More Awesome Than You!

At the oppurtunity of a free virus scanner, I downloaded AVG. I scanned my computer, and AVG tells me that I have 14 infected files. Unfortunately, that's all it does. It won't heal them, quarantine them, or even delete them. So, the first question is whether or not this is normal.

Moving on, I know what these files are, and I have located them. They are deep within the Java folders. The second question is whether or not I should delete these manually. I haven't noticed any problems, but I don't really want to wait around for them to start.

Sounds normal to me. You can manually delete them if you wish, but you might just be a victim of the dreaded false positive. There could also be 15000 infected files that AVG isn't telling you about. Decisions decisions...  :P

You could try using the free online-scan at Panda: http://www.pandasoftware.com/

That found and removed a virus F-Secure told me was on my computer but could not delete. It removes any found viruses and alerts you if you have spyware. Spyware is not removed though.

Spybot has been on my computer for many years, and I wouldn't do without it. It's a great anti-spyware program. It detects, removes, and immunizes. And it's also free, a big plus in my book.

If it is in your Java Cache folder then it is probably Java Byte/Verify/ Trojan Java/Classloader. Although AVG identifies it as a virus, it is actually a malicious software trojan that takes advantage of a security vulnerability and is why AVG doesn't fix it. You usually get it by visiting a website that is coded to take advantage of the fact that an update didn't get done in time.

You can just delete these manually. They delete easily, unlike some viruses that refuse to let you delete them.

Your AVG should list the place where the files are stored, or do a search for them by name as AVG will name the files for you.

Then you should make sure that your Java gets the security update it needs. Here is the info about the problem:

http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

You can get the update at Microsoft Update. Sometimes you'll find that the update is already on your computer but the malicious files got put on before you did the update.

Would a regular virus programme not find that? I have avast, and up until now I am satisfied with it. It gives me less problems than McAffee and Norton ever did, I'd hate to find out it is ineffective. Maybe I should look for those trojans myself. I am now a little worried. I'll be visiting the microsoft site to see if it took care of the security update. Usually I let it install everything it tells me is available/absolutely necessary. I don't let it do it automatically as it always tries to bully me to do. I might be a little bit of a control freak.

The infected files are in Sun\Java\Deployment\cache\javapi\v1.0\jar. The extensions are are all .zip, .exe, and .class.

As for microsoft, AVG told me about the vulneribility, and to make sure I had the most recent updates. When I went to check, I couldn't due to some error with my Active X. I hope that isn't a symptom of the virus.

Those are the files I was talking about. Just delete everything that is in the Jar folder.

As for the active X problem, if you are using Windows XP sometimes a small bar will pop up just under your address or links bar (near the top of the browser). You then have to click on that bar and say allow the Active X for this page, or allow active X download..something like that.

EDIT:veilchen
I'm not familiar with that antivirus program, but from what I understand most antivirus programs as well as Ad Aware should find this particular problem.

The actual location is
 c:\documents and settings\your name\Sun\Java\Deployment\cache\javapi\v1.0\jar

You might have to turn on hidden folders in the folder options for it to show up. If you have more than one Windows account, you should check all the names. When I found mine it was in one account but not the others.

I use Windows 2000, but I never got anything asking for permission when it came to active x. It just wouldn't work.

As for deleting those files, are there any side-effects? I happen to use Java a lot, and I wouldn't want to screw it up.

You can delete ANYTHING that is in ANY cache folder. If the files are needed again, they will come back.

Windows 2000 doesn't have the pop-up bar like Win XP does. What is the exact error message you are getting?

Edit: just remembered, in Win 2000 you might have to change your security settings in your browser for active X to work at some sites. You can either lower the security setting, or tell it that Microsoft is safe and can do what it wants.

Nevermind. Problem solved.

That Panda Scan fixed everything. They did so well, I actually feel like giving them money!  :o

Thanks for all your help, everyone.

Thank you Magicmoon, I just finished searching and I seem to be alright. I frequently forget that I have set up limited accounts for my two godchildren on my computer, so I had to go back and do it again. I do love that I don't have to use the dial-up any longer, but it leaves me a bit paranoid about access to my computer from outside sources.

