virus keeps coming back from java cache folder?

  theDarkness 23:46 14 Dec 10

2 registered viruses (according to avira) were found initially in the temporary java cache folder, so after that, I removed them with Avira, and set java not to accept temporary files, in its usual "C:\Documents and Settings\ username>\Application Data\Sun\Java\Deployment\" directory.

Now, even though this Java directory above is clear, I find 2 files with the exact same
"jar_cache" numbers now in the paths below. I initially thought that Avira moved them here:

Begin scan in 'C:\' Windows XP>
C:\Documents and Settings\Alexander\Local Settings\Temp\jar_cache3228428661962348376.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
C:\Documents and Settings\Alexander\Local Settings\Temp\jar_cache6153414522020360556.tmp
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus
--> bpac/a.class
[DETECTION] Contains recognition pattern of the JAVA/OpenConnect.CF Java virus

I can of course remove them again, but what I am wondering is, if it is safe to remove delete absolutely all content from this Local Settings\Temp\ folder, and secondly, why I am receiving the same files yet again in different directories (user temp folder instead of temp java deployment folder)- if Avira is likely to be reporting false positives (the program is set to its normal protective mode). thanks

  KremmenUK 07:28 15 Dec 10

You could try CCleaner with the third party CCEnhancer add on.

I'm sure CCEnhancer has a Java Cache clearout option.

  Les28 09:43 15 Dec 10

Sometimes malware hides in System Restore and is not scanned and re-emerges later, why in different locations I don't know, that's assuming as you say it's not a false positive.

You could try downloading, installing, updating and then running something like the free MBAM on demand scanner, then run it again after switching off system restore.

click here

Whether clearing the java cache like this would help as well

click here

Otherwise maybe post on a specialist malware removal site like

click here

  theDarkness 13:55 15 Dec 10

thanks for the replies. I have Malwarebytes on this machine already, but it found nothing. I should have kept those suspicious files and uploaded them to a multi-antivirus online scanner. As they were both suspicious java ".tmp" files, opened in winzip/7z showed multiple files, so anything within them could have been the virus cause, false or not-again, I should have noted all content-my fault! The first time I found those java entries, I did clean the Java cache completely as shown in Les28s post, and afterwards also selected not to store temp java files-but they did show up in avira again (in "username\Local Settings\Temp")-I dont know specifically why that happened.

Thanks for bleeping computer-ive heard of it, but I could post on there to find out how frequent java cache false positives occur, and if they are often related to an "OpenConnect.CF" Java virus, especially using Avira, which is known for more false positives than most antivirus programs. I have never heard of CCEnhancer, so am not really sure how safe it is to use, but along with possibly clearing out the java cache, it seems to add tasks that could be performed manually instead? According to this forum click here one of its main tasks is to add a "Winapp2.ini" file to CCleaner to clear out unwanted junk files-Ill give it a go, thanks click here

  KremmenUK 14:43 15 Dec 10

I've been running CCEnhancer for a few weeks now without issue.

I think be prudent with which options you tick for checking.

This thread is now locked and can not be replied to.

Surface Pro (2017) vs Surface Pro 4

20 groundbreaking 3D animation techniques

How to mine Bitcoin on Mac