Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Detected By Avg Free. Don't Know What To Do Next?


  • Please log in to reply
6 replies to this topic

#1 sthacker

sthacker

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 10 February 2006 - 10:29 AM

I've been running AVG Free Edition for some time, and assumed all was well. It is set to run every morning at 0800 and that is sometimes bothersome because it is such a resource hog. I've worked around that, but this morning I happened to be looking when it ended and it said there was a virus detected! I've tried to figure out what to do, but everything is new and different in this world. The website said a removal tool would be listed for the virus detected. I don't know how to identify the detected virus from the information in the log, and cannot cut the 3 lines from the log to include them.

In looking back in the log, it seems this was first detected nearly 2 weeks ago, but no flags were raised. I guess I need to learn more about checking the checker?

Can anyone give me a 'next step'? Thanks.

BC AdBot (Login to Remove)

 


#2 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:05:38 PM

Posted 11 February 2006 - 07:58 AM

Hi sthacker

Double click the AVG icon near the clock and when the Control Center opens click on Test Center. When the Test Center opens click Test Results. Scroll through the list until you find the latest test that shows a Virus Found. Highlight that line and click content. Find the virus and click Details. Scrolling to the right identifies the virus. Copy that information including the path to the file here (manually if needed) and we'll see what we can do to help.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#3 sthacker

sthacker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 11 February 2006 - 01:42 PM

Thanks for the prompt reply. There were three lines of information which I copied to notepad. If there's a better way as far as formatting, just tell me and I'll do it.

1. Object:
C:\Documents and Settings\Stan.DFXVD441\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
java.jar-8fba448-4324277.zip:\GetAccess.class
1. Result:
Virus identified Java/ByteVerify
1. Status:
Infected, Embedded object

2. Object:
C:\Documents and Settings\Stan.DFXVD441\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
java.jar-8fba448-4324277.zip:\Installer.class
2. Result:
Virus identified Java/ByteVerify
2. Status:
Infected, Embedded object

3. Object:
C:\Documents and Settings\Stan.DFXVD441\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
java.jar-8fba448-4324277.zip
3. Result:
Virus identified Java/ByteVerify
3. Status:
Infected, Archive

I went to Grisoft and searched their encyclopedia. It said there was a fix on <WindowsUpdate.Microsoft.com>. I floundered around that site for a while but could find nothing helpful.

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:38 PM

Posted 11 February 2006 - 02:09 PM

Hi sthacker. Hopefully Leurgy won't mind if i butt in here :thumbsup:

You can remove those three viruses in two possible ways, which differ from which version you are using. If the first way cannot be done, try the second way.

:flowers: Click Start | Settings | Control Panel
Click the Java Plugin Icon
Click the Cache tab
Click the Clear button and click OK to confirm
Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel.

or

:trumpet: Control Panel > Java > General tab
Temporary Internet Files > Delete Files
Checkmark all 3 options and click OK.

Rescan after completing those two steps and see if AVG still finds the files.
David

Edited by D-Trojanator, 11 February 2006 - 02:09 PM.


#5 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:38 PM

Posted 11 February 2006 - 02:36 PM

Actually, these are not strictly speaking viruses, since they reside (in your case) in the Java file and not elsewhere, but they indeed serious exploits that can be set off when malicious Javascript on a viewed page overflows the Byteverify buffer and should be removed.
I am not completely sure about this, and cannot readily find the information right now, but I seem to recall that the newer releases of JavaRuntimeEnvironment correct this "bug." It would be a smart idea, anyway, to download the latest version of JRE (1.5.0_06).
Regards,
John

Edited by jgweed, 11 February 2006 - 02:37 PM.

Whereof one cannot speak, thereof one should be silent.

#6 sthacker

sthacker
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 17 February 2006 - 09:25 AM

Thanks, D-, the first option seemed to work. Virus scan ran clean afterward. I've had 2 clean scheduled runs now, and I've run SpyBot and AdAware several times. One of them always seems to find at least one thing to complain about, but clean it right up.

Thanks, jgweed, for your addition. I admit that when I see 'java' my hand automatically reaches for my cup! I have no idea where this particular 'Java' even comes from, but I will before dark. And if I don't learn where and how to get it, I'll be back to bug you.

For now, I'm feeling safe and happy and appreciative for all the help. I've always found good, friendly help here, and I've been here several times. I can type 7-10 wpm, using both hands, so I'm considered a computer expert by some, and have been able to help friends with very serious problems by coming here.
Keep up the good work. (A check's in the mail)

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:38 PM

Posted 17 February 2006 - 01:00 PM

Hey sthacker

Well we're glad that you could sort it out! Jgweed made a very valid point about the entries not being viruses. Sorry is i cast a false sense of danger - hopefully Jgweed was able to clear up the confusion. I've edited my speeches and will know next time. The scans that you are running will always pick up one or two things if you surf the internet - they are most likely harmless cookies. In regards to your question to jgweed, i would like to add this infomation. When the Java browser runs an applet, it stores all the downloaded files into its cache directory for better performance. Storing these applets in the cache directory can not cause any harm to your computer because they are designed to exploit a vulnerability in the Microsoft VM, not the Sun JVM. I complied a few bits of info from the net - i hope it helps. I'm glad that you've found the site useful - it's always nice to hear genuine appreciation. Remember if you ever run into more troubles just pop back, don't forget we're open 24 hours a day :thumbsup:

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users