JAVA/Agent.AF

[Deathmanlp]

Hi there
I just ran a scan with Avira and it found two JAVA/Agent.AFs


J:\Users\ge0rgi\AppData\Local\Temp\jar_cache8034315167816075277.tmp
[0] Archive type: ZIP
--> tower/Googles.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.AF Java virus
--> tower/Updaters.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.AG Java virus

I deleted the quarantined files and the content of the Temp folder.
The PC was working fine no pop ups from Avira I just wanted to make sure that everything is clean before I perform a backup. Should I scan with other apps or do something else to clean up ? I didn't find anything abut this JAVA/Agent.AF on the web.

 

[Corrine]

Hi, Dethmanlp.

It would be a good idea to do some follow-up, including ensuring you have removed vulnerable versions of Java.

Java

The most recent version of Java is Java(TM) 6 Update 21.

Go to add/remove programs and uninstall any item shown as J2SE, Java Runtime Environment or Java(TM) 6 Update 20 or lower number.

IF old versions are found, please download JavaRa and unzip it to your desktop.

• Right-click on JavaRa.exe to start the program. Select Run as Administrator.
• Click on Remove Older Versions to remove older versions of Java.
• A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment (JRE) 6 Update 21.

Download Link: Java SE Runtime Environment 6u21

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

I would additionally suggest that you do the following:

Download TFC by Old Timer from here (direct download): http://www.itxassociates.com/OT-Tools/TFC.exe

• First, save any files as TFC will close ALL open programs including your browser!
• Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
• Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
• Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

More info:
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
-- TFC only cleans temp folders.
-- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Following that, a scan by an anti-malware program would be a wise move. If you don't have one installed, I suggest the following with MBAM:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
  
• Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let us know how you make out or if you need additional assistance.

 

[Deathmanlp]

Java is up-to date as well as the dev kit and net beans I will download TFC and MBAM
should I disbale avira before I scan with MBAM ?

 

[Corrine]

Hi, Deathmanlp.

No, it is not necessary to disable Avira before scanning with MBAM.

As to Java, do you use the Java Dev Kit/net beans? If not, there is no need to maintain them on your computer.

 

[Deathmanlp]

MBAM didn't find anything

 

[Corrine]

Good! If your computer appears to be in proper working order, I suggest you follow create a fresh System Restore point and then use Disk Cleanup to remove all but the most recent restore point.

• Click start, type Disk Cleanup in the search box
• Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
• Select the drive where Windows is installed (if you have more than one drive) and click "OK".
• When the scan completes, check/uncheck desired boxes.
• Next, please click the More Options tab at the top.
• Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
• Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
• The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.