Virus of Other: Malware-gen can detect by Thorough scan but not in standard scan

[hihikaren]

I am the user of Avast 4 Home Edition antivirus software nearly for 6 months and for the safety reason, I am usually perform the standard virus scan for all my local non-removable disks with archive files and the result is no files was infected.

However, later for the more safety reason, I perform the Thorough scan for all my local non-removable disks with archive files yesterday (i.e. This is the first time to perform the thorough scan) but the result is 7 files were infected by virus of Other: Malware-gen and I take the recommendation of Avast and moved all these 7 infected files to virus chest immediately. The information in virus chest are as follows:

7 files were infected by virus of Other: Malware-gen
Name:   BnnnnBaa.class
   Bnnnnn.class
   Den.class
   Din.class
   Dnnny.class
   Dun.class
   VaannnaaBaa.class

Original Location:
C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-79dcd28e

In my Log viewer, there also had the warning section, and the description is Sign of "Other: Malware-gen" has been found in 
“C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-79dcd28e\BnnnnBaa.class” file.
“C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-79dcd28e\Bnnnnn.class” file.
“C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-79dcd28e\Den.class” file.
“C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-79dcd28e\Din.class” file.
“C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-79dcd28e\Dnnny.class” file.
“C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-79dcd28e\Dun.class” file.
“C:\Users\Karen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\7836d960-79dcd28e\VaannnaaBaa.class” file.

My virus database version is 081221-0 and Avast version is 4.8.1296 and after the infected files were moved to chest, I perform the standard virus scan again and the result is no files was infected.

Today, my virus database version is updated to 081222-0, and I perform the standard virus scan for all my local non-removable disks with archive files again and the result is no files was infected.

Am I doing the right action (i.e. move the infected files to chest) when the virus of Other: Malware-gen is found…and why the virus of Other: Malware-gen cannot be detected in standard scan but can be detected in Thorough scan.

Is my notebook safe now and am I need to perform thorough scan everytimes? And do I
need to clean or remove the virus of Other: Malware-gen in the virus chest or just leave it in the chest is OK.

Thanks for kindly attention....
From Hihikaren

[Lisandro]

What about using JavaRa, remove all Java installations and also the Java itself, installing only the latest version after that?

[hihikaren]

What about using JavaRa, remove all Java installations and also the Java itself, installing only the latest version after that?

Thank you for your reply....
Because my computer knowledge is not so good , therefore I am not quite understand ....
is that you mean that I should uninstall the current java and install the most update version???
My current Java installation is Java(TM)6 Update 2 and the version is 1.6.0.20 which download from Sun Microsystem Inc. about one and half year ago before use the Avast Anitvirus software....

[Lisandro]

is that you mean that I should uninstall the current java and install the most update version???

Yes, sure.
JavaRa could help you on this and could be downloaded here: http://www.softpedia.com/get/System/System-Miscellaneous/JavaRa.shtml

[hihikaren]

is that you mean that I should uninstall the current java and install the most update version???

Yes, sure.
JavaRa could help you on this and could be downloaded here: http://www.softpedia.com/get/System/System-Miscellaneous/JavaRa.shtml

But in this moment, is my notebook is safe?
If I am not uninstall the existing java now....is that OK?
And I have found the uninstall java option after I right click the mouse....so I want to know what is the JavaRa?? is that have java uninstall tools and have update java to be downloaded???

Thanks for your advise....

[DavidR]

If you have an old version of JAVA installed then it is vulnerable to exploits.
Considering the avast detection on .class files it indicates that your JAVA was being exploited, so there is nothing to stop that happening again until you get rid of the old vulnerable version and install the latest version.

The JavaRa, just makes it easier to 1. remove old versions and 2. download the latest version of JAVA, rather than have to do it manually.

If you are happy to uninstall the old versions and find the latest JAVA version you can do it manually.

[Lisandro]

But in this moment, is my notebook is safe?

Shortly, no. David already explained that. Old Java could be (even more) exploited.

I want to know what is the JavaRa?? is that have java uninstall tools and have update java to be downloaded???

It's an accessory tool, you don't need it necessarily, but it can help installing and uninstalling.

[hihikaren]

Thanks...DavidR and Tech....

I want to say the fact is (i.e. the most update is 2 days ago) sometimes Java system will automatically informed me to update the Java but in everytime I will ignore them...so if Java informed me to update again (i.e. before I uninstall the old version one), can I choose to update...which means that the old version is updated to the latest one, but If I take this action...then is that means the old version will not need to be uninstalled....is that practice is appropriate?
 

[Tarq57]

Thanks...DavidR and Tech....

I want to say the fact is (i.e. the most update is 2 days ago) sometimes Java system will automatically informed me to update the Java but in everytime I will ignore them...so if Java informed me to update again (i.e. before I uninstall the old version one), can I choose to update...which means that the old version is updated to the latest one, but If I take this action...then is that means the old version will not need to be uninstalled....is that practice is appropriate?
 

Hi hihikaren,
Normally (for most other software) that practice would be appropriate. In this case it is not, because Java Update does not remove old versions. It is possible to have one or more old versions of Java on your computer, even with the current one installed.
Have a look at an online update scan (for many different types of software, including Java) here http://secunia.com/vulnerability_scanning/
You can do an online scan, and/or download the PSI to install and monitor your programs. Try the online scan first. It may reveal much.

[sunrisecc]

WRT Java 6.10+, once installed, the next Java update will remove the previous version. This has worked for me on all computers that I have updated. In other words, once at the 6.10 level, all updates from then on will remove the previous version. The update from 6.10 to 6.11 did not require any manual removal.

[Tarq57]

I did not know that.
Excellent. And about time too.

[hihikaren]

Merry Christmas to everybody in avast web forum.....

Do I need to delete the 7 infected files in the chest first before I uninstall the old version Java and then install the new one?

Thanks for attention....

[Lisandro]

Do I need to delete the 7 infected files in the chest first before I uninstall the old version Java and then install the new one?

I don't think so... files into avast Chest are completely independent of uninstalling and installing Java.
If your computer is working fine, wait one week or two, right click the files into Chest and rescan them. If they're clean, you can delete them