# Need help. Is this program a virus? "Java.exe in system32 folder"



## OuTLawZ-GoSu (May 28, 2007)

I'm using Windows Vista.

Today, norton 360 v2 told me that jucheck.exe is attempting to connect to the internet. I looked up the program and I found out it's from java, so I left it alone.

I checked the Symantec website and I found out that, if java.exe, jureg.exe, jucheck.exe, and services.exe are in the windows folder, they are not legit programs. They are part of "[email protected]".

Here's the link:http://www.symantec.com/security_response/writeup.jsp?docid=2005-092711-1028-99&tabid=2

I found all of those programs in the system32 folder.

I scanned them with nod32, norton 360v2, and trojan hunter. None of them detected anything. 

Also, when I do End Task on Services.exe, I get a message saying that windows encountered an error and will restart in 1 min.

Please, can someone tell me if these are legit pograms or are they from a virus. 

btw, When I let the jucheck.exe connect to the internet, the java update icon showed up in the systray. I doubleclicked it and the window looked legit. I'm realy confused.


----------



## TheBruce1 (Oct 26, 2006)

Hello,



OuTLawZ-GoSu said:


> I found all of those programs in the system32 folder.


All those files are perfectly safe, they are in the correct place.


----------



## Michael York (Nov 3, 2007)

OuTLawZ-GoSu said:


> I'm using Windows Vista.
> 
> Today, norton 360 v2 told me that jucheck.exe is attempting to connect to the internet. I looked up the program and I found out it's from java, so I left it alone.
> 
> ...


Hi OutLaw,

This is Mike from the Norton Authorized Support Team.

I can not determine if the files you listed are indeed infected. However, the first thing I would advise is that you first run LiveUpdate from within Norton 360 to make sure you have the latest program and definition files applied. Next, check your settings to make sure Norton 360 is scanning "All Files" and then perform a "Comprehensive Scan" with Norton 360.

After the scan has completed, follow the manual removal instructions, etc listed in the "Removal" tab of the document you posted.

The other option for you is to submit the files to Symantec for analysis.

Submit files to Symantec for analysis

Thank you,
Mike


----------

