classloader virus???

Viruses and worms
1

???

Hi!

What is it cloassloader virus?

Every time I scan my computer – avast reports that it is infected with classloader 6 and 7 virus that resides in the java cache in my profile.

Where do I get that virus from and why avast does not protect from that infection?

Thank you

p.s.

My system: Windows XP Pro sp2, I am suing Kerio firewall 2.x, I have ADSL Internet subscription, and am using AVAST Home edition latest version with latest databases. I am also using Java 1.4.2_5 jre and sdk.

2

Hi, welcome to the forums.

You could start by doing a google search for your post’s Subject ‘classloader virus’ this returns many hits, this is just one of them http://www.f-secure.com/v-descs/classloader.shtml.

Reading some of them will give you an idea why you are being infected.

You need to ensure that you have the latest versions of Java or Java Virtual Machine if installed.

Read How did I get infected in the first place and follow Tony’s advice. He will tell you about some ways to make your computer more secure and link to some excellent free tools to help with that.

If you allow Java by default it can be as simple a website that runs a java applet on your machine and because it is an accepted download nothing gets stopped.

3

Thanks you, but it did not answered my question.

I do have use Spyware blaster, Spyware guard, Kerio personal Firewall, Avast, and was running latest JVM 1.4.2_5, now I have changed to 1.5 Tiiger latest build.

Lately I am also using Mozilla Firefox instead of Internet Explorer.

I do have latest Microsoft Updates amd my security settings are set on maximum.

Still I do not understand where that infedction does come from?

By default Java is developed so ANY APPLET CANNOT ACCESS the hard disk - it is just forbidden by default for Java Applets. This what makes Java secure platform - this is written in any book about Java.

I am also an Computer Professional and Java developer and do know that there is basically no way to pass by the Java security restrictions especially for the applets!

Another thing: is it really a virus or a feature in the JVM?

When I made a scan of the computer with some of the tools from http://forum.avast.com/index.php?board=4;action=display;threadid=5373 on a machine with a fresh installed Java, it immediately reports that there is a virus in the Java sources and I need to buy antivirus.

So what is it? Is it a marketing trick of one of the affiliate sites?

If it is really an infection, why does not AVAST detetc it at the first place and not only during the file system scan?

I am waiting for your future comments on this issue!!!

4

And why should I read from F-Secure and other competitor’s web-sites about such exploits (this is what Google returned at first)

http://www.f-secure.com/v-descs/classloader.shtml

As I understood from there: there is all because of the problems in the Internet Explorer and there is no harm done but virus still get downloaded but cannot activate

It is what said on that page. Is it true?

Thanx in advance (and would be nice if avast can catch the virus on the fly)

5

Ok.

I have tried other tools and read about Java Secutiry. This news is a bit frustrating.

I have also tried XSOFTSPY and have found 5 other trojan that AVAST was unable to find. Thank this tool.

And thank you for your help!

6

Keep in mind that Avast nor any other util is not and never will be able to detect ALL malware. That is why I always recommend to use several things as you can read on the page in my signature.