O problema ce ma tot sacaie:
Cand rulez Ad-Aware SE 1.06r1, se creaza dupa cateva secunde de rulare niste fisiere in Temp ce contin ceva virusi sau troieni:
Astfel se creaza fisierele:
C:\Documents and Settings\???\Local Settings\Temp\AAWTMP\C764406\263F34\NewSecurityClassLoader.class
C:\Documents and Settings\???\Local Settings\Temp\AAWTMP\C764406\263F34\NewURLClassLoader.class
care imi sunt raportate de Bitdefender ca infectate cu
Infected: Trojan.Exploit.Byteverify.G
Infected: Trojan.Java.Byteverify.Exploit.C
Infected: Backdoor.AZV.B
Infected: Trojan.Downloader.Small.BUV
Infected: Trojan.Java.Byteverify.Exploit.C
Infected: Trojan.Exploit.Byteverify.G
De ce imi apar acele temporare cu acei virusi doar cand pornesc Ad-Aware?
Ad-Aware nu mai gaseste imic altceva infectat. Doar in directorul lui creeat nou AAWTMP. Restul subdirectoarelor se tot schimba la fiecare pornire bineinteles...
Dar tot acele 2 fisiere sunt suspecte:
NewSecurityClassLoader.class
NewURLClassLoader.class
E vreo problema sau doar o alarma falsa?
Ad-aware nu are cum sa creeze (fisiere cu)virusi .Probabil ca el acceseaza acele fisiere in timpula scanarii si desigur acele fisiere fiind accesate sunt scanate si de BD care le gaseste ca virusi . Fa mai multe scanari online cu diferiti antivirusi .
Iata rezultatele:
File: NewURLClassLoader.class
AntiVir Found Java/Byteverify.G.3
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Java.Byteverify.Exploit.C
ClamAV Found nothing
Dr.Web Found Exploit.ByteVerify
F-Prot Antivirus Found nothing
Fortinet Found Java/ByteVer.S
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Exploit.ByteVerify
File: NewSecurityClassLoader.class
AntiVir Found Java/Byteverify.G.2
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Exploit.Byteverify.G
ClamAV Found nothing
Dr.Web Found Exploit.ByteVerify
F-Prot Antivirus Found nothing
Fortinet Found Java/ByteVer.S-tr
Kaspersky Anti-Virus Found nothing
NOD32 Found Java/Exploit.Bytverify
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Exploit.ByteVerify
Si o alta scanare online:
This is a report processed by VirusTotal on 01/04/2006 at 18:35:48 (CET) after scanning the file "NewSecurityClassLoader.class" file.
Antivirus Version Update Result
AntiVir 6.33.0.74 01.04.2006 Java/Byteverify.G.2
Avast 4.6.695.0 01.03.2006 no virus found
AVG 718 01.03.2006 no virus found
Avira 6.33.0.74 01.04.2006 Java/Byteverify.G.2
BitDefender 7.2 01.04.2006 Trojan.Exploit.Byteverify.G
CAT-QuickHeal 8.00 01.04.2006 no virus found
ClamAV devel-20051123 01.04.2006 no virus found
DrWeb 4.33 01.04.2006 Exploit.ByteVerify
eTrust-Iris 7.1.194.0 01.04.2006 Java/ByteVerify!Exploit!Trojan
eTrust-Vet 12.4.1.0 01.04.2006 Java/ByteVerify!exploit
Ewido 3.5 01.03.2006 no virus found
Fortinet 2.54.0.0 01.04.2006 Java/ByteVer.S-tr
F-Prot 3.16c 01.02.2006 no virus found
Ikarus 0.2.59.0 01.04.2006 no virus found
Kaspersky 4.0.2.24 01.04.2006 no virus found
McAfee 4667 01.04.2006 no virus found
NOD32v2 1.1351 01.03.2006 Java/Exploit.Bytverify
Norman 5.70.10 12.31.2006 no virus found
Panda 9.0.0.4 01.04.2006 Exploit/ByteVerify
Sophos 4.01.0 01.04.2006 no virus found
Symantec 8.0 01.04.2006 no virus found
TheHacker 5.9.2.067 01.02.2006 no virus found
UNA 1.83 01.04.2006 no virus found
VBA32 3.10.5 01.04.2006 Exploit.ByteVerify
This is a report processed by VirusTotal on 01/04/2006 at 18:39:58 (CET) after scanning the file "NewURLClassLoader.class" file.
