Endpoint Protection

 View Only

  • 1.  Can't Clean off Downlader Virus

    Posted Apr 14, 2009 01:52 PM
    Currently using version 9.01 on xp machines with up to date virus defs.   I have a two users that get the following virus in their log files:

    File name :   jvmimpro.jar-51fad18-7564bc04.zip>>vmain.class   
    Location:...\aplication data\sun\java\deployment\cache\javapi\V1.0\Jar\ 
    Threat: Downloader
    Action Taken: Left Alone

    My system center tells me the that the primary and secondary action in the log file is 'Leave Alone (log Only)' even though the local machine settings are to 'remove' then 'quarantine'

    After reading some posts, I deleted the java cache. After a complete scan, the machine comes up clean only to have the file show up again the next day.

    My users are savy, and after talking with them I do not think they opened any files on the web today that caused this to show up again.

    Any ideas on how I can get rid of this?

    Thanks





  • 2.  RE: Can't Clean off Downlader Virus

    Posted Apr 14, 2009 02:19 PM
    Have you submitted it to make sure it's not a false alert?
    I see thos now and then, too - I simply ignore them in our case, and the next scan, the machine is clean.
    Since the files are simply compressed containers, Symantec should be able to look at them and tell what's up.
    I'd submit a sample - quarantine one, submit and see what they say.
    Response has been quick lately.
    In one case recently, I got a response back in an hour.


  • 3.  RE: Can't Clean off Downlader Virus

    Posted Apr 14, 2009 02:54 PM
    Thank you, I will do that.  I have 120 pc's in the dept and have about 6 that I am having problems cleanning.  I have been able to solve a few but this one has stumped me.  This has been showing up every day since I started working here.. about two weeks.  I will submit it and see if it is somthing I should be concerned with.



  • 4.  RE: Can't Clean off Downlader Virus

    Posted Apr 14, 2009 03:48 PM

    I am not able to get to the file that Symantic is telling me is infected.  I have tried both exployer and the DOS cd command.

    The file is located in path:

    c:\documents and settings\user name\Application Data\Sun\Java\Deployment\cache\javaapi\v1.0\jar\

    I cannot get past the javaapi directory.  In dos it says there are 2 files (the '.' and the '..') and zero bytes.

    Does java put this in a directory that I cannot unhide?

    Thanks


  • 5.  RE: Can't Clean off Downlader Virus

    Posted Apr 14, 2009 11:59 PM
    HI Dave,

    The very first thing which i would recommned you is to uninstall SAV 9.0 as it is no more supported by Symantec Team.

    Either install ver. 10 (10.1 MR8) or SEP (MR4mp1a).

    SEP is much more advance as compare to SAV 9.0 / 10.

    Rgrds,
    SAM


  • 6.  RE: Can't Clean off Downlader Virus

    Posted Apr 16, 2009 03:50 PM
    Will do,

    Thanks for your reply.

    Dave