Antivir false positive with java

Discussion in 'other anti-virus software' started by yasha, Mar 4, 2008.

Thread Status:
Not open for further replies.
  1. yasha

    yasha Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    22
    Hi,

    Long time lurker, first time poster. Just wanted to first say that Wilders is an awesome place to find info/help on security-related issues. Keep up the great work!

    Now for my question: does antivir classic edition give false positive with Java RE 6? I keep getting pop-ups saying that some Java-related files are trojan downloaders. (I even uninstalled and downloaded new version of Java RE 6 update 10). Thanks.
     
  2. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Very well may not be a false positive. Older versions have vulnerabilities that malware can use to infect your system.
    I would do a uninstall and fresh reinstall of the latest version.
     
  3. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I have Antivir classic with Java version 5 and I haven't ever seen that before with downloading Java applets. Is the message regarding the files within your Java program folder or is it with websites that use Java?
     
  4. Leo2005

    Leo2005 Registered Member

    Joined:
    May 31, 2007
    Posts:
    179
    Location:
    Braunschweig (Germany)
    you're sure that these files are java related or only located in the java tempfolder.?
     
  5. yasha

    yasha Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    22
    Hi,

    Yes, it seems one of them was in temp folder. I usually get 4 popups with similar file names. I've included screenshots in the attachments (don't know how to insert image :p )
     

    Attached Files:

  6. Leo2005

    Leo2005 Registered Member

    Joined:
    May 31, 2007
    Posts:
    179
    Location:
    Braunschweig (Germany)
    yes these files are tempfiles. please clean your java cache and they should be gone.
    and please make sure you're java version is up to date.
     
  7. yasha

    yasha Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    22
    Thanks! Will do....
     
  8. yasha

    yasha Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    22
    Hi again,

    So I cleared browser cache and java cache (via console) then uninstalled then installed via firefox plugin (JRE 6 update 3). The problem is that whenever I load my applet, it puts a .tmp file in the C:\Documents and Settings\user\Local Settings\Temp folder that flags it as a trojan. The applet I'm loading is IBM Global Expense Reporting Solutions. Can I assume this is FP still? Thanks.
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    Send the file to Antivir to analyze to be sure of just what it is yasha.
     
  10. yasha

    yasha Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    22
    Ok, thanks for everyone's help...
     
  11. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Most likely, yes. What's your heuristics level settings? Do what Ronjor said above.
     
  12. yasha

    yasha Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    22
    Only set to medium which is why I was bit surprised...
     
  13. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Got one similar FP with js (heur. at medium sett.) sometime ago when i trialed antivir pe premium. Sent the file to the lab and they confirmed its harmlessness.
     
  14. Leo2005

    Leo2005 Registered Member

    Joined:
    May 31, 2007
    Posts:
    179
    Location:
    Braunschweig (Germany)
    well the newest version ist update 4
    i have testet the site on your screenshot and i does not get any warning. but i'm using v8 so could be because of that.
     
  15. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I get the alerts from Avira 7 at that site.
     
  16. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    FWIW, java se update 5 was released yesterday. link
     
  17. yasha

    yasha Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    22
    Thanks for the link :)
     
  18. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    You're most welcome :cool:
     
  19. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Uninstall all Java versions in add or remove programs, Run CCleaner, now install JRE v6 u5.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Is false positive confirmed? I did send them a detected file and it was clean.
    Not sure if they fixed it or not.
     
  21. yasha

    yasha Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    22
    I sent them the files as well and it came back clean.

    Installed Java RE 6 update 5 and no longer gives me the popup
     
Thread Status:
Not open for further replies.