Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 9583 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mal/JavaJar-A was found on my Vista machine, but the free tool is unable to remove it.

jkwilborn

Hello, don't really know how to advertise for help here so what I have is the new free tool and it finds 1 item "Mal/JavaJar-A " that it can't seem to remove.  This file has another one with the .idx extesion.  Has anyone seen or has knowledge how to remove this item?  There is a little informtion when I run the name, but it says nothing about how to deal with it.

This is the log entry:

Virus 'Mal/JavaJar-A' found in file C:\Users\Jana\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\5278836c-4f0d6c50
Virus 'Mal/JavaJar-A' found in file HKU\S-1-5-21-1712956189-1131692434-1465249577-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

Along with this, which is when I tried to tell it to dispose of the item:

 The following items will be cleaned up:
  Mal/JavaJar-A
  Removal failed

Any help would be appreciate, I will reply about success  or failure.  The Sophos identity seems to indicate that it can up/down load files to the internet and maybe download other malware software, so any help would be appreciated. I have tagged it with 'e-mail me when someone replies' so I will get notified.  Thanks for any help...

:23697


This thread was automatically locked due to age.
Parents
  • 0
    Hello Jack and WBell,

    if you look at the analysis http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Javajar-A/detailed-analysis.aspx it says that it is a generic detection and that files of this type usually attempt an exploit. Subverted Java archives are not uncommon but only pose a danger if one runs a vulnerable Java version. Most of the time the Java cache is neither cleared nor actually reused.
    If you run a full scan such items will be discovered (and detection items are never withdrawn, so even when a threat can no longer be called a real one it is nevertheless detected). Now a Jar is - as the name says - an archive. It is not in all cases possible to remove an item (or parts of it) from an archive without corrupting it. The cleanup routine plays it safe and does not act if it's not sure.
    Java cache items can safely be deleted.
    The other item is a registry key - if used it tells (Microsoft) programs which "types" of attachments can be "safely" opened. The values are extensions considered to be of low risk so e.g. Outlook can assume it safely request the attachment to be displayed. The benefit (and validity) if the entries there is questionable and as this key is sometimes modified by malware of the mentioned type it is flagged. Here again cleanup can neither delete the key without the risk of side effects nor restore it to some safe known value. Only if it finds an extension here which is exclusively used by malware it can delete this value.
    I'd simply delete this registry key.

    It's not a defect but more a philosophy - be a little bit paranoid when detecting but prudent when cleaning up (and how else would wisecracks like me have an opportunity to lecture)

    HTH
    Christian
    :23745
Reply
  • 0
    Hello Jack and WBell,

    if you look at the analysis http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Javajar-A/detailed-analysis.aspx it says that it is a generic detection and that files of this type usually attempt an exploit. Subverted Java archives are not uncommon but only pose a danger if one runs a vulnerable Java version. Most of the time the Java cache is neither cleared nor actually reused.
    If you run a full scan such items will be discovered (and detection items are never withdrawn, so even when a threat can no longer be called a real one it is nevertheless detected). Now a Jar is - as the name says - an archive. It is not in all cases possible to remove an item (or parts of it) from an archive without corrupting it. The cleanup routine plays it safe and does not act if it's not sure.
    Java cache items can safely be deleted.
    The other item is a registry key - if used it tells (Microsoft) programs which "types" of attachments can be "safely" opened. The values are extensions considered to be of low risk so e.g. Outlook can assume it safely request the attachment to be displayed. The benefit (and validity) if the entries there is questionable and as this key is sometimes modified by malware of the mentioned type it is flagged. Here again cleanup can neither delete the key without the risk of side effects nor restore it to some safe known value. Only if it finds an extension here which is exclusively used by malware it can delete this value.
    I'd simply delete this registry key.

    It's not a defect but more a philosophy - be a little bit paranoid when detecting but prudent when cleaning up (and how else would wisecracks like me have an opportunity to lecture)

    HTH
    Christian
    :23745
Children
No Data