Is this a new virus as I did a full scan on my PC last night and this has now been picked up as
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\PV8QCSZK\java[1].htm" is infected by "JS:Downloader-NM [Trj]
This machine has only been running Avast for less than a month and a full scan was done upon install so either this virus is a new definition or the infection has occured whilst using Avast.
It is my own personal machine and I have very cautious browsing habits so it wouls not have been near any particularly dubious sites.
The plot thickens, so a little history is required.
I noticed that Avast has included this Virus in its definitions on 2/3/10 so it obviously is a new definition.
However this is where I am getting confused. Upon finding the infection I restored the using a ghost image taken a couple of weeks ago, I then downloaded the Microsoft patches from that week (The web browser selector). That is all I did before running the scan and it came up still finding the virus.
This morning however I restored exactly the same ghost image and downloaded the latest virus definitions again, I check the Temporary internet files but could not see the infected file. I ran a scan and still could not detect it. The only things that differ are that the Virus defs are slightly newer and I have not yet re-downloaded the microsoft patch.
Having now applied latest MS patch for Web browser and performed all the actions I did last time after restoring ghost image, the latest virus definitions are no longer detecting this virus. I am beginning to believe it was a false positive from the definitions dated 2/3/10 that was resolved over the past 24 hours.
I doubt that as avast has in the past been very accurate in this regard. However if you have cleared your browser cache in any way, manually or auto clear after a period then the file wouldn’t be present to be detected.
Me I wouldn’t have gone to much trouble and just cleared the browser cache.
I have always adopted a zero tolerence strategy when it comes to viruses. Even if A/V tells me that it has detected and cured a virus I will always revert back to a ghost image as I take monthly backups. As I have already said I reverted the machine back to an image taken on 22/2/10 last night at around 18:00 and applied the intervening MS patches only to find the infection still existed. This morning I reverted back to the same image and did exactly the same and this time no infection was found.
I am also running 4 other machines on the same network with no reports of infection.
Interesting to see what is flagged and why it is flagged.
Upload the file in question to virustotal.com and report back here.
Also a review from wepawet would be interesting to see.
If indeed infected, you could do a system cleansing with this tool: