Archive

Posts Tagged ‘Windows 7’

It’s a mouse made by who?

May 19th, 2015 No comments

So I plug a USB Microsoft Intellimouse into a PC running Microsoft Windows 7 and of course it recognises it as it already has the driver, errrr well no…
Windows Update for mouse
and then spends a few minutes looking on Windows update. Why doesn’t Windows 7 already have these driver preloaded?

Jucheck.exe wild goose chase

April 30th, 2010 4 comments

While setting up a brand new Dell laptop with Windows 7 pre-installed, the UAC (User Account Control) dialogue box popped up asking whether I wanted to allow windows\system32\jucheck.exe to run. The publisher was shown as none.

A quick google from another machine threw up some very conflicting information:

jucheck.exe is a Java component which checks for updates but several forums and ‘answers’ sites included posts that said that while a jucheck.exe file in ‘Program Files’ would be valid, any such file with that name in the windows\system32 directory was most certainly a trojan. If this was a trojan, the question remained as to how it could have appeared. The UAC dialogue appeared during the initial start up of Windows; no websites had yet been visited on this brand new machine, no email has yet been set up and the machine was behind a locked down Firebrick firewall. A portscan from shieldsup at grc.com confirmed no ports were open.

Equally, other posts, including this one from Microsoft say that “Java components are installed and present in both Windows folder as well as Program Files”.

A file search showed four copies of jucheck.exe on the machine all with the same date (about two weeks ago, before the machine was even ordered). There were two in the Java Program files directories, one in the 32 bit directory and the other a 64 bit version, different file sizes, a third in windows\system32 (a copy identical to that in the Java 32 bit program files directory) and another in windows\sysWOW64 corresponding to the 64 bit version in the Java 64 bit program files directory. This mirrored precisely the situation in the above Microsoft post.

Additionally, when the Java update in the system tray asked to update, it ran the copy of jucheck.exe in the windows\system32 folder not the one in Program Files, adding weight to this copy being the legitimate one.

I downloaded and installed the Java update manually, and jucheck.exe stopped being run on startup. If this were a trojan then surely it would still be trying to run.

I decided to uninstall Java completely and found that it uninstalled all four files. This poses the question: if the two in the windows directory shouldn’t be there, why would Java’s own un-installer remove them.

I then downloaded and installed the latest version of Java (both 32 bit and 64 bit) and there is now only one copy of jucheck.exe on the machine, interestingly with a date of 18th Feb 2010, older than the four pre-existing versions, suggesting that all four of the others were trojans.

To be honest, I still don’t know whether this was a trojan or not. I’ll wait until Java tries to update itself again and see if any more files appear.