Jump to content
Buddel

java.exe --> Trojan.Downloader?

Recommended Posts

MBAM just popped up, telling me java.exe is a trojan downloader. Here's the log:

DETECTION: C:\PROGRAM FILES\Java\jre6\bin\java.exe - Trojan.Downloader

I'm using the latest version of MBAM, database version 5249. I'm sure this is a false positive. Would be great if you could fix it soon. Thanks in advance.

Share this post


Link to post
Share on other sites
MBAM just popped up, telling me java.exe is a trojan downloader. Here's the log:

DETECTION: C:\PROGRAM FILES\Java\jre6\bin\java.exe - Trojan.Downloader

I'm using the latest version of MBAM, database version 5249. I'm sure this is a false positive. Would be great if you could fix it soon. Thanks in advance.

I have just got that too! Using database5249, again, same as you.

I uninstalled Java and ran MalwareBytes again and it was clear. After re-installing Java and completing a new scan, it still reported "Trojan Downloader" in java.exe

Need I be worried, or is this a false positive?

Share this post


Link to post
Share on other sites

Same here. Equally sure these are false positives.

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5249

Files Infected:

c:\Windows\System32\java.exe (Trojan.Downloader) -> No action taken.

c:\Windows\SysWOW64\java.exe (Trojan.Downloader) -> No action taken.

Share this post


Link to post
Share on other sites

Ditto. Just updated and had these both pop. I had them removed/quarantined, but seeing that others had the same results, I am wondering if I did the right thing.

If they are quarantined, I can restore (if they are false positives), correct?

Thanks so much!

Share this post


Link to post
Share on other sites

I think this is by me the same:

MBAM 1.50 developer Log:

Objects scanned: 186136

Time elapsed: 35 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programme\Java\jre6\bin\java.exe (Trojan.Downloader) -> No action taken. [1b661ff5e21e6799c603f66220e02dd3]

c:\WINDOWS\system32\java.exe (Trojan.Downloader) -> No action taken. [82ffc351649c5ca4339678e0e21ed62a]

The result

Share this post


Link to post
Share on other sites

@ kjz

Please make a full scan with Malwarebytes' Anti-Malware 1.50 :(

MAM

Share this post


Link to post
Share on other sites

MBAM database 5249 is indeed reporting the newest version of java.exe (MD5: 51a850830cb841fbe5b90142bcc6b854) as Trojan.Downloader.

Share this post


Link to post
Share on other sites

12:14:06 (null) DETECTION C:\Program Files\Java\jre6\bin\java.exe Trojan.Downloader QUARANTINE

This happened while attempting to play the msn game TextTwister (zone.msn.com/texttwist)

Once there, click onpost-2708-1291580803_thumb.jpg

Share this post


Link to post
Share on other sites
MBAM database 5249 is indeed reporting the newest version of java.exe (MD5: 51a850830cb841fbe5b90142bcc6b854) as Trojan.Downloader.

...as a falsepositive, or what ?

MAM

Share this post


Link to post
Share on other sites
Seems to be a FP: java.exe ---> Trojan Downloader

Virustotal scan says the file is clean:

http://www.virustotal.com/file-scan/report.html?id=496699e537c06e7b431ea3b766cd13eb6e9ece7c1845e7cba8cbc4b54bfbd5af-1291577682

Confirmed here, too. Same files (c:\windows\system32\java.exe along with the one in "SysWOW"), same Trojan.Downloader report.

Happens with DB 5249, doesn't with DB 5247.

guylauten

Share this post


Link to post
Share on other sites

Hi everyone! As you all probably know this is a false positive as i have also uploaded this file to virus total also! Also file is digitally signed too! relax regards glenski :(

Share this post


Link to post
Share on other sites

Fixed here as well. Restored from quarantine, updated, ran a new scan, and no detections.

Thanks so much!

Take it and run,

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.