Antivirus Version Update Result
AntiVir 6.33.0.74 01.04.2006 Java/Byteverify.G.3
Avast 4.6.695.0 01.03.2006 no virus found
AVG 718 01.03.2006 no virus found
Avira 6.33.0.74 01.04.2006 Java/Byteverify.G.3
BitDefender 7.2 01.04.2006 Trojan.Java.Byteverify.Exploit.C
CAT-QuickHeal 8.00 01.04.2006 no virus found
ClamAV devel-20051123 01.04.2006 no virus found
DrWeb 4.33 01.04.2006 Exploit.ByteVerify
eTrust-Iris 7.1.194.0 01.04.2006 Java/ByteVerify!Exploit!Trojan
eTrust-Vet 12.4.1.0 01.04.2006 Java/ByteVerify!exploit
Ewido 3.5 01.03.2006 no virus found
Fortinet 2.54.0.0 01.04.2006 Java/ByteVer.S
F-Prot 3.16c 01.04.2006 no virus found
Ikarus 0.2.59.0 01.04.2006 no virus found
Kaspersky 4.0.2.24 01.04.2006 no virus found
McAfee 4667 01.04.2006 no virus found
NOD32v2 1.1351 01.03.2006 no virus found
Norman 5.70.10 12.31.2006 no virus found
Panda 9.0.0.4 01.04.2006 Exploit/ByteVerify
Sophos 4.01.0 01.04.2006 no virus found
Symantec 8.0 01.04.2006 no virus found
TheHacker 5.9.2.067 01.02.2006 no virus found
UNA 1.83 01.04.2006 no virus found
VBA32 3.10.5 01.04.2006 Exploit.ByteVerify
Nu stiu ce sa mai cred
Acele fisiere sunt create doar de Ad Aware in timpul rularii
File: NewURLClassLoader.class
AntiVir Found Java/Byteverify.G.3
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Java.Byteverify.Exploit.C
ClamAV Found nothing
Dr.Web Found Exploit.ByteVerify
F-Prot Antivirus Found nothing
Fortinet Found Java/ByteVer.S
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Exploit.ByteVerify
File: NewSecurityClassLoader.class
AntiVir Found Java/Byteverify.G.2
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Exploit.Byteverify.G
ClamAV Found nothing
Dr.Web Found Exploit.ByteVerify
F-Prot Antivirus Found nothing
Fortinet Found Java/ByteVer.S-tr
Kaspersky Anti-Virus Found nothing
NOD32 Found Java/Exploit.Bytverify
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found Exploit.ByteVerify
Si o alta scanare online:
This is a report processed by VirusTotal on 01/04/2006 at 18:35:48 (CET) after scanning the file "NewSecurityClassLoader.class" file.
