Help ATS with a contribution via PayPal:
learn more

Fake Java Update Malware

page: 1
6
<<   2 >>

log in

join

posted on Nov, 13 2013 @ 12:39 AM
link   
Is anyone else having a problem with this fake "java update" malware crap that's been going on for the last few weeks or so ?



I've noticed this bloody thing popping up everywhere while surfing the internet, but now I've got it redirecting my browser when I try to log into ATS (it hasn't done it yet on other sites thus far, but I'm sure it will eventually)... and it's driving me nuts.

I managed to bounce around it on this site by reclicking "log in" several times quickly until I was able to beat it (only have a few seconds before the redirect kicks in) and finally logged on. Once I'm logged in, no popup or redirect problem.

I've run full scans of my computer with AVG anti-virus, Spybot S & D, and Malwarebytes... cleaned any garbage up, deleted all browser history/cookies/cache, and also checked for any malware program installs, mozilla malware add-ons/extensions, etc. It all seems good. And everything is up to date on my computer also.

But still can't seem to combat this damn thing.

Thankfully I haven't made the mistake of ever clicking on it, but while surfing other sites the stupid popup opens a new tab and you either can't close it without completely shutting down the browser and/or AVG detecting it and getting rid of it (sometimes it does, sometimes it doesn't).

So at this point, I'm at a complete loss on what else to do ?



Here's what the malware browser popup/redirect looks like:




Figured I would toss this at you fine folks and hope that someone has other suggestions for me to try...

Bloody frustrating !





posted on Nov, 13 2013 @ 12:52 AM
link   
reply to post by CranialSponge
 


Maybe first try uninstalling java completely. See if reinstalling a valid copy from java.com fixes it.

If not maybe try the add-on for Firefox (if that's what you have) called "Click and Clean." It not only scrubs out the cache etc but gets rid of LSO's (flash cookies.)

C & C
edit on 328am3535am122013 by Bassago because: (no reason given)



posted on Nov, 13 2013 @ 12:53 AM
link   
I got something called candy-whatever. iirce SpyBot in admin mode kicked it.



posted on Nov, 13 2013 @ 12:59 AM
link   
Check browser settings and reset home page.
Also , see if there any unknown add ons in browser.



posted on Nov, 13 2013 @ 01:13 AM
link   
reply to post by CranialSponge
 

That doesn't look like Javas update page. The tiny "trademark" logo (should say ™ ) looks wrong (after the a on Java), Oracle does not appear and I don't see the "not now" choice.

"Please Update" is a warning, too.



posted on Nov, 13 2013 @ 01:19 AM
link   

Bassago
reply to post by CranialSponge
 


Maybe first try uninstalling java completely. See if reinstalling a valid copy from java.com fixes it.

If not maybe try the add-on for Firefox (if that's what you have) called "Click and Clean." It not only scrubs out the cache etc but gets rid of LSO's (flash cookies.)

C & C
edit on 328am3535am122013 by Bassago because: (no reason given)



This "java update" malware doesn't actually have anything to do with java, it's just a fake popup malware that wants you to click it so it can then install malware to your computer. If you google "fake java update", you'll find a lot of discussions on it. But I've done everything these other sites are suggesting and it's still not completely getting rid of the pesky problem.

I'm going to give this "click and clean" add-on a try though... If for no other reason than to clean out the cache and cookies properly in case I'm missing something.

Thanks for the suggestion.



posted on Nov, 13 2013 @ 01:20 AM
link   

bluemooone2
Check browser settings and reset home page.
Also , see if there any unknown add ons in browser.



Thanks, I've already done all of that though.



posted on Nov, 13 2013 @ 01:23 AM
link   

intrptr
reply to post by CranialSponge
 

That doesn't look like Javas update page. The tiny "trademark" logo (should say ™ ) looks wrong (after the a on Java), Oracle does not appear and I don't see the "not now" choice.

"Please Update" is a warning, too.


No, it's not the true Java update page.

The pic is just showing what this phony popup looks like.

It's definately not a legit Java update, which is why I've never clicked on it.

But since today, now the damn popup is redirecting ATS when I come to the site... I'm assuming it's probably because I'm on ATS at least once a day (or more) and it's now clung onto one of my cookies or something.

So I guess now I'm wondering how to completely and totally kill all cookies/cache/temp files/history, etc etc in order to stop it from redirecting ATS.



posted on Nov, 13 2013 @ 01:32 AM
link   
reply to post by CranialSponge
 


I've run full scans of my computer with AVG anti-virus, Spybot S & D, and Malwarebytes... cleaned any garbage up, deleted all browser history/cookies/cache, and also checked for any malware program installs, mozilla malware add-ons/extensions, etc. It all seems good. And everything is up to date on my computer also.

You sir, know so much more about computers than I. I should be taking classes from you.

Somebody has attached "something' to your account here that comes up when you try to log on. Staff might be able to help. Maybe get a new account?

But really, I don't know enough about it. Hope you get it resolved.



posted on Nov, 13 2013 @ 01:36 AM
link   
reply to post by CranialSponge
 


I get that it's not real java but the code for it has got to be hiding somewhere. Java directory seemed the first place to look after uninstalling. Then delete that directory. It may also be hiding in the Firefox directory. If you download the new version of FF then you could unistall the browser as well. Then whack the directory and reinstall FF. You just need to break the link from the app to the browser.

Also check your registry if using Windows. You may find it hiding an auto load entry in the run key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

or in the Mozilla plugin key

HKLM\Software\MozillaPlugins

Just an idea but that's what I'd do. I hate stuff like that on my systems. Careful in the registry, if you delete the wrong thing you can get hosed.



posted on Nov, 13 2013 @ 01:44 AM
link   
reply to post by CranialSponge
 

Just ran into it to-day. Wasn`t much of a problem though as I just did a hard shutdown and reboot and it was gone. Unlike that Crypto-locker ransomeware that was posted not too long ago.



posted on Nov, 13 2013 @ 01:45 AM
link   
reply to post by intrptr
 





You sir, know so much more about computers than I. I should be taking classes from you.

