I am running Windows 7 Home Premium 64-bit version with Internet Explorer 8 and automatic updates and user access control enabled. On 4/22, a manual full scan by McAfee Security Center found Downloader-BCS in:
Subsequently, a manual full scan by Microsoft Safety Scanner also found TrojanDownloader:Java/OpenConnection.HH in
as well as Exploit:Java/CVE-2010-0840.AJ in
Since the last clean full scan by McAfee Security Center on 4/14, no unusual requests for downloading or running executable files were made nor were any new programs explicitly given Internet access. My version of Java is 6 Update 24 with security set to “Show sandbox warning banner” and mixed code set to “Enable – show warning if needed”.
All of these infections were found in the java deployment cache. My questions are:
- How did these malicious java applets get through the run-time scanner and into the cache in the first place?
- Do all three instances exploit the same vulnerability in the java runtime environment? If so, then is my version invulnerable to these attacks? If not, then how likely is exploitation?
- Is there any way to check if a successful exploitation by any of these Trojan downloaders did occur, i.e. through Java’s log files or through Mcafee Firewall’s log files or program permission entries?
- If a malicious download did occur, then wouldn’t the file have been quarantined anyway by the run-time scanner? If the file was downloaded and executed, then wouldn’t Mcafee firewall alert the user of an unauthorized request to access the Internet?
- The risk assessment for “Downloader-BCS” is low. Does this mean that a successful exploit of this and the other malicious applets could only have occurred though a computer on the local network (see http://www.mcafee.com/us/mcafee-labs/resources/vulnerability-assessment.aspx)?
- After removal of these three infections, full scans by “Mcafee Security Center”, “Malwarebytes Anti-Malware”, “Microsoft Malicious Software Removal Tool”, “Microsoft Safety Scanner”, and “Microsoft Security Essentials” revealed no further problems. Am I truly safe?
Thank you very much in advance for any assistance in assessing the threat to my computer from these infections.