false positive?

brihy1 · December 21, 2010, 2:33am

ran a boot time scan ais and found the file cdas\Mort.class - Java:Jade-A(huer).it was in the java cache folder.tested on virustotal and only avast 4-avast 5-and gdata found it.i sent it via avast chest.how come when i right click the restore option is greyed out?

system · December 21, 2010, 2:52am

Don’t think is a false positive.

18.12.2010 - 101218-0

Java:Jade-A [Heur], Java:Jade-B [Heur], Java:Jade-C [Heur], VBS:Agent-HY [Trj], Win32:Agent-AMNK [Trj], Win32:Alureon-MW [Rtk], Win32:Alureon-MX [Rtk], Win32:Alureon-MY [Rtk], Win32:BackDoor-VD [Trj], Win32:Backmon [Rtk], Win32:BadJoke-Q [Joke], Win32:Bancos-BNR [Spy], Win32:Bancos-BNS [Spy], Win32:Banker-HCG [Spy], Win32:Banker-HCH [Trj], Win32:Bifrose-EUQ [Trj], Win32:Crypt-IFA [Drp], Win32:Crypt-IFB [Drp], Win32:Crypt-IFC [Drp], Win32:Crypt-IFD [Drp], Win32:Cutwail-AP [Rtk], Win32:Delf-NZH [Trj], Win32:Dipwit [Trj], Win32:Dipwit-B [Trj], Win32:Dipwit-C [Trj], Win32:Dipwit-D [Trj], Win32:Dipwit-E [Trj], Win32:Dipwit-F [Trj], Win32:Downloader-FAZ [Trj], Win32:Downloader-FBA [Trj], Win32:Downloader-FBB [Trj], Win32:Downloader-FBC [Trj], Win32:Dropper-EOH [Trj], Win32:Dropper-EOI [Trj], Win32:Dropper-EOJ [Trj], Win32:FakeSysdef-F [Trj], Win32:FraudTool-RZ [Trj], Win32:FraudTool-SA [Trj], Win32:Hiloti-W [Trj], Win32:Hiloti-X [Trj], Win32:Injector-YU [Trj], Win32:KeyLogger-ARQ [Spy], Win32:OnLineGames-FVP [Cryp], Win32:Patched-TI [Trj], Win32:Qbot [Trj], Win32:Ransom-CH [Trj], Win32:Rbot-GQH [Wrm], Win32:Regrun-DQ [Trj], Win32:Renos-RN [Trj], Win32:VB-QOZ [Trj], Win32:VB-QPA [Trj]

If can,you can submit to virus lab as false positive

DavidR · December 21, 2010, 3:17am

It is a new heuristic signature specifically looking for JAVA style exploits.

JAVA exploits are normally associated with old JAVA version with vulnerabilities - I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

If your JAVA is up to date you could send it to avast for further analysis.
Send the sample to avast as a possible False Positive:
Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

I don’t know why restore is greyed out.

brihy1 · December 22, 2010, 2:00am

already sent it to avast via the chest as a false positive(i believe it is),my java is up to date.

DavidR · December 22, 2010, 2:13am

Periodically scan it from within the chest and see if it subsequently doesn’t get detected, that is likely to be your only confirmation if it is an FP and that should prompt a tweak of the Heuristic signature.

system · December 22, 2010, 6:48am

can you post your java version

system · December 22, 2010, 8:16am

The Avast Team posted here http://forum.avast.com/index.php?topic=67900.0 in Post #13 by kovac about Java:Jade-*, and what to do if you encounter them.

Asyn · December 22, 2010, 8:22am

Here’s the direct link to this post…
http://forum.avast.com/index.php?topic=67900.msg571460#msg571460
asyn

false positive?

Announcements