java/exploit.CVE-2011-3544.AU Trojan

[toodle]

The NOD32 scan detected 4 infected objects with java/exploit.CVE-2011-3544.AU Trojan. It didn't clean the items but available action pop up showed. The choices are delete or leave. I was unsure what to do.

C:\Users\Strock\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2f70790e-2e44f36b » ZIP » Effect.class - Java/Exploit.CVE-2011-3544.AU trojan
C:\Users\Strock\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2f70790e-2e44f36b » ZIP » Field.class - Java/Exploit.CVE-2011-3544.AU trojan
C:\Users\Strock\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2f70790e-2e44f36b » ZIP » Matrix.class - Java/Exploit.CVE-2011-3544.AU trojan
C:\Users\Strock\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\2f70790e-2e44f36b » ZIP » Photo.class - a variant of Java/Exploit.CVE-2011-3544.AU trojan

Do I need to delete?

Thank you.

[ronjor]

Clear your Java cache. https://www.java.com/en/download/help/plugin_cache.xml

[toodle]

I followed the directions and took care of the "exploit". Thank you for the link. It was a great help.

[ronjor]

Thank you for the feedback.

[Reedmikel]

I too have a customer with a PC that NOD32 4.2 Bus Ed's real-time protection module detected and quarantined an almost identical named threat: "Java/Exploit.CVE-2011-3544.AM"

This computer still has problems though, as it loses network connectivity at seemingly random times. When it loses connectivity, access to Exchange mailbox (using Outlook) , shared folders on server etc. fail. I replaced NIC before I realized this PC had encountered this threat just minutes before the user first reported this network connectivity problem. So I have no doubt this trojan is doing something malicious...

I am letting an in-depth scan run right now. But what do I need to do to truly remove this malware?

Is there a virus encyclopedia on ESET's web site where we can learn more about a given piece of malware. I know Symantec and some other AV vendors provide that level of detail, but how about ESET?

[agoretsky]

Hello,

This is the NOD32 v2.x forum, which is an older version of the software for Microsoft Windows 95/98/Me that is being discontinued at the end of April, so it may be better to ask in the ESET NOD32 Antivirus section of the forum, which has more eyes on it.

That said, I would recommend starting the system from an ESET SysRescue disc so it can be scanned from outside the installed operating system, in case the trojan was used to deploy a rootkit onto the computer.

ESET can receive upwards of 200,000 new pieces of malware every day, so there is no encyclopedia entry for each threat. This particular Java vulnerability has a CVE entry assigned to it by MITRE, though, and information about the vulnerability is available on their website here: CVE-2011-3544.

Regards,

Aryeh Goretsky

[Reedmikel]

Thanks, I clicked on the wrong forum link. Will post in the correct one...