1 2 Previous Next 13 Replies Latest reply on Oct 28, 2012 3:45 PM by Hayton

    Question about Generic Trojan

    markiebeau

      Hi.

      I have had my computer and McAfee Security center for a few years and first now the virus scan found something.

      Ran a full scan and it found Generic Exploit!rsk(Trojan)Exploit-CVE20121723.h

      Just wondering if anyone knows what this is and how I could have gotten it. I browse safely and use WOT and the McAfee Site Advisor. Seems to have a date on it. I tried to Google it and it only shows the first half, but not the CVE2012 stuff and no other info but that it is low risk.

      Anyone else run into this?

      Thanx for any input.

        • 1. Re: Question about Generic Trojan
          Peter M

          Moved to Malware Discussion > Home User Assistance.

           

          It may mean something as simple as your Java needs updating, let's hope so.

           

          I don't know what browser you use but Java is usually an add-on in at least IE and Firefox so go to http://www.java.com to see if you need to update over whatever version is showing in the browser Tools > Add-ons (Manage Add-ons in IE).

           

          Also you might want to run Stinger and Malwarebytes Free, both linked in my signmature, last link, below.   With Malwarebytes please don't accept the trial or you will get the Pro version which may clash with McAfee..

          • 2. Re: Question about Generic Trojan
            Hayton

            Brian Krebs noted this one on July 5th this year. See

            http://krebsonsecurity.com/2012/07/new-java-exploit-to-debut-in-blackhole-exploi t-kits/

             

            It's a low-risk Trojan provided either you've not got Java on your PC or you've got the latest version of Java. It's an exploit which was added to the Blackhole Exploit Kit to take advantage of a vulnerability in the Java Virtual Machine (Hotspot). The vulnerability is CVE-2012-1723 : see

            http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1723

             

            Microsoft have a detailed write-up of the exploit at

            http://blogs.technet.com/b/mmpc/archive/2012/08/01/the-rise-of-a-new-java-vulner ability-cve-2012-1723.aspx

             

            If you need to keep Java for some reason update it now to the latest version. If you don't need it, remove it from your PC (and disable or remove it in your browsers). See this Brian Krebs article for more details.

             

            Message was edited by: Hayton on 27/10/12 00:34:16 IST
            1 of 1 people found this helpful
            • 3. Re: Question about Generic Trojan
              markiebeau

              I actually did a Java update (automatic) on 10/20. Checked again a couple minutes ago and it says I have the latest version.

              Do I really need to disable Java? Don't they have a fix for this?

              My virus scan says it (the exploit) was removed. I did another one today and it found nothing. Could it come back?

               

              Now I am thinking I could have gotten it before the Java Update, because I read the article you referred me to and the latest Java updates were suppose to "fix" the issue.

              I  hadn't done a scan in over a month and the Java wasn't updated until the 10th of this month.

               

              Message was edited by: markiebeau on 10/26/12 6:58:57 PM CDT

               

              I notice a mention was made about Hotspot. Is that where you use a free wifi hotspot somewhere? I was at a hotel  a month or so ago and was using their wifi. When I got back home, I noticed my computer acted strangely..my McAfee update froze my computer. I did a system restore from before I went to the hotel, ran Stinger, Super AntiSpyware,  Malwarebytes and McAfee and none of them found anything. The computer "seemed" fine after that. Then yesterday I updated McAfee and did an overdue scan and that is when the Trojan was found. Was it still "hiding" and the the updated DAT file weeded it out?

               

              Message was edited by: markiebeau on 10/26/12 7:11:37 PM CDT
              • 4. Re: Question about Generic Trojan
                Hayton

                Double-check to make sure you've only got one Java version installed. I think that Java now removes old versions by default but it's best to be sure. Remove anything you find earlier than the latest version if there's more than one on the system. As for keeping Java, I got rid of it because it's an ongoing security risk. If you decide to keep Java you will at least be safe from that exploit.

                1 of 1 people found this helpful
                • 5. Re: Question about Generic Trojan
                  markiebeau

                  Yes, I only have one version fof Java 7 Update 9.

                  But I also have something called Java FX 2.1.1.  What's that? I use Apache Open Office which uses stuff from Oracle.

                  • 6. Re: Question about Generic Trojan
                    Peter M

                    Java FX comes with the other Java.  Not sure exactly what it does but I have it in my browsers too.

                    1 of 1 people found this helpful
                    • 7. Re: Question about Generic Trojan
                      markiebeau

                      Thanx Hayton and Ex_Brit  for all your input.

                      Still like to know where and when I picked up the Trojan.

                      Guess it doesn't matter. It's gone.

                      • 8. Re: Question about Generic Trojan
                        Hayton

                        You got the Trojan as a drive-by possibly from a so-called "watering-hole" site. There would have been malicious code embedded in an otherwise innocent webpage that called up the Blackhole kit from a hosting server somewhere. The kit ran checks on a number of programs on your system looking for something not updated and it found an unpatched Java. It promptly tried to download this Trojan to your PC and McAfee spotted it (the exploit being by now well-known) and kicked it into quarantine.

                         

                        Java FX by the way is now on version 2.2.3 as of October 16th.

                        See http://en.wikipedia.org/wiki/JavaFX  and

                        http://www.oracle.com/technetwork/java/javafx/overview/index.html

                         

                        Message was edited by: Hayton - emendation from "honeypot" to "watering-hole" - on 27/10/12 02:54:52 IST
                        • 9. Re: Question about Generic Trojan
                          markiebeau

                          I guess it doesn't matter how careful you are you will still eventually get something.

                          Can't trust Web of Trust.

                          Can't trust Site Advisor.

                          People have nothing better to do than think of ways to screw up someone's computer or steal their info.....must not have much of a life.

                          I could say more, but I'm trying to stay calm about this. I read so much about  hacker groups and malware creators and virus writers. Wish there was a way to trace them so they may be prosecuted.....

                           

                          on 10/27/12 10:06:56 AM CDT
                          1 2 Previous Next