Exploit Help

Discussion in 'malware problems & news' started by TomFace, Apr 7, 2012.

Thread Status:
Not open for further replies.
  1. TomFace
    Offline

    TomFace Registered Member

    I run Eset SS5, MBAM Pro & SAS. All of them (even the Eset online scanner in safe mode) missed an Exploit:Java/CVE-2012 issue. It was detected by Microsoft Safety Scanner. I do not know anything about Exploit. Any suggestions of how to clean it? I run Win 7 x64 Home Prem & IE9. The machine had Java 7, but I just went back to Java 6. I hope I put this in the right place.
    Last edited: Apr 7, 2012
  2. HKEY1952
    Offline

    HKEY1952 Registered Member

    Did the Microsoft Safety Scanner Remove the: Exploit:Java/CVE-2012
    There are several variations of the: Exploit:Java/CVE

    More Information Here at the Microsoft Malware Protection Center:
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Java/CVE-2012

    Also run the Microsoft Online Malicious Software Removal Tool
    (choose RUN do not download, you must accept the ActiveX Control):
    http://www.microsoft.com/security/malwareremove/default.mspx


    EDIT: clarity


    HKEY1952
    Last edited: Apr 7, 2012
  3. Cudni
    Offline

    Cudni Global Moderator

  4. TomFace
    Offline

    TomFace Registered Member

    It is Exploit:Java/CVE-2012-0507.D!ldr. The Safety Scanner only detected it (no cleaning, it did clean part of another issue Olmarik). I did dump the Java cache and reboot-still came up. Malicious Software Remover, ran it and no detection. It is in C drive, and part of the file name contains....\AppData\Local\Temp\Low\jar_cache (lots of #s).tmp. The Microsoft info sheet I have on it says technical details are currently not available for this threat.
  5. HKEY1952
    Offline

    HKEY1952 Registered Member

    Boot into Safe Mode and delete the entire contents of the folder:
    ....\AppData\Local\Temp\

    In other words, highlight the Temp folder and delete the entire contents and empty the Recycle Bin.
    Delete the contents of the Temp folder, not the Temp folder its self.


    EDIT: reference = Post #6 below
    You are welcome Tomface

    END EDIT


    HKEY1952
    Last edited: Apr 8, 2012
  6. TomFace
    Offline

    TomFace Registered Member

    HKEY 1952 & Cudni, Thank you for the help! It's gone. I did go in and delete those files in safe mode, rescanned and it's gone. Just out of curiosity, what is Exploit? Thanks again.
    Last edited: Apr 8, 2012
  7. Cudni
    Offline

    Cudni Global Moderator

  8. mhodges
    Offline

    mhodges Registered Member

    I have the exact same virus. I updated my virus definitions and ran the safety scanner, which detected it but did not remove it. I also deleted my Java cache. In the posts above I see a reference to a temp file folder in which I'm supposed to delete the contents, but I can't find it.

    I've read elsewhere that I should:

    Turn off system restore before attempting to remove using malwarebytes
    Remove McAfee completely from my system and re-download after virus removed.

    ***I'm new at this, so any specific advice you can give is appreciated.
  9. HKEY1952
    Offline

    HKEY1952 Registered Member

    Welcome To Wilders Security Forums mhodges

    What is the exact path to the Exploit that the "safety scanner" is presenting to you?
    That is the path you want to follow in Safe Mode.

    What is the Path?


    In regards to turning off or disabling System Restore: if the path to the Exploit presented to you by the
    "safety scanner" is pointing to System Restore, then Yes, by all means temporarily disable System Restore, then
    reboot the computer. Re-enable System Restore only after the infection has been completely removed from the System.


    In regards to removing McAfee completely from the System: there is no reason to remove or ununstall McAfee unless
    the security software has been compromised by the Exploit. Do however, make sure that the latest version of McAfee
    is installed in the System.


    HKEY1952
  10. TomFace
    Offline

    TomFace Registered Member

    mhodges....you can get the path/location off Microsoft Safety Scanner. Rerun it, when it's done, click on the link when it asks you if you want to send it to Microsoft (if I recall it was the "what information" you send to them, the one right after it tells you what it found). Write it down. I had to look for it as well. Once you get that, it's fairly painless to find that file in My Computer (in safe mode) following what you wrote down. HKEY 1952 and Cudni and very knowledgable and helpful.
    Last edited: Apr 12, 2012
Thread Status:
Not open for further replies.