We have multiple clients getting constant Web Shield virus alerts from http://sdlc-esd.sun.com/ESD6/JSCDL/jdk/7u17-b02/jre-7u17-windows-i586-iftw.exe?AuthParam=1365185066_59d3789dd2122485eee7fcb2d9955f3c&GroupName=JSC&FilePath=/ESD6/JSCDL/jdk/7u17-b02/jre-7u17-windows-i586-iftw.exe&File=jre-7u17-windows-i586-iftw.exe&BHost=ja|>[UPX]

Anybody else?

Post the screenshot of detection and send the sample to virus@avast.com, please.

Milos

avast! [BCS24]: File “http://sdlc-esd.sun.com/ESD6/JSCDL/jdk/7u17-b02/jre-7u17-windows-i586-iftw.exe?AuthParam=1365190814_0b77a6270a3c276593cdec855f0b9032&GroupName=JSC&FilePath=/ESD6/JSCDL/jdk/7u17-b02/jre-7u17-windows-i586-iftw.exe&File=jre-7u17-windows-i586-iftw.exe&BHost=ja|>[UPX]” is infected by “Win32:Evo-gen [Susp]” virus.
“Web Shield” task used
Version of current VPS file is 130405-0, 04/05/2013
that is what gets blocked and then that is followed by a:
avast! [BCS24]: File “C:\DOCUME~1\Mdean\LOCALS~1\Temp\BIT34.tmp|>[UPX]” is infected by “Win32:Evo-gen [Susp]” virus.
“File System Shield” task used
Version of current VPS file is 130405-0, 04/05/2013

This started happening this morning and is effecting many of our clients.

It seems like it is an issue with java and avast…not sure if that helps…

Send us the sample to analyze, it should be in virus chest, put “False positive” to email subject.

Milos