Octopus Scanner Malware

It is a virus that affects NetBeans projects and newly built jar files.

The virus is in this path: C:\Users\(your name)\AppData\Local\Microsoft\ExplorerSync.db
The .db file is actually a jar file, delete it.

The virus schedules a task to run itself again every minute.
Enter this command in CMD to delete the task: schtasks /DELETE /TN ExplorerSync
CMD will ask you YES or NO, type y and enter.

Affected NetBeans projects have a cache.dat file in the nbproject directory, delete the .dat file.
Affected jars have a class that has a number at the end of its name. For example, if a jar has Texture.class then the infected one is Texture1.class

For more details, see https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain

2 Likes