Posted 06 March 2010 - 01:09 PM
Like you, I had just installed Microsoft Essentials a couple of days ago and did my first FULL scan with it today. It found 3 selace instances of K,N,O. Naturally I was shocked, because I must have just gotten these within the past few weeks and other services didn't notice them.
I did a search about these beasties and I couldn't pull up info on them at Symantec or TrendMicro which are the big names in AV security! And yet, Microsoft, which has had to this point been very disappointing as far as developing security scanning type software, finds these (allegedly) nasty java trojans. Quite out of character for Microsoft AV stuff to be this excellent - but there you are.
Microsoft Essentials removed them. Of course, whenever I stumble upon a site where a message box comes up telling me 'Your computer is at risk', my routine is simply to:
1. DO NOT CLICK ANYTHING
2. OPEN TASK MANAGER (VIA CTRL+ALT+DELETE)
3. END TASK
I could be wrong, but I think this is where they come from, from rogue AV scan type things. Right now, there seem to be a LOT of websites either intentionally or unintentionally delivering these scripts.
Now for the worst part. There is now the problem of knowing how bad are these trojans. The fact is, I can't find much information on them. Is removal of them really removal? A user on one thread somewhere said reformat is the only way to be safe from these even after removal. There was no other commentary anywhere that backs up what he said.
Some people can be real jerks - words to remember.
Let's just take a breath and relax. No need to get carried away with anxiety. Reformatting is the last thing you want to do - especially if you have caught the culprits and removed them before they became active. I will keep an eye out for any details on the selace family. They are fairly new and even Microsoft which wielded the axe, doesn't have much on them except that they are severe.
The following is only my speculation and should not be considered fact: I am under the impression that selace.K is desperate to get selace.L onto its infected host. If you killed selace.K before it called selace.L, then you should be okay. However, if selace.L was in your removal list, I would be more concerned because it is the trojan that delivers the payload. As for .N and .O - there isn't enough info that I could find to make any kind of speculation.
Whatever you do, be calm and do not panic. Remember - it is called scareware for a reason.