Author Topic: Java Agent DC Trojan  (Read 5729 times)

0 Members and 1 Guest are viewing this topic.

AliOop

  • Guest
Java Agent DC Trojan
« on: June 29, 2011, 06:51:02 PM »
I have the Avast Free version 6.0 and my laptop has been sluggish. I did a complete scan, which found nothing. Then I did a Boot-time Scan which found 2 viruses. One shows as a Java:Agent DD (Trj) and the other a Java:Agent DC (Trj), both are marked as High risk. These show in the scan log but when I try to move to chest I get Error: Access Denied(5) for both of them. When I try to delete I get Error: System cannot find the file Specified(2)

I know very little about computers and not sure what to do. How can I get rid of these?

Thanks,
Ali

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86510
  • No support PMs thanks
Re: Java Agent DC Trojan
« Reply #1 on: June 29, 2011, 07:51:57 PM »
What is the location of the alerts ?
Look in the C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt file (XP location) C:\ProgramData\Alwil Software\Avast5\report\aswBoot.txt (Vista, Win7 location), check this file using notepad for info on the scan/detections, etc.

JAVA based detections are often as a result of have an old version of JAVA that is vulnerable to exploit:
I would also suggest a visit to this site, which scans your system for out of date programs that have patches to close vulnerabilities, http://secunia.com/software_inspector/.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

AliOop

  • Guest
Re: Java Agent DC Trojan
« Reply #2 on: June 29, 2011, 09:32:34 PM »
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\flying.class
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\Glocker.class


Tgell

  • Guest
Re: Java Agent DC Trojan
« Reply #3 on: June 29, 2011, 09:42:09 PM »
Quote
Technical Information (Analysis)
Exploit:Java/CVE-2010-0840.BV is a detection for an obfuscated malicious Java class applet component that exploits the vulnerability described in CVE-2010-0840. When a user visits a website that contains the applet using a computer that has a vulnerable version of Sun Java, security checks may be bypassed, allowing arbitrary code to be executed.
 
In the wild, we have observed the malicious Java class bundled with other non-malicious Java class, and may be present as the following:

    flying.class - detected as Exploit:Java/CVE-2010-0840.BV
    flying$1.class
    Glocker.class - contains a URL used to download arbitrary files
    Zo666.class
    Zom.class

 
We have seen this malware downloading from the following domain "zofreshy.com".
Payload
Download and execute arbitrary files
If the exploitation is successful, Exploit:Java/CVE-2010-0840.BV attempts to download and execute malicious programs from the URL specified in the Java class file "Glocker.class".
 
Exploit:Java/CVE-2010-0840.BV attempts to download malware as %TEMP%\<random>.exe.


http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2010-0840.BV

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 86510
  • No support PMs thanks
Re: Java Agent DC Trojan
« Reply #4 on: June 29, 2011, 10:13:11 PM »
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\flying.class
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\Glocker.class

Have you cleared your JAVA cache ?
If not do so and then check to ensure you have the latest JAVA version using secunia above.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

AliOop

  • Guest
Re: Java Agent DC Trojan
« Reply #5 on: June 29, 2011, 10:35:27 PM »
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\flying.class
C:\Users\Joshua\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\...\Glocker.class

Have you cleared your JAVA cache ?
If not do so and then check to ensure you have the latest JAVA version using secunia above.

I just installed the latest Java after I read your response but have no clue how to clear the Java cache.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37182
Re: Java Agent DC Trojan
« Reply #6 on: June 29, 2011, 10:37:58 PM »

DBone

  • Guest
Re: Java Agent DC Trojan
« Reply #7 on: June 30, 2011, 06:21:03 PM »
Just a little off topic, but not much. :P   I uninstalled Java over 2yrs ago, and as of today, the only issue I have without it is, I can't go to Secunia and do their online scan..........That's it. I should mention that I don't play any games, ever.

With all of Java's holes, I just decided to dump it, and for me and my use, I couldn't be happier.