I'm guessing I allowed the (movie) ALIEN-esque beast to commandeer my win-7 box when I allowed a program called "jucheck.exe" by verified publisher "Oracle America, Inc." to run & access registry. It touted that a JavaScript update is available.

I'd declined this request a couple times before already over the past week or so, thinking, if it aint broke don't "fix it". But with each reboot, when the desktop would come up, the screen would immediately dim and I'd get the request for this program to access registry to run. This is slightly unusual, IIRC, normally they first post a dialog box asking if I wanted to do a given update, and once I okayed that, THEN the dim screened reg-access request would come up. But this bugger seemed to bypass that and go straight to the windoze reg-access request.

So the request appears legit, and I gathered it would nag me with every reboot, so I gave in and let it "update Javascript". It seemed to do it's thing uneventfully, no more dialog boxes etc, and I launched firefox to begin doing my usual thing. Within minutes, I was getting obnoxious popups from this obviously fake "antivirus"program ("System Care Antivirus") giving me dire warnings of all the trouble I'm in, and to "click here to remove" the long list of problems. I could X-it-out and it would force me to answer if I was sure I wanted to continue unprotected. I'd confirm, and it would go away for the next 2-5 mins, when the next popup would hit, overlaying all other open programs until it was dealt with.

Every firefox page I'd try to visit, would give me the 'page blocked, contains malware, close or ignore this warning & proceed?' page. I'd ignore the warning and proceed, and it would go to the page no problem (these are my most commonly visited pages). I launched IE and it behaved the same way.

It also blocked opening programs, saying they were blocked coz they were "infected". I had a copy of the Avast! install program in my Downloads folder from when I downloaded/installed it a couple months ago, and subsequently removed it coz it was compromising my system too much. So I tried to launch that file and install Avast again, and this "System Care Antivirus" virus would block it with the "infected..." BS.

So I searched "System Care Antivirus"-- and guess what? The top search results appear to be fake 'help' pages, all describing the malware's behavior perfectly complete with the same screenshots of it's various warnings & popup consoles; warning you not to buy their $99 removal program, and after all that "good advice", then pointing you to a "removal program!" :o Some Startpage search results for "System Care Antivirus" (the ones I suspect are fake, in cahoots with the virus itself):




Remove System Care antivirus - wintips.org (http://www.wintips.org/remove-system-care-fake-antivirus/)

www.wintips.org/remove- (http://www.wintips.org/remove-)system-care-fake-antivirus/ - View by Ixquick Proxy (https://ixquick-proxy.com/do/spg/proxy?ep=47316f5552794d4c44416b2b423155494d52776a4 479555753555a5941514a4e544674634748515a4d674236474 47843444170794b46304a5042454258446b5a4755784c41457 7664777746347795542546e316e4a476c4541414e6b4a48593 346326751665141395033523255316457574151534854314d6 3776747546a784343425574473130635042516a58534266433 06f57426c706257316f535479524963454a464143465248415 92b446745654e313073577a34595355684e4255394b5251516 34432395264454a5a416935435642413843526f4f5a4649305 26a31565847516352336b664733384e486a345364317448465 35a47476b6b3247567465613377795679416647554155426b5 a4a5856775852437064636c63454279356444456f344255675 34c314d79527a355658574d664146746258566848586938494 e56424d5648315455414668586c6c4e616c787a43793949436 b4d4251313449536c68444443383d&epile=4q6n41784q7n41344q4449774r5638344r5335725n58 6o3q&edata=8c21b945876e8d3fcf6ef91a886c6a35&ek=656n4970595538326157645n617n7837575470414q6o317 762795535645438364o546p3661556o38&ekdata=2c1d8a29b0848aae0d432c9cc26759e9) - Highlight (https://ixquick-proxy.com/do/spg/highlight.pl?l=english&c=hf&cat=web&q=%22System+Care+Antivirus%22&rl=NONE&rid=OJLNRPOMMPQO&hlq=https://startpage.com/do/search&mtlanguage=english&mtpl=ff&mtcat=web&u=http:%2F%2Fwww.wintips.org%2Fremove-system-care-fake-antivirus%2F)
31 May 2013 ... System Care Antivirus is a fake antivirus and upon installed in your computer, it claims that malicious threats are found on your computer and it ...



Remove System Care Antivirus virus (TUTORIAL) - Malware Tips (http://malwaretips.com/blogs/system-care-antivirus-virus-removal/)

www.malwaretips.com/blogs/ (http://www.malwaretips.com/blogs/)system-care-antivirus-virus-removal/ - View by Ixquick Proxy (https://ixquick-proxy.com/do/spg/proxy?ep=47316f5552794d4c44416b2b423155494d52776a4 479555753555a5941514a4e544674634748515a4d674236474 47843444170794b46304a5042454258446b5a4755784c41457 7664777746347795542546e316e4a476c4541414e6b4a48593 346326751665141395033523255316457574151534854314d6 3776747546a784343425574473130635042516a58534266433 06f57426c706257316f535479524963454a464143465248415 92b446745654e313073577a34595355684e4255394b5251516 34432395264454a5a416935435642413843526f4f5a4649305 26a31565847516352336b66473338584343564c5955424d465 35a47476b6b364246466561337769586949584841414c4d307 844576b3066424752665955424d5443355948513476416b344 f4b686332577a38464841684c45464a5658316757544874364 a6b644e414474585641552f586c6c4a6177317a566e7753583 059495277316547676b5a5858315a4f4149635548674744313 438&epile=4q6n41784q7n41344q4449774r5638344r5335725n58 6o3q&edata=616a965498dcdbe0d24a08bda4c28a83&ek=656n4970595538326157645n617n7837575470414q6o317 762795535645438364o546p3661556o38&ekdata=77a5a32c31c2c8e82f1f1024a4e7e491) - Highlight (https://ixquick-proxy.com/do/spg/highlight.pl?l=english&c=hf&cat=web&q=%22System+Care+Antivirus%22&rl=NONE&rid=OJLNRPOMMPQO&hlq=https://startpage.com/do/search&mtlanguage=english&mtpl=ff&mtcat=web&u=http:%2F%2Fmalwaretips.com%2Fblogs%2Fsystem-care-antivirus-virus-removal%2F)
29 Jun 2013 ... This page is a comprehensive step by step guide on how to remove System Care Antivirus virus from your computer.





and this cleverly domain-named page http://www.systemcareantivirushelp.com which I'm not getting in the search results again for some reason, but it appeared as top result in a previous search. Notice all these (fake) 'help' pages urge you to "Download Removal Tool!", another executable, which I didn't, of course.

One of the (guessing) non-fake pages, a Yahoo! Answers page (http://nz.answers.yahoo.com/question/index?qid=20130707001223AAD1C3r), had a reply advising downloading Malwarebytes Free edition, which I did. But trying to launch it, 'guess who' blocked it, saying it was "infected!:o" So this beast is really friggin comprehensive, with their own fake 'removal help' pages topping the search result for their malware's name!

I rebooted and went to Safe-Mode With Networking. I was able to successfully run the Avast! antivirus install program from there. Ran a scan.... "No threats found"....

So I ran the Malwarebytes install prog which I'd downloaded previously but the malware was blocking me from launching. It launched and installed, scanned, and identified 2 infected files, which I had it remove. I rebooted into normal windoze, and that's where I am now-- things ALMOST appear normal again.

Abnormality is, upon reboot, I got the friggin dim-screened "jucheck.exe" by verified publisher "Oracle America, Inc." permission request again! I declined, and my box appears to be running normally otherwise. BUT there is a "System Care Antivirus" shortcut on the desktop, and I get periodic "Java Update Available" bubbles appearing from the windows "tray", which if I click on, dims the screen and wants to run the jucheck.exe virus-installer again. So this beast lives on... and will presumably continue nagging me, until further notice! I go to Add/Remove Programs, and there is nothing listed named "System Care Antivirus". Big surprise. :|~

Abnormality is, upon reboot, I got the friggin dim-screened "jucheck.exe" by verified publisher "Oracle America, Inc." permission request again! I declined, and my box appears to be running normally otherwise. BUT there is a "System Care Antivirus" shortcut on the desktop, and I get periodic "Java Update Available" bubbles appearing from the windows "tray", which if I click on, dims the screen and wants to run the jucheck.exe virus-installer again. So this beast lives on... and will presumably continue nagging me, until further notice!


BTW, this "Java Update Available" bubble which prompts running jucheck.exe, appears stemming from the familiar JAVA logo icon in the system tray: a white cup of steaming coffee on an orange background.

http://tecadmin.net/wp-content/uploads/2013/02/java-logo.png

I realize Java is a product of SUN Micro, not Oracle. This was a minor point of concern when I allowed the "jucheck.exe" by verified publisher "Oracle America, Inc." to run & access registry.

This discussion page
Java, Oracle America Inc and jucheck.exe - legit ID help (http://www.bleepingcomputer.com/forums/t/487541/java-oracle-america-inc-and-jucheckexe-legit-id-help/#entry2995818)


has a reply saying:


Hello -

Sun MicroSystems and Oracle both supply legal downloads of Java - [...]




^ True? ???
Another search result is this YT vid, which it appears might be legit:

How to remove Remove System Care Antivirus spyware (Removal guide) (https://www.youtube.com/watch?v=eiR6xT00A_k)


https://www.youtube.com/watch?v=eiR6xT00A_k

juscheck is usually legit. annoying but legit. the system car program is probably not. Saying that because your last post was unclear about which was legit. One of those hijack hostage infections. Your PC is infected by 16000 viruses and trojans. Pay $49 to remove them.

Time to check that your browser plugins are all working. Ad Blocker, popup blockers and so on/ I am using Add blocker plus and ghostery to stop popups/popunders/framed trackers like googleanalytics and worse.

Browser tool bars are the other problems as I think these download some of the hijackers. There are some obscure tool bars out there. I hate them all except I use the google search one. I tried using start page and so on but I can't work without a good knowledge resource and googles it for now.

Abnormality is, upon reboot, I got the friggin dim-screened "jucheck.exe" by verified publisher "Oracle America, Inc." permission request again! I declined, and my box appears to be running normally otherwise. BUT there is a "System Care Antivirus" shortcut on the desktop,

I launched this shortcut just to see what would happen. Got:

http://gold-silver.us/forum/attachment.php?attachmentid=5159&d=1375427331

So I removed the shortcut, as Malwarebytes apparently disabled the malware or whatever; but it seems to lay in wait for me to run the bogus jucheck.exe prog again.

Maybe delete javascript, and reinstall?

do you have Spybot Search and Destroy? Could be the next one to run. Other tools are Hijack this although I am no expert with that one it can show you odd filename and registry settings which you can track down and remove manually.

PC do you have System restore enabled on your PC? Right click My computer, Properties. Looking for System Protection or System Restore. You want to disable system restore when you are cleaning up a PC because it will reinfect on each reboot.

Go into your browsers and look at plugins, helper apps, extensions and make sure there are none still installed that you don't want. You might find some that are there but they don't show up in the actual browser window itself.

My Add/Remove Prorams lists 2 Javas- One from publisher Sun: Java(TM) 6 Update 20 (64-bit) apparently installed with the 2010 factory windoze; and the other: "Java 7 Update 17" from 'Oracle' apparently installed this past March 2013. Screen shot with all the other stuff edited out:

http://gold-silver.us/forum/attachment.php?attachmentid=5160&d=1375429536

So I'm gonna remove that 'Oracle Java' now, and reboot, and see if the "update (Oracle) Javascript" nag is still there. I'll come back & edit this post when I'm back from reboot and have more to say.

BTW, anyone else have this "Oracle Java" listed in their 'Uninstall or Change a Program' (found in Control Panel)?


UPDATE: apparently printscreen doesn't work in the dimmed-screen reg-access permission page so I can't give screencap; but trying to uninstall Java 7 Update 17 from 'Oracle' results in a windoze R U Sure? prompt, followed by 'Preparing to remove...' box, followed by this dimmed-screen reg-access permission request page:



Program name: Java SE Runtime Environment 7 update 17
verified publisher: Oracle America, Inc.
file origin: Hard drive on this computer




So, leery of this "publisher" whose jucheck.exe apparently installed the fake antivirus malware... I've so far declined this permission.

What do you think? Should I... ???

I have "Java 7 Update 21" listed in mine. Installed in March this year.

I actually have a java update pending. I wonder if it's safe :p

^ "... Update 21" is diff from my "Update 17" (installed 3/11/2013). Do you also have Sun's Java(TM) 6 Update 20 (64-bit) ?

Does the orange Java prog in your system tray tell u an update is available? and if so, does it try to run jucheck.exe from publisher Oracle?

See my updated reply 2 up ^^ re what happens when I try to remove the Oracle Java... ???


Maybe I should follow this 3 min YT, How to remove Remove System Care Antivirus spyware (Removal guide) (https://www.youtube.com/watch?v=eiR6xT00A_k) - YT comments appear to approve it... but again this malware is so comprehensive, I'm afraid they'll have fake YT 'help' vids with shilled comments!


damn demjooz! :o:-[
http://i.imgur.com/UjuUyT0.jpg

Ive given up on java as I dont need it much and its a hassle now

do you have Spybot Search and Destroy? Could be the next one to run.

I updated & ran spybot. It found:

W3i.IQ5.fraud (2 entries) (Type: Adware)

So at the end of the scan I told it to remove that selected adware. It said:




This action may not be performed completely since your are not an administrator.
If you want this performed for all users, please run this application as an administrator.



I beg it's pardon?!:o I'm the only user account, password protected; "Guest" acct is disabled. Mine is the Administrator; the 'User Accts' says so! I OK'd that message and got:




Some problems couldn't be fixed; the reason could be that the associated files are still in use (in memory).
This could be fixed after a restart.
May Spybot-S&D run on your next system startup?



I said okay, and manually restarted. It didn't automatically launch upon restart. I launched it, and ran the scan again. Same result at the end when I tried to remove the adware (same 2 entries as b4)-- couldn't coz I'm not adminstrator. A search for the file name turns up many pages telling how to manually remove, though. Guess that might be next.

What did nag me upon restart though was my friend, the dim-screened "jucheck.exe" by verified publisher "Oracle America, Inc" reg-edit request. I declined, of course. I still haven't removed the Oracle/Java from Programs... one step at a time. Maybe I'll do it from Safe Mode? If possible?



UPDATE: I restarted into 'Safe Mode'. Ran spybot again, it found the same 2 adware again, and I removed them without incident this time. :)

While in Safe Mode, I went to Uninstall/Change Programs, and tried to remove the Oracle/Java. It threw an error, something about the Uninstall prog isn't correctly installed or something. I Ok'd it thinking it was just a Safe Mode thing. Restarted back into full windoze again.

Decided to remove the Oracle/Java again, this time okaying its reg-access request. It seemed to proceed fine, several little 'progress' screens zipped by, then done. Oracle/Java was no longer listed in the programs, and the icon (nagging for an 'update') is no longer in the system tray.

I rebooted, and she completed loading the windoze desktop, without the dimmed-screen Java/Oracle nag which I've been declining for the past week, finally succumbing to it just hours ago, which promptly caused the malware's complete system hijacking.
All appears to be well now,\uu\


.... for now......

http://www.scottedelman.com/wordpress/wp-content/uploads/2012/09/Alienchestburster.jpghttp://2.bp.blogspot.com/-JllODZS33kY/TvGG4QZA4mI/AAAAAAAAA2c/Zn1YY7WhRVs/s200/alien+3.jpg

good news then. Safe mode is always best if the software's interface can run in that mode. Some software will have problems such as the Administrator one. If you right click on the applications icon and choose Run as Administrator from the popup menu that should do it. Still in full windows mode it might not be enough. If you can do as you did, this is the best mode to be in.

Pat:

I feel your pain. A couple of weeks ago my PC wasn't running like its old self. Every now and then a system crash or frozen desktop - never happened before in three years of using WIN7. In any event, I went on a massive offensive campaign to remove any and all spyware from my PC come hell or high water. Here's what I used (all done in Safe Mode with Networking):

F-SECURE ONLINE SCANNER (http://www.f-secure.com/en/web/home_global/online-scanner)

ESET Online scanner (http://www.eset.com/us/online-scanner/)

EMSISOFT ANTI-MALWARE SCANNER (http://www.emsisoft.com/en/software/antimalware/)

MALWAREBYTES (http://www.malwarebytes.org/)

Superantispyware (http://www.superantispyware.com/)

SPYBOT Search & Destroy

Check System Files integrity in real time using Command Prompt, type sfc /scannow


I found a few trojans. Getting rid of them was like whack a mole. In any event, my system is now clean as a whistle and running like a top.

I retrospect, some crashs were hardware-related due to my graphics card, the bottleneck in my system. I ran stress tests on the GPU and CPU. The CPU passed with flying colors. The GPU utterly crashed and burned - rapid temp rise to 85C and then total PC lockup. I'm upgrading the GPU presently.

Good luck!

^ thanks Mambo. The box appears to be running clean again. I'll give it a few days and prolly end up deleting Avast again, coz it was causing grief before. And in the case of this malware, remember I installed Avast in safe mode from the Avast-install file I D/L'd a couple months ago. So I don't think it was compromised. I installed & updated & ran a scan with it, and it was oblivious to this malware beast! "No Problems Detected"... :O



good news then. Safe mode is always best if the software's interface can run in that mode. Some software will have problems such as the Administrator one. If you right click on the applications icon and choose Run as Administrator from the popup menu that should do it. Still in full windows mode it might not be enough. If you can do as you did, this is the best mode to be in.


You didn't mention if you also had Sun's Java(TM) installed, in addition to your Oracle "Java 7 Update 21"?

And does your Oracle Java nag you to run jucheck.exe?

Mambo- U got the Oracle Java listed in your Remove/Change Programs listing?

Mambo- U got the Oracle Java listed in your Remove/Change Programs listing?


Not on my work PC. I will check at home later and report back.

Frickin' JAVA - nothing but headaches.

1) Fresh install of Windows after a major cootie infestation is best. You don't usually need Java installed.

2) Java is a set of several computer software (https://en.wikipedia.org/wiki/Computer_software) products and specifications from Sun Microsystems (https://en.wikipedia.org/wiki/Sun_Microsystems) (which has since merged with Oracle Corporation (https://en.wikipedia.org/wiki/Oracle_Corporation)), that together provide a system for developing application software (https://en.wikipedia.org/wiki/Application_software) and deploying it in a cross-platform (https://en.wikipedia.org/wiki/Cross-platform) computing environment. Oracle (https://en.wikipedia.org/wiki/Oracle_Corporation) has been criticised for not providing Java security updates for known security bugs, for long periods of time, despite these security bugs having known exploits.


http://techsultan.com/wp-content/uploads/2013/06/9-choose_clone_mode.png


3) After a fresh install clone your system hard drive. Then the next time you get cooties just quickly restore from the uninfected cloned hard drive.

If nothing is broken then I fix nothing....my comp is 78% empty......remember that nothing is really for free, unless is only a follow up from something that you have done before..........keep your finger on the delete or stop X and if something takes to long to load then DELETE OR STOP right away.

V

Frickin' JAVA - nothing but headaches.

check out this page which came up as I was searching for info on 'Oracle Java'.


How to uninstall Java on Windows (XP, Vista, Windows 7, and ... (http://dottech.org/78080/how-to-remove-java-from-windows-guide/)

www.dottech.org/78080/how-to-remove-java-from-windows-guide/ (http://dottech.org/78080/how-to-remove-java-from-windows-guide/) - View by Ixquick Proxy (https://ixquick-proxy.com/do/spg/proxy?ep=4d30304561435a474652737147783863465255725 4316b58626c45614a574d4a4a51706d4b4278755242314c516 e554265535965534638695853684b4d426450504249354b516 b6b46563161584230654379494948523552666d39714b44315 4445351554751396c55305131475234334577684b5a4559435 332596951777453436b4d4e4d7a634f43686f6f52463032645 4414649306432494263586632556b4e525a4656544d484f674 6716567632f4779676d59585a325543306f4342556847676b4 646316c62566a78634f7749624a424d714b5273524a4246534 b6a394b4742676b4255556145456c665745646455557457525 54932444273764e67634358784d765a7a6f544f77595546324 e565756564d485451375344557254526f45475163794846704 74c416454596a45664251675554435a5258535979505549786 16c38644c304d43466b74565533424e63785141556a4567425 534744579686650524d4b486834754f7a734e6141674641566 8764278384943686c44474873664f306753463031524b55554 f5a45524e4c336359456b5636526b566153316437524641516 67773616144306264517877616849524841314958425630594 13d3d&epile=4q6n41784q7n41344q4449784q5638324p6q746p6551 3q3q&edata=3dc05f6386ce91b3e5bd1d6b2463a01d&ek=55695535546o70376348564r64335n7666544r49636n467 853444n375556352o514768415753456o4n57737161535n455 56r52724n69744p4q45316864586o355657425752325242657 96p78617n5n7265305n706158743654316842586p67685n454 n396647744s497n465864586445653230345158564459436p5 1496q672o6232684q586p4n3859336p4n59573931586r6p725 1476p51556r73714q53707163444133504663366430596q4r4 65676564764724q446o6q646o56456553684n626r31315n474 r306555386s576r427656484n4r5444567953337839546p426 p6133314664795n794r6951724o4463784q4355784q434r526 1535n4o574742754r6q42485156646r53335n6o6531347n503 34q686155524p4o31526663473168657946484954497957486 432555841364r303478666q41314q6p4n475743465n5244427 653475977554878745930683956695n474s6p35584o4470435 06p6s3655487838657n4r45576o317352573533626n5643634 85n6q626r593061315n3454694632636q686n62324r37&ekdata=a46f95b88b143a37521aaf2f2af17bf2) - Highlight (https://ixquick-proxy.com/do/spg/highlight.pl?l=english&c=hf&cat=web&q=Java+SE+Runtime+Environment+7+update+17+verified +publisher%3A+Oracle+America%2C+Inc.&rl=NONE&rid=MGLNRPOOMQOP&hlq=https://startpage.com/do/search&mtlanguage=english&mtpl=ff&mtcat=web&u=http:%2F%2Fdottech.org%2F78080%2Fhow-to-remove-java-from-windows-guide%2F)
31 Aug 2012 ... Program name: Java SW Runtime environment 7 Update 21. Verified Publisher: ORACLE America, Inc File Origin: Hard Drive this computer




It talks generically about 'Java', but then tells you how to remove ORACLE's java, with no mention that SUN is the publisher of Java. I wonder if they realize?

edit:

2) Java is a set of several computer software (https://en.wikipedia.org/wiki/Computer_software) products and specifications from Sun Microsystems (https://en.wikipedia.org/wiki/Sun_Microsystems) (which has since merged with Oracle Corporation (https://en.wikipedia.org/wiki/Oracle_Corporation)),
well that 'splains a thing or 2! ^




Without (Sun's) Java, won't pages, YTs, etc not load properly?

I've had NoScript (https://addons.mozilla.org/en/firefox/addon/noscript/) installed for a couple years, which I'm happy with. Blocks all scripts on pages you've never visited & whitelisted before-- tells you at the bottom of the browser when it's blocking scripts. You can tell it to allow them for this visit (temporarily) or permanently, and then it reloads the page with all the whistles/bells the page was written to display.

I've also had DoNotTrackMe (https://www.abine.com/how-donottrackme-works/) installed for the past month or so- also very happy with it.

Without (Sun's) Java, won't pages, YTs, etc not load properly?



I never installed Java. Never.

:rolleyes:

so are you saying ^ I could/should remove Sun's Java(TM) 6 Update 20 (64-bit) and I wouldn't notice a thing on all the webpages which run scripts?

so far, with

Java SE Runtime Environment 7 update 17
verified publisher: Oracle America, Inc.

...removed, I've noticed no diff. YT pages load & play fine, for example. Still surfing.. might take awhile to find webpage problems stemming from my removal of the above.

so far, with

Java SE Runtime Environment 7 update 17
verified publisher: Oracle America, Inc.

...removed, I've noticed no diff. YT pages load & play fine, for example.



:rolleyes: exactly. If you have any software installed that "requires" Java...get rid of it.

Pat , I had the same virus on my comp a few weeks ago...

Pretty easy to get rid of I just followed the instructions here http://www.bleepingcomputer.com/virus-removal/remove-system-care-antivirus

I checked my firefox add-ons page. One listed, and not 'disabled', was this: https://addons.mozilla.org/en-US/firefox/blocked/p428




Add-ons for Firefox (https://addons.mozilla.org/en-US/firefox/)
Blocklist (https://addons.mozilla.org/en-US/firefox/blocked/)
Java Deployment Toolkit (click-to-play)

Java Deployment Toolkit (click-to-play) has been blocked for your protection.

Why was it blocked?The Java Deployment Toolkit plugin is known to be insecure and is unnecessary in most cases. Users should keep it disabled unless strictly necessary.Who is affected?All Firefox users who have this plugin installed.What does this mean? The problematic add-on or plugin will be automatically disabled and no longer usable.

When Mozilla becomes aware of add-ons, plugins, or other third-party software that seriously compromises Firefox security, stability, or performance and meets certain criteria (http://wiki.mozilla.org/Blocklisting), the software may be blocked from general use. For more information, please read this support article (http://support.mozilla.com/kb/Add-ons%20Blocklist).

Blocked on July 18, 2013. View block request (https://bugzilla.mozilla.org/show_bug.cgi?id=636633).

I clicked to 'disable' it; but if I read the above correctly, Mozilla universally blocked it as of July 18. I suspect it was exploited to get this "System Care Antivirus" thing installed. But if so, why did it wait until now to install itself?

I have no memory of explicitly allowing that add-on. I think it prolly just installed itself when I accepted a past Java auto-update from SUN/Oracle.