Are you getting messages or pop-ups while browsing the web saying:
“The page at http://s.mjytsw com says: WARNING!!! Your Java Version is Outdated, Have Security Risks, Please Update Now!”
When I got this message I was redirected to a “Java Update”. The update was digitally signed by a company called Fileangels, so it’s clearly not an official Java update. The Fileangels file is detected by some of the anti-virus programs at VirusTotal. A real Java update should be digitally signed by the company that owns Java, that is Oracle America, Inc.
I got these faked Java warnings while browsing with Firefox, but they can probably also appear if you are using Chrome or Internet Explorer as you web browser.
So, why are you getting these faked Java Update pop-ups? Most likely you have some adware installed on your machine. When I got these ads, I had lots of adwares installed on my lab machine. After removing them with FreeFixer, the “Java Update” pop-ups stopped. These where the adware programs I had and uninstalled: Browser Warden, SmartOnes, TinyWallet, BlockAndSurf, HQ-Video-Pro-2.1c.
To remove these faked Java warnings I would begin to examine the Add/Remove programs dialog in the Control Panel to see if something suspicious is listed there and remove it. Do you see some program that you don’t remember installing? If you sort the programs on the “Installed On” date, do you see anything that was installed approximately about the same time as you first noticed the “Java” warnings?
I think you should also check the add-ons installed into Chrome, Firefox, Internet Explorer. Do you see anything suspicious? Something that you don’t remember installing?
If that did not fix the problem, you can give FreeFixer a try. It’s a tool that I’ve been working on for some time now. FreeFixer is designed to help you manually identify and remove unwanted software, such as the adware that’s running on your machine. FreeFixer scans the processes running on your computer, browser add-ons, startups, scheduled tasks, recently modified files, and lots of other locations. FreeFixer is freeware and its removal feature is not crippled liked many other malware removers out there. If FreeFixer solved your problem, please help me spread the word and let your friends know about it.
Tip: If you are having difficulties to figure out whether a file or setting in FreeFixer’s scan result is legitimate or if it should be removed, please check out the information shown on the More Info page. It will show a VirusTotal report which can be quite useful when trying to determine whether to keep or remove a file.
Which adware programs did you have to uninstall to get rid of the “Java Update” warnings?
And if you are looking for the real Java download, go to the official Java site: https://www.java.com/en/
Thanks for reading.
Update 2014-10-26: These fake Java warnings are still going on. Found the same type of pop-up, but this time it mentions another web site: d.andoie.com. What web site does your warning message mention?
When clicking on the warning message, the faked Java site at phohyt.com opens up. Is this the site you are redirected to as well?
Update 2014-10-27: The pop-ups are still appearing. Now they mention d.mobcgm.com and d.mobdty.com. If clicking the OK button in the dialog, apprfv.com opens up containing a faked java update site.
Update 2014-10-30: These fake Java warnings and faked Java sites are still popping up. Today the pop-up mention www.qposwe.com and debajxcj.com and the faked site is hosted at irzsmdcs.com:
Update 2014-11-11: This is still going on. zpkaid.com is used host the fake Java Update site. The title of the page is “Update for Your Computer” and the download is signed by Safe Down.
Update 2014-11-13: Today the fake update site is hosted zrmica.com.
Update 2014-11-16: Now the fake site is hosted at zwkuvp.com.