Exploit Help

Discussion in 'malware problems & news' started by TomFace, Apr 7, 2012.

Thread Status:
Not open for further replies.
  1. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    I run Eset SS5, MBAM Pro & SAS. All of them (even the Eset online scanner in safe mode) missed an Exploit:Java/CVE-2012 issue. It was detected by Microsoft Safety Scanner. I do not know anything about Exploit. Any suggestions of how to clean it? I run Win 7 x64 Home Prem & IE9. The machine had Java 7, but I just went back to Java 6. I hope I put this in the right place.
     
    Last edited: Apr 7, 2012
  2. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Did the Microsoft Safety Scanner Remove the: Exploit:Java/CVE-2012
    There are several variations of the: Exploit:Java/CVE

    More Information Here at the Microsoft Malware Protection Center:
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Java/CVE-2012

    Also run the Microsoft Online Malicious Software Removal Tool
    (choose RUN do not download, you must accept the ActiveX Control):
    http://www.microsoft.com/security/malwareremove/default.mspx


    EDIT: clarity


    HKEY1952
     
    Last edited: Apr 7, 2012
  3. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
  4. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    It is Exploit:Java/CVE-2012-0507.D!ldr. The Safety Scanner only detected it (no cleaning, it did clean part of another issue Olmarik). I did dump the Java cache and reboot-still came up. Malicious Software Remover, ran it and no detection. It is in C drive, and part of the file name contains....\AppData\Local\Temp\Low\jar_cache (lots of #s).tmp. The Microsoft info sheet I have on it says technical details are currently not available for this threat.
     
  5. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Boot into Safe Mode and delete the entire contents of the folder:
    ....\AppData\Local\Temp\

    In other words, highlight the Temp folder and delete the entire contents and empty the Recycle Bin.
    Delete the contents of the Temp folder, not the Temp folder its self.


    EDIT: reference = Post #6 below
    You are welcome Tomface

    END EDIT


    HKEY1952
     
    Last edited: Apr 8, 2012
  6. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    HKEY 1952 & Cudni, Thank you for the help! It's gone. I did go in and delete those files in safe mode, rescanned and it's gone. Just out of curiosity, what is Exploit? Thanks again.
     
    Last edited: Apr 8, 2012
  7. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
  8. mhodges

    mhodges Registered Member

    Joined:
    Apr 11, 2012
    Posts:
    1
    Location:
    USA
    I have the exact same virus. I updated my virus definitions and ran the safety scanner, which detected it but did not remove it. I also deleted my Java cache. In the posts above I see a reference to a temp file folder in which I'm supposed to delete the contents, but I can't find it.

    I've read elsewhere that I should:

    Turn off system restore before attempting to remove using malwarebytes
    Remove McAfee completely from my system and re-download after virus removed.

    ***I'm new at this, so any specific advice you can give is appreciated.
     
  9. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    657
    Location:
    HKEY/SECURITY/ (value not set)
    Welcome To Wilders Security Forums mhodges

    What is the exact path to the Exploit that the "safety scanner" is presenting to you?
    That is the path you want to follow in Safe Mode.

    What is the Path?


    In regards to turning off or disabling System Restore: if the path to the Exploit presented to you by the
    "safety scanner" is pointing to System Restore, then Yes, by all means temporarily disable System Restore, then
    reboot the computer. Re-enable System Restore only after the infection has been completely removed from the System.


    In regards to removing McAfee completely from the System: there is no reason to remove or ununstall McAfee unless
    the security software has been compromised by the Exploit. Do however, make sure that the latest version of McAfee
    is installed in the System.


    HKEY1952
     
  10. TomFace

    TomFace Registered Member

    Joined:
    Jan 8, 2011
    Posts:
    77
    Location:
    USA
    mhodges....you can get the path/location off Microsoft Safety Scanner. Rerun it, when it's done, click on the link when it asks you if you want to send it to Microsoft (if I recall it was the "what information" you send to them, the one right after it tells you what it found). Write it down. I had to look for it as well. Once you get that, it's fairly painless to find that file in My Computer (in safe mode) following what you wrote down. HKEY 1952 and Cudni and very knowledgable and helpful.
     
    Last edited: Apr 12, 2012
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.