Windows – How to remove Amazon Assistant that was installed by Java installer

javamalwarewindows 7

I recently did a clean install of Java about a week or two ago. It asked whether I wanted the Amazon button app installed. I opted NO. It still installed anyway. I removed it from Control Panel -> Programs list and restarted, but Amazon1ButtonService64.Exe is still running as a system process and has 2 .DLLs located in C:\Program Files (x86)\Amazon\Amazon1ButtonApp.

I've tried several virus/malware scanners etc. None of them pick this up.

The issue I have is:

At no stage did I provide consent to have this installed.
Program is still running as system process, despite being removed and no longer showing up on browser or programs list.

As far as I'm concerned, this is malware.

Failing safe mode removal, what other options do I have other than an OS reinstall?

EDIT:
Java installer from here: http://java.com/en/download/windows_xpi.jsp

Images from the above installer:

Best Answer

The official Java installer does not come bundled with any 3rd party software at all.

If you are getting the Amazon software as part of the payload, the only explanation is that either the installer you received wasn't genuine (possibly a browser hijack), or your machine is already infected with malware from another source.

You can check the validity of the Java installer .EXE file by right-clicking it and getting Properties for it. On the digital signatures tab, it should say Oracle America, Inc. If it says anything different, or does not have a signatures tab, then the file is not signed and is not a genuine Oracle file.

Related Solutions

Malware Removal – How to Fix Firefox Hijacked by Malware

Try looking in the config screen on firefox by putting about:config in your address bar.

See if any search options there have been hijacked. If searches are still being hijacked even in Windows Safe Mode and running firefox with addons disabled, you may have a rootkit.

Try ComboFix from Bleeping Computer, and TDSSKiller, and ZbotKiller from Kaspersky Virus Removal Tools usually work well for me detecting common rootkits.

Macos – how to install java 1.7 runtime on macos 10.9 mavericks

Yeah - this is a huge f**g hairball, thanks mostly to Apple for their blockheaded resistance to supporting their users. There are some links that seem to allow one to manage their situation. I currently use Mavericks 10.9.4. Here's my take on the way to proceed:

DISCLAIMER: I am not expert on OSX, nor with Java, so follow these instructions with care. All I can say is that they semmed to work for me.

First, know that installing the latest version of Java (the JRE) gets the latest software on your system, but your system doesn't necessarily use it! To do that, you'll need to make use of the command line. Here's what I did:

First, I installed the latest version of Java, as downloaded from Oracle's Java website. To see if the new version was 'registered' in OSX, use the following command. This result shows that the 'system' doesn't recognize the upgrade, and won't be using it.

MacBook-1:~ jmoore$ java -version
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-462-11M4609)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-462, mixed mode)

After some research, the solution seems to be the following:

MacBook-1:~ jmoore$ export JAVA_HOME="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home"

Now, let's check the version again to see if we've made any progress:

MacBook-1:~ jmoore$ java -version
java version "1.7.0_60"
Java(TM) SE Runtime Environment (build 1.7.0_60-b19)
Java HotSpot(TM) 64-Bit Server VM (build 24.60-b09, mixed mode)

OK! I think that's it.

Best Answer

Related Solutions

Malware Removal – How to Fix Firefox Hijacked by Malware

Macos – how to install java 1.7 runtime on macos 10.9 mavericks

Related Question