Problem cleaning a virus

Last night during a scheduled scan NOD32 found an infiltration, actually 2 java viruses.

C:\Documents and Settings\Dan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv200.jar-28004791-598ad0aa.zip »ZIP »Dummy.class - Java/Dummy trojan

NOD32 said the infiltration could not be cleaned.
I tried to quarantine but got an error message.

Thinking it could possibly be a false alarm I went to Trend Micro online scan and it also picked up
the problem but with a different name.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A

Trend Micro also claimed the virus could not be cleaned.
When I tried to delete, I got the message "file in use can not be deleted".

Any suggestions?

How did this get in with NOD32 running? It's only been a few days since my last clean scan.
I'm using Blackspears advanced settings.

Thanks

Dan

 

It's in the applet cache...

Clean your browser and Java cache (for Java 2 > Control Panel > Java Plug-in > Cache Tab (varies slightly) > Click Clear Cache )

 

Thanks for the reply! I also found another thread on this but when I go to control panel
I don't see any option for java.

Dan

 

I disabled system restore and cleared the java cache. Re-boot and re-scan.
That seems to have fixed the problem. Thanks!

Now, how did it get there with NOD32 running and what do I need to do,
so this won't happen again?

I'm running NOD32 with Blackspears extra settings, Trojan Hunter, Spysweeper, Spybot S&D, Lavasoft Ad-Aware SE Plus, ZA Pro, Window Washer automatically cleans at browser close.

Dan

 

Since you're running the more common Sun Java instead of the now-unsupported (I think) Microsoft Java, this exploit poses no threat to you. It exploits the Microsoft Java Virtual Machine to allow those malicious files onto your computer through a usually hidden malicious Java applet. This is an old and common problem, but has yet to die out because of unsecure and unknowing users.

Oh, and these exploits, like many others, usually come from pornographic websites

 

Is there any way to stop it from getting in the system?
Wondering if the Firefox browser would be immune to this?

 

Not a browser issue, per se (unless you are using MS Java) but a Java issue. If you disable Java in FF, then Java won't work and any related Java issues disappear, as does any legit Java functionality

With the newer java, it downloads the malicious applet, but the applet is impotent.

 

Hi DanL:

This may be part of the answer you were seeking. The Java/Dummy was just added here:

NOD32 - v.1.977 (20050120)
Virus signature database updates:
IRC/SdBot.CVB, IRC/SdBot.CVC, IRC/SdBot.CVD, Java/Dummy

Setting up a Scheduled Scan using the Execution of an external application starting @ Post #20 here and having it scan when the virus signature database is updated, will assist with new detections.

I generally add the /delete switch in addition to the /clean so archives (which can not be cleaned) will be deleted. It depends upon how comfortable you are with automation. Using the Execution of an external application at this time does not place a copy in quarantine (option not available). No recovery is possible from within NOD32 using this method (in the case of a false positive), System Restore perhaps.