Below there are some links with additional information about the trojan found in your environment:
http://vil.nai.com/vil/content/v_252846.htm - Exploit-CVE2008-5353
http://vil.nai.com/vil/content/v_265337.htm - Exploit-CVE2009-3867
Please check if you are running the latest virus definition and scan engine. If so, run a full On-demand scan on the affected machines. If this scan completes and all of the malwares found are properly removed (deleted and/or cleaned) you should be safe. The same applies if no malware if found during this scan.
I have a related question. I will appreciate a reply asap. Thanks:
My laptop also got infected by Exploit-CVE2009-3867 Trojan (Exploit-ByteVerify) - and was found by my McAfee two days ago during a routine autimatic scan.
According to the detection log the trojan was found in
C:\Documents and Settings\xxx\Application Data\Sun\Java\Deployment\cache\6.0\31\5637119f-1b7b00ca
and was removed ("xxx" is my user directory).
However, I checked the above Java folder and found the file there
. I scanned it with McAfee, SpyBot and Malwarebytes' Anti-Malware - and all had negative (no infection was found). Still I am worried that the tojan installed itself again and wonder if I need to get rid of that file and/or do anything else to assure that it is ok.
Open your java console(via control panel),then general>temporary internet files>settings.delete all temporary files.
This will clear all your Java cache
Thank you for the quick answer. I did what you suggested and, indeed the file is gone.
I still wonder why it was there after McAfee said it is removed... I would appreciate it if you can explain that.
Hi, Glad you got rid of it.I can't really say why it didn't remove.I just followed someone else's advice and passed that advice onto yourself Just a thought,but did McAfee remove it or just quarantine it.?
McAfee reports that it has been removed. That's why I was worried that the virus is still there somewhere ...
Exploit-CVE2009-3867 Trojan (Exploit-ByteVerify)
yesterday during a scan, and I came onto the forums to learn a bit more about it. It was automatically removed by McAfee, but I went ahead and followed the posted suggestion to wipe my Java cache. I wanted to be sure that it was completely gone because I had been experiencing some kind of browser hijacking/popup stuff.
Unfortunately the popup problems did not disappear when the Trojan was removed. I have done several more scans with McAfee and all turned up clean. Maybe this trojan is evading McAfee? I've considered the situation that my popup problems are being caused by some virus/trojan unknown to McAfee, but does anyone know what the symptoms of this specific trojan (Exploit-CVE2009-3867 Trojan (Exploit-ByteVerify)) are? Are they anything like what I've been experiencing?