I am admittedly ignorant about what I need to post here so be gentle with me. I had a warning pop up this morning that I am infected with Win32:Trojano-477 [Trj] . I ran a scan and moved the files to the chest. The files infected are showing under my documents and settings as Application data\Sun\Java\Deployment\cache\javapi\v1.0

What do I need to do to make sure I am not compromised here? I had a total of 7 files infected. I moved the first 3 to the chest and then deleted them in a panic (which I am reading maybe I should not have done) and then 4 more showed up. I moved those 4 to the chest and they remain there now.

I am running Windows XP Home Edition and use Mozilla and Thunderbird for my browser and email respectively. I will occasionally open a site on IE if I can’t get it to work properly through Mozilla but use Mozilla as my default browser. I have previously downloaded MS Service Pack 2 and should be up to date on Windows Updates.

What is my next step here?

If an infection is found:

• move the file to the chest
• submit the file to Jotti to check
• in addition to Jotti you can also use google to find out more about the file.

note: look also at the location. explorer.exe in \windows\ is normal, but explorer.exe in \windows\system32\ is not!

• if it is indeed infected delete it, if not putit back and submit it to virus@avast.com in a pw protected zip and mention you think it is a false positive (and why ofcourse) and the pw in the message body

If you want to check your system properly, click on the link in my signature and follow the instructions in the malware removal section.