False alarm when I run sysclean?

Viruses and worms
1

Hi there, I have a Trojan which I’ve been unable to get rid of :-\ I scanned using TrendMicro HouseCall, it identified WORM_AGOBOT.JR but was unable to clean the file “because it is currently in use”

It identified the location as C:\Docs and settings\my name\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderf9c.jar-1833c94e-70c54201.zip

I tried following their instructions, but was unable to find Configuration Loader “svchost2.exe” in the Registry Editor.

Sorry for waffling on before getting to the point mentioned in the header. Downloaded sysclean and latest pattern thing, tried to run it, and Avast went crazy, identifying sysclean.exezz as a virus.

Just wanted to double-check with you whether it’s safe to come offline, disable Avast, and run sysclean? It would be a bit ironic if it really was infected, and added to my woes ;D

2

Yes, the sysclean warning is a false positive.

The file loaction quoted is the location of the Java cache: remove by deleting the cache as described in the link below.

Then run an avast! boot time scan and Sysclean in safe mode as a double check. (Tap F8 while rebooting.)

Java exploits may arrive in the Java cache when visiting a site which pushes malware.

Anti-virus programs detect such malicious applets (Java exploits) in the following directory:

C:\Documents and Settings<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011).

If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer.

http://www.java.com/en/download/help/cache_virus.xml

Older versions of Sun Java were also vulnerable to exploits so it’s vital to update to the latest version AND TO UNINSTALL OLDER VERSIONS.

Download the latest version of Java JRE here:
http://java.sun.com/j2se/1.5.0/download.jsp

More info here:

http://www.geocities.com/dontsurfinthenude/java.htm

3

Thanks for the advice. I’ve cleared the Java cache, uninstalled Java, rebooted, scanned. Now…just about to download the new version of Java, and hope for the best ::slight_smile:

Will post my progress on here, in case it helps anyone else.

4

Thanks so much for the great advice! I’d been struggling with that Trojan for days, and the advice given elsewhere was so complicated that I knew I’d make a mess of my whole pc if I followed it.

Now Trojan-free ;D