AVG Free version and Java virus

[SCraig]

I've been using the free version of AVG 7 for awhile. Each time it runs it
finds five viruses in the JavaByteVerify and Java/Class Loader area. It
never gets rid of them. My question is why not? Can anyone explain this
for me? I thought the idea was to identify and delete the viruses.

Thanks,
Craig

 

[Ron Lopshire]

I've been using the free version of AVG 7 for awhile. Each time it runs it
finds five viruses in the JavaByteVerify and Java/Class Loader area. It
never gets rid of them. My question is why not? Can anyone explain this
for me? I thought the idea was to identify and delete the viruses.

Craig,

Java has been a security nightmare for quite some time. And much of it
surrounds its inept installer(s). If I were going to use Java, here is
what I would do.

1) Uninstall _all_ versions of Java on your system.
2) Search through the HD for all files associated with Java/JRE. Clean
as necessary.
3) Search through the Registry for all keys associated with Java/JRE.
Clean as necessary.
4) Download and install the latest, greatest version of Java.

See if that makes AVG happy. If not submit the suspect files to Virus
Total and/or Jotti for the purpose of determining whether they are FPs
or not.

(http://www.virustotal.com/)
(http://virusscan.jotti.org/)

If you are going to use Java, you absolutely, positively must keep it
up-to-date. And that always includes an uninstall/reinstall.

Ron

 

[SCraig]

Craig,

Java has been a security nightmare for quite some time. And much of it
surrounds its inept installer(s). If I were going to use Java, here is
what I would do.

1) Uninstall _all_ versions of Java on your system.
2) Search through the HD for all files associated with Java/JRE. Clean
as necessary.
3) Search through the Registry for all keys associated with Java/JRE.
Clean as necessary.
4) Download and install the latest, greatest version of Java.

See if that makes AVG happy. If not submit the suspect files to Virus
Total and/or Jotti for the purpose of determining whether they are FPs
or not.

(http://www.virustotal.com/)
(http://virusscan.jotti.org/)

If you are going to use Java, you absolutely, positively must keep it
up-to-date. And that always includes an uninstall/reinstall.

Ron

My question though is why doesn't AVG delete these viruses since it finds
them? Also, isn't Java a pretty standard and heavily used program? How
could I not run it which I'm using my computer?

 

[David H. Lipman]

From: "SCraig" <[email protected]>


You have a a Java Trojan in a .CLASS file inside a Java Jar (ZIP type file). AVG can unzip
and scan inside of the Java Jar but it is unable to delete the trjoanized .CLASS file and
repackage the Java Jar.

If you are using any version of Sun Java that is prior to JRE Version 5.0 update 6,
then you are strongly urged to remove any/all versions that are prior to JRE/JSE
Version 5.0 update 6. There are vulnerabilities in them and they are actively being
exploited. It is possible that is how you got infected with malware.

Therefore, it is highly suggested that if there are any prior versions of Sun Java
to Version 5 update 6 on the PC that they be removed ASAP.

The latest version is Sun Java JRE/JSE Version 5.0 Update 8

Simple check, look under...
C:\Program Files\Java

The only folder under that folder should be the latest version.

Such as...
C:\Program Files\Java\jre1.5.0_08

http://www.java.com/en/download/manual.jsp

or

http://java.sun.com/javase/downloads/index.jsp

FYI:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102557-1

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

4) Re-scan your system using your anti virus software.

 

[Sanjaya]

I've been using the free version of AVG 7 for awhile. Each time it runs it
finds five viruses in the JavaByteVerify and Java/Class Loader area.

[snip]

Follow the advice given by Ron and David.
You can also empty the Java cache.
Control Panel (Classic view) > dbl click "Java Plug-in" > "Cache" tab
Click the "Clear" button

 

[Mich]

I've been using the free version of AVG 7 for awhile. Each time it runs it
finds five viruses in the JavaByteVerify and Java/Class Loader area. It
never gets rid of them. My question is why not? Can anyone explain this
for me? I thought the idea was to identify and delete the viruses.

Thanks,
Craig

If I'm not mistaken the files in that Java directory are zipped therefore
compressed and that would, as I recall, could interfere with the removal,
go to the Java Dir. look for zipped files, delete (or delete the whole Java
Dir. and reinstall.

Mich...

 

[Mich]

I've been using the free version of AVG 7 for awhile. Each time it runs it
finds five viruses in the JavaByteVerify and Java/Class Loader area. It
never gets rid of them. My question is why not? Can anyone explain this
for me? I thought the idea was to identify and delete the viruses.

Thanks,
Craig

If I'm not mistaken the files in that Java directory are zipped therefore
compressed and that would, as I recall, could interfere with the removal,
go to the Java Dir. look for zipped files, delete (or delete the whole Java
Dir. and reinstall.

Mich...

 

[David H. Lipman]

From: "Mich" <[email protected]>

| If I'm not mistaken the files in that Java directory are zipped therefore
| compressed and that would, as I recall, could interfere with the removal,
| go to the Java Dir. look for zipped files, delete (or delete the whole Java
| Dir. and reinstall.
|
| Mich...
|

They are called Java Jars and store .CLASS files, Java Jars are ZIP type files.

The problem is anti virus software can scan inside an archive file such as a Java Jars but
can't delete a file from within and then repackage the archive file. In the case of Java
Jars with trojanized .CLASS files within, it is best to just delete the Java Jars.

 

[David H. Lipman]

From: "Mich" <[email protected]>

| If I'm not mistaken the files in that Java directory are zipped therefore
| compressed and that would, as I recall, could interfere with the removal,
| go to the Java Dir. look for zipped files, delete (or delete the whole Java
| Dir. and reinstall.
|
| Mich...
|

They are called Java Jars and store .CLASS files, Java Jars are ZIP type files.

The problem is anti virus software can scan inside an archive file such as a Java Jars but
can't delete a file from within and then repackage the archive file. In the case of Java
Jars with trojanized .CLASS files within, it is best to just delete the Java Jars.