Java

Java in Action Downloads Help Center

Error Messages

   

Virus found in the Java Runtime Environment (JRE) cache directory


This article applies to:
  • Platform(s):
    Windows 98, Windows ME, Windows 2000 (SP4+), Windows XP (SP1 SP2), Windows 2003
  • JRE version(s):
    1.4.2_xx, 1.5.0
SYMPTOMS

Malicious applets have been discovered in the JRE cache directory. Anti-virus programs have detected such malicious applets in the following directory:

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011).

If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer.

Examples of the JAR files are:
  • javainstaller.jar
  • menu.jar
  • archive.jar
  • classload.jar
  • 285.jar
  • count4.jar
  • loaderdmitriy.jar


CAUSE

When the browser runs an applet, the JRE stores all the downloaded files into its cache directory for better performance. We have received reports of the following malicious applets in the cache directory:
  1. Trojan.ByteVerify
  2. VerifierBug.class
  3. Java.JJBlack worm
  4. Java.Shinwow trojan
However, in this instance, storing these applets in the cache directory can not cause any harm to your computer because they are designed to exploit a vulnerability in the Microsoft VM, not the Sun JVM.


SOLUTION

If you find one of these malicious applets on your computer, please use an anti-virus program to delete the applet, or you can clean the cache directory manually.

Here are the instructions on how to manually remove these malicious applets from the JRE cache directory:
  1. From the Start button, click Settings  > Control Panel
  2. In the Control Panel, open the "Java Plug-in Control Panel"
  3. Select the Cache Tab
  4. Click the Clear button inside the Cache Tab, which will clear your JRE cache directory
To enable the Sun Java Virtual Machine as the default JVM, please refer to:

Switching between the Microsoft VM and the Sun JVM


MORE TECHNICAL INFORMATION

Norton / Symantec has posted information about the Trojan.ByteVerify virus on their Web site.
Symantec Virus help - Trojan.ByteVerify

Microsoft provides information about the flaw in the Microsoft VM on their web site:
Microsoft Security Bulletin MS03-011



Sun provides third-party contact information to help you find technical support. This contact information may change without notice. Sun does not guarantee the accuracy of this third-party contact information.

The third-party products discussed in this article are manufactured by companies independent of Sun. Sun makes no warranty, implied or otherwise, regarding the performance or reliability of these products.


NEED MORE HELP?
If you require further assistance, please make sure you check through our Help and FAQ sections thoroughly. We probably have a page that answers your question.

You may find information on the following topics in the Help section:
Installation Instructions
Configuration
Error Messages
Applet Application

Help Resources
> Installing Java
> Configuring Java
> Error Messages
> Applet Application
> Legal

 

FAQ
> General Questions
> Java for Mobile Devices

 

Select Language | Java Wear | Newsletter | About Java Technology | Partner with Us
Privacy | Terms of Use | Trademarks | License | Disclaimer | Contact

Sun Microsystems