Jump to content

Could not remove file


Recommended Posts

Hi, I ran a full scan and got a message saying A2 couldn't remove this file:

C:\Windows.old\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\4f8882a3-56ee2584/vmain.class - File not found

Here's my spec:

Windows 7 (64bit - all updated).

Windows firewall.

AVG free antivirus.

Spybot S-D resident.

Lavasoft Adaware.

Link to comment
Share on other sites

Do you have a normal Windows directory? Usually, a .old implies a new installation of Windows, when the existing (corrupt) windows folder is renamed. Anyway, if the windows.old folder is defunct and has not been used for some time, simply delete the Java folder if it does not contain any data you wish to keep.

I have seen similar issues with detections of non-existent files in java sub-folders on several PC's. I usually uninstall Java, manually delete the entire Java folder, then re-install Java.

Link to comment
Share on other sites

Hi Guys,

H_D, you are right about the <>.old folder and that issue has to be addressed separately

If that is a working folder somehow and browser(s) were opened during the scan – the file could'ev been removed by the system prior to the action by EAM in order to delete the file

At the same time re:

I have seen similar issues with detections of non-existent files in java sub-folders on several PC's. I usually uninstall Java, manually delete the entire Java folder, then re-install Java.
There is a bug in EAM, where it false-positively detecting Java-cache files. Reinstalling Java is a bit drastic measure.

Usually it's necessary just to clean Java cache as described here

Anyway it's recommended to do some cleaning before performing such type of a scan as Deep one.

CCleaner can be used (all browser sessions should be closed)... that will take care of Java cache as well

Cheers!

Link to comment
Share on other sites

Hi, Lynx

The Java issue is with Sophos. I have had to do this with 3 PC's on my domain at work and does not take any time at all. I'm not sure how it works but no one is logged on when the scan commences (it is done overnight). I was wondering if the scanner was unpacking the files to the folder and scanning them? Does the scanner delete them after scanning or does the Java process that has been initiated remove them?

Cheers and confused beers!

H_D

Link to comment
Share on other sites

...The Java issue is with Sophos...

Hello H_D,

I'm not sure what do you mean by that?

I would rather say : the issue can be with Sophos as well, but there is a definite loooong time going bug in EAM regarding incorrectly flagging Java cache files. See many cases in Malware Removal

I would've had that all the time if I would ever scan without prior cleaning, but I figured that out long ago (and posted to developers) after that there were and still are numerous cases again and again regarding the matter - Bug in EAM!

... I have had to do this with 3 PC's on my domain at work and does not take any time at all.
To do what? Reinstalling Java or just cleaning the cache
I'm not sure how it works but no one is logged on when the scan commences (it is done overnight). I was wondering if the scanner was unpacking the files to the folder and scanning them? Does the scanner delete them after scanning or does the Java process that has been initiated remove them?
The scanner (which one you are taking about?) will definitely attempt to delete "after scanning & detecting", but if the browser(s) are alive during the scan the cache can be cleared way before the security's attempt to remove those False Positives (we must not forget that)

I never had any doubts that those Java-Cache are FPs and I never scan without prior cleaning.

What I've posted in previous reply and some other threads regarding the matter, including multiple posts by Shadow in "Malware Removal" is my understanding, but we never heard from the developers yet...

Cheers and confused beers!
Have a couple of those too, man - you deserve it :D

p.s. {added}forgot to mention

I'm still with you re: your note about <>.old folder. That is definitely very interesting & could be something else

Link to comment
Share on other sites

At work I use Sophos Endpoint Control and Data Protection to provide AV, firewall, data movement monitoring, application control and web protection. Each Thurs the machines in the Windows Active Directory domain are left on, but everyone is logged off. At 9pm on Thurs, Sophos is scheduled to scan every PC. It was after a scheduled scan that the detections were made.

When I read the scan reports the next day, I saw these detections with the same message - unable to remove blah blah Java. Running a manual scan on the folders produced the same detections but no files to remove. So, to eliminate this I uninstalled Java, deleted the folder structure (as it was not removed by the uninstall process), then reinstalled Java. Re-scanning produced a clean scan. 10mins work.

Not had this issue on my PC with EAM, though.

I'm a lot less confused now. Thanks :)

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...