Got a JAVA update recently, and the scan today picked up malware dated over a week ago. The JAVA file appears to be in the right spot, so is this a false positive or is there a significant problem (labeled high threat in scan results)?
Malware@#w75hw2xofm11 C:\Users\Mary\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5a320a9-158c2958|ekvqwsnvwgnsllk/jdqtjww.class
File size is: 20,048
Virus Signature Database Version: 15375
Hi bogus1 ,
Thank you for reporting this.
We’ll check it and get back to you soon.
Best regards
Qiuhui.■■■■
I just noticed the file size I reported - that’s bytes, of course (basically 20K) - sorry about the omission.
Also, I attempted to upload the file on your web site, but kept getting a “server error.” I hope this will be sufficient information for you to determine whether this is truly a problem.
Thanks.
I dont have anything under folder 41 i.e folder 41 is empty.
Hi bogus1,
This is to inform you that false-positive has been fixed.
You can update to AV database Version <15379> of Comodo Internet Security
Version<6.0.264710.2708> and confirm it.
Thanks.
Kind Regards,
Srinivasan.G
Updated database did not return this same error, but detected several others in the same folder this time. I’m not certain if there’s been a later update since this was detected earlier today (it has taken me many hours to be able to take the time to type this), but the current virus database number is 15387.
c:\users\mary\AppData\LocalLow\Sun\JAVA\Deployment\cache\6.0\41\5a320a9-158c2958
Malware@(#34vv2sz5m07mc, #oo04udqnb6ow, #399co3daf7tws, …)
— ekvqwsnvwgnsllk/falykeyhcurkde.class
— ekvqwsnvwgnsllk/ferkennbmwsygefrldeppu.class
— ekvqwsnvwgnsllk/hyyvhghnqgpfmfcnpectrqt.class
— ekvqwsnvwgnsllk/jpwgsmtqqeremjmf.class
— ekvqwsnvwgnsllk/rfpsamwvtatlppkwdbewftuv.class
What’s going on that Comodo is picking up all these JAVA items? And how do we know if/when we get a real one without having to type in masses of alphabet soup for verification?
You guys are great on quick service, I just hope the programmers can get this mess with JAVA straightened out rather quickly and cut down on our time as well as yours. Sincere thanks for job well done on the first item in this thread.
Hi bogus1,
Please submit the detected file using the following link:
Thank you!
Regards,
Priyadharsini.G
I attempted to send the file the other night (the first time Comodo alerted), but it kept returning a “Server Error” message, I believe it was.
Today I filled out the above web page multiple times and it keeps returning “Please enter Malware Name” in a small message box. When I click “OK” in that box, it returns me to your requested web page with all entries erased. This has happened multiple times. What do you want me to do next?
I would really like to clear this up since your person (Srinivasan.G) told me it was a false positive, but even with a database update, it is still identifying the same file (see previous messages from the top).
What’s going on?
You can upload the files to Comodo Valkyrie and post links to the analysis results. Comodo can therefore access the files through the Valkyrie analysis results.
Hello.
Thank you very much for reporting issue with false positive submit form. We will fix it ASAP.
At the moment please submit false positives by email: falsepositive@avlab.comodo.com
Thank you.
Igor.
I submitted the file to the requested email address above. I also forwarded it to my own computer and my copy of Comodo AV also detected it as malware, using Database Version 15396.
The email with the file will be coming from my wife’s email address, since the file is on her computer, though the body of the email identifies it as pertaining to this thread and my ID.
Thanks.
Three days since I submitted the file and no answer. Have I been forgotten?
It’s still detected ? ???
im not a mod or staff
but from what i know AppData\LocalLow\Sun\Java\Deployment\cache
is also the java version of temporary internet files
but since the first one was not a malware then its probably legit java applets and i am assuming you need it
you can see it in the java control panel > general tab > view button
from the new window you can see the list of what is inside based on the category selected in the dropdownlist/combobox
you can also delete in the list or delete all in the java control panel > general tab > settings
(btw the java control panel is in the windows control panel with the name java and java logo if it gives any sense )
also if you have javafx you may also see in the installed category the javafx library and its is normal
Hi bogus1,
The files you mentioned in this thread and ones sent to us via email were found as being malicious. A reply was sent to your email address (same that you use in your current forum profile) on the same day your submission was made. We strongly suggest you remove these from your system using Comodo Internet Security.
Thanks and regards,
Ionel
Thank you for your response, and yes, we already deleted that file using our Internet Security 2013. However, there are some things about this that still concern me, and I’d appreciate a response here, since apparently email is a problem, according to your response.
The file was cleared originally as a false positive by Comodo’s own Srinivasan.G on 26 February.
Now you’re telling me the file is malicious (I only sent one, though your email said “files”).
You also said you emailed to my profile email address. It never arrived, and I just re-checked what my profile has - it is correct. I went back and double checked both my “In” box as well as my “Trash” box in case I accidentally deleted it (my “Trash” box has not been emptied in several weeks, so your email should have been in either of those places, and it was not). I never received your email sent to my profile address.
So please forgive me if I’m a little skeptical about whether you have my case mixed up with someone else’s. Can you help me understand how the same file could be cleared (what I sent you was the file that originally alerted your antivirus program), when it has the same date and size as the original file (15 February, as I recall). Was a mistake made by Srinivasan.G, or was a mistake made by whoever later determined the file is malware now? I won’t ask why I didn’t receive the email, since you claim it was sent and obviously can’t track it after that.
I’m not trying to be argumentative, I’m just trying to understand, and get a better idea of what is really on that laptop, and whether it’s more serious than simply deleting that single file as shown in your software (which we already did).
Thank you for a response (preferably here, since there may be an email problem with Comodo email).