Antivirus Version Update Result
AntiVir 6.33.0.74 01.04.2006 Java/Byteverify.G.2
Avast 4.6.695.0 01.03.2006 no virus found
AVG 718 01.03.2006 no virus found
Avira 6.33.0.74 01.04.2006 Java/Byteverify.G.2
BitDefender 7.2 01.04.2006 Trojan.Exploit.Byteverify.G
CAT-QuickHeal 8.00 01.04.2006 no virus found
ClamAV devel-20051123 01.04.2006 no virus found
DrWeb 4.33 01.04.2006 Exploit.ByteVerify
eTrust-Iris 7.1.194.0 01.04.2006 Java/ByteVerify!Exploit!Trojan
eTrust-Vet 12.4.1.0 01.04.2006 Java/ByteVerify!exploit
Ewido 3.5 01.03.2006 no virus found
Fortinet 2.54.0.0 01.04.2006 Java/ByteVer.S-tr
F-Prot 3.16c 01.02.2006 no virus found
Ikarus 0.2.59.0 01.04.2006 no virus found
Kaspersky 4.0.2.24 01.04.2006 no virus found
McAfee 4667 01.04.2006 no virus found
NOD32v2 1.1351 01.03.2006 Java/Exploit.Bytverify
Norman 5.70.10 12.31.2006 no virus found
Panda 9.0.0.4 01.04.2006 Exploit/ByteVerify
Sophos 4.01.0 01.04.2006 no virus found
Symantec 8.0 01.04.2006 no virus found
TheHacker 5.9.2.067 01.02.2006 no virus found
UNA 1.83 01.04.2006 no virus found
VBA32 3.10.5 01.04.2006 Exploit.ByteVerify
This is a report processed by VirusTotal on 01/04/2006 at 18:39:58 (CET) after scanning the file "NewURLClassLoader.class" file.
Antivirus Version Update Result
AntiVir 6.33.0.74 01.04.2006 Java/Byteverify.G.3
Avast 4.6.695.0 01.03.2006 no virus found
AVG 718 01.03.2006 no virus found
Avira 6.33.0.74 01.04.2006 Java/Byteverify.G.3
BitDefender 7.2 01.04.2006 Trojan.Java.Byteverify.Exploit.C
CAT-QuickHeal 8.00 01.04.2006 no virus found
ClamAV devel-20051123 01.04.2006 no virus found
DrWeb 4.33 01.04.2006 Exploit.ByteVerify
eTrust-Iris 7.1.194.0 01.04.2006 Java/ByteVerify!Exploit!Trojan
eTrust-Vet 12.4.1.0 01.04.2006 Java/ByteVerify!exploit
Ewido 3.5 01.03.2006 no virus found
Fortinet 2.54.0.0 01.04.2006 Java/ByteVer.S
F-Prot 3.16c 01.04.2006 no virus found
Ikarus 0.2.59.0 01.04.2006 no virus found
Kaspersky 4.0.2.24 01.04.2006 no virus found
McAfee 4667 01.04.2006 no virus found
NOD32v2 1.1351 01.03.2006 no virus found
Norman 5.70.10 12.31.2006 no virus found
Panda 9.0.0.4 01.04.2006 Exploit/ByteVerify
Sophos 4.01.0 01.04.2006 no virus found
Symantec 8.0 01.04.2006 no virus found
TheHacker 5.9.2.067 01.02.2006 no virus found
UNA 1.83 01.04.2006 no virus found
VBA32 3.10.5 01.04.2006 Exploit.ByteVerify
Nu stiu ce sa mai cred
Acele fisiere sunt create doar de Ad Aware in timpul rularii
Dezinstaleaza versiunea pe care o ai, sterge fisierele acelea suspecte si downloadeaza si intaleaza adaware de aici Lavasoft si verifica daca iti creeaza aceleasi fisiere si daca bitdefenderul "urla" iar.
Dezinstalat Ad Aware, am pus versiunea indicata (tot aia o aveam si eu). Acelasi rezultat: "urla" BD ca gaseste 5 chestii ce nu-i plac.
Sa pun F-prot cum mi-ai recomandat aici ?
Sunt alarme false totusi? Prea multi antivirusi zic ca ar fi chiar virusi. Ce sa fie?
EDIT:
Cred ca am gasit cauza.
Am gasit intr-un zip cele 2 fisiere cu pricina:
C:\Documents and Settings\??\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-79971187-452ae83d.zip
Acolo sunt chiar cele 2 fisiere care sunt infectate:
NewSecurityClassLoader.class
NewURLClassLoader.class
Cand am dat sa scaneze si in arhive s-au gasit aceleasi fisiere infectate aici.
Dar chiar daca sterg acel zip el tot apare. Am sa incerc sa fac un update la Java. Se pare ca acolo e problema (parca am citit pe undeva tot pe aici). Am sa vad ce varianta de Java am instalata.
