Understanding: vmain.class (Trojan Horse)
In a previous post, I mentioned that Norton found the (High Risk) vmain.class (Trojan Horse) on my computer on 5/3/10 and the File Insight indicated that vmain.class (Trojan Horse) was “last used” on 6/5/10. At that time I forgot to ask some of the following questions and I remain very concerned about it because it is a Key Logger… and it appears to me that it was on the machine for more than a month before it was removed according to these dates.
With that in mind, I would like to ask for help with the following:
1. Am I correct in my assumption that the Trojan was on my machine for about a month?
2. The File Insight says: “Fewer than 10 users in the Norton Community have used this file”. What exactly does this mean?
It concerns me because if the file has been spread via Java (which I understand to be the case), I would think that a lot of people would have been exposed to this. With fewer than 10, I wonder if I have been targeted in some other way? I say this because I was a victim of identity theft recently.
3. What does it mean in the File Insight Window when it says…
Startup Item: No
Launched: No (I am hoping this indicates that the Trojan never logged anything, but have not idea if this is true).
4. Under Activity in the File Insight Window it shows the following:
[Contained in] c:\users\slow guy\appdata\locallow\sun\java\deployment\cache\6.0\43\556445eb-2c73d461
Under Origin it says the following:
An explanation of what each of these things mean would be greatly appreciated!