Not sure where I should send a zip file which NOD32 indicates has multiple infiltrations. Is it sample@eset.com or support@eset.com? Right Clicking the file in Windows Explorer and doing a NOD32... results in On demand scanning of the zip file's directory results in: BTW NOD32 AMON resident module alerted me to this zip file when I was doing an Adaware scan and Adaware was unziping the files to a temp directory. I couldn't capture or quarantine these temporay unzipped files that AMON was alerting on because Adware was using them and when done would delete them. So I did an on demand scan of my entire hard drive to find out where the archive was located.
bob Take a look at these links. please encrypt any suspicious files with RAR or ZIP, protect the archive with password "infected" and send it to sample@eset.com (or samples@eset.com). The former is dedicated mostly to NewHeur_PE viruses. https://www.wilderssecurity.com/showthread.php?t=57459 https://www.wilderssecurity.com/showthread.php?t=63136
Also see: http://java.com/en/download/help/cache_virus.xml Here are the instructions on how to manually remove these malicious applets from the JRE cache directory: From the Start button, click Settings > Control Panel In the Control Panel, open the "Java Plug-in Control Panel" Select the Cache Tab Click the Clear button inside the Cache Tab, which will clear your JRE cache directory.
Thanks Ronjor and Stan999, Sent the zip file to samples@eset.com As for clearing the applets from the jre cache directory, my Java Control Panel JRE 1.5.0 doesn't have a cache tab. Nevertheless, I was able use the general tab and the delete button in the temporary internet box to get rid of these aplets. The only things remaining in the jre cache directory are empty javapi and tmp folders. Thanks again.
If something is detected by name, it's not necessary to submit it to Eset for analysis unless you suspect it to be a false positive which is almost unlikely to happen. Just imagine that the users would deluge us with thousands of Netsky samples detected by name - they would never get a response from Eset and also regular samples would get lost in such a heap of emails. Feel free to delete that archive.