I just got the e-mail from Kaspersky that the file jar_cache23989.tmp and a few others like it are clean, but Avira detects as JAVA/Exploit.Bytverify.4 and 12 other AVs also detect it at VirusTotal. I'm confused: I submitted the files to Avira from Avira's Quarantine, but I think I should keep the files quarantined for now. Do you agree? Kaspersky DID detect other jar cache temp files in another location on the computer.

{QUOTE-> I just got the e-mail from Kaspersky that the file jar_cache23989.tmp and a few others like it are clean, but Avira detects as JAVA/Exploit.Bytverify.4 and 12 other AVs also detect it at VirusTotal. I'm confused: I submitted the files to Avira from Avira's Quarantine, but I think I should keep the files quarantined for now. Do you agree? Kaspersky DID detect other jar cache temp files in another location on the computer. <-QUOTE}
Yes it can not hurt you in guarantine.I would wait a bit and check it again at VT if more scaners are added to the detection list is probably real.

I agree with djohn. It may be nothing (FP), or it may be malware and Kaspersky not be able to detect it.

Kaspersky AV engine lost power over time.

{QUOTE-> I agree with djohn. It may be nothing (FP), or it may be malware and Kaspersky not be able to detect it.

Kaspersky AV engine lost power over time. <-QUOTE}
not lost its power just more malware out there now

{QUOTE-> I just got the e-mail from Kaspersky that the file jar_cache23989.tmp and a few others like it are clean, but Avira detects as JAVA/Exploit.Bytverify.4 and 12 other AVs also detect it at VirusTotal. I'm confused: I submitted the files to Avira from Avira's Quarantine, but I think I should keep the files quarantined for now. Do you agree? Kaspersky DID detect other jar cache temp files in another location on the computer. <-QUOTE}

They could be corrupted files or simply clean. I'm not a computer expert but when quite a few av's detected samples and I sent them to Kaspersky... The lab sent me an email saying it was corrupted and thus not detected... One day I decided to test my faith and run the undetected files to see what harm would do... And they all were.. Harmless.

{QUOTE-> They could be corrupted files or simply clean. I'm not a computer expert but when quite a few av's detected samples and I sent them to Kaspersky... The lab sent me an email saying it was corrupted and thus not detected... One day I decided to test my faith and run the undetected files to see what harm would do... And they all were.. Harmless. <-QUOTE}

They told me the file is clean, not corrupted. I'll see if Avira removes the samples after I sent them. Is disagreement among vendors something that happens?

even if 13 AV's out there detect it doesn't mean that the file is a threat, for example if Ikarus, AhnLab, Authentium, CAT-QuickHeal, eSafe, Fortinet, K7AntiVirus, PCTools, Rising, SecureWeb-Gateway, TheHacker, ViRobot, all thus AV's often shows a FP file and it's not a real threat, so it really depend on which AV's detected it.

Let us know later what the result are.

If we will discuss how many malwares Kaspersky didn't detect and how manu malwares ONLY Kaspersky detects it will probaly result positive to Kaspersky and negative for a lot of other poor AVs. Kaspersky isn't perfect... No AV is perfect...

{QUOTE-> even if 13 AV's out there detect it doesn't mean that the file is a threat, for example if Ikarus, AhnLab, Authentium, CAT-QuickHeal, eSafe, Fortinet, K7AntiVirus, PCTools, Rising, SecureWeb-Gateway, TheHacker, ViRobot, all thus AV's often shows a FP file and it's not a real threat, so it really depend on which AV's detected it.

Let us know later what the result are. <-QUOTE}

I can't post a VT shot per rules, but major AVs like AntiVir, Norton, and NOD32 detect it.

{QUOTE-> If we will discuss how many malwares Kaspersky didn't detect and how manu malwares ONLY Kaspersky detects it will probaly result positive to Kaspersky and negative for a lot of other poor AVs. Kaspersky isn't perfect... No AV is perfect... <-QUOTE}

Not really about that, though. I'm just trying to figure out if this is malware on my machine.

Agree with Medank and would not be a first for that many to produce a FP.But if Nod,Norton,Drweb etc,start to show something if not already then I would say there is some concern.If not then perhaps kaspersky did its job accurate.Until then as long as there quarantined don't panic and dont release them out of there cage.opps just seen your post above about major vendors still await avira analysis and they still can be FP.

{QUOTE-> Agree with Medank and would not be a first for that many to produce a FP.But if Nod,Norton,Drweb etc,start to show something if not already then I would say there is some concern.If not then perhaps kaspersky did its job accurate.Until then as long as there quarantined don't panic and dont release them out of there cage.opps just seen your post above about major vendors still await avira analysis. <-QUOTE}

Thanks, djohn - sounds like a good plan of action. I did have some real malware that Kaspersky detected and I'm afraid these files are connected. Will await the Avira analysis and keep them in quarantine.

{QUOTE-> I just got the e-mail from Kaspersky that the file jar_cache23989.tmp and a few others like it are clean, but Avira detects as JAVA/Exploit.Bytverify.4 and 12 other AVs also detect it at VirusTotal. I'm confused: I submitted the files to Avira from Avira's Quarantine, but I think I should keep the files quarantined for now. Do you agree? Kaspersky DID detect other jar cache temp files in another location on the computer. <-QUOTE}No I don't agree. The email from Kaspersky's virus lab means someone actually looked at the files you submitted as opposed to the scanners simply picking them up. Sometimes one vendor will detect a file and others will add it automatically without looking at it. If Kaspersky emailed you that it's clean then it is.

