Java.Shinwow.BA virus trouble
I use ZoneAlarm Security Suite 6 and am having trouble getting rid of the Java.Shinwow.BA virus. Whenever I scan my whole Computer using the free Ad-Aware, about 15 Mintues into the scan ZoneAlarm virus scan results come up with the virus Java.Shinwow.BA. I can't get rid of the virus because in the treatment column it has error in it. In the right hand pane it says "No treatment available for this item". When I scan with ZoneAlarm with the latest definitions (without Ad-Aware running) the computer is completey clean. It hasn't done any damage yet I need a way to get rid of this virus because it get's under my nerves.
jado
Junior Poster in Training
98 posts since Jan 2006
Reputation Points: 11
Solved Threads: 2
Hi,
Ad-Aware when scanning the PC, copies the file it is about to scan to a special cache folder inside its installation folder. Ad-Aware never executes the file that is being scanned.
When Ad-Aware is about to scan a file, AVs can give a warning IF the file is infected. Actually, AV should already have detected this infected file, but it didnt.
In your case, i think its Java Byte Verify exploit that is being flagged by your AV. You can try this these steps:-
1] Go to Control Panel. Double click on Java or Java Plug In.
2] Click "Cache" tab, and click "Clear" button.
If you can not find the "Cache" tab, then click "General" tab, and click "Delete Files" button inside the "Temporary Internet Files" option box. Then click "OK" to delete the applets, applications and other cache files.
3] Exit from Control Panel.
Microsoft has released a patch for this exploit. You can directly download it here:-
http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx
After this, scan with Ad-Aware and check with ZoneAlarm, and post back whether it finds anything or not.
swatkat
Practically a Master Poster
645 posts since Jul 2005
Reputation Points: 25
Solved Threads: 51
A few days ago I uninstalled Java Runtime Enviroment 1.4.2, to see if that would get rid of the virus but it didn't. Since I had uninstalled Java the control panel applet went away. So, if i have to delete the Java cache, can I manually delete the cache in Explorer and if so where is the folder, or do I have to reinstall Java to be able delete the cache or is there an alternative way to do it?
jado
Junior Poster in Training
98 posts since Jan 2006
Reputation Points: 11
Solved Threads: 2
Hi,
The folder where the cache stored is:-
X:\Documents and Settings\\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\
Where,X is the drive letter where the Operating System is installed and is the Username of the currently logged in user.
To completely patch this vulnerability, its better to update the Java Runtime Environment to version 1.5.
This page gives more information about this Java cache and Shinwow virus:-
http://java.com/en/download/help/cache_virus.xml
swatkat
Practically a Master Poster
645 posts since Jul 2005
Reputation Points: 25
Solved Threads: 51
Thanks for the help, I haven't deleted the cache yet but I think the infected .class file was somewhere here when I searched for the file. So thanks in advance.
jado
Junior Poster in Training
98 posts since Jan 2006
Reputation Points: 11
Solved Threads: 2
Yay! :cheesy: I have finally got rid of that virus (I think)! It still comes up in the Ad-Aware scan but the virus now comes up while Ad-Aware is scanning the recycle bin, so when I empty the recycle bin, the virus should no longer come up. Yay! :cheesy:
jado
Junior Poster in Training
98 posts since Jan 2006
Reputation Points: 11
Solved Threads: 2
Hi,
Have you tried emptying the Recycle Bin and doing a scan?
swatkat
Practically a Master Poster
645 posts since Jul 2005
Reputation Points: 25
Solved Threads: 51
Nah, I am just going to wait a few more days untill I empty the Recycle Bin so I can make sure everything is working fine.
jado
Junior Poster in Training
98 posts since Jan 2006
Reputation Points: 11
Solved Threads: 2
