I use Avast 7 Free updated with the most recent virus definitions.
Today i’ve surfed to a infected site and although Avast notified me the url was infected and in theory, blocked it, my machine was infected. As a TI guy, i could clean it up deleting some files. Then i surfed again to the same website and again, Avast told me the url was infected, blocked the access, but even this way, i was infected again.
It’s some kind of Windows 7 virus that updates MSConfig to start when you reboot.
So i cleaned up my system again.
I’d like to know why this happenned ; if Avast blocked the URL, why my machine was infected ?
The site in question is this below (i’ve separated with spaces to avoid clicking) ; be careful, it’s infected.
URL : http: // www . phabrica . com . br/wp-content/themes/Phabrica/js/superfish.js|>{gzip}
Severity : High
Status : Threat:JS:Redirector-Om[Trj]
Action : Blocked
I’m surfing again to the site with a virtual machine with Windows XP. If i navigate to the site in my
original machine (Windows 7 Pro) , i will be infected again ; i’ve tested twice and twice i was infected.
Avast blocks, but somehow , i get infected anyway. Maybe Avast is blocking one link but letting another pass, i’m not sure about what happens.
What i’m sure is i’ve tried twice to navigate to this site, and twice i got infected. I can tell because the virus put some .exe files in my c:\programdata and edit MSConfig to run itself when i restart. It even block Taskman and deleted all my shortcuts. It seems to be a Win7 specific infection.
As i TI guy, i could restore everything, and tried again to navigate to this site, and again, i was infected.
I would try again, but everytime it infects my computer, i loose a lot of time cleaning up things.
Vulnerability in the Java Runtime Environment component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are 7 Update 2 and before, 6 Update 30 and before and 5.0 Update 33 and before. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Java Runtime Environment accessible data as well as read access to a subset of Java Runtime Environment accessible data and ability to cause a partial denial of service (partial DOS) of Java Runtime Environment.
Note: Applies to client deployments of Java. This vulnerability can be exploited only through Untrusted Java Web Start applications and Untrusted Java applets. (Untrusted Java Web Start applications and untrusted applets run in the Java sandbox with limited privileges.).
CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory]