We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide

What is jmxremote?

July1962
July1962 Posts: 910 Forumite
Part of the Furniture 100 Posts Combo Breaker Photogenic
in Techie Stuff
I'm not very good with computers (!) so please bear with me...

I have a home pc on a network. While searching for a keylogger (as I've removed spyarsenal from my machine in the past!) I came across these entries which I don't understand:

(Name) jmxremote.password.template (In Folder) C:\Programme Files\Java\jre1.5.0_3\lib\management (Size) 3 KB (Type) Template File (Date Modified) 12/09/2006 18:55



(Name) jmxremote.password.template (In Folder) C:\Programme Files\Java\jre1.6.0_4\lib\management (Size) 3 KB (Type) Template File (Date Modified) 01/02/2008 12:03



(Name) jmxremote.password.template (In Folder) lib\management (Size) 3 KB (Type) Template File (Date Modified) 15/09/2004 09:55



(Name) jmxremote.password.template (In Folder) lib\management (Size) 3 KB (Type) Template File (Date Modified) 12/11/2006 03:41

Is this something I should expect to see on my pc, or it it a keylogger?

Any advice gratefully received :)

PS: I use Ad-Aware, but it didn't pick this up. I use AVG anti virus and my browser is chrome.
It's nice to be important.....but it's more important to be nice :)
«13

Comments

  • patman99
    patman99 Posts: 8,532 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker Photogenic
    What O/S are you using?.
    Never Knowingly Understood.

    Member #1 of £1,000 challenge - £13.74/ £1000 (that's 1.374%)

    3-6 month EF £0/£3600 (that's 0 days worth)

  • July1962
    July1962 Posts: 910 Forumite
    Part of the Furniture 100 Posts Combo Breaker Photogenic
    XP Professional 2002 Service Pack 2 ...is that what you mean ?!
    It's nice to be important.....but it's more important to be nice :)
  • The_Grandmaster
    The_Grandmaster Posts: 1,424 Forumite
    Part of the Furniture Combo Breaker
    Google search suggests java?

    If you think you have an infection: (instructions written by alienRIK)

    Download MALWAREBYTES (Make sure you click 'DOWNLOAD LATEST VERSION')
    http://www.filehippo.com/download_ma..._anti_malware/
    Open malwarebytes and goto UPDATE and click 'check for updates'. After its updated goto SCANNER and click PERFORM FULL SCAN then click SCAN
    Remove everything thats found (needs to be ticked)
    Post the COMPLETE log here AFTER youve deleted everything it finds


    reboot

    Download HIJACK THIS (Make sure you click 'DOWNLOAD THIS VERSION')
    http://www.filehippo.com/download_hijackthis/2894/
    Click MAIN MENU then DO A SYSTEM SCAN AND SAVE A LOGFILE(Takes seconds) then post the log so we can see whats running
    (do NOT do anything else with Hijack but scan and post the FULL log)
  • edgex
    edgex Posts: 4,212 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    http://lmgtfy.com/?q=jmxremote


    https://jmxremote.dev.java.net/
  • July1962
    July1962 Posts: 910 Forumite
    Part of the Furniture 100 Posts Combo Breaker Photogenic
    Thanks for these replies :)
    It's nice to be important.....but it's more important to be nice :)
  • July1962
    July1962 Posts: 910 Forumite
    Part of the Furniture 100 Posts Combo Breaker Photogenic
    Thank you to The Grandmaster for your excellent instructions...
    Here is the log (I will now reboot and do the second part!)

    Malwarebytes' Anti-Malware 1.46
    https://www.malwarebytes.org

    Database version: 4291

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    08/07/2010 11:11:49
    mbam-log-2010-07-08 (11-11-49).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 188369
    Time elapsed: 43 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    E:\Program Files\NoAdware4\noadwareutils.dll (Rogue.Agent) -> Quarantined and deleted successfully.
    It's nice to be important.....but it's more important to be nice :)
  • July1962
    July1962 Posts: 910 Forumite
    Part of the Furniture 100 Posts Combo Breaker Photogenic
    Second part!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:22:00, on 08/07/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Documents and Settings\karen\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\karen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.bbc.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://news.bbc.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
    O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)
    O4 - HKLM\..\Run: [\\STEVE-7248A7CD7\EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P48 "\\STEVE-7248A7CD7\EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\karen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 5854 bytes



    Should I now remove Hijack This?
    It's nice to be important.....but it's more important to be nice :)
  • The_Grandmaster
    The_Grandmaster Posts: 1,424 Forumite
    Part of the Furniture Combo Breaker
    TICK and FIX:
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - (no file)
    O3 - Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - (no file)

    I think maybe combofix should be run but I won't be able to read the log. (Instructions written by alienRIK - again not by me! :D):

    Please run COMBOFIX
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Shut down your anti virus
    Follow the simple instructions it gives
    Post the COMPLETE log it creates here (Split into sections if need be) ~ if there are loads of 'SNAPSHOT' pages then leave them out
    If it comes up with a RENAMING error then RIGHT click the exe file and RENAME and call it QWERTY (Making the complete file name 'QWERTY.exe') Or SAVE as 'QWERTY' on download
  • HoofeHearted
    HoofeHearted Posts: 2,652 Forumite
    Part of the Furniture 1,000 Posts Photogenic
    When you have removed any remaining adware/spyware, update XP to SP3. After next week's monthly M$ updates, SP2 will no longer be supported.
  • July1962
    July1962 Posts: 910 Forumite
    Part of the Furniture 100 Posts Combo Breaker Photogenic
    Grandmaster... I don't know how to close AVG.
    When I right click my tray icon there's no option to close.
    I don't want to uninstall the whole programme but I can't see how I can shut it down....
    It's nice to be important.....but it's more important to be nice :)
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 353.5K Banking & Borrowing
  • 254.2K Reduce Debt & Boost Income
  • 455K Spending & Discounts
  • 246.6K Work, Benefits & Business
  • 602.9K Mortgages, Homes & Bills
  • 178.1K Life & Family
  • 260.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture