Exploit Help

[TomFace]

I run Eset SS5, MBAM Pro & SAS. All of them (even the Eset online scanner in safe mode) missed an Exploit:Java/CVE-2012 issue. It was detected by Microsoft Safety Scanner. I do not know anything about Exploit. Any suggestions of how to clean it? I run Win 7 x64 Home Prem & IE9. The machine had Java 7, but I just went back to Java 6. I hope I put this in the right place.

[HKEY1952]

Quote:

Originally Posted by Tomface

I run Eset SS5, MBAM Pro & SAS. All of them (even the Eset online scanner in safe mode) missed an Exploit:Java/CVE-2012 issue. It was detected by Microsoft Safety Scanner. I do not know anything about Exploit. Any suggestions of how to clean it? I run Win 7 x64 Home Prem & IE9. The machine had Java 7, but I just went back to Java 6. I hope I put this in the right place.

Did the Microsoft Safety Scanner Remove the: Exploit:Java/CVE-2012
There are several variations of the: Exploit:Java/CVE

More Information Here at the Microsoft Malware Protection Center:
http://www.microsoft.com/security/po...=Java/CVE-2012

Also run the Microsoft Online Malicious Software Removal Tool
(choose RUN do not download, you must accept the ActiveX Control):
http://www.microsoft.com/security/ma...e/default.mspx


EDIT: clarity


HKEY1952

[Cudni]

What is the reported location of the threat? Also empty java cache and rescan
http://www.java.com/en/download/help/plugin_cache.xml

[TomFace]

It is Exploit:Java/CVE-2012-0507.D!ldr. The Safety Scanner only detected it (no cleaning, it did clean part of another issue Olmarik). I did dump the Java cache and reboot-still came up. Malicious Software Remover, ran it and no detection. It is in C drive, and part of the file name contains....\AppData\Local\Temp\Low\jar_cache (lots of #s).tmp. The Microsoft info sheet I have on it says technical details are currently not available for this threat.

[HKEY1952]

Quote:

Originally Posted by Tomface

It is in C drive, and part of the file name contains....\AppData\Local\Temp\Low\jar_cache (lots of #s).tmp.

Boot into Safe Mode and delete the entire contents of the folder:
....\AppData\Local\Temp\

In other words, highlight the Temp folder and delete the entire contents and empty the Recycle Bin.
Delete the contents of the Temp folder, not the Temp folder its self.


EDIT: reference = Post #6 below

Quote:

Originally Posted by Tomface

HKEY 1952 & Cudni, Thank you for the help! It's gone.

You are welcome Tomface

END EDIT


HKEY1952

[TomFace]

HKEY 1952 & Cudni, Thank you for the help! It's gone. I did go in and delete those files in safe mode, rescanned and it's gone. Just out of curiosity, what is Exploit? Thanks again.

[Cudni]

Quote:

Originally Posted by Tomface

what is Exploit? Thanks again.

You are welcome. See on exploit
http://en.wikipedia.org/wiki/Exploit...er_security%29

[mhodges]

I have the exact same virus. I updated my virus definitions and ran the safety scanner, which detected it but did not remove it. I also deleted my Java cache. In the posts above I see a reference to a temp file folder in which I'm supposed to delete the contents, but I can't find it.

I've read elsewhere that I should:

Turn off system restore before attempting to remove using malwarebytes
Remove McAfee completely from my system and re-download after virus removed.

***I'm new at this, so any specific advice you can give is appreciated.

[HKEY1952]

Quote:

Originally Posted by mhodges

I have the exact same virus. I updated my virus definitions and ran the safety scanner, which detected it but did not remove it. I also deleted my Java cache. In the posts above I see a reference to a temp file folder in which I'm supposed to delete the contents, but I can't find it.

I've read elsewhere that I should:

Turn off system restore before attempting to remove using malwarebytes
Remove McAfee completely from my system and re-download after virus removed.

***I'm new at this, so any specific advice you can give is appreciated.

Welcome To Wilders Security Forums mhodges

What is the exact path to the Exploit that the "safety scanner" is presenting to you?
That is the path you want to follow in Safe Mode.

What is the Path?


In regards to turning off or disabling System Restore: if the path to the Exploit presented to you by the
"safety scanner" is pointing to System Restore, then Yes, by all means temporarily disable System Restore, then
reboot the computer. Re-enable System Restore only after the infection has been completely removed from the System.


In regards to removing McAfee completely from the System: there is no reason to remove or ununstall McAfee unless
the security software has been compromised by the Exploit. Do however, make sure that the latest version of McAfee
is installed in the System.


HKEY1952

[TomFace]

mhodges....you can get the path/location off Microsoft Safety Scanner. Rerun it, when it's done, click on the link when it asks you if you want to send it to Microsoft (if I recall it was the "what information" you send to them, the one right after it tells you what it found). Write it down. I had to look for it as well. Once you get that, it's fairly painless to find that file in My Computer (in safe mode) following what you wrote down. HKEY 1952 and Cudni and very knowledgable and helpful.