Author Topic: Infected, but not notified  (Read 6844 times)

0 Members and 1 Guest are viewing this topic.

dacovale

  • Guest
Infected, but not notified
« on: February 22, 2004, 08:01:22 PM »
As the title says, I was infected by a virus called JS:Classloader -4 (+ another one, that I can't find the name of right now)
Now, The only reason I got to know this, was because I walked by the computer while the screensaver whas on, and I saw that the scanner-box was red instead of blue.
Sat there, looking at the screen for a few minutes, wondering what to do, and finally moved the mouse, and started a thorough, complete scan with avast.
Now, in this scan avast yelled at me a couple of times, telling me I was infected. Gee..... didn't know that....

Why, oh why didn't avast notify me when it found the virus during screen-saver scan?
I thought the purpose of that scan was to keep me safe.

EDIT: forgot to mention, might be important...
I'm using the home edition (fully patched)
« Last Edit: February 22, 2004, 08:09:55 PM by dacovale »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Infected, but not notified
« Reply #1 on: February 23, 2004, 02:47:24 AM »
I walked by the computer while the screensaver whas on, and I saw that the scanner-box was red instead of blue.

What do you mean with 'scanner-box' red?
Is it the icon on the system tray? Maybe this virus disable avast!  :'(
The best things in life are free.

dacovale

  • Guest
Re:Infected, but not notified
« Reply #2 on: February 23, 2004, 03:01:51 AM »
No, with the red box, I mean the (normally blue) box that you should see if you use the avast screen-saver.
The two viruses were both found in Suns java-engine (or atleast in that folder) kind of like if I had caught them while viewing a Java-applet. No virus-files were found even close to the avast-folder.

What I'm wondering, is why Avast didn't holler at me, even though the viruses clearly were in the virus database.

btw, the name of the other virus was JS:ByteVerify-Dummy [trj]
I moved the all in all 6 files to the chest, since I knew I wanted an explanation before I removed them completely.
I also have a .xml log from the scan.
« Last Edit: February 23, 2004, 03:04:28 AM by dacovale »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Infected, but not notified
« Reply #3 on: February 23, 2004, 03:11:05 AM »
No, with the red box, I mean the (normally blue) box that you should see if you use the avast screen-saver.
The two viruses were both found in Suns java-engine (or atleast in that folder) kind of like if I had caught them while viewing a Java-applet. No virus-files were found even close to the avast-folder.

What I'm wondering, is why Avast didn't holler at me, even though the viruses clearly were in the virus database.

btw, the name of the other virus was JS:ByteVerify-Dummy [trj]
I moved the all in all 6 files to the chest, since I knew I wanted an explanation before I removed them completely.
I also have a .xml log from the scan.

I see... I have never caught a virus by the screen saver module. I cannot imagine its behavior unless you are using the Pro version. In the settings of the task you will see the options of handling it (page 'Virus').

But now, are you infected or not? Did you run a scanning?  :-\
The best things in life are free.

dacovale

  • Guest
Re:Infected, but not notified
« Reply #4 on: February 23, 2004, 03:28:53 AM »
I had 6 infected files on my PC (did a full thorough search, including archives).
Now, they are in the chest, until I have sorted out why I wasn't warned about them. None of the files were important. At most, I'll have to re-install Java.
I usually leave my computer on for day, and that means many hours with the screensaver.
If I hadn't seen the screensaver, I wouldn't have known I was infected.
That troubles me. A lot.
« Last Edit: February 23, 2004, 03:31:38 AM by dacovale »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Infected, but not notified
« Reply #5 on: February 23, 2004, 03:47:46 AM »
I had 6 infected files on my PC (did a full thorough search, including archives).
Now, they are in the chest, until I have sorted out why I wasn't warned about them. None of the files were important. At most, I'll have to re-install Java.
I usually leave my computer on for day, and that means many hours with the screensaver.
If I hadn't seen the screensaver, I wouldn't have known I was infected.
That troubles me. A lot.

Dacovale, the resident providers should do their work... you do not need the screen saver module like it was the only solution. You said that the files are 'now' in Chest, but who did put them there?, the Screen Saver module or you with the full thorough search?  ;)
The best things in life are free.

dacovale

  • Guest
Re:Infected, but not notified
« Reply #6 on: February 23, 2004, 04:21:34 AM »
I did.
And I know about the resident providers. but, apparently those providers did no good either, this time.
The screen-saver... well, any extra protection is good protection.

(now I'm going to bed. It's 4:20 AM here, and I'm constantly dozing off, instead of doing what I ought to do, which is to work).
I'll be back in say eight hours to check if any one has a clue.
I'd really appreciate any help in finding out why I wasn't warned in any proper way.


Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Infected, but not notified
« Reply #7 on: February 23, 2004, 08:20:10 AM »
JS.Classloader is not really a 'virus' so you don't have to worry... But, I'd like to know the names of files that were reported as infected?

Also, please keep in mind that the ScreenSaver STOPS after it finds first virus. That is, after ScreenSaver finds a virus, it is recommended to start avast and do a full scan.

Vlk
If at first you don't succeed, then skydiving's not for you.

dacovale

  • Guest
Re:Infected, but not notified
« Reply #8 on: February 23, 2004, 04:18:58 PM »
I'll attach the logfile.
I've renamed the file so that your fourm accepts it.

Where can I find info about these viruses?
I couldn't possibly know that these viruses weren't harmful.

and still ,why didn't avast announce that it had found the viruses?
(I don't think of a red box on a screen-saver as announcing the precence of a virus)


Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Infected, but not notified
« Reply #9 on: February 23, 2004, 04:30:31 PM »
The log file is incomplete. XML reports are broken into sevetal parts. I need the file called "Simple user interface_20040222_1930_main.xml"

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

dacovale

  • Guest
Re:Infected, but not notified
« Reply #10 on: February 23, 2004, 06:38:41 PM »
sorry...
here's the right file

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Infected, but not notified
« Reply #11 on: February 23, 2004, 06:43:18 PM »
First, it's inside ZIP archives. That's why it wasn't reported by the Standard Shield (which does not unpack ZIPs by default).

Second, it's in the Java packages. ClassLoader means it's a (possibly malicious) code that's trying to do some stuff with Java classes - and these probably contain such code.


In other words - Much Ado About Nothing, as Shakespeare would've said. ;)

Vlk
If at first you don't succeed, then skydiving's not for you.

dacovale

  • Guest
Re:Infected, but not notified
« Reply #12 on: February 23, 2004, 07:20:15 PM »
ok. Thanks.  :)