Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: AliOop on June 29, 2011, 06:51:02 PM
-
I have the Avast Free version 6.0 and my laptop has been sluggish. I did a complete scan, which found nothing. Then I did a Boot-time Scan which found 2 viruses. One shows as a Java:Agent DD (Trj) and the other a Java:Agent DC (Trj), both are marked as High risk. These show in the scan log but when I try to move to chest I get Error: Access Denied(5) for both of them. When I try to delete I get Error: System cannot find the file Specified(2)
I know very little about computers and not sure what to do. How can I get rid of these?
Thanks,
Ali
-
What is the location of the alerts ?
Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file (XP location) C:\ProgramData\Alwil Software\Avast5\report\aswBoot.txt (Vista, Win7 location), check this file using notepad for info on the scan/detections, etc.
JAVA based detections are often as a result of have an old version of JAVA that is vulnerable to exploit:
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/ (http://secunia.com/software_inspector/).
-
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\flying.class
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\Glocker.class
-
Technical Information (Analysis)
Exploit:Java/CVE-2010-0840.BV is a detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. When a user visits a website that contains the applet using a computer that has a vulnerable version of Sun Java, security checks may be bypassed, allowing arbitrary code to be executed.
In the wild, we have observed the malicious Java class bundled with other non-malicious Java class, and may be present as the following:
flying.class - detected as Exploit:Java/CVE-2010-0840.BV
flying$1.class
Glocker.class - contains a URL used to download arbitrary files
Zo666.class
Zom.class
We have seen this malware downloading from the following domain "zofreshy.com".
Payload
Download and execute arbitrary files
If the exploitation is successful, Exploit:Java/CVE-2010-0840.BV attempts to download and execute malicious programs from the URL specified in the Java class file "Glocker.class".
Exploit:Java/CVE-2010-0840.BV attempts to download malware as %TEMP%\<random>.exe.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2010-0840.BV
-
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\flying.class
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\Glocker.class
Have you cleared your JAVA cache ?
If not do so and then check to ensure you have the latest JAVA version using secunia above.
-
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\flying.class
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\Glocker.class
Have you cleared your JAVA cache ?
If not do so and then check to ensure you have the latest JAVA version using secunia above.
I just installed the latest Java after I read your response but have no clue how to clear the Java cache.
-
How do I clear the Java cache?
http://www.java.com/en/download/help/plugin_cache.xml
-
Just a little off topic, but not much. :P I uninstalled Java over 2yrs ago, and as of today, the only issue I have without it is, I can't go to Secunia and do their online scan..........That's it. I should mention that I don't play any games, ever.
With all of Java's holes, I just decided to dump it, and for me and my use, I couldn't be happier.