NOD32 detected these files

Discussion in 'NOD32 version 2 Forum' started by glenpinn, Nov 15, 2005.

Thread Status:
Not open for further replies.
  1. glenpinn

    glenpinn Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    26
    hi there, 1st post here.

    i just installed NOD32 2.5 and ran a scan on my c/drive and found these 10 files, 7 of which are inactive, 3 were active and i cant seem to delete them.

    i have also attached a screenshot of the log or whatever it is, which is where it detects the file but i cant select the delete button, it just allows me to select the LEAVE option.

    can anyone tell me what the files are and why are they all related to this sun\java\deployment\cache file.

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv698.jar-2ad2754e-5d858a90.zip »ZIP »Matrix.class - a variant of Java/TrojanDownloader.OpenConnection trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv698.jar-2ad2754e-5d858a90.zip »ZIP »Counter.class - Java/ClassLoader.H trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv698.jar-2ad2754e-5d858a90.zip »ZIP »Dummy.class - Java/Dummy trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv698.jar-2ad2754e-5d858a90.zip »ZIP »Parser.class - Java/ClassLoader.B trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-1eb6e4e2.zip »ZIP »b.class - Java/ClassLoader.F trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-1eb6e4e2.zip »ZIP »c.class - Java/Exploit.Bytverify.K trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-1eb6e4e2.zip »ZIP »d.class - Java/TrojanDownloader.OpenConnection.F trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-4b966cff.zip »ZIP »b.class - Java/ClassLoader.F trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-4b966cff.zip »ZIP »c.class - Java/Exploit.Bytverify.K trojan

    C:\Documents and Settings\GAP\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-653852dd-4b966cff.zip »ZIP »d.class - Java/TrojanDownloader.OpenConnection.F trojan

    any thoughts appreciated, and i found NOD32 to be good at what it does, scans fast, but a more difficult program to setup and configure than bitdefender or kaspersky, and i personally dont like the interface, bitdefender and kaspersky much easier to use.

    cheers.....GLEN
     

    Attached Files:

  2. kjempen

    kjempen Registered Member

    Joined:
    May 6, 2004
    Posts:
    379
    See this link. As for how to "clean" your computer, just open the archives flagged by NOD32 and delete whatever is inside them; it's not dangerous, archives are harmless, and there's not anything important as it's all in the Java cache. You probably got this stuff while visiting a web site that had malicious java code embedded.

    EDIT: As far as I know, java code (and other scripting languages used on web sites) can be executed before it's even downloaded to your hard drive. To stay safe from this you need an antivirus with HTTP scanning capabilities (like NOD32) or some kind of script blocker. (Or you can change your surfing habits.)

    PS! NOD32 doesn't delete infected archives or files inside archives, that is something you have to do by hand (manually).
     
    Last edited: Nov 15, 2005
  3. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    See the info on this malware:

    Java/TrojanDownloader.OpenConnection.F - see HERE



    Java/Exploit.Bytverify.K - see HERE

    Java/ClassLoader.F - HERE


    Java/ClassLoader.B - HERE

    Java/Dummy - Here

    Java/ClassLoader.H - HERE

    As for the file detected as a variant of Java/TrojanDownloader.OpenConnection, I suggest you send it to Eset for analysis through quarantine. :)

    And BTW, these are all, in some way, connected to the ByteVerify exploit. Make sure your Windows is updated nicely, and see this page:

    http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Don't forget you can configure NOD's on-demand scanner to delete the infected archives automatically, just remember to tick 'copy to quarantine' if the archive should contain any data you wish to save.
     

    Attached Files:

  5. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
  6. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Yes, these are Java applets that are downloaded and stored in a folder. You can just go into the Windows Control Panel --> Java and choose to "Clear Cache", or "Delete Temporary Internet Files" in newer versions of the Java plug-in (seems like Sun is borrowing a little terminology from Microsoft here).

    This will get rid of all the files in the Java cache, both good files and bad. Not to worry. Any Java applets that you need in the future will be downloaded automatically the next time you need them.
     
  7. glenpinn

    glenpinn Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    26
    thanks everyone, it had me stumped there for a bit, i delete my temp internet files every nite by rule, and thats where ewido and spy sweeper seem to locate a lot of rubbish in a scan, so too did kaspersky and nod32.

    if i cant delete those 3 files, ill find them in the sun cache folder and manually delete them if i can.

    im thinking of re-installing kaspersky as i really dont like the way NOD32 runs, and i hate the interface, too much crap to go thru, its not as good, or easy as bitdefender (which i think is the easiest by far) followed close by kaspersky.

    the only thing i dont like with kaspersky is whenever i do anything on my pc, copy files from a disc, download etc it seems to run a mini scan and it lags my pc while its doing it. maybe its another issue, but anyway im trying to stay with nod32 but ill go look at that user guide u mentioned above.

    cheers everyone.....GLEN
     
Thread Status:
Not open for further replies.