{QUOTE-> Sometimes one vendor will detect a file and others will add it automatically without looking at it. If Kaspersky emailed you that it's clean then it is. <-QUOTE}

absolutely and i have seen and test it myself sent a FP file to 1 av-vendor if they add it then every other AV does the same without looking at the sample.

{QUOTE-> Agree with Medank and would not be a first for that many to produce a FP.But if Nod,Norton,Drweb etc,start to show something if not already then I would say there is some concern.If not then perhaps kaspersky did its job accurate.Until then as long as there quarantined don't panic and dont release them out of there cage.opps just seen your post above about major vendors still await avira analysis and they still can be FP.. <-QUOTE}

Thanks djohn as i said above many popular AV's just add some files and the file is clean, but thanks again for agree with me,

um mmm....so even greats have off days.....or maybe for the run of mill kind every day is an off day...we'll know soon.................

{QUOTE-> absolutely and i have seen and test it myself sent a FP file to 1 av-vendor if they add it then every other AV does the same without looking at the sample.



Thanks djohn as i said above many popular AV's just add some files and the file is clean, but thanks again for agree with me, <-QUOTE}
your welcome,So the Files are clean thats good news.:thumb:

I'll see if Avira removes it or not. I won't be able to tell right away I guess, but I could always submit via the website after a while. Then they respond to you.

I have also some files that are clean yet and KLab told me that are clean too, I tried them in a VM by myself and they are hamrless at all! but many AVs in VT still are detecting them as malware (Avira, NOD32 ... )

Regards.

{QUOTE-> not lost its power just more malware out there now <-QUOTE}

if there’s more malware that’s mean i must make something new to fight against them!! and for kaspersky they have a powerfull signature detection no 1 can disagree ، but they are lacking generic detection >< if they just can focus more on it believe me it will be on the same bar with avira!!

{QUOTE-> if there’s more malware that’s mean i must make something new to fight against them!! and for kaspersky they have a powerfull signature detection no 1 can disagree ، but they are lacking generic detection >< if they just can focus more on it believe me it will be on the same bar with avira!! <-QUOTE}

well i've seen that Kaspersky has pretty good generic detection, but kaspersky write generic detection and name it (example) Trojan-Agent.Ra ad not Generic-Trojan.Agent.Ra, that's why alot of people think that Kasperskys generic is not good but i belive it's really strong & good.

{QUOTE-> there will be an emulator update soon. currently in beta. <-QUOTE}

you know i have test the new emulator and its showing the same result as the old one >< ، also emulator mean heurstic detection and you know its easily to bypass it compared to generic detection. anyway i think its a matter of time untill kaspersky using it but the question is >>>>> when ???

{QUOTE-> you know i have test the new emulator and its showing the same result as the old one >< ، also emulator mean heurstic detection and you know its easily to bypass it compared to generic detection. anyway i think its a matter of time untill kaspersky using it but the question is >>>>> when ??? <-QUOTE}
i didnt know you had tested the emulator beta update. i dono tbh.

{QUOTE-> well i've seen that Kaspersky has pretty good generic detection, but kaspersky write generic detection and name it (example) Trojan-Agent.Ra ad not Generic-Trojan.Agent.Ra, that's why alot of people think that Kasperskys generic is not good but i belive it's really strong & good. <-QUOTE}

you mean

Trojan-Agent.Ra
Generic-Trojan.Agent.Ra

i haven’t seen 1 detection with that name ???

{QUOTE-> you mean

Trojan-Agent.Ra
Generic-Trojan.Agent.Ra

i haven’t seen 1 detection with that name ??? <-QUOTE}


what i meant is that Trojan.Agent.** or example* Trojan-Dropper.Delf those can be generic detection as well and i've seen that Kaspersky often name generic detection with normal name as Trojan.Agent or Trojan-Dropper ,

{QUOTE-> what i meant is that Trojan.Agent.** or example* Trojan-Dropper.Delf those can be generic detection as well and i've seen that Kaspersky often name generic detection with normal name as Trojan.Agent or Trojan-Dropper , <-QUOTE}

i dont think so ???

but to make sure i will ask rinat from kl about it

{QUOTE-> i dont think so ???

but to make sure i will ask rinat from kl about it <-QUOTE}

ok, you can ask him and let us know.
But i know that it is true.

If the .jar file came from the Java cache folder, it may be an old exploit that has been made ineffective with the latest Java patches. Better safe than sorry when it comes to malware, though.
SourMilk out

The file was in the path C:\Users\(My name)\AppData\Local\Temp\Low\

Does that help?

{QUOTE-> ok, you can ask him and let us know.
But i know that it is true. <-QUOTE}

i have ask’d 2 from the kl team but non of them has answered me!!! maybe because there is no generic detection :P

anyway see this

http://img55.imageshack.us/my.php?image=88416613vt7ww0.jpg

i think this is what kl call it a generic detection ???

its not by signature!! ، its by behavior by the proactive defence

Proactive defense detections are behavior based - only detects behavior of the file while its running, not static detection (by just scanning).

Heuristic detections start with Heur, eg...
Heur.Trojan.Generic
Heur.Backdoor.Generic
Heur.Invader
Heur.AntiA
Heur.Downloader
Heur.KillFiles
Heur.StartPage
Heur.Worm.Generic
Heur.Virus.Generic
Heur.Infector
Heur.Script... (currently undergoing testing and tweaking)

Generic detections end in ".gen"
Listed in Kaspersky's Virus Watch (http://www.kaspersky.com/viruswatchlite?search_virus=.gen&x=0&y=0&hour_offset=-3)

Back to the topic now...