Virus

Today i was scanning my computer with Adaware Personal, and suddenly a messege popped up and said a virus was detected, so i moved it to the chest.

The file looked like it’s from adaware, so i scan with adaware again and got the same warning messege from avast.

log file:

7/4/2005 7:16:45 PM SYSTEM 336 Sign of “VBS:Malware [Gen]” has been found in “C:\DOCUME~1\Johnny\LOCALS~1\Temp\AAWTMP\C31160781\29356A\javainstaller\InstallerApplet.class” file.

7/5/2005 12:51:55 AM SYSTEM 336 Sign of “VBS:Malware [Gen]” has been found in “C:\DOCUME~1\Johnny\LOCALS~1\Temp\AAWTMP\C51271375\2FCA32\javainstaller\InstallerApplet.class” file.

Is this just a false positive or really a virus?

Thanks for any replies.

Did you tried to submit the file to virusscan.jotti.org to see if only avast detect it?

i did that and they are viruses, thanks a lot.

oh yea, and avast found some viruses during boot time scan, i chose to move them, is it like quarentining it, or just moving to a new location in avast?

Hi Johnny223,

Whenever expanding/extracting an archive (any archive, not just quarantined files), Ad-Aware extracts the files to %TEMP%\AAWTMP\xxxxxxxxx\files. This folder is created during the scan and removed upon completing the scan. (Note: the xxxxxxxx reference is to a somewhat randomly named folder under AAWTMP making it less susceptible to interference during the scan from other 'malware/software.')

http://castlecops.com/postp384672.html

What you’re seeing is avast! detecting malware as Ad-Aware temporarily expands or extracts an archive, probably in the Java cache.

It is real malware- a MS Java Virtual Machine exploit- but you should be safe if you have updated you computer in the last few years!!

To remove any malware in the Java Cache, try this:

Close all browsers, Start > Settings > Control panel > Java Plugin [version number] > Choose Cache and click remove JAR Cache.

Or you can use CCleaner: under Applications, tick Sun Java and run.

If you have avast! Webshield active, it will block this malware before it can get onto your computer in future.

Check you have the latest version of Sun Java JRE here:

http://java.sun.com/j2se/1.5.0/download.jsp

Currently at version 5 Update 4.

Uninstall all older versions from Add/Remove because they may have security vulnerabilities.

Viruses moved at boot time are harmless but still detected by a normal scan because the ‘moved’ folder does not encrypt the malware like the virus chest.

avast! can’t use the Chest (Quarentine) during boot time as the Chest drivers can’t be load at that time.
At boot time you can only ‘move’ the files to another folder which, in most cases, will avoid the virus to run.
You have to ‘send’ manually that files to Chest, analyse them, delete, etc. Hope this helps.