Cool. Everyone's happy. That doesn't happen too often, now does it?

Anyone want to tell me how to fix my internet at home?

And how to get my damn display back? (Says admin shut off access, but I am the admin)

Then I can be happy too.

(I know the internet should be working, because XBox Live works, but when I try to plug it in to the PC I don't get a connection)

well mate, i've an internet point with 10 pc  ... in 4 years that i use AVG Professional "Network Edition" (just with 10 licenses) i've never meet any kind of problem.. avg put all file a "quatantene" folder.. bug you can also delete the files by hand, or.. you can put the file in quarantene and then empty the folder periodically ;D

it will discover virus inside .rar, .zip .jar .arj .vbs and some macro for MSword ...

hm-hm.. for me.. #1 ;)

I have AVG, and it does heal, quarantine and delete infected files if it's at all possible to do so. Are you sure you actually downloaded it, and aren't just using their on-site scan?

Yeah, I downloaded it, but the problem is solved now.

First let's try the simple stuff.  Power cycle your entire network.  That means shut down the PC and unplug the router and modem.  Wait 30 seconds, then plug in just the modem.  When all the lights come back on, plug in the router (if you have one) and then reboot the PC.  That may be all it takes.

If that doesn't work, then we have to get more involved.  I dealt with a simple virus one time that just blocked access by switching all my apps to connect through 127.0.0.1.  If this is the case we just have to switch them back.  In Firefox, click Tools, Options, Connection Settings, then check Direct Connection to the Internet.  For IE its Tools, Internet Options, Connections, Lan Settings, then check Automatically Detect Settings.  After making changes, click OK then close the app and reopen it. 

If that doesn't work, then you'll need some portable media (flash drives are relatively cheap) so you can download a few things at work, or wherever you had access to post here.  You definitely need some type of antivirus software.  I recommend Avast Home Edition as it is free and allows you to schedule a boot level scan (scans before Windows loads, so any viruses are inactive and can't prevent the scan or prevent themselves from being deleted).  You can get it here: http://www.avast.com/.  You should also get both AdAware and  SpyBot S&D.  No adware detector catches everything, but between these two they catch about 95% of what is out there, and both are free.  One more small app to download: CWShredder, which specifically seeks out and deletes the entire family of CoolWebSearch trojans.  You can get it here: http://www.intermute.com/spysubtract/cwshredder_download.html.  Once you get these home, run them in the order you downloaded them:

1. Antivirus (preferrably a boot time scan with Avast)
2. AdAware
3. SpyBot
4. CWShredder

If 2, 3, and 4 close as soon as you open them, there is a specific variant of the CoolWebSearch trojan that does that; download and run PepiMK's  CoolWWWSearch.SmartKiller removal tool first from here: http://www.safer-networking.org/files/delcwssk.zip, then AdAware, SpyBot, and CWShredder will run properly.

If a virus or anything else is refusing to allow you to delete it, get GiPo@MoveOnBoot from http://www.gibinsoft.net/gipoutils/fileutil/rightview.htm#moveonb.  This will allow you to move or delete ANYTHING the next time the computer reboots.

Call your local plumber. The tubes are probably clogged full of crud and need to be rooted out.

Ted Stevens fan?  ;)

Mmkay, I will try the options gimmick. I can't download at work, but if that doesn't work I can always try my mom's pc.

Yeah, so no dice on the internet options.

And how does one edit admin options? I'm locked out of my display options, firewall settings, and task manager.

Oh yeah, and I keep getting "runtime error/mismatch 13" all the time.

Sounds like it's time to reformat and reinstall. Also, who or what exactly is your avatar supposed to be about this time? What part of fanporndom have you latched onto now?

I was afraid of that, but I expected it. Cannot do it myself since I am missing my vias raid gimmick. Oh well.

It's actually a book cover. I have that tattoo, so hence, the avatar. (And I'm a brunette, so it fits again)