Dar cum reapare acel zip chiar daca il sterg?
Vad ca am Java Runtime Version 1.5.0_05
Am sa fac chiar acum un update la Version 5.0 Update 6.
Sa pun F-prot cum mi-ai recomandat aici ?
Sunt alarme false totusi? Prea multi antivirusi zic ca ar fi chiar virusi. Ce sa fie?
EDIT:
Cred ca am gasit cauza.
Am gasit intr-un zip cele 2 fisiere cu pricina:
C:\Documents and Settings\??\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-79971187-452ae83d.zip
Acolo sunt chiar cele 2 fisiere care sunt infectate:
NewSecurityClassLoader.class
NewURLClassLoader.class
Cand am dat sa scaneze si in arhive s-au gasit aceleasi fisiere infectate aici.
Dar chiar daca sterg acel zip el tot apare. Am sa incerc sa fac un update la Java. Se pare ca acolo e problema (parca am citit pe undeva tot pe aici). Am sa vad ce varianta de Java am instalata.
Dar cum reapare acel zip chiar daca il sterg?
Vad ca am Java Runtime Version 1.5.0_05
Am sa fac chiar acum un update la Version 5.0 Update 6.
Ati citit asta ?
http://forum.softpedia.com/index.php?showtopic=31174
Trojan.Exploit.Byteverify.G
Start --> Control Panel --> Other Control Panel Options (XP) --> Java --> delete temporary files
Trojan.Exploit.Byteverify.G e un exploit care nu poate face nimic daca Java este la zi cu updateurile.
Daca nu ai Java 5 Version 6, dezinstaleaza versiunea veche si vulnerabila si instaleaza ultima versiune:
http://java.sun.com/j2se/1.5.0/download.jsp --> JRE 5.0 Update 6
http://forum.softpedia.com/index.php?showtopic=31174
QUOTE(Daisuke)
Atentie
In timp ce AdAware scaneaza unii antivirusi semnaleaza prezenta unui virus in %temp% folder. Acesta avertizare apare datorita faptului ca AdAware decomprima fisiere pentru a le scana.
Daca in carantina AV exista virusi, AdAware ii va decomprima si scana, fara sa-i activeze. Si acest lucru poate declansa o avertizare din partea antivirusului.
In timp ce AdAware scaneaza unii antivirusi semnaleaza prezenta unui virus in %temp% folder. Acesta avertizare apare datorita faptului ca AdAware decomprima fisiere pentru a le scana.
Daca in carantina AV exista virusi, AdAware ii va decomprima si scana, fara sa-i activeze. Si acest lucru poate declansa o avertizare din partea antivirusului.
Trojan.Exploit.Byteverify.G
Start --> Control Panel --> Other Control Panel Options (XP) --> Java --> delete temporary files
Trojan.Exploit.Byteverify.G e un exploit care nu poate face nimic daca Java este la zi cu updateurile.
Daca nu ai Java 5 Version 6, dezinstaleaza versiunea veche si vulnerabila si instaleaza ultima versiune:
http://java.sun.com/j2se/1.5.0/download.jsp --> JRE 5.0 Update 6
QUOTE(Daisuke @ Jan 4 2006, 21:28) 
Daca nu ai Java 5 Version 6, dezinstaleaza versiunea veche si vulnerabila si instaleaza ultima versiune:
http://java.sun.com/j2se/1.5.0/download.jsp --> JRE 5.0 Update 6
http://java.sun.com/j2se/1.5.0/download.jsp --> JRE 5.0 Update 6
Trebuie neaparat dezinstalata vechea versiune?
Eu am facut un update.
Sa dau jos totul si sa pun doar ultima versiune?
QUOTE
Trebuie neaparat dezinstalata vechea versiune?
Da, pentru ca versiunea veche poate fi exploatata in continuare daca nu o dezinstalezi.
Aceasta este o versiune simplificatã a paginii originale. Pentru a vizita versiunea originala click aici.