast)...It's just that Trojan seems to get through somehow....Lets hope that Patch stops it...Have Put in 2 patches allready, but ones not installed properly according to "Belarc Advisor"...

Hi markp62, Thank You for Explaining that to me Simply....I use to use TweakUI for xp but found it to complicated n was afraid of makeing the wrong misstake n faffing up my System....Un-Installed it long ago.....But I will give it another look.....

Will Let ya All know if I found that Patch n if Install gos OK....
Once Again, Many Thanks All...Dennis...

[scarecrowdr]

OK...I can Not Find that Update Anywhere on Micros Updates...
i have come up with these versions MS02-0522 (Q329077) is now
MS02-013 (331663) then MS02-069 (810030) but for Love or Money or Life, I CanNot Find it to Download it....So what am I doing Wrong.....
Has anyone got this Critickal Update that they can give me by Embeding the File or Link in here......Sorry to be a Pain in the Butt.
Many Thanks...Dennis...

[DuaneB]

What OS are you using"? Microsoft published a page on 12/11/02 with the download for Q810030, but it's for Windows 2000 Pro. I'm not able to find a corresponding download page for XP even though the accompanying bulletin and Knowledge Base article say it's for XP also.

Microsoft Virtual Machine Security Package
http://www.microsoft.com/downloads/d...D-6C2074723273


[edit] As you noted, the 329077 security update has been superseded by the 810030 update.

[scarecrowdr]

Hi DuaneB, Once again, Thanks for Reply....I find All this a Bit Puzzeling actualy....
My Bealarc Advisor says it did not Install......My Info says I got version-5.003810 which is about recent, & Microsofts Java VM refuses to Download....I Got A Sneeky Suspision that I won't get it, or if I do It won't Install Proper BECAUSE! I ain't GOT "SP1" or SP1a installed....I don't need all the rubbish that Micro wants us to install because I'm a firm believer that if my comp is working Good (its working GREAT) don't install.....But Security Vulnerabilities are different.....It seems Microsoft is makeing it harder n harder for us to download an upgrade the easy way....
I'll keep trying to download the VM if I can, but in the meantime, if you do come up with the Zip file or where I can get the Download from besides Microsofts Upgrades Site, Please let us know...
This is only one I really need, cause that pesky JAVA_NOCHEAT.A keeps getting in....Grrrrrrrr!
"OS is XP Pro build 2600" does that tell a story!!!!!!
regards, Dennis...

[markp62]

Without SP1, you do have some serious vulnerabilities.

[scarecrowdr]

Hi mark, So You're Saying That Everyone who has XP Should & Must Install SP1.....In that like saying, We Must All Take the PILL!!
Or We Must All Smoke!.....Must Be Another Way to Patch that VM Surely.......I'll keep Trying anyway n in meantime I'll do a "Trend Micro On-Line Scan every Night".......Thanks & Take Care....