Avast Positives: What Now?

[(PeteCresswell)]

Did an Avast boot-time scan on C: and it came up with 4
positives, all of which I told Avast to delete.

----------------------------------------
04/24/2012 13:45
Scan of all local drives

File C:\Documents and Settings\Kolon\Application
Data\Sun\Java\Deployment\cache\6.0\12\28d3bd0c-69d48f2f|>encode\ANSI.class
is infected by Java:Agent-DU [Expl], Deleted
File C:\Documents and Settings\Kolon\Application
Data\Sun\Java\Deployment\cache\6.0\12\28d3bd0c-69d48f2f|>encode\ISO.class
is infected by Java:Agent-GM [Expl], Deleted
File C:\Documents and Settings\Kolon\Application
Data\Sun\Java\Deployment\cache\6.0\12\28d3bd0c-69d48f2f|>setup\cp1251.class
is infected by Java:Agent-ASE [Expl], Deleted
File C:\Documents and Settings\Kolon\Application
Data\Sun\Java\Deployment\cache\6.0\12\28d3bd0c-69d48f2f|>setup\lang.class
is infected by Java:Agent-DM [Trj], Deleted

Scanning aborted
Number of searched folders: 8998
Number of tested files: 795422
Number of infected files: 4
------------------------------------------

Since they were all in Java's deployment cache, I'm wondering
where I stand.

Do I have a clean system? i.e. If I image it, can I call this a
virus-free image?

Is Java compromised?

 

[(PeteCresswell)]

Per David H. Lipman:

Java isn't compromised. They are Java exploits. Hopefully you used the
latest Sun Java v7 update 3 or v6 update 31. If you are up-to-date in Java
then it probebly was not a successful exploit. However you should scan
whole the system just in case.

Thanks.

I've got a legacy media app that dies if I inflict Java 7 on it,
so I've still got 6 and have turned Java's auto-updating off.

But it turns out that I only have Update 23.

I'm looking at the Java download page
(http://tinyurl.com/7hu833o) but can't figure out which "31" to
download.

The choices appear tb:

Windows x86 (32-bit) Kernel 0.87 MB
jre-6u31-windows-i586-iftw-k.exe

Windows x86 (32-bit) Online 0.87 MB
jre-6u31-windows-i586-iftw.exe

Windows x86 (32-bit) Offline 16.19 MB jre-6u31-windows-i586.exe

Or do I need all 3?

 

[VanguardLH]

Did an Avast boot-time scan on C: and it came up with 4
positives, all of which I told Avast to delete.

----------------------------------------
04/24/2012 13:45
Scan of all local drives

File C:\Documents and Settings\Kolon\Application
Data\Sun\Java\Deployment\cache\6.0\12\28d3bd0c-69d48f2f|>encode\ANSI.class
is infected by Java:Agent-DU [Expl], Deleted
File C:\Documents and Settings\Kolon\Application
Data\Sun\Java\Deployment\cache\6.0\12\28d3bd0c-69d48f2f|>encode\ISO.class
is infected by Java:Agent-GM [Expl], Deleted
File C:\Documents and Settings\Kolon\Application
Data\Sun\Java\Deployment\cache\6.0\12\28d3bd0c-69d48f2f|>setup\cp1251.class
is infected by Java:Agent-ASE [Expl], Deleted
File C:\Documents and Settings\Kolon\Application
Data\Sun\Java\Deployment\cache\6.0\12\28d3bd0c-69d48f2f|>setup\lang.class
is infected by Java:Agent-DM [Trj], Deleted

Scanning aborted
Number of searched folders: 8998
Number of tested files: 795422
Number of infected files: 4
------------------------------------------

Since they were all in Java's deployment cache, I'm wondering
where I stand.

Do I have a clean system? i.e. If I image it, can I call this a
virus-free image?

Is Java compromised?

Do you really need to have Java applets cached locally on your host
after you're done running them? If so, how big are they? How often do
you use them that caching is needed to eliminate the bandwidth to
download them again? Even if you revisit the same site every day, like
for a crossword puzzle or online game, if the Java applet is small than
you gain little by having a locally cached copy of it.

In Control Panel for the Java applet, use it to flush Java's cache.
Disable the "Temporary Internet Files" option. While you're there,
click on the "Delete Files" button to get rid of the old cached applets.

 

[(PeteCresswell)]

Per VanguardLH:

Do you really need to have Java applets cached locally on your host
after you're done running them? If so, how big are they? How often do
you use them that caching is needed to eliminate the bandwidth to
download them again? Even if you revisit the same site every day, like
for a crossword puzzle or online game, if the Java applet is small than
you gain little by having a locally cached copy of it.

I'm so clueless that I didn't even know about the caching.
Thanks.

In Control Panel for the Java applet, use it to flush Java's cache.
Disable the "Temporary Internet Files" option. While you're there,
click on the "Delete Files" button to get rid of the old cached applets.

Done.

 

[(PeteCresswell)]

Per David H. Lipman:

You definitely need to check your computer ASAP!

That's what prompted the OP.

I guess I'm about to scan it again too....

My first choice was Kaspersky, but I couldn't get to first base
with the graphical UI version - it kept doing weird things.

My fallback has been Avast's boot-time scan - which is something
of a PITA in that you have to sit there and watch it run in case
it catches something, issues a prompt, and then waits for user
input.

 

[Ernie B.]

My fallback has been Avast's boot-time scan - which is something
of a PITA in that you have to sit there and watch it run in case
it catches something, issues a prompt, and then waits for user
input.

Well, no. Open the Avast interface > Boot time scan > settings > "When a
threat is found > Move to Chest."

 

[s|b]

BTW: v6 update 32 and v7 update 4 have been released and it is stronngly
advised you update to either.

I can see Version 7 Update 4 (which I have installed), but I can only
see Version 6 Update 31. :-?

 

[FredW]

I can see Version 7 Update 4 (which I have installed), but I can only
see Version 6 Update 31. :-?

http://www.oracle.com/technetwork/java/javase/downloads/index-jsp-138363.html
you see on top Java SE 7u4,
page down for Java SE 6 Update 32

 

[s|b]

Half-way down the page...
http://www.oracle.com/technetwork/java/javase/downloads/index.html

Java SE 6 Update 32
http://www.oracle.com/technetwork/java/javase/downloads/jre-6u32-downloads-1594646.html

Tnx! (Both of you.)