Somebody has attached "something' to your account here that comes up when you try to log on. Staff might be able to help.

Maybe get a new account? But really, I don't know enough about it. Hope you get it resolved.



Ma'am... but hey, who's counting


I don't think it has anything to do with ATS just simply because this phony popup has been going on for a few weeks off and on while I'm surfing the net (more so on some websites than others). And it's been just a harmless annoying popup (opening a new tab) up to that point.

But it hasn't been until today where the damn thing is now redirecting my browser when I come to the ATS website.... which tells me it's attached itself to a cookie or cache or something in my actual browser.

And only ATS (thus far) probably because I'm coming to this site every day.

I'm convinced it's a browser cookie/cache/history/temp file problem.

Hopefully someone can pop by the thread who has more computer savvy than I do and can take me through a step-by-step process on how to manually clean out this stuff properly because obviously I haven't successfully done so yet.

I'm hoping to avoid the only last resort step I can think of... and that's to uninstall and reinstall Mozilla from scratch.

Ugh.



posted on Nov, 13 2013 @ 01:52 AM
link   

Bassago
reply to post by CranialSponge
 


I get that it's not real java but the code for it has got to be hiding somewhere. Java directory seemed the first place to look after uninstalling. Then delete that directory. It may also be hiding in the Firefox directory. If you download the new version of FF then you could unistall the browser as well. Then whack the directory and reinstall FF. You just need to break the link from the app to the browser.

Also check your registry if using Windows. You may find it hiding an auto load entry in the run key:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

or in the Mozilla plugin key

HKLM\Software\MozillaPlugins

Just an idea but that's what I'd do. I hate stuff like that on my systems. Careful in the registry, if you delete the wrong thing you can get hosed.




Dang, I was hoping to not have to reinstall FF. I'll avoid that step until I get desperate... I haven't the first clue on how to save all of my bookmarks... and I've got a ton of them !

I never thought to check the directories, I'll definitely do that, thanks.

And that's a good idea to check out the registry, never thought of that one either. It won't be the first time I've had to horse around in there. First stop, the Mozilla registry....

*sigh*

This is the first time in years I've had to screw around with malware... I'm always so damn careful.



posted on Nov, 13 2013 @ 01:57 AM
link   

nergalbanda1
reply to post by CranialSponge
 

Just ran into it to-day. Wasn`t much of a problem though as I just did a hard shutdown and reboot and it was gone. Unlike that Crypto-locker ransomeware that was posted not too long ago.



Yup, this stupid thing is spreading like wildfire all over the internet. And it's going to become more and more common/problematic as time goes on (whether you click on it or not).

So hopefully this thread will serve a dual purpose... helping me AND as a sort of reference tool for anyone who ends up getting kicked by this thing like I have.



posted on Nov, 13 2013 @ 02:00 AM
link   
reply to post by CranialSponge
 


In FF just go to the bookmaks menu > Show all bookmarks. Backup & import is on the menu bar.

If you need any assist in the registry just U2U me.

After all what could possibly happen in the registry...


On the plus side if you fix it you'll be famous. Even MS's MSDN doesn't have a real fix.
edit on 376am0808am22013 by Bassago because: (no reason given)



posted on Nov, 13 2013 @ 02:02 AM
link   
reply to post by CranialSponge
 



Ma'am… but hey, who's counting

Forgive me my lady err, Ma'am. I was being one tracked like males are. Yah, I'd wait a while before surgery and get a second opinion.



posted on Nov, 13 2013 @ 02:09 AM
link   

Bassago
reply to post by CranialSponge
 


In FF just go to the bookmaks menu > Show all bookmarks. Backup & import is on the menu bar.

If you need any assist in the registry just U2U me.

After all what could possibly happen in the registry...


On the plus side if you fix it you'll be famous. Even MS's MSDN doesn't have a real fix.
edit on 376am0808am22013 by Bassago because: (no reason given)



Oh for crying out loud... I had no idea FF had a backup/import for bookmarks ! Too funny.


Meh, the registry doesn't scare me. Been there, done that too many times to count over the years. The trick is to ONLY clean out garbage you're absolutely 100% positively familiar with.

Anything you're unsure of, leave it the hell alone.... learnt that lesson the hard way many moons ago.


Microsoft not figuring out a fix on this one yet ?
Pfft, now why doesn't that surprise me. NOT.
edit on 13-11-2013 by CranialSponge because: (no reason given)



posted on Nov, 13 2013 @ 02:22 AM
link   
Alright...

I'm going to log out of ATS and do some playing around with this fiasco now.

If I don't come back to this thread for a few days, you'll know I've blown my registry to high hell.


Bwahahahaha !
edit on 13-11-2013 by CranialSponge because: (no reason given)



posted on Nov, 13 2013 @ 05:38 AM
link   
I had that thing pop up on me 2 or 3 days ago .I dont run any security stuff ..none zip ..I did also note that one of the side bar adds keeps telling me my system is slow and that they can fix it lol ..do you think I should click on the add ? kidding ...good luck with your problem ...



posted on Nov, 13 2013 @ 05:44 AM
link   
yeah I got it today...and it wouldn't bring up the homepage of ATS and left only one option... so I clicked x and it still didn't work. It Is more like a Trojan than malaware.

I had to shut the browser down and all my tabs closed then re opened and it was fine.

I got a virus from a fake photoshop update about 6 months ago...so just keep up to date with your virus definitions and you should be ok.

cheers





new topics




 
6
<<   2 >>

log in

join