Author Topic: I am in trouble. (Read 4771 times)

cliffdropper · « **on:** January 14, 2006, 06:27:17 PM »

I need some help, for the past 4 nights I have done an Ad-Aware scan and a virus is detected. I do as Avast recommends and send it to the chest. Then I looked in the Chest and this is what I found:
Four of each .class files, GetAccess.class Installer.class and kernell32.dll winsock.dll wsock.dll. What do I need to do to keep my system from getting infected?

polonus · « **Reply #1 on:** January 14, 2006, 06:31:43 PM »

Hi cliffdropper,

You definitely not in trouble. Ad-aware has done its own thingie. The things you mention in the chest are there for a purpose, they must be there to help you if you really have an infection for restoring. Leave your chest as it is. And give a sigh of relief, you are malware free.

polonus

Lisandro · « **Reply #2 on:** January 14, 2006, 06:33:32 PM »

Quote from: cliffdropper on January 14, 2006, 06:27:17 PM

What do I need to do to keep my system from getting infected?

Which file (name and path) is being recriated and you're getting recurring infected?

These three ones (kernell32.dll, winsock.dll and wsock.dll) are there for backup purposes. They're on the System folder (not the infected folder).
Dir you run a boot time scanning? Did you clean your temporary internet files? Did you disable System Restore?

FreewheelinFrank · « **Reply #3 on:** January 14, 2006, 06:40:11 PM »

The filenames (.class) look like Java malware: remove by deleting the Java cache as described in the link below.

http://www.java.com/en/download/help/cache_virus.xml

Java exploits may arrive in the Java cache when visiting a site which pushes malware. (Webshield will intercept them so you should find any more in the cache while using avast.)

Anti-virus programs detect such malicious applets (Java exploits) in the following directory:

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011), or in older versions of Sun Java.

If you are using the latest version of Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer.

Older versions of Sun Java are vulnerable to exploits so it's vital to update to the latest version AND TO UNINSTALL OLDER VERSIONS.

Download the latest version of Java JRE here:
http://java.sun.com/j2se/1.5.0/download.jsp

cliffdropper · « **Reply #4 on:** January 14, 2006, 10:16:23 PM »

Thank you Frank,
Now that I deleted the Java cache then deleted java and I downloaded NetBeans. Should I delete the .class files from my avast chest?

Lisandro · « **Reply #5 on:** January 15, 2006, 12:43:59 AM »

Quote from: cliffdropper on January 14, 2006, 10:16:23 PM

Should I delete the .class files from my avast chest?

They're safe there, they won't harm if you let them two weeks for instance to be sure they are infected and your system works ok without them

Author Topic: I am in trouble. (Read 4771 times)

cliffdropper

I am in trouble.

polonus

Re: I am in trouble.

Lisandro

Re: I am in trouble.

FreewheelinFrank

Re: I am in trouble.

cliffdropper

Re: I am in trouble.

Lisandro

Re: I am in trouble.