I use and enjoy Avast, so I thought I should ask here.:
A few hours ago on my dad’s computer his antivirus found a Java:Exploit CVE 2010-0840.CE ranked severe on his computer and quarantined it.
(It was not running a scan, just popped up and said it had found this thing and to quarantine it.)
I looked up the information of the microsoft website here http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2010-0840.CE&ThreatID=-2147322709
And looked around at other versions of this Java exploit and found that its
“successful exploitation leads to remote code execution.”
First of all, I quarantined it and am now running MBAM full scan.
I also checked and he did have an old version of Java (ver 7) installed along with update 24 so I uninstalled the version 7.
Now what does ‘remote code execution’ mean? Could someone explain this.
Also, is there anything else I need to check on his computer.
Microsoft Security Essentials had found it just as I was disconnecting from the internet and had opened up CCleaner.
I really need to know if this kind of thing could have stolen information from online,
because we had just put in confidential information into a government website before it was detected.
And apparently this version of the exploit (.CE) was just released yesterday so I don’t know when it got on his computer
but his MSE was update at 6:30 am and 2:30 pm today and wasn’t detected until 4:25 pm.
Do I need to check for any other old versions of java?
or for any temp files, or his firewall settings?
If it is quarantined, do I still have to delete it from his computer somehow?
Oh, and he’s running windows Vista, he had to reinstall from the partition drive about a month ago because of a
rogue anti-virus, but i don’t think that is connected but just in case…
Just run the latest GMER version to be downloaded from here: http://www.gmer.net/
give the attached rootkit/stealth malware detector log txt file with your next posting,
I did update all his antimalware and antivirus programs before running the scans, and still nothing.
I was not able to get onto secunia because: a) when he opens internet explorer, the User Account Control keeps asking to let Java update 24 have permission to run, and he says it has never done that before so I thought that may be a symptom and told him to disconect (his firefox doesn’t do this but… b)he got frustrated and completely uninstalled java from his computer.
We’re not experiencing anything actually. We uninstalled Java completely, then reinstalled it. With this, the “User Account Control” permission pop-ups stopped showing up when we tried to open internet explorer.
What’s worrying me is, how do I figure out if something is hidden on his computer, like if some hacker has some remote link to it that can steal his information. Also, he insists since we deleted the virus that his computer is fine now and he is now online again grrrrrrrrrrrr. Are there any ways I can check for remote code or something? Or was it just in the old java that we deleted?
And I don’t know why the heck that JavaRa didn’t work on his computer correctly, but I looked in his C:/ and searched throughout the rest of his computer and there is no log.
Download OTS to your Desktop and double-click on it to run it
[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.
Just a bit of Norton and a couple of waifs and strays
I would recommend that he update to IE9 even if he does not use it
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Win32 Services - Safe List]
YN -> (Norton Internet Security) Norton Internet Security [Auto | Stopped] ->
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-950256297-24792667-4271955715-1000\] > -> HKEY_USERS\S-1-5-21-950256297-24792667-4271955715-1000\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> ulseu3e2.exe -> C:\Users\Charles\Desktop\ulseu3e2.exe
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.