Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: -- Joshua -- on July 06, 2007, 01:00:17 AM

Title: Kaspersky Online Scanner Report
Post by: -- Joshua -- on July 06, 2007, 01:00:17 AM
I recently did a scan with kaspersky online scanner and I got this log.

Unfortunatly Befroe I did an avast! Scan but it said it was clean. :(

kasperskky online scanner checks to see if there is bad things, but doesn't remove them.

I have never in my life removed manually a file that is infected.

Can someone give me steps to remove these?

Thanks,
Joshua  8)

----------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Friday, July 06, 2007 8:52:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/07/2007
Kaspersky Anti-Virus database records: 336628
Scan Settings
Scan using the following antivirus database    standard
Scan Archives    true
Scan Mail Bases    true
Scan Target    My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects    23463
Number of viruses found    1
Number of infected objects    8 / 0
Number of suspicious objects    0
Duration of the scan process    00:35:48

Infected Object Name    Virus Name    Last Action
C:\1d275fe27b9184a7d4459801973d\msxml4-KB927978-enu.log    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d65b1f830a114ab330887cff9f40022_83e9f382-68f4-44ec-a9e8-422b984048b0    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp    Object is locked    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-7860dd2e/BaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-7860dd2e/VaaaaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-7860dd2e/Baaaaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-7860dd2e    ZIP: infected - 3    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4aa07381.zip/BaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4aa07381.zip/VaaaaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4aa07381.zip/Baaaaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4aa07381.zip    ZIP: infected - 3    skipped
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db    Object is locked    skipped
C:\Documents and Settings\Arthur\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\Microsoft\Templates\Normal.dotm    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\cert8.db    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\formhistory.dat    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\history.dat    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\key3.db    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\parent.lock    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\search.sqlite    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\urlclassifier2.sqlite    Object is locked    skipped
C:\Documents and Settings\Joshua\Application Data\SiteAdvisor\SiteAdv.csh    Object is locked    skipped
C:\Documents and Settings\Joshua\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\xxxxxxxxx@xxxxxx.xxx\SharingMetadata\Logs\Dfsr00005.log    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\xxxxxxxx@xxxx.xxx\SharingMetadata\pending.dat    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\xxxxxxxxx@xxxxxxx.xxx\SharingMetadata\Working\database_CE14_601C_1460_A33\dfsr.db    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\xxxxxxxxx@xxxxxxx.xxx\SharingMetadata\Working\database_CE14_601C_1460_A33\fsr.log    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\xxxxxxxxx@xxxxxxx.xxx\SharingMetadata\Working\database_CE14_601C_1460_A33\fsrtmp.log    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Messenger\xxxxxxxxx@xxxxx.xxx\SharingMetadata\Working\database_CE14_601C_1460_A33\tmp.edb    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Windows Live Contacts\xxxxxxxxx@xxxxxxx.xxx\real\members.stg    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Microsoft\Windows Live Contacts\xxxxxxxxx@xxxxxxx.xxx\shadow\members.stg    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\Cache\_CACHE_001_    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\Cache\_CACHE_002_    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\Cache\_CACHE_003_    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Application Data\Mozilla\Firefox\Profiles\bem4fqzn.default\Cache\_CACHE_MAP_    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\History\History.IE5\MSHist012007070620070707\index.dat    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\hpodvd09.log    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF3581.tmp    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF3DD6.tmp    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF4102.tmp    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF7701.tmp    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Temp\~DF7711.tmp    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Joshua\Local Settings\Temporary Internet Files\Content.Word\~WRS{E0CD8862-5C97-4F48-B6F3-4248E8E2850B}.tmp    Object is locked    skipped
C:\Documents and Settings\Joshua\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\Joshua\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG    Object is locked    skipped
C:\eb92022b95e470e26098833e\%temp%dd_msxml_retMSI.txt    Object is locked    skipped
Title: Re: Kaspersky Online Scanner Report
Post by: rdmaloyjr on July 06, 2007, 01:27:58 AM
Disguise your email address.  You could get spamed.  xxxxxxxxxxx@xxxxx.xxx
Title: Re: Kaspersky Online Scanner Report
Post by: Lisandro on July 06, 2007, 05:07:05 AM
I recently did a scan with kaspersky online scanner and I got this log.
Unfortunatly Befroe I did an avast! Scan but it said it was clean. :(
kasperskky online scanner checks to see if there is bad things, but doesn't remove them.
I have never in my life removed manually a file that is infected.
Can someone give me steps to remove these?

Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-7860dd2e/BaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-7860dd2e/VaaaaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-7860dd2e/Baaaaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\6.0\20\7328ad54-7860dd2e    ZIP: infected - 3    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4aa07381.zip/BaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4aa07381.zip/VaaaaaaaBaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4aa07381.zip/Baaaaa.class    Infected: Trojan.Java.ClassLoader.ao    skipped
C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-4535331c-4aa07381.zip    ZIP: infected - 3    skipped
Delete them... Java Control Panel > Settings > Delete Files... > Ok.
Title: Re: Kaspersky Online Scanner Report
Post by: -- Joshua -- on July 06, 2007, 06:56:03 AM
Thanks for the advice rdmaloyjr. Forgot to do that   :D

And Thanks Tech for that. I never knew that that button was to clear the cache folder:

C:\Documents and Settings\UserName\Application Data\Sun\Java\Deployment\cache\

I'll remember that next time!

Joshua  ;D
Title: Re: Kaspersky Online Scanner Report
Post by: DavidR on July 06, 2007, 03:39:29 PM
You may need to update Sun Java as infections in the class loader are usually an indication that the version of JAVA you are running is out of date. The latest version is 1.6.0_02.

 Get the latest version, once you have done this, uninstall all older versions from Control Panel > Add/Remove Programs.
http://www.java.com/en/download/index.jsp (http://www.java.com/en/download/index.jsp)
Title: Re: Kaspersky Online Scanner Report
Post by: -- Joshua -- on July 06, 2007, 11:37:32 PM
But I do have the latest version of java!

I even check their website and told me that it was the latest version!
Title: Re: Kaspersky Online Scanner Report
Post by: DavidR on July 06, 2007, 11:59:36 PM
That is strange since the class loader issues are usually as a result of vulnerabilities that are being exploited.
Title: Re: Kaspersky Online Scanner Report
Post by: -- Joshua -- on July 07, 2007, 01:07:49 AM
Well, I have no clue why either.

I used to have the oldest version possible when it came with the computer (in 2004) And now since I'm a little bit older and am a guru at updates, I always check everything on mycomputer every day!   ;D

I used to have spybot search and destroy untill a worm went though spybot to my computer and avast didn't detect it and I had to do it my self. (Had to call microsoft, bigpond (Australian Internet Service, Part of Telstra) to fix it.)

If you want to know how I did it plz ask me and I will tell you.

So I uninstalled spybot this year in jan. Now today i reinstalled it and it's doing a scan as i type.

So I'll see if that helps.  8)
Title: Re: Kaspersky Online Scanner Report
Post by: mauserme on July 07, 2007, 07:27:14 AM
As far as I know having the latest Java doesn't prevent malware seaking to exploit a vulnerability from downloading.  It just that the vulnerability doesn't exist so the malware becomes an impotent bit of code that can be deleted.
Title: Re: Kaspersky Online Scanner Report
Post by: DavidR on July 07, 2007, 02:26:06 PM
Thanks Keith.

I only recently installed Sun's JAVA, having avoided it and JAVA VM for many years and now it is a constant update cycle with a hefty dial-up download for the very rare occasion I ever use it.
Title: Re: Kaspersky Online Scanner Report
Post by: mauserme on July 07, 2007, 03:00:43 PM
Sure David.

I usually turn automatic updates off for Java and just manually update when its convenient.  Any active forum member will be aware of an update long before the updater notifies you of one.
Title: Re: Kaspersky Online Scanner Report
Post by: DavidR on July 07, 2007, 03:13:46 PM
I have turned auto updates off, I hate any form of autonomy on updates, I even have avast check and ask. You really have to be very selective on dial-up to do updates at a time of your choosing.
Title: Re: Kaspersky Online Scanner Report
Post by: Lisandro on July 07, 2007, 04:48:32 PM
Any active forum member will be aware of an update long before the updater notifies you of one.
This is what upset me... the updater tool, even when manually run, will only detects the presence of an update after tons of other ways... FileForum alerts, Secunia alerts... you run the updater tool and nothing comes up... but the update was already released (http://www.countingcows.de/stop.gif)
Title: Re: Kaspersky Online Scanner Report
Post by: mauserme on July 07, 2007, 07:31:48 PM
From their point of view I guess it eases the burden on their servers, and I suppose a late update is better than no update at all.  Not the best situation though.
Title: Re: Kaspersky Online Scanner Report
Post by: Lisandro on July 07, 2007, 08:32:25 PM
From their point of view I guess it eases the burden on their servers, and I suppose a late update is better than no update at all.  Not the best situation though.
Well, the paid version has good servers available. It`s frustrating to use the free version. But, will you use an antivirus that does not update? No thanks, even a free one.
Title: Re: Kaspersky Online Scanner Report
Post by: -- Joshua -- on July 07, 2007, 11:46:36 PM
Exactly.  ;D