Hey All,

I've noticed strange traffic on my box lately, where an application keeps trying to do a lookup to a dynamic DNS domain 'FROGS.hopto.org'. I've tracked it down to an application located in:

C:\Program Files\Java\jre1.6.0_05\bin

called 'juschedu.exe'. Whenever I run this app, I see the UDP queries for the domain name and saw a brief connection to the IP/domain upon startup.

Just curious if anyone has seen this type of trojan/malware before and/or if you know where I can send it to get analyzed. Spybot did not pick it up as malware or a trojan, but I highly doubt that Sun's Java would be going to a dynamic IP based out of New Jersey.

Any Ideas?

Thanks

Hi bluesloth

That appears to be Sun Java updater/update checker and legit.

If you want a doublecheck, see here (http://forums.spybot.info/showthread.php?t=288) and post back HijackThis log, please :)

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.