Last night I decided to check my whole system partition with avast 2012 free. I have set all options to intense for checking for virusses, I have let avast search for rootkits and so on.
And after I went back from work avast found some files deep in my AppData folder:
Has anyone experienced such a strange thing? Can someone tell me if this could be a false-positive?
Just to be sure I removed Java and every file in my AppData folder belonging to it. I took the tool “eraser” and all files have been overwritten by the Gutman algorithm (35 times).
Given the detection rate on VT, I would say no it isn’t an FP. Also this being effectively a temp (cache) location if there is any doubt air on the side of caution treat as infected/exploit/etc.
The location in your image is the JAVA cache and it is possible to just clear the JAVA cache, however, uninstalling JAVA should have removed that folder and its contents ?
Since you had very old versions of JAVA they have vulnerabilities which can be exploited unless you keep JAVA fully up to date.
JAVA isn’t a required install, but if you have it then it needs to be kept up to date. Unless there are sites that you visit that specifically require JAVA (not javascript) or you have applications that use JAVA, then best do what you have done remove it completely.
The wondering thing about all this is that java Version 7 Update 9 was installed on my PC! I guess that was the newest one. So it is impossible for me to tell you why there was a Version 6 folder… I have never had Version 6 on this machine.
Also I do not know if the uninstaller removes the temporary folders. I have deleted them before I uninstalled Java. So who knows…
I just want to be sure that this virus has not infected other parts of my computer which avast won’t find. This night I will do a complete Boot Scan (Or however it is called) to check if the virus was deleted.
Also I am just loading Avast Internet Security (I bought this version a few minutes ago) to have a better protection!
Under normal circumstances the old version of JAVA should be removed when you install the newer version. But I can’t account for why it had appears to be JAVA 6 cache entries, unless they are a legacy thing. That said I fee the Uninstall should remove the JAVA folders, you can of course confirm those folder locations have been removed using windows explorer.
I don’t believe there is a high risk of and spread to the rest of your system, though a boot-time scan should reasure you of that.
You could also run MalwareBytes Anti-Malware (MBAM), On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. Download, Install, Update, Run and post the contents of the log (if anything is found).