Member Avatar for jado

I use ZoneAlarm Security Suite 6 and am having trouble getting rid of the Java.Shinwow.BA virus. Whenever I scan my whole Computer using the free Ad-Aware, about 15 Mintues into the scan ZoneAlarm virus scan results come up with the virus Java.Shinwow.BA. I can't get rid of the virus because in the treatment column it has error in it. In the right hand pane it says "No treatment available for this item". When I scan with ZoneAlarm with the latest definitions (without Ad-Aware running) the computer is completey clean. It hasn't done any damage yet I need a way to get rid of this virus because it get's under my nerves.

  • 2 Contributors
  • 7 Replies
  • 330 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by jado

Recommended Answers

All 7 Replies

Member Avatar for swatkat

Hi,
Ad-Aware when scanning the PC, copies the file it is about to scan to a special cache folder inside its installation folder. Ad-Aware never executes the file that is being scanned.
When Ad-Aware is about to scan a file, AVs can give a warning IF the file is infected. Actually, AV should already have detected this infected file, but it didnt.

In your case, i think its Java Byte Verify exploit that is being flagged by your AV. You can try this these steps:-
1] Go to Control Panel. Double click on Java or Java Plug In.

2] Click "Cache" tab, and click "Clear" button.
If you can not find the "Cache" tab, then click "General" tab, and click "Delete Files" button inside the "Temporary Internet Files" option box. Then click "OK" to delete the applets, applications and other cache files.

3] Exit from Control Panel.

Microsoft has released a patch for this exploit. You can directly download it here:-
http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

After this, scan with Ad-Aware and check with ZoneAlarm, and post back whether it finds anything or not.

Member Avatar for jado

A few days ago I uninstalled Java Runtime Enviroment 1.4.2, to see if that would get rid of the virus but it didn't. Since I had uninstalled Java the control panel applet went away. So, if i have to delete the Java cache, can I manually delete the cache in Explorer and if so where is the folder, or do I have to reinstall Java to be able delete the cache or is there an alternative way to do it?

Member Avatar for swatkat

Hi,
The folder where the cache stored is:-

X:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

Where, X is the drive letter where the Operating System is installed and <username> is the Username of the currently logged in user.


To completely patch this vulnerability, its better to update the Java Runtime Environment to version 1.5.


This page gives more information about this Java cache and Shinwow virus:-
http://java.com/en/download/help/cache_virus.xml

Member Avatar for jado

Thanks for the help, I haven't deleted the cache yet but I think the infected .class file was somewhere here when I searched for the file. So thanks in advance.

Member Avatar for jado

Yay! :cheesy: I have finally got rid of that virus (I think)! It still comes up in the Ad-Aware scan but the virus now comes up while Ad-Aware is scanning the recycle bin, so when I empty the recycle bin, the virus should no longer come up. Yay! :cheesy:

Member Avatar for swatkat

Hi,
Have you tried emptying the Recycle Bin and doing a scan?

Member Avatar for jado

Nah, I am just going to wait a few more days untill I empty the Recycle Bin so I can make sure everything is working fine.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.