1 Reply Latest reply on Jul 18, 2012 5:39 PM by homeless

    JV/Exploit-Blacole

    nofear123

      Hello,

       

      maybe someone can help me. Last week we had some infections with JV/Exploit-Blacole in C:\Dokumente und Einstellungen\%username%\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56\1ceec c38-69394983\C2.class. The on access scanner didn´t recognize it.

      Only full system scan did find the trojan.

      We have VSE 8.8i Patch 1 with all scan options enabled.

      What´s wrong here?

       

       

      greetins nofear123

       

       

       

        • 1. Re: JV/Exploit-Blacole

          I may be off base here but if the Scheduled Scan detected the threat and the On-Access scan did not, it should mean that the C2.class was never accessed / executed.

           

          What happens if you right-click on the file and ask VSE to scan it?

          Also, try opening the file with Notepad++ and saving it again, that should kick off the On-Access Scanner alert.

          When was the file created? Was it before th deployment of DAT 6671?

           

          It is strange behaviour but trying some of these may give you a clue to why it managed to evade detection.

           

          Ron