7 Replies Latest reply on May 25, 2010 11:08 PM by CompGuy123

    Trojan Found

    Unclepotter

      Hi,

       

      After doing a full scan this morning McAfee found and quarantined these two trojans.

       

      Exploit-CVE2008-5353 (trojan)

       

      Exploit-CVE2009-3867 (trojan)

       

      This is the first time in over 3 years of using McAfee that anything has been found.Can someone please tell me what these are and is it ok now that they have been quarantined.

        • 1. Re: Trojan Found

          Hi Unclepotter,

           

          Below there are some links with additional information about the trojan found in your environment:

           

          http://vil.nai.com/vil/content/v_252846.htm - Exploit-CVE2008-5353

          http://vil.nai.com/vil/content/v_265337.htm - Exploit-CVE2009-3867

           

          Please check if you are running the latest virus definition and scan engine. If so, run a full On-demand scan on the affected machines. If this scan completes and all of the malwares found are properly removed (deleted and/or cleaned) you should be safe. The same applies if no malware if found during this scan.

           

          Regards,

          Bruno

          • 2. Re: Trojan Found

            Hello,

            I have a related question. I will appreciate a reply asap. Thanks:

            My laptop  also got infected by  Exploit-CVE2009-3867 Trojan (Exploit-ByteVerify) - and was found by my McAfee two days ago during a routine autimatic scan.

            According to the detection log  the trojan was found in

            C:\Documents and Settings\xxx\Application Data\Sun\Java\Deployment\cache\6.0\31\5637119f-1b7b00ca

            and was removed ("xxx" is my user directory).

            However, I checked the above Java folder and found the file there

            . I scanned it with McAfee, SpyBot and Malwarebytes' Anti-Malware - and all had negative (no infection was found). Still I am worried that the tojan installed itself again and wonder if I need to get rid of that file and/or do anything else to assure that it is ok.

             

            Thank you,

            O

            • 3. Re: Trojan Found
              Unclepotter

              Hi,

               

              Open your java console(via control panel),then general>temporary internet files>settings.delete all temporary files.

               

              This will clear all your Java cache

              • 4. Re: Trojan Found

                Thank you for the quick answer. I did what you suggested and, indeed the file is gone.

                I still wonder why it was there after McAfee said it is removed... I would appreciate it if you can explain that.

                 

                Many thanks,

                 

                O

                • 5. Re: Trojan Found
                  Unclepotter

                  Hi, Glad you got rid of it.I can't really say why it didn't remove.I just followed someone else's advice and passed that advice onto yourself Just a thought,but did McAfee remove it or just quarantine it.?

                  • 6. Re: Trojan Found

                    HI,

                    Thank you.

                    McAfee reports that it has been removed. That's why I was worried that the virus is still there somewhere ...

                    O

                    • 7. Re: Trojan Found

                      Hello all,

                       

                      McAfee found

                       

                      Exploit-CVE2009-3867 Trojan (Exploit-ByteVerify)

                       

                      yesterday during a scan, and I came onto the forums to learn a bit more about it.  It was automatically removed by McAfee, but I went ahead and followed the posted suggestion to wipe my Java cache.  I wanted to be sure that it was completely gone because I had been experiencing some kind of browser hijacking/popup stuff.

                       

                      Unfortunately the popup problems did not disappear when the Trojan was removed.  I have done several more scans with McAfee and all turned up clean.  Maybe this trojan is evading McAfee?  I've considered the situation that my popup problems are being caused by some virus/trojan unknown to McAfee, but does anyone know what the symptoms of this specific trojan (Exploit-CVE2009-3867 Trojan (Exploit-ByteVerify)) are?  Are they anything like what I've been experiencing?

                       

                      Thank you!

                       

                       

                      on 5/25/10 11:08:03 PM CDT