Just want to make sure I handled things right

I did a normal scan because I hadn’t done one in a while. It found a RelevantKnowledge file that it didn’t like and I moved it to the Chest (default option). It asked me if I wanted to do a boot-time scan to be safe, so I did. This time a similar file (maybe the same?) showed up, so I chose to delete it. Then a few more infection were found and I moved them to chest. First of all I want to know if my actions (deleting and moving to chest) were correct. It would be nice to have a recommended option, especially during the boot-time scan when I can’t look up what I should do.

Also, after the scan, Windows didn’t start. There was a black screen with an error that said “Interactive logon process initiation has failed. Please consult the event log for more details.” I clicked on OK in that window and then the mouse was frozen on the black screen for 5 minutes before I gave up and did a hard reboot. Now things are fine, but I’m wondering what all that was about.

Here’s my boot-time scan log:

02/13/2011 14:49
Scan of all local drives

File C:$Recycle.Bin\S-1-5-21-3976190419-2382257792-1998099032-1000$RDRD2ST\AutoUp~1.cab|>_ACBDA087FE718797BB5E325512D0B967|>pdmwclient.dll Error 42127 {CAB archive is corrupted.}
File C:$Recycle.Bin\S-1-5-21-3976190419-2382257792-1998099032-1000$RDRD2ST\AutoUp~1.cab|>_ACBDA087FE718797BB5E325512D0B967 Error 42127 {CAB archive is corrupted.}
File C:\Program Files (x86)\RelevantKnowledge\yiikdoae.npw is infected by Win32:Relevant-G [PUP], Deleted
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\f34b057-36a7e9b9|>dev\s\AdgredY.class is infected by Java:Agent-BW [Trj], Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\f34b057-36a7e9b9|>dev\s\DyesyasZ.class is infected by Java:Agent-BW [Trj], Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\f34b057-36a7e9b9|>dev\s\LoaderX.class is infected by Java:Jade-C [Heur], Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\31a0f1e3-5c9c692e|>c.class is infected by Java:Jade-A [Heur], Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\627f3a69-40821e33|>main.class is infected by Other:Malware-gen, Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\627f3a69-40821e33|>Tuvvoaerffb.class is infected by Java:Jade-B [Heur], Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\627f3a69-40821e33|>h6l4.class is infected by Other:Malware-gen, Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\23b920c5-717c090d|>vload.class is infected by Java:Jade-C [Heur], Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\265480fe-52815c9c|>bpac\a$1.class is infected by Java:Agent-BJ [Expl], Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\265480fe-52815c9c|>bpac\a.class is infected by Java:Agent-BW [Trj], Moved to chest
File C:\Users\Noah\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\265480fe-52815c9c|>bpac\KAVS.class is infected by Java:Agent-BM [Expl], Moved to chest
Number of searched folders: 31719
Number of tested files: 3808566
Number of infected files: 12

If you delete as first option, you have no options left

Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

Too bad nobody cares enough to give you a solid reply. We have the same problem and I am still searching for the correct way to handle this java.agent virus on an avast boot scan detection. The black screen problem is very critical.

Since these are found in the JAVA Cache, there really is no downside if avast detects them and you send it to the chest.

The temp files in the JAVA caches could be cleared and perhaps should be on a periodic basis without ill effect. So the suggestion to clear Temp locations is sound.

The Java:Jade-C [Heur] and Java:Agent-BW are more to do with JAVA exploits, now it isn’t something which is 100% as they are Heuristic [Heur} detections, so you could send a couple of samples in the chest to avast for analysis as possible false positive.

Open the chest and right click on the file and select ‘Submit to virus lab…’ complete the form and submit, the file will be uploaded during the next update.

It is important to ensure that your version of JAVA is fully up to date (latest is JRE 6 Update 24) as these are generally security updates to close vulnerabilities that could be exploited.