• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Understanding: vmain.class (Trojan Horse)

In a previous post, I mentioned that Norton found the (High Risk) vmain.class (Trojan Horse) on my computer on 5/3/10 and the File Insight indicated that vmain.class (Trojan Horse) was “last used” on 6/5/10. At that time I forgot to ask some of the following questions and I remain very concerned about it because it is a Key Logger… and it appears to me that it was on the machine for more than a month before it was removed according to these dates.

With that in mind, I would like to ask for help with the following:

1. Am I correct in my assumption that the Trojan was on my machine for about a month?

2. The File Insight says: “Fewer than 10 users in the Norton Community have used this file”.  What exactly does this mean?

It concerns me because if the file has been spread via Java (which I understand to be the case), I would think that a lot of people would have been exposed to this. With fewer than 10, I wonder if I have been targeted in some other way? I say this because I was a victim of identity theft recently.

3. What does it mean in the File Insight Window when it says…

Startup Item: No

Launched: No  (I am hoping this indicates that the Trojan never logged anything, but have not idea if this is true).

4. Under Activity in the File Insight Window it shows the following:

 

vmain.class

[Contained in] c:\users\slow guy\appdata\locallow\sun\java\deployment\cache\6.0\43\556445eb-2c73d461

Deleted

Under Origin it says the following:

Source 556445eb-2c73d461

An explanation of what each of these things mean would be greatly appreciated!

Thank you!

Replies

Kudos0

Re: Understanding: vmain.class (Trojan Horse)

In a previous post, I mentioned that Norton found the (High Risk) vmain.class (Trojan Horse) on my computer on 5/3/10 and the File Insight indicated that vmain.class (Trojan Horse) was “last used” on 6/5/10. At that time I forgot to ask some of the following questions and I remain very concerned about it because it is a Key Logger… and it appears to me that it was on the machine for more than a month before it was removed according to these dates.

With that in mind, I would like to ask for help with the following:

1. Am I correct in my assumption that the Trojan was on my machine for about a month?

2. The File Insight says: “Fewer than 10 users in the Norton Community have used this file”.  What exactly does this mean?

It concerns me because if the file has been spread via Java (which I understand to be the case), I would think that a lot of people would have been exposed to this. With fewer than 10, I wonder if I have been targeted in some other way? I say this because I was a victim of identity theft recently.

3. What does it mean in the File Insight Window when it says…

Startup Item: No

Launched: No  (I am hoping this indicates that the Trojan never logged anything, but have not idea if this is true).

4. Under Activity in the File Insight Window it shows the following:

 

vmain.class

[Contained in] c:\users\slow guy\appdata\locallow\sun\java\deployment\cache\6.0\43\556445eb-2c73d461

Deleted

Under Origin it says the following:

Source 556445eb-2c73d461

An explanation of what each of these things mean would be greatly appreciated!

Thank you!

Kudos0

Re: Understanding: vmain.class (Trojan Horse)

This is a helpful explanation on a Java website for the purpose of dealing with the issue.

http://java.com/en/download/help/cache_virus.xml

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain
Kudos0

Re: Understanding: vmain.class (Trojan Horse)

thank you for this, delphinium...

I can not find anything on the linked site, however, about vmain.class (Trojan Horse) even when I search for it.

Kudos0

Re: Understanding: vmain.class (Trojan Horse)

Sorry Slowguy:

I assumed that since you had thre path showing sun/java, that the website would be usefull to you. It is the same type of Java temp files that they are discussing on the website. 

Under certain circumstances profanity provides relief denied even to prayer.Mark Twain

This thread is closed from further comment. Please visit the forum to start a new thread.