Real Virus or False Positive - please advise

Hello Everyone,

 

I’d like some advice and opinions concerning whether my NIS 2011 (v. 18.6.0.29) quarantined an actual virus, or if it is a false positive.  There was an unusual “time” sequence of events that I will try to detail as succinctly as possible.

 

I check the NIS performance graph almost every morning, and on the morning of 1/26/12 it showed there were 3 threat detections of concern on 1/25.  Let me note here that NIS performs weekly idle time full system scans which always came up clean.  As a precaution, I also randomly run a manual full system scan followed by a scan with Malwarebytes, which I did on the evening of 1/19 – both came up clean.

 

Security History showed an idle full system scan completed on 1/25 at 10:35 AM – duration of 30 minutes – 3 security risks detected and resolved.  I viewed the details under “Resolved Security Risks” which showed 3 versions of “Trojan.Malware” detected by Virus scanner and quarantined at 7:24 AM.

 

More details (in the File Insight window) showed them as “wall.class”, “b.class”, and “a.class” – all found in the same file path: C:\users\username\appdata\locallow\sun\java\deployment\cache\6.0\4\....... deleted.  Further details showed “On Computers as of: 12/29/11 at 11:32 AM”, “Last Used: 1/25/12 at 7:24 AM”, “Startup Item: No”, “Launched: No”, “Activity – This file has performed 1 action”.

 

Going back to the performance graph, I saw that on 12/29 I had updated Firefox to 3.6.25 and installed “updater.exe”.  Several days earlier, on 12/25, it showed a Java update and downloads of jre-6u30-windows-i586-s.exe and Silverlight.exe.  

 

Since NIS indicated the threats were there since 12/29/11, I wondered why they weren’t picked up during the weekly scans or my manual scans.  I don’t know if it was a coincidence, or if the virus came through with the Firefox update – staying dormant until something “woke it up”, at which point NIS pounced on it.  Or am I misinterpreting “On Computers as of: 12/29/11”

 

I’ve been to this forum several times over the past few years and have always gotten excellent advice with any issue I had.  I’m hoping that someone can give me their take on what occurred, and what, if anything, I should do at this point.  I’m concerned as to whether or not my system has been compromised.

 

I’ve never had an experience like this and do not know the proper procedure for submitting these files to Symantec for analysis for a false positive.  All feedback would be greatly appreciated.

 

Thank you.