WinPatrol states Sun Java has Virus-Yes or No?

Hi

As stated above if your depolyjava1.dll is in the C:\windows\system32 folder it is a legit location for that file to be, I have it there also.

What you likely have is WinPatrol falsely flagging this up as malware (called a False Positive) and you may have to wait until WinPatrol get a new corrected definition file released.

The W32/Nuwar-A malware for instance randomely generates names for itself unlike leaving a file called deployjava1.dll your link mentions this in its more info tab and also you should if infected with this malware have a startup called kernels32.exe in your startup list, look in your WinPatrol startup tab.

Now you may have a problem if the deployjava1.dll was located in %Temp%\deployJava1.dll

As for what it is it looks like without looking further into it a developer deployment file from Sun Java, if it is needed or not, doesnt look as clear, but you will soon know if your Java apps and webpages stop working, what I do remember is Sun from Java 20 closed off a few security bugs and moving that file could have been one of such fixes.

What stands out is nothing else is flagging it as nasty so far.

 

Hi pwillener

I think Keylogger Victim is mistaking cookies as being a problem and can be allowed or disallowed via CCleaner in which CCleaner will only allow you to "keep" cookies you wish to, this allows you to say keep the login cookie from your favoured website or forum from being deleted when you run CCleaner and that is all. It has no blocking capabilities.

Cookies for those reading are not an issue and for a good write up on this please read section 12 of this guide HERE


Back to the question of deployjava1.dll and if it is malware or not, I decided to do a test today and installed a clean Virtual PC as I needed to test a couple of apps in XP SP3 and decided to also install Java 6 update 21 to see what was happening in relation to this file, this was a bare-ish install and the two whiteout apps are something I'm testing and not for release yet, so no malware what so ever.

These are no Java installed and the win32 folder has no deployjava1.dll
http://img97.imageshack.us/img97/2899/57392152.jpghttp://img820.imageshack.us/img820/6674/96132209.jpg

These are with Java 6 update 21 installed, with deployjava1.dll showing in Windows32 folder in red circle.
http://img695.imageshack.us/img695/9735/36778075.jpghttp://img137.imageshack.us/img137/3451/72124347.jpg

All I can say from this is WinPatrol has a false positive.

 

Hi

Dont think Microsoft Security Essentials is the issue, it was WinPatrol that flagged it for you, wasnt it?

I run MSE on two laptops and its not flagged that, dont use WinPatrol though.


But glad nothing is being flagged now

 

Ah no probs msjones what I was going to say if it was MSE then I could flag this up at Microsoft and the MSE team, that they where flagging up a legit file.

Do let us know if this crops up again, its more likely if WinPatrol flags it up again (but not now as malware) it will be when Java updates next time as that file will be regenerated in the same location again.

So just we weary of that, and again cheers for coming back with your info it helps me and others.