Ping Dr. D. Lipman re:what's with Sun Java and viruses?

[Moe Hair]

Ok - did the following as per your instructions and while no viruses were
found durind safeboot, upon re-running Trend Micro's sysclean in normal
mode, Avast found the vbs.redlof virus in the sysclean.exe file, which I
understand has happened before to several people. I was able to move it to
the chest, though. I'm assuming this is a false positive - correct? I'm
running a Windows 2000 Pro OS.


Anyway, here's the only errors in the sysclean log. These errors occurred
in both the safe and normal boots. I substituted admin for the name of the
user:



2005-03-31, 08:57:50, An error occurred while scanning file "E:\Documents
and Settings\admin\NTUSER.DAT": Access is denied.
2005-03-31, 08:57:50, An error occurred while scanning file "E:\Documents
and Settings\admin\ntuser.dat.LOG": Access is denied.
2005-03-31, 08:59:13, An error occurred while scanning file "E:\Documents
and Settings\admin\Local Settings\Application Data\Microsoft\Windows
\UsrClass.dat": Access is denied.
2005-03-31, 08:59:13, An error occurred while scanning file "E:\Documents
and Settings\admin\Local Settings\Application Data\Microsoft\Windows
\UsrClass.dat.LOG": Access is denied.
2005-03-31, 09:03:59, An error was detected on "E:\System Volume
Information\*.*": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\default": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\default.LOG": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SAM": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SAM.LOG": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SECURITY": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SECURITY.LOG": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\software": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\software.LOG": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\system": Access is denied.
2005-03-31, 09:06:06, An error occurred while scanning file "E:\WINNT
\system32\config\SYSTEM.ALT": Access is denied.
2005-03-31, 09:06:49, An error occurred while scanning file "E:\WINNT
\Temp\JET3712.tmp": Access is denied.


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:h3n1e.25755$b_6.20875@trnddc01:

> From: "Moe Hair" <mohair@nospam.com>
>
>| Bootscan checks by my Avast program has been consistently finding
>| viruses such as the following in my Sun/Java directories such as the
>| following:
>|
>| 3/26/2005 4:35:28 PM SYSTEM 600 Sign of "JS:NoCheat-2" has been found
>| in "C:\Documents and Settings\Application
>| Data\Sun\Java\Deployment\cache
>| \javapi\v1.0\file\BlackBox.class-2ca97015-1848c13f.class" file.
>| 3/26/2005 4:39:06 PM SYSTEM 600 Sign of "VBS:Malware [Gen]" has been
>| found in "C:\Documents and Settings\Application
>| Data\Sun\Java\Deployment
>| \cache\javapi\v1.0\file\Dummy.class-4e92308d-1c5bde93.class" file.
>|
>| Anybody experiencing the same?
>
> I haven't experienced one infected .CLASS file or a .CLASS file in a
> Java Jar with a Trojan but I have assisted many who have.
>
> 1) Dump the contents of your IE cache -
> Start --> settings --> control panel --> Internet options -->
> delete files
>
> 2) Dump the contents of your Sun Java cache -
> Start --> settings --> control panel --> Java applet --> cache
> --> clear
> or
> Start --> settings --> control panel --> Java applet -->
> general --> settings --> delete files
>
> 3) Download the following two items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend signature files.
> http://www.trendmicro.com/download/pattern.asp
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
> Download SYSCLEAN.COM and place it in that directory.
> Download the Trend Pattern File by obtaining the ZIP file.
> For example; lpt518.zip
>
> Extract the contents of the ZIP file and place the contents in the
> same directory as SYSCLEAN.COM .
>
> 4) Disable System Restore
> http://vil.nai.com/vil/SystemHelpDoc...SysRestore.htm
> 5) Reboot your PC into Safe Mode then shutdown as many
> applications as possible. 6) Using the Trend Sysclean utility,
> perform a Full Scan of your platform and
> clean/delete any infectors found
> 7) Restart your PC and perform a "final" Full Scan of your
> platform 8) Re-enable System Restore and re-apply any System
> Restore preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
> 9) Reboot your PC.
> 10) Create a new Restore point
>
> * Please report back your results *
>
>