4 Replies Latest reply on Jan 7, 2011 8:27 PM by Pharmerbill

    microsoft OneCare Virus detected

      Just did scan and it found 2 instances of bpac/a.class which may be a variant of JAVA/Pesc.F...I found it on the net and it hides in Java Cache evidently McAfee hasn't detected it..said to use Combofix with caution!! another guy used Avira to get rid of it..sounded easier. Microsoft tech help told the guy to fix the virus with combofix. I looked at McAfee library and could find nothing about this. Microsoft said combofix is "extremely powerful" and that most antivirus programs recognize it as a trojan. I downloaded to desktop before disabling McAfee and box popped up saying a trojan had been removed, but I can't find any record in the log..to rename the app and load it to desktop. Then to temporarily disable all virus programs and then run it..said would reset some internet settings, make combofix home page, disable autoplay...sounded kinda fishy..also supposed microsoft tech help logo didn't look right.. What should I do? looked at scan from last night and it lists 2 Trojans found but not what action was taken that I can see  HELP PLEASE

        • 1. Re: MS Safe Scan found Exploit:Java/CVE-2010-0840.W

          Ran a couple of virus removal programs and ran scan again..McAfee identified the "combofix" virus removal product I had downloaded to fix Java problem as a Trojan and quarantined it so I didn't run combofix. McAfee has not found my problem viruses ever. Microsoft OneCare  Safe Scan found:   Exploit:Java/CVE-2010-0840.W    .

          I am running Vista Home Basic on Inspiron 531S machine using McAfee Security Center and Windows Firewall..McAfee is running all the time and I thought up to date since on automatic update schedule..also windows firewall is on automatic update.Did Malwarebytes(up to date) and Windows malicious software removal with no luck..Can someone please help me remove these 2 infected files:

          c:\documents and settings\bill\appdata\locallow\sun\java\deployment\cache\6.0\13\592c9e0d-41a160 b2   and

          c:\users\bill\appdata\locallow\sun\java\deployment\cache\6.0\13\592c9e0d-41a160b 2

           

          Help Please and THANKS

          P.S. Ran McAfee Virtual technician and it said virus DAT files needed updated so I clicked update..Why is automatic update not doing that automaticly?

          • 2. Re: MS Safe Scan found Exploit:Java/CVE-2010-0840.W

            Hello,

             

            You should not be advised to run Combofix unless under the supervision of a trained analyst.

             

            Clear your Java/Browser cache:

            http://www.java.com/en/download/help/plugin_cache.xml

             

            Then uninstall the current version of Java you have installed...it looks like your are running update 13?

             

            If this is the case, please update Java to update 23.

            http://www.java.com/en/download/

             

            I suggest you keep your third-party programs up to date, if not, they will be exploited.

            https://secunia.com/vulnerability_scanning/personal/

             

            Good luck.

            1 of 1 people found this helpful
            • 3. Re: MS Safe Scan found Exploit:Java/CVE-2010-0840.W

              Karthick T. from McAfee tech support did take-over of my computer last night (early morning) 1:30 AM. He downloaded tools and looked at some files and said that I didn't have an infection...I gave him the file path or address of the the two infected files and I watched him try to access the  one in documents and settings and he got a box saying "access denied" a classic sign that he was being blocked by the virus..I looked at the scan results for the auto-

              matic scan done at 2:30 AM and saw this:

              McAfee Protection Report after Remote Assistance.jpg

              The scan done by McAfee found 2 Trojans at 2:30AM shortly after Karthick T said I didn't have any viruses(session pin was CS895881951) I then scanned with Microsoft Safe Scan again and found the same 2 infected files. I did as you suggested two or 3 times(deleted Java temp. files uinstalled Java and then reinstalled... Disabled System Restore and rebooted..did ccleaner to get rid of remnants, did another scan and found the same 2 infected files I don't know what to do now, do you have any more ideas???.

              THANKS PHARMERBILL

              PS: I was already running Java version 6 build 23(most up to date..I checked at Java site)

              • 4. Re: MS Safe Scan found Exploit:Java/CVE-2010-0840.W

                Got hold of microsoft pc safety at 1-866-727-2338 and they fixed (for Free) the virus that McAfee assist said I didn't have!!!!!!!!!!!!!

                Yea Microsoft.....boooooooo  KarthickT of McAfee and McAfee wanted to charge me$89.95!!!!!!!!!!!

                Pharmerbill