Results 1 to 2 of 2

Thread: Redundant ActiveX applications installed ?(Thread 2)

  1. 2007-10-12, 13:44 #1
    Port_H
    Port_H is offline
    Junior Member
    Join Date
    Sep 2007
    Posts
    9

    Question Redundant ActiveX applications installed ?(Thread 2)

    Hello. I recently upgraded my Java runtime environment to version 6 Update 3. During the installation process, i noted that my IP blocker PeerGuardian2 blocked HTTP content coming from IPs within the range called as "Omniture[BargainBuddy]". At that time, i had PG2 configured to block only IPs from the Spyware list.
    Now, when i open Spybot-SD and go to the Tools>ActiveX tab, i see 3 entries with the same name Java Runtime Environment 1.6.0.

    What bugs me is that only 2 of the 3 entries are classified as legitimate by Spybot-SD, even after updating Spybot-SD and restarting it. Here is an excerpt of the exported log file:

    Code:
    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_03
         Installer: 
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Programas\Java\jre1.6.0_03\bin\
         Long name:    npjpi160_03.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 24-09-2007 23:31:44
Date (last access): 12-10-2007 11:26:36
 Date (last write): 25-09-2007 1:11:34
          Filesize:             132496
        Attributes:           archive 
               MD5: D6A4682A6FF41832A3F1A7AB9AE08199
             CRC32:           9080B537
           Version:           6.0.30.5

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_03
         Installer: 
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
              Path: C:\Programas\Java\jre1.6.0_03\bin\
         Long name:    npjpi160_03.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 24-09-2007 23:31:44
Date (last access): 12-10-2007 11:26:36
 Date (last write): 25-09-2007 1:11:34
          Filesize:             132496
        Attributes:           archive 
               MD5: D6A4682A6FF41832A3F1A7AB9AE08199
             CRC32:           9080B537
           Version:           6.0.30.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_03
         Installer: 
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
       description: 
    classification: Legitimate
    known filename: npjpi150_06.dll
         info link: 
       info source: Safer Networking Ltd.
              Path: C:\Programas\Java\jre1.6.0_03\bin\
         Long name:    npjpi160_03.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 24-09-2007 23:31:44
Date (last access): 12-10-2007 11:26:36
 Date (last write): 25-09-2007 1:11:34
          Filesize:             132496
        Attributes:           archive 
               MD5: D6A4682A6FF41832A3F1A7AB9AE08199
             CRC32:           9080B537
           Version:           6.0.30.5
    So, my concrete question is: The entry not classified as Legitimate by Spybot-SD isn't in fact Legitimate (possible spyware), or it's expected to be there and should not be removed ?
    Last edited by Port_H; 2007-10-12 at 13:50.
    Reply With Quote Reply With Quote
  2. 2007-10-13, 06:16 #2
    Zenobia
    Zenobia is offline
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,490

    Default

    You can usually look up activex 's at Castlecops,but the one not marked as legitimate in your spybot activex list isn't there yet.Must be too new.
    http://www.castlecops.com/ActiveX.html
    If an activex isn't listed there,usually you can Google the numbers between the curly brackets along with the filename,so you can get some idea of whether it's legit or not.

    I just installed version 6 Update 3 directly from http://www.java.com/en/ ,and I know it's legit.I have a different Long name,etc.,but the number in curly brackets is the same as yours.And while everything else isn't exactly the same as yours,I'd say it is close enough to say yours is very probably legitimate also.

    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 13/10/2007 12:08:22 AM
    Date (last access): 24/09/2007 11:31:44 PM
    Date (last write): 25/09/2007 1:11:34 AM
    Filesize: 501136
    Attributes: archive
    MD5: D787E3123FAD2BD58AB45B9A5C360ACD
    CRC32: DDC625C2
    Version: 6.0.30.5
    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: npjpi160_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 24/09/2007 11:31:44 PM
    Date (last access): 24/09/2007 11:31:44 PM
    Date (last write): 25/09/2007 1:11:34 AM
    Filesize: 132496
    Attributes: archive
    MD5: D6A4682A6FF41832A3F1A7AB9AE08199
    CRC32: 9080B537
    Version: 6.0.30.5

    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: ssv.dll
    Short name:
    Date (created): 13/10/2007 12:08:22 AM
    Date (last access): 24/09/2007 11:31:44 PM
    Date (last write): 25/09/2007 1:11:34 AM
    Filesize: 501136
    Attributes: archive
    MD5: D787E3123FAD2BD58AB45B9A5C360ACD
    CRC32: DDC625C2
    Version: 6.0.30.5

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_03
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre1.6.0_03\bin\
    Long name: npjpi160_03.dll
    Short name: NPJPI1~1.DLL
    Date (created): 24/09/2007 11:31:44 PM
    Date (last access): 24/09/2007 11:31:44 PM
    Date (last write): 25/09/2007 1:11:34 AM
    Filesize: 132496
    Attributes: archive
    MD5: D6A4682A6FF41832A3F1A7AB9AE08199
    CRC32: 9080B537
    Version: 6.0.30.5
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules