Avast free found 10 infected files

Avast free found 10 infected files, I sent them to the virus chest, I then did as directed and rebooted in avast bootscan and it found nothing. I then scanned again and found nothing.

Here are a couple of what it found. they all end in .class
and
6 start with xmltree
3 start with hmfvtru\

here are 2 complete ones
xmltree\rekona.class
hmfvtru\vekucmdavtbv.class

Can you tell me where they came from please? Thank you very much!

i guess from your java program…do you have latest java?
if you give full file path we may see…

what malware name did avast give?

Java exploit. Is your java version updated.

Exploit:Java/CVE-2010-0840.NS is a variant of the Exploit:Java/CVE-2010-0840 family - a detection for a malicious Java applet stored within a Java Archive (.JAR) that attempts to exploit a vulnerability in the Java Runtime Environment (JRE) up to and including version 6 update 18. The vulnerability allows an unsigned Java applet to gain elevated privileges and potentially have unrestricted access to a host system outside its “sandbox” environment. It is discussed in CVE-2010-0840.
info from MS Malware Portection Center…Do not panic it is low risk, but should be flagged…

polonus

P.S. Pondus, you beaten me to it…

Thanks to you both!
what malware name did avast give? I did not see one

How do I flag it?

I always click the java update when it comes up, how do I be sure and how do I not get this again?
Do I get it on sites like youtube , isn’t java for viewing or sound?

Thanks for the wonderful help!

It is all with java in the browser, disable and enable only when needed.
See the avast Software Updater for your software to really be up to date,

polonus

what malware name did avast give? I did not see one
you said you moved them to virus chest..... so you find out if you look in the chest. :)

yes it is java. I am not understanding how do flag it.
I checked in avast and it is up to date.

may I ask what this means please? It is all with java in the browser, disable and enable only when needed.

Thanks for your patience!

meaning the Java in your browser was comprosmised I believe. Bascially you should disable Java when you’re not needing it. It makes things easier to exploit when it’s actually on.

See this site for an explanation: http://www.java.com/en/download/help/disable_browser.xml

Thanks, I disabled it under sercurity in java. Will it prompt me when I need it?
Thanks!

Yep, you are prompted whenever java is needed and you can then decide in what case you allow it to be run.
Also check with the avast software updater your java version is up to date,

polonus

Thanks all is well!