cancel
Showing results for 
Search instead for 
Did you mean: 
markiebeau
Level 9

Question about Generic Trojan

Jump to solution

Hi.

I have had my computer and McAfee Security center for a few years and first now the virus scan found something.

Ran a full scan and it found Generic Exploit!rsk(Trojan)Exploit-CVE20121723.h

Just wondering if anyone knows what this is and how I could have gotten it. I browse safely and use WOT and the McAfee Site Advisor. Seems to have a date on it. I tried to Google it and it only shows the first half, but not the CVE2012 stuff and no other info but that it is low risk.

Anyone else run into this?

Thanx for any input.

0 Kudos
1 Solution

Accepted Solutions
exbrit
Level 21

Re: Question about Generic Trojan

Jump to solution

Moved to Malware Discussion > Home User Assistance.

It may mean something as simple as your Java needs updating, let's hope so.

I don't know what browser you use but Java is usually an add-on in at least IE and Firefox so go to http://www.java.com to see if you need to update over whatever version is showing in the browser Tools > Add-ons (Manage Add-ons in IE).

Also you might want to run Stinger and Malwarebytes Free, both linked in my signmature, last link, below.   With Malwarebytes please don't accept the trial or you will get the Pro version which may clash with McAfee..

0 Kudos
13 Replies
exbrit
Level 21

Re: Question about Generic Trojan

Jump to solution

Moved to Malware Discussion > Home User Assistance.

It may mean something as simple as your Java needs updating, let's hope so.

I don't know what browser you use but Java is usually an add-on in at least IE and Firefox so go to http://www.java.com to see if you need to update over whatever version is showing in the browser Tools > Add-ons (Manage Add-ons in IE).

Also you might want to run Stinger and Malwarebytes Free, both linked in my signmature, last link, below.   With Malwarebytes please don't accept the trial or you will get the Pro version which may clash with McAfee..

0 Kudos
markiebeau
Level 9

Re: Question about Generic Trojan

Jump to solution

I actually did a Java update (automatic) on 10/20. Checked again a couple minutes ago and it says I have the latest version.

Do I really need to disable Java? Don't they have a fix for this?

My virus scan says it (the exploit) was removed. I did another one today and it found nothing. Could it come back?

Now I am thinking I could have gotten it before the Java Update, because I read the article you referred me to and the latest Java updates were suppose to "fix" the issue.

I  hadn't done a scan in over a month and the Java wasn't updated until the 10th of this month.

Message was edited by: markiebeau on 10/26/12 6:58:57 PM CDT

I notice a mention was made about Hotspot. Is that where you use a free wifi hotspot somewhere? I was at a hotel  a month or so ago and was using their wifi. When I got back home, I noticed my computer acted strangely..my McAfee update froze my computer. I did a system restore from before I went to the hotel, ran Stinger, Super AntiSpyware,  Malwarebytes and McAfee and none of them found anything. The computer "seemed" fine after that. Then yesterday I updated McAfee and did an overdue scan and that is when the Trojan was found. Was it still "hiding" and the the updated DAT file weeded it out?

Message was edited by: markiebeau on 10/26/12 7:11:37 PM CDT
0 Kudos
Hayton
Level 17

Re: Question about Generic Trojan

Jump to solution

Double-check to make sure you've only got one Java version installed. I think that Java now removes old versions by default but it's best to be sure. Remove anything you find earlier than the latest version if there's more than one on the system. As for keeping Java, I got rid of it because it's an ongoing security risk. If you decide to keep Java you will at least be safe from that exploit.

0 Kudos
markiebeau
Level 9

Re: Question about Generic Trojan

Jump to solution

Yes, I only have one version fof Java 7 Update 9.

But I also have something called Java FX 2.1.1.  What's that? I use Apache Open Office which uses stuff from Oracle.

0 Kudos
exbrit
Level 21

Re: Question about Generic Trojan

Jump to solution

Java FX comes with the other Java.  Not sure exactly what it does but I have it in my browsers too.

0 Kudos
markiebeau
Level 9

Re: Question about Generic Trojan

Jump to solution

Thanx Hayton and Ex_Brit  for all your input.

Still like to know where and when I picked up the Trojan.

Guess it doesn't matter. It's gone.

0 Kudos
Hayton
Level 17

Re: Question about Generic Trojan

Jump to solution

You got the Trojan as a drive-by possibly from a so-called "watering-hole" site. There would have been malicious code embedded in an otherwise innocent webpage that called up the Blackhole kit from a hosting server somewhere. The kit ran checks on a number of programs on your system looking for something not updated and it found an unpatched Java. It promptly tried to download this Trojan to your PC and McAfee spotted it (the exploit being by now well-known) and kicked it into quarantine.

Java FX by the way is now on version 2.2.3 as of October 16th.

See http://en.wikipedia.org/wiki/JavaFX  and

http://www.oracle.com/technetwork/java/javafx/overview/index.html

Message was edited by: Hayton - emendation from "honeypot" to "watering-hole" - on 27/10/12 02:54:52 IST
0 Kudos
markiebeau
Level 9

Re: Question about Generic Trojan

Jump to solution

I guess it doesn't matter how careful you are you will still eventually get something.

Can't trust Web of Trust.

Can't trust Site Advisor.

People have nothing better to do than think of ways to screw up someone's computer or steal their info.....must not have much of a life.

I could say more, but I'm trying to stay calm about this. I read so much about  hacker groups and malware creators and virus writers. Wish there was a way to trace them so they may be prosecuted.....

on 10/27/12 10:06:56 AM CDT
0 Kudos
exbrit
Level 21

Re: Question about Generic Trojan

Jump to solution

If you let it get to you, it makes you want to throw your computer down a mineshaft and proceed directly to the nearest Trappist Monastery and sign on.

0 Kudos