Java Script Trojans

Avast Free Antivirus / Premium Security
1

I have noticed an increase in the number of java script trojans. They have been present on my system. The only thing that I don’t understand is that Avast isn’t catching them. The only thing I can figue is that Avast isn’t detecting them or I have updated Windows enough to stop the trojans from activating or that Avast is keeping them from activating. But they have always or most always attached themselves to a Java file. The trojans don’t seem to do anything that I can detect. Any thoughts on all this? I am running Windows XP SP 2 and Firefox as my default browser and Thunderbird for email. Also have the Sygate firewall installed. Almost forgot my version of Avast is 4.5 Professional. All in all I have been happy with Avast.

Best Regards,

Dean

2

How do you know you have trojans?You state"avast isn’t catching them",what program is reporting trojans on your system?
-max

3

This is what I mean. There was no notification of these Trojans on my system from Avast. I had to do a boot scan to find them.

from file aswBoot.txt

12/05/2004 06:33
Scan of all local drives
File C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-19061f19-2a8d32d4.zip\GetAccess.class is infected by JS:ClassLoader-7 - Deleted
File C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-19061f19-2a8d32d4.zip\InsecureClassLoader.class is infected by JS:Exploit-Bytverify-11 - Deleted
File C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-19061f19-2a8d32d4.zip\Installer.class is infected by Win32:Trojano-477 [Trj] - Deleted

OK~~Thanks!

4

Check your advanced settings so you will be notified.
-max

5

Ensure that you have the latest version of Sun’s Java Virtual Machine, this should block any of the JVM exploits.

Clear your Java cache.

Ensure that you have standard shield set to high with scan all created/modified files.

http://img.photobucket.com/albums/v325/for-dwr/scanner-adv.jpg

6

Maybe I am brain dead :slight_smile: But how do I set Avast to notify?

As Alice said “It gets curiouser and curiouser.”
Maybe I need to go find the “Whtie Rabbit”.

Thanks!

Dean

???

7

If it is exploiting a vulnerability, then things can get past initially, especially when your on-access (standard shield) scanner is set to normal, which doesn’t scan newly created/modified files (a downloaded file, browsed or otherwise has to be stored on your hdd and as such is newly created).

However if a program or you tried to open it, then the on-access scanner scans it and alerts/stops it.

If however nothing attempts to open it, then it will sit dormant on your hdd until you start and on-demand scan (boot, local drives, folder or file). The on-demand scans all files you ask it to scan, so it works in a different way.

By having the standard shield set to high it will scan newly created files and alert if required. Unless of course you have your settings set to silent mode (in the Advanced tab of my previous image).