Java Trojans can not be cleaned

Discussion in 'ESET NOD32 Antivirus' started by Superhero2k, Nov 16, 2010.

Thread Status:
Not open for further replies.
  1. Superhero2k

    Superhero2k Registered Member

    Joined:
    Nov 16, 2010
    Posts:
    1
    Hello folks,

    my company purchased NOD32 Business Edition one week ago, so this is my first Question here.
    We use a windows domain, with Win2003-servers an WinXp-workstations.
    There is one User, who seems to have one (probably more) trojan in his userprofile.
    Unfortunately NOD32 can not delete or quarantine these files.

    Here the log entries:
    Log
    C:\Dokumente und Einstellungen\dbartels\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-148ab01a-2fc9ad6a.zip » ZIP » BnnnnBaa.class - Java/ClassLoader Trojaner
    C:\Dokumente und Einstellungen\dbartels\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-148ab01a-2fc9ad6a.zip » ZIP » VaannnaaBaa.class - Java/ClassLoader Trojaner
    C:\Dokumente und Einstellungen\dbartels\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-148ab01a-2fc9ad6a.zip » ZIP » Dnnny.class - Java/Exploit.Bytverify Trojaner
    C:\Dokumente und Einstellungen\dbartels\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-148ab01a-2fc9ad6a.zip » ZIP » Bnnnnn.class - Java/ClassLoader.AS Trojaner
    C:\Dokumente und Einstellungen\dbartels\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-148ab01a-2fc9ad6a.zip » ZIP » Den.class - Java/Exploit.Bytverify Trojaner
    C:\Dokumente und Einstellungen\dbartels\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-148ab01a-2fc9ad6a.zip » ZIP » Din.class - Java/Exploit.Bytverify Trojaner
    C:\Dokumente und Einstellungen\dbartels\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-148ab01a-2fc9ad6a.zip » ZIP » Dun.class - Java/Exploit.Bytverify Trojaner

    Can anybody help me to find a solution for this?

    My second question:
    We use roaming userprofiles. The profiles are stored in folders on a Win2003 Server. Every folder is owned by the specific user. This means, that no other User (even not a admin-account) can look in these folders and this means, NOD32 can not scan these folders.
    Is it possible to scan the folders without altering its owner or access rights? Maybe NOD32 has to be run as a certain service?

    Thank you very much in advance for your help!

    Greetings from rainy Germany!
     
  2. no_idea

    no_idea Registered Member

    Joined:
    Apr 1, 2009
    Posts:
    83
    The ekrn.exe process normally runs as the built-in "local system" account.

    I understand that privacy laws in Germany are very strict and forbid access for administrators to user data.
    You should however allow the local system account full control on any file!
    As it is strictly a technical account that cannot be used for interactive work, this should not conflict with your laws while allowing nod32 to do its work.

    (greetings from snowy Switzerland ;) )
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Since there's no error while cleaning message, I assume you ran a scan in "scan-only" mode with cleaning disabled.

    The local system account, under which ekrn runs, has access to all folders by default. So any scheduled scan should be able to scan inside those folders.
     
Thread Status:
Not open for further replies.