Hey guys,

I’ve come across an issue. When I try to run the Runescape 3 client AVAST shows that Java:Agent-HOC [Trj] is present and it shuts it down in an instant.
I’ve tried running Avast full scan, along with a boot-time scan and nothing appears. I’ve tried Hitman Pro 3.7 and nothing appears.

No-one else seems to be having the issue and I don’t want to start adding exceptions in case there is a problem and it gets through the exception.

Note, avast doesn’t detect this Trojan on download or installation of the Runescape 3 Client, only during the startup and downloading of updates for said program.

Anyone have any help towards this issue?

Some info on why not to use Hitman Pro:
https://forum.avast.com/index.php?topic=145725.msg1058577#msg1058577

Appreciated, but for now it’s AVAST that’s detecting the virus

Is there any way to start off this diagnosis? scans logs etc?

You can report the file to avast as a possible false positive.

Right click the file in the virus chest and choose send, or
you can use the contact form:
www.avast.com/contact-form.php

You can also submit the file to virustotal to see if other scanners also detect it:
https://www.virustotal.com

what does avast say?..you may attach a screenshot of the message

I cannot scan the specific file as AVAST detects and blocks it ‘during’ an update. Also, I can’t find it in quarantine because of this.

image posted

you can attach screenshots here … below the box you write in, see Attachments and other options

edited

quttera suspicious http://quttera.com/detailed_report/world24.runescape.com

I get the report but what should I do for now as there is no way of changing the update path.

Heres a screenshot of what AVAST brings up when I access the game through the browser (using java, rather than the Runescape 3 client)
And this is using a different server, world16.runescape.com instead of world24.runescape.com.

It still brings up the same issue.

From what I can see from the AVAST popup that appears is that it seems to be affecting Oracles JP2Launcher.exe, could it be this that is infected???

surely if this was the case of an issue of their servers then wouldn’t others be having issues?

Sad to say I am also getting this message trying to log into runescape. I have come to 2 conclusions. This is either a virus at the game end or a false positive. seeing as I was playing the game fine yesterday morning… then yesterday evening I am thinking the former as I don’t recall an Avast update inbetween. It is also showing across 3 computers using 3 different versions of windows. The alerts are as follows. First there is an error that prevents the client or browser opening

error downloading: gamepack+lfzaM6QrqV0m3IIVyLe61eYjfHrRye5_1760942.jar (so I uninstalled and reinstalled the client just in case)

URL: url:hxxp://world15.runescape.com/k=3/gamepack lfzaM6QrqV0m3IlVyLe61eYjfHrRye5_1760942.jar|Rs2Applet.class (the world number can vary from attempt to attempt)

INFECTION: Java:Agent-HOC [Trj]

I must say the Runescape people weren’t too happy to be hinted at that they might have a virus and I was very indignant at them for attempting to malign Avast which I have used without issue for over 10 years.

Hope someone can tell me if that is a real issue or a false positive.

Clearing the java cache as described here may be effective here: http://www.techsupportforum.com/forums/f100/trojan-downloader-java-agent-aj-false-positive-465840.html (see tetonbob’s reply in there).
A proposed removal routine was found to reside here: http://blog.mitechmate.com/remove-javaagent-hoc-trj-removal-guide/

polonus