Download.adware

I have this virus in the following directory, but it seems to be coming back again and again somehow: C:\Documents and Settings\John Doe\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-7f8707a0.zip

Avast hasn’t picked up on this one atm, but I believe spysweeper did.
Has anyone heard of this and how does one remove it for good?

Insight is appreciated,

kebersan

Nevermind:) I think I’ve got it.

Can’t you post how do you get it?
Could be useful for the others… 8)

For anybody with the same problem:

Remove the malware by deleting the Java cache.

(Send the file to avast! first if it isn’t detecting it- Webshield should prevent it even getting into the cache.)

Prevent reinfection by updating your system, and avoiding malware pushing sites if possible.

http://forum.avast.com/index.php?topic=13435.msg113619#msg113619

Is “C:/…Application Data\Sun\Java\Deployment\cache\javapi\v1.0.…” this an indication of version 1.0 of Sun’s JAVA and if so, isn’t there a later version that plugs some vulnerabilities?

It might be the version number of ‘javapi’- I assume some sort of cache application. The cache location is still \v1.0\ on my machine even though I have Java 5.0 update 5.

Thanks Frank, I don’t use Java at all, but I thought it looked strange.

Hi kebersan,

Some like to use Java, some don’t. You can do very nice benevolent things with Java, and it can be a great help to programmer and webmaster, but it can also be used by the malcreant. Always use the last available Sun Java version, and if you use it in a browser like FF think of NoScript. With NoScript you can have Java run or partly run at sites or part of sites as you please, run on trusted sites like this one, have no Java on sites you do not like Java to run. If you want to pre-check sites if the code there is safe, use Dr. Web’s hyperlink checker, an on-demand link checker for all sorts of browsers to pre-scan a hyperlink on the update server of Dr. Web’s in St. Petersburg. Bitdefender has a good script checker to check all the script that runs in the Microsoft environment, but Avast checks that anyway ön the fly". Surf safe, know where you are going, the Internet has its dark alleys also, think before you click, and scan, scan, scan. Learn about the code a bit, look at the source code of a page, look at the script with script blocker before you block it.

greets,

polonus

It was the leaking sieve of MS JVM that made me remove it completely from my system and never found any need to install JAVA after that. Even though I know that Sun’s Java is meant to operate in a supposed Sand Box environment, I still haven’t found a need for it.