View Full Version : Java and spybot
Hello, sorry if I'm posting in the wrong sub-section. Just a few days ago while running a java update though my desktop toolbar I encounted teatimer saying that there was something wrong with the java update. It stated that spybot search and destory encountered a problem and terminated a process callled javaw.exe. It identified this as Perfectkeylogger. As I have been searching through the forums I have found two threads stating that this may be a false positive however these threads are quite old. Anyways is there anyway i can confirm this is a false positive or is this something I need to worry about.
Thanks for the help.
bbnetwork
2013-02-04, 16:36
Hello
How did you get this Java-Update, have you been downloading it from java.com or did it come through the Java-Updater?
Which Version of Java did you try to install?
Hello Carrot1,
Also,
As I have been searching through the forums I have found two threads stating that this may be a false positive however these threads are quite old. Anyways is there anyway i can confirm this is a false positive or is this something I need to worry about.
How to report Possible False Positives (http://forums.spybot.info/showthread.php?t=19117)
Best regards. :)
Hello
How did you get this Java-Update, have you been downloading it from java.com or did it come through the Java-Updater?
Which Version of Java did you try to install?
It came through the java updater on my desktop toolbar. The version was Java 6 Update 39.
* Operating System (Windows XP Professional, Windows 7 ,etc.) Windows XP
* Browser and Version (Internet Explorer 9, FireFox 10, Opera 11.61 etc.) Firefox 18.0.1
* Version of Spybot S&D and date of the latest update Spybot version 1.6.2.46 last updated 30/01/2013
* where did the false positive occur
o Scan result
o after fix
o Spybot message at start of scan
o Teatimer message when a program was executed Occured when running a java update through my desktop toolbar. It terminated Prefectkeylogger in javaw.exe
o not reachable/restricted website
o SDHelper popup
o right click scan result
I was updating to java 6 update 39. This has never happened to me before and I just wanted to be double sure that I didn't have a keylogger on my computer. If I don't could you please inform me and thanks for all the help.
Please do a full scan with Spybot S&D.
If it does not find any supposed to be Java files this is probably a TeaTimer FP.
If there is still doubt please send in the files in question to detections@spybot.info, please remember to link this thread in your email.
I just did a full scan and nothing was found however teatimer deleted javaw.exe and on the day of the incident. Do you want me to try update java again and then do a full scan?
If you are using Java you should update it, since exploits are actively used.
In that case please redo the full scan.
Very few websites use Java, so disabling it in the browser is recommended.
Some software like the Eclipse IDE or LibreOffice do use the Java Runtime Environment (JRE). If you do not have any software requiring the JRE, it is safer to uninstall it.
If you are using Java you should update it, since exploits are actively used.
In that case please redo the full scan.
Very few websites use Java, so disabling it in the browser is recommended.
Some software like the Eclipse IDE or LibreOffice do use the Java Runtime Environment (JRE). If you do not have any software requiring the JRE, it is safer to uninstall it.
Just reinstalled java 6 update 39 and spybot found nothing. Does this confirm that it was a false positive? I just want to know that I don't have a keylogger and if I did would teatimer had got rid of it?
Thanks for all the help btw.
bbnetwork
2013-02-13, 14:13
Just reinstalled java 6 update 39 May i ask, why you did not install the latest Version of Java (Jave 7 update 13) since it will include newer fixes.
If the full scan did'nt find anything, i would say, its almost sure, its a false-positiv.
May i ask, why you did not install the latest Version of Java (Jave 7 update 13) since it will include newer fixes.
If the full scan did'nt find anything, i would say, its almost sure, its a false-positiv.
I re-intalled java 6 update 39 to see if teatimer was going to flag it again.
So I guess we can confirm it was a false positive?
yes, we can assume that this was a random TeaTimer false positive.
Please make sure to install the latest version of Java just like bbnetwork proposed.
If you don't need Java SE 6 for some special purpose it is recommended to install the latest version of Java SE 7.
You will find and overview and download links here (http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html)