Exploit: Java/CVE-200 + CVE-201 = Trojan Downloader/Open Connection Detected.

Just ran Windows Live One Care Scanner. It found Exploit:Java/CVE-200 (8-5353.JJ, 8-5353.KM, 8-5353.OZ, 8-5353.RA, 9-3867.GM, 9-3867.HD, 9-3867.IC); Exploit:Java/CVE-201 (0-0094.N); and Trojan Downloader: Java? Open Connection.ES.
Live Scanner is unable to remove/repair these problems. Can Avast remove them? If not, how can they be removed?

Hi bi4life,

After you get the machine cleaned up, make sure to uninstall all older versions of Java and install the latest one (JRE 6 Update 21) .

Go through these general malware removal steps systematically:

Reconfigure Windows XP to show hidden files:
To enable the viewing of Hidden files follow these steps:

* Close all programs so that you are at your desktop.
* Double-click on the My Computer icon.
* Select the Tools menu and click Folder Options.
* After the new window appears select the View tab.
* Put a checkmark in the checkbox labeled Display the contents of system folders.
* Under the Hidden files and folders section select the radio button labeled 
  Show hidden files  and folders.
* Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
* Remove the checkmark from the checkbox labeled Hide protected operating system files.
* Press the Apply button and then the OK button and shutdown My Computer.
* Now your computer is configured to show all hidden files. 

Be sure to re-hide your files once you are finished cleaning your computer.

Delete the following folder, if found:

c:\documents and settings.…\Application Data\Inikq

Step # 1: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
The other boxes are optional
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step # 2 Run Malwarebytes’ Anti-Malware download from:
http://www.malwarebytes.org/mbam-download.php

* Launch Malwarebytes' Anti-Malware.
* Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
* Next click the Scanner tab and select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:
* Click on the Malwarebytes' Anti-Malware icon to launch the program.
* Click on the Logs tab.
* Click on the log at the bottom of those listed to highlight it.
* Click Open.

Post the MalwareBytes’ Log as an attached txt file with your next post/reply,

polonus

polonus :)Thank you. Your response was rapid, thorough, and easy to understand. I found that I had two versions of Java installed. Ran Revo Uninstaller to remove them, then adapted your instructions for Vista 64. Ran ATF Cleaner, then Malwarebytes Anti-Malware. No infections, no malicious items. I am a 52 y.o. computer novice, had never heard of the cleaner and anti-malware programs you recommended. Thanks again for your expert help. It’s nice to know you, and others like you, are so close at hand.

polonus, Here’s the report you said to include. (Looks mighty fine to me).
Malwarebytes’ Anti-Malware 1.46
www.malwarebytes.org

Database version: 4602

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/12/2010 6:00:23 PM
mbam-log-2010-09-12 (18-00-23).txt

Scan type: Quick scan
Objects scanned: 130548
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)