...found Trojan.Gen 2 in a file and browser cache
Your Norton 360 scan results indicate a threat(s) was found in the
Java cache.
When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance.
Malicious applets are also stored in the
Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to
Virus found in the Java cache directory.
Notification of these files as a threat
does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:
...found Torjan.Hiloti in system volume information\_restore (3 instances of it).
The detected _restore{GUID}\
RP***\
A00*****.xxx file(s) identified by your scan were in the
System Volume Information Folder (SVI) which is a part of
System Restore. The
*** after RP represents a sequential number automatically assigned by the operating system. The
***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:
System Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before changes are made. These restore points can be used to "
roll back" your computer to a clean working state in the event of a problem. This makes it possible to undo harmful changes to your system configurations including registry modifications made by software or malware by reverting the operating systems configuration to an earlier date. See
What's Restored when using System Restore and What's Not.
System Restore is
enabled by default and will
back up the good as well as malevolent files, so when malware is present on the system it gets included in restore points as an
A00***** file. If you only get a detection on a file in the SVI folder, that means the original file was on your system in another location at some point and probably has been removed. However, when you scan your system with anti-virus or anti-malware tools, you may receive an alert that a malicious file was detected in the SVI folder (in System Restore points) and moved into quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is
safely held there and no longer a threat. Thereafter, you can
delete it at any time.
If your anti-virus or anti-malware tool cannot move the files to quarantine, they sometimes can reinfect your system if you accidentally use an old restore point. If your anti-virus or anti-malware tool
was able to move (quarantine) the file(s) it is no longer a threat. When an anti-virus or security program
quarantines a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is
safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through security routines which may copy, rename, encrypt and password protect the file the file before moving. When the quarantined file is
known to be malicious, you can
delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.