Avast WEBforum

Other => Viruses and worms => Topic started by: MWassef on February 28, 2004, 04:16:25 PM

Title: false positive
Post by: MWassef on February 28, 2004, 04:16:25 PM

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Saturday, February 28, 2004 2:49:34 PM
* VPS: 0402-4, 02/28/2004
*

c:\WIN98SE\TEMP\JETF812.TMP [E] The process cannot access the file because (32)
c:\WIN98SE\TEMP\JETD81.TMP [E] The process cannot access the file because (32)
c:\WIN98SE\TEMP\JET9D1A.TMP [E] The process cannot access the file because (32)
[font=Verdana color= red]c:\WIN98SE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6f603a78-4a901267.zip\BlackBox.class [L] JS:ClassLoader-4 (0) [/font]
Infected files: 1
Total files: 4766
Total folders: 200
Total size: 457.5 M

*
* Task stopped: Saturday, February 28, 2004 5:00:47 PM
* Run-time was 2 hour(s), 11 minute(s), 13 second(s)
*
..

I already sent this file to virusataswDotcz..

Title: Re:false positive
Post by: MWassef on March 01, 2004, 03:36:09 PM

any response?

Title: Re:false positive
Post by: whocares on March 01, 2004, 04:03:08 PM

Hi Mina,

a) if you sent the file in already, imho there's no response (or post) needed
b) how did you determine exactly that this would be a false positive ? ???

Title: Re:false positive
Post by: Vlk on March 01, 2004, 04:26:42 PM

this is a normal report. The java packages do contain the ClassLoaders...

Title: Re:false positive
Post by: MWassef on March 01, 2004, 04:37:39 PM

how is that?  ::)
this is the 1st time that avast shows I am infected  ???

Title: Re:false positive
Post by: whocares on March 01, 2004, 04:45:13 PM

you were not infected..
your Browser (IE?) just downloaded a malicious java-package into your java-Cache

this is a first because you were baaaad!!  (I mean on a bad page) ;D ;D ;)

empty java-cache and secure your IE better..

Title: Re:false positive
Post by: whocares on March 01, 2004, 05:14:41 PM

Quote from: minacross on February 28, 2004, 04:16:25 PM

JS:ClassLoader-4 (0)

INFO (http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=JS%3AClassLoader-4&product=1)

Title: Re:false positive
Post by: RejZoR on March 01, 2004, 05:36:05 PM

Stop using IE :P Opera/Mozilla are the future ;)

Title: Re:false positive
Post by: MWassef on March 01, 2004, 05:44:19 PM

I see  :D :D :D
is it possible that I get infected by visiting some sites that may have some 'bad'   :-[ :-[ :-[  ads on it? (dll archives sites..etc)..

Title: Re:false positive
Post by: RejZoR on March 01, 2004, 05:47:43 PM

Correct,when you visit some "bad" page,nasty files download to browser cache and get executed. Usually Resident Shield blocks such activity.

Title: Re:false positive
Post by: MWassef on March 01, 2004, 06:13:48 PM

Quote from: whocares on March 01, 2004, 04:45:13 PM

empty java-cache ..

how is that  ??? ??? ???

Title: Re:false positive
Post by: Vlk on March 01, 2004, 06:21:22 PM

Infected is not a right word here, I'd say.

There are 'infected' files stored on your disk is much more appropriate. To be infected usually means that the virus is active, which is not the case here (far from that actually)

Title: Re:false positive
Post by: MWassef on March 01, 2004, 06:47:08 PM

thanx Vlk   :)
good job avast  ;D

Title: Re:false positive
Post by: MWassef on March 01, 2004, 09:42:35 PM

just for the info, only avast and antivir pe detected this trojan. 2 other big names missed it .

Title: Re:false positive
Post by: .: Mac :. on March 02, 2004, 01:11:51 AM

Quote

2 other big names missed it

was F-Secure one of those 2

Title: Re:false positive
Post by: MWassef on March 02, 2004, 02:39:21 PM

no  ;)