ESS scan and several threats that point to JAVA

Discussion in 'ESET Smart Security' started by SBMongoos, Jun 10, 2011.

Thread Status:
Not open for further replies.
  1. SBMongoos

    SBMongoos Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    215
    Any one else run into this?

    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2373b34d-59a8ef3c a variant of Java/TrojanDownloader.OpenStream.NBF trojan No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7845b2d2-135d7368 a variant of Java/TrojanDownloader.Agent.NAN trojan No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\79571f53-40ae0348 probably a variant of Win32/Agent.FQRCZBA trojan No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\71c5d114-51dd729a multiple threats No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\77ab98d6-48f3f73a Java/TrojanDownloader.Agent.NBB trojan No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ec49a58-6de5ff04 Java/Agent.BV trojan No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3545009a-370ebbdc Java/TrojanDownloader.Agent.JX trojan No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-3350fd90 a variant of Java/TrojanDownloader.OpenStream.NBF trojan No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5a06ad27-2f06950e multiple threats No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\53924d84-24eca9bf multiple threats No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4b361974-4e48bbaf multiple threats No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5512bf5-3169bbd5 multiple threats No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2cd50f76-5df21a67 Java/Agent.BV trojan No action
    C:\Documents and Settings\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\30ee3746-5d7b9084 probably a variant of Java/Agent.BR trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2373b34d-59a8ef3c a variant of Java/TrojanDownloader.OpenStream.NBF trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7845b2d2-135d7368 a variant of Java/TrojanDownloader.Agent.NAN trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\79571f53-40ae0348 probably a variant of Win32/Agent.FQRCZBA trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\71c5d114-51dd729a multiple threats No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\77ab98d6-48f3f73a Java/TrojanDownloader.Agent.NBB trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\4ec49a58-6de5ff04 Java/Agent.BV trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3545009a-370ebbdc Java/TrojanDownloader.Agent.JX trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\1659a8c3-3350fd90 a variant of Java/TrojanDownloader.OpenStream.NBF trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5a06ad27-2f06950e multiple threats No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\53924d84-24eca9bf multiple threats No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4b361974-4e48bbaf multiple threats No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5512bf5-3169bbd5 multiple threats No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2cd50f76-5df21a67 Java/Agent.BV trojan No action
    C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\30ee3746-5d7b9084 probably a variant of Java/Agent.BR trojan No action
     
  2. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
    Hello,

    Back in March there was a false positive with a Java update. What Virus Signature Database does the computer have? Is it possible the VSD is out of date?

    Thanks,

    Matt
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's highly unlikely they are false positives.
     
  4. stratoc

    stratoc Guest

    there was a java update last week, I think it fixed 17 security holes (update26)
     
  5. SBMongoos

    SBMongoos Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    215
    I'll be back on my desktop shortly to check it out. I would imagine my laptop would show the same results but I want to check to see VSD on the desktop where these results came from.

    Marcos: are you saying ESET found real problems masked as Java?
     
  6. SBMongoos

    SBMongoos Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    215
    It's version 6198.
     
  7. stratoc

    stratoc Guest

    "Marcos: are you saying ESET found real problems masked as Java?"
    I think I am correct in saying the infection is in the cache, so it's been downloaded.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you have doubts if a particular file is actually malicious or FP submit it to ESET as per the instructions here. Also uploading it to VirusTotal would show how many other vendors detect it (note that the results will only give an indication about the file's reputation but will not tell for sure if it's clean or malicious).
     
  9. bludragon

    bludragon Registered Member

    Joined:
    Jun 12, 2011
    Posts:
    3
    I get hits like that on my home PC occasionally but (thankfully) not quite that bad. I always assumed it was malicious applets trying to sneak into my system.
     
  10. SBMongoos

    SBMongoos Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    215
    Current VSD is 6200 as of this morning.

    So, sounds like the recommendation is to run Eset again and let it clean up the Java that's throwing the flag.

    But MattJN said there was a False Positive.

    Confused ! o_O
     
  11. SBMongoos

    SBMongoos Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    215
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Advice was already given in my previous post, there's nothing else I could add.
     
  13. SBMongoos

    SBMongoos Registered Member

    Joined:
    Oct 6, 2008
    Posts:
    215
    Soo..rescan and remove what it finds which everything in the first post. Yet, ESS had a false positive with Java that was reported? You said it was highly unlikely.

    I'm fact finding. What I'm seeing here is maybe/maybe not so I'm not clear.
     
  14. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    send a copy to virus total for file reputation and then a copy to eset laboratories for file analysis
     
Thread Status:
Not open for further replies.