Help on what to do with Java viruses sent to the Virus Chest.

[Orangetree]

Hi there,

I ran a Boot time scan a couple of days ago.  It came up with the threats listed below.  Five of them have 'high severity' and one medium (the Jade-B).

Java: Open Connection -Q (Trj)
Java: CVE - 2010 -0094-A (Expl)
Java: Jade-B (Heur)
Java: Agent-BM (Expl)
Java: Agent -BW (Trj)
Java: Agent - BJ (Expl)

They are now all in the Virus Chest but I have no idea what to do from here. 
Should I delete them?  Do I need to do anything more to clean my computer?  I have read some other threads about Java related viruses and the advice seems quite specific to each case and involves running different clean up programs. 

Not sure what to do!! 
Thank you in advance for any advice that's available.

[DavidR]

What was the original location these were found ?

You have done the right thing, 'first do no harm' don't delete, send virus to the chest and investigate.
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest (a protected area) and investigate.

There is no rush to delete anything from the chest, a protected area where it can do no harm. Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

JAVA isn't an essential install unless you have an application or website that uses it. If you need it then it has to be kept up to date. What JAVA version number do you have installed ?

[Orangetree]

Hi DavidR

Thank you for getting back to me.
The original scan showed these items in the C drive I think.

From what I can see I have the following Java program installed;

Java(TM) SE Runtime Environment 6.  Was installed 05/2007.

Hope this helps.
Thanks again.

[Orangetree]

Hi again,
Just to add that I don't think I need Java.  Looks like it has just been sitting there.

Thanks again

[DavidR]

We would need the full path not just that it is in the C: drive.

JAVA has to be kept fully up to date to ensure any vulnerabilities are fixed so that they can't be exploited. JAVA 6 is way out of date, more so when you say it was installed in 2006.

- I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.

I too doubt you need JAVA or you would probably have an idea of the sites or applications are that require it, so it may be best to uninstall it completely.

[Orangetree]

Hi DavidR,

Thank you for your reply again and help.  It is much appreciated.

Here are the paths;

Threat: Java: OpenConnection-Q;    C:\Users/Liz\AppData\Local\Temp\Low/Jar_cache8202.tmpl>M8PFGFzL.class

Threat: Java: CVE-2010-0094-A;      C:\Users\Liz\AppData\Local/Temp\Low\jar_cache8202.tmpl>jWSyyv.class

Threat: Java: Jade-B;                    C:\Users\Liz\AppData\Local\Temp\Low\jar_cache8202.tmpl>Cz_0_CDKa__.class

Threat: Java: Agent-BM;                   C:\Users\Liz\AppData\Local\Temp\Low\jar_cache8201.tmpl>bpac\KAVS.class

Threat: Java Agent BW;                    C:\Users\Liz\AppData\Local\Temp\Low\jar_cache8201.tmpl>bpac\a.class

Threat: Java: Agent BJ;                     C:Users\Liz\AppData\Local\Temp\Low\jar_cache8201.tmpl>bpac\a$1.class

As you say I think I would probably be best uninstalling Java. 

[DavidR]

They all appear to be in the local temp folder and not the JAVA cache area that I would have expected, so a little strange.
Yes I would say it is best to uninstall JAVA from the normal windows uninstall.

[Orangetree]

Hi DavidR,

I will do that. 

Thank you for all the advice.  Much appreciated.

[Pondus]

clean your temp files

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

[DavidR]

Hi DavidR,

I will do that. 

Thank you for all the advice.  Much appreciated.

You're welcome.

[Orangetree]

clean your temp files

TFC - Temp File Cleaner by OldTimer
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Hi Pondus,

Thank you very much for this.  Unfortunately I have tried downloading TFC from geeks to go but when I tried to run it, Avast Sandbox sends an error message saying 'A required priviledge is not held by the client'.  Any ideas about this??

Thank you very much.

[Pondus]

The program is safe and frequently used by our malware removal spesialist essexboy
security programs are often suspicious to other security programs bc of the way they run
just ignore and run....or disable avast first