Jump to content
koo9903

Java malicious inbound socket detected alert

Recommended Posts

I updated this morning to 4.1.0 and have been getting the below notifications immediately, repeatedly. The alert doesn't provide any directions as to where it resides or solution for the alert. I've ran the Farbar Recovery Scan and gotten the FRST.txt and Addition.txt files but no sure how to use them. I've attached them to the post.

Is there any way to determined why I am getting this alert and how to fix it?

 

image.png.27f931a1d67a6b64ab7812e364de2222.png

Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

Hello @koo9903

You have 2 very old compromised versions of Java on your computer. Please start by going to Control Panel, Programs, Add / Remove and uninstall ALL versions of Java.

Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)

Once that is done then reboot the computer and run the following for me in the exact order provided.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Share this post


Link to post
Share on other sites

Just a note that your version of 7-zip is quite old. You may wish to check and update it.

https://www.7-zip.org/

Not sure if you're involved with this site or not (just a note of possible warning)  but uploading movie content in most locations around the World is risking potential jail time. Most seem to turn a blind eye to streaming views but uploading content now makes you part of the criminal issue of piracy. I'm not saying this site is doing anything wrong but when I visit the site it does look like it is streaming potentially illegal content.

StandardProfile\AuthorizedApplications: [C:\Kiwidisk.com\KiwidiskUp.exe] => Enabled:KiwidiskUp
StandardProfile\AuthorizedApplications: [C:\Kiwidisk.com\KiwidiskDown.exe] => Enabled:KiwidiskDown

 

Unless you specifically have a need for Bonjour I would recommend that you uninstall it. It is often added by Apple software but is typically not needed.

 

You may want to see if there are any BIOS firmware updates for your computer.
 

System errors:
=============
Error: (04/30/2020 09:25:34 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on Hyper-V logical processor 7 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

 

Your computer Event Logs are registering an issue with this log file below. Please see if the following fix corrects the issue and stops the Event from being logged.
https://answers.microsoft.com/en-us/windows/forum/all/event-viewer-erro-esent-455-since-update-1903/624a2548-06e5-47f4-bb99-76d6412895a0

Error: (04/30/2020 07:34:59 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4640,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

 

 

qBittorrent

The act of torrenting itself is not illegal. However, downloading and sharing unsanctioned copyrighted material is very much illegal, and there is always a chance of getting caught by the authorities.
Torrenting non-copyrighted material is perfectly fine and is allowed. In many countries including the US, the Government and ISP often work together to catch people distributing unsanctioned material.

 

Your Google update is old but that may just be due to when it was installed. I would recommend you still at least do a Check, About and make sure Google Chrome is up to date.
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-01] (Google Inc -> Google Inc.)

You may want to reconsider the user of CCleaner
https://helpdeskgeek.com/free-tools-review/why-you-shouldnt-download-ccleaner-for-windows-anymore/
https://www.howtogeek.com/361112/heres-what-you-should-use-instead-of-ccleaner/

 

What does this batch file do?
C:\Users\koo99\Documents\sleep.bat

I would recommend that you revisit your settings for browser Push Notifications as you have some of them enabled
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

DAEMON Tools Pro used to be a great tool many years ago but with the change to so much Steaming and USB/ISO and lack of CD/DVD/Bluray these days, the need may no longer be there as much as it used to be. Not saying anything wrong with it but resource usage if you're not actually using it anymore.

 

Please run the following Fix. It will check and verify all your operating system files are valid and clear temp files and reboot the computer and run a disk check as well. Depending on the speed of your computer it may take 30 minutes to an hour to complete.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

 

 

Share this post


Link to post
Share on other sites

Hello @koo9903

Are you still with us? Do  you still require further assistance?

Please post a status update when you have a moment

Thank you

 

Share this post


Link to post
Share on other sites

Hi, sorry for the delayed response.

I've gone ahead and ran the fixlist.txt.  I'm not seeing anymore of those Java alerts. 

I've also considered your recommendations and updated and removed a few applications.

Thank you!

Share this post


Link to post
Share on other sites

Great, glad to hear. I will go ahead then and close your topic but if you do decide you need further assistance though please don't hesitate to let us know.

Take care and stay safe out there

 

Share this post


Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.