Skip to main content

6u10 - b09 has malware?

3 replies [Last post]
rachradio
Offline
Joined: 2007-12-22

I just downloaded the jre-6u10-ea-bin-b09-windows-i586-p-19_dec_2007 this version
to install,
but my using antivrus software -- Avira AntiVir Personal Edition Classic showed
the malware found, then install failed.
I want to know that it is the AntiVir's mis-judgement or the jre 6u10 - b09 version really has malware.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
rogyeu
Offline
Joined: 2006-07-30

Could you use the MD5 checksum to verify the binary you have downloaded? The hash is:
MD5 (jre-6u10-ea-bin-b09-windows-i586-p-19_dec_2007.exe) = bf0d4bb7d73df3042a7439a38ee118bf

which is also available at http://www.java.net/download/jdk6/6u10/promoted/b09/binaries/jre-6u10-ea...

If that does not match, you might have a corrupted download and please download it again.

In addition, could you please provide more info about the mal-ware that the anti virus reports:
- Name of the mal-ware
- File location of the mal-ware if any
- Any additional info

Message was edited by: rogyeu

rachradio
Offline
Joined: 2007-12-22

Thanks for your advice!!
I just downloaded it again and check its MD5 is correct.
and I am sure the file is clean after I scanned it.

but when I installed it, the temp file was detected as a malware.
C:\Documents and Settings\RANDY\Local Settings\Temp\MSI11EB.tmp

the Avira AntiVir showed ''contains suspicious code HEUR/Malware''
then the installation is failed.

but when I installed b08 and 6u3 never happened such a thing,
so I want to know that if b09 is with malware or the AntiVir misjudged.
Thanks again!!

enicholas
Offline
Joined: 2006-02-27

Hi, I'm Ethan Nicholas, an engineer with Sun's Java Deployment team.

At this point we believe that this is simply a false positive reported by your antivirus software. The fact that it was a heuristic ("HEUR") match as opposed to an actual virus signature makes this by far the most likely scenario, as our installer is definitely doing things (updating the registry, copying files under c:\Program Files, registering the plug-in with the browser) which might seem suspicious to a virus scanner.

Your initial scan of the .exe wouldn't have found any problems because all of the code was compressed and unrecognizable to the scanner. Only after unpacking the temp files does our (perfectly legitimate) intent to update the registry and copy files into c:\Program Files become clear, hence the symptoms you saw. A quick Google search reveals many claims of Avira reporting heuristic false positives, so this doesn't seem to be an isolated case.

So that's what we think is going on, but obviously we're going to take this seriously and continue to investigate until we can prove that this is nothing but a false positive. And assuming that that is the case, hopefully we can then get Avira to update their heuristics to no longer flag us.