Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Endpoint Protection => Topic started by: VCW on April 05, 2013, 08:34:10 PM

Title: http://sdlc-esd.sun.com Virus Alert
Post by: VCW on April 05, 2013, 08:34:10 PM

We have multiple clients getting constant Web Shield virus alerts from http://sdlc-esd.sun.com/ESD6/JSCDL/jdk/7u17-b02/jre-7u17-windows-i586-iftw.exe?AuthParam=1365185066_59d3789dd2122485eee7fcb2d9955f3c&GroupName=JSC&FilePath=/ESD6/JSCDL/jdk/7u17-b02/jre-7u17-windows-i586-iftw.exe&File=jre-7u17-windows-i586-iftw.exe&BHost=ja|>[UPX]

Anybody else?

Title: Re: http://sdlc-esd.sun.com Virus Alert
Post by: Milos on April 05, 2013, 09:17:45 PM

Post the screenshot of detection and send the sample to virus@avast.com, please.

Milos

Title: Re: http://sdlc-esd.sun.com Virus Alert
Post by: VCW on April 05, 2013, 09:41:32 PM

avast! [BCS24]: File "http://sdlc-esd.sun.com/ESD6/JSCDL/jdk/7u17-b02/jre-7u17-windows-i586-iftw.exe?AuthParam=1365190814_0b77a6270a3c276593cdec855f0b9032&GroupName=JSC&FilePath=/ESD6/JSCDL/jdk/7u17-b02/jre-7u17-windows-i586-iftw.exe&File=jre-7u17-windows-i586-iftw.exe&BHost=ja|>[UPX]" is infected by "Win32:Evo-gen [Susp]" virus.
"Web Shield" task used
Version of current VPS file is 130405-0, 04/05/2013
that is what gets blocked and then that is followed by a:
avast! [BCS24]: File "C:\DOCUME~1\Mdean\LOCALS~1\Temp\BIT34.tmp|>[UPX]" is infected by "Win32:Evo-gen [Susp]" virus.
"File System Shield" task used
Version of current VPS file is 130405-0, 04/05/2013

This started happening this morning and is effecting many of our clients.

Title: Re: http://sdlc-esd.sun.com Virus Alert
Post by: VCW on April 05, 2013, 09:48:21 PM

It seems like it is an issue with java and avast...not sure if that helps...

Title: Re: http://sdlc-esd.sun.com Virus Alert
Post by: Milos on April 05, 2013, 10:03:57 PM

Send us the sample to analyze, it should be in virus chest, put "False positive" to email subject.

Milos