Posted 17 October 2011 - 06:21 PM
A few days ago, I downloaded and installed Hotspot Shield, because I liked the idea of a VPN and wanted to try it out. I read up on VPNs and saw that I would be part of a 'network' when using it. I wasn't sure how or whether that would open me up to any security risks, but obviously that didn't stop me.
I am pretty sure I was connected to the 'net via the VPN when MSE flashed into action and told me it had blocked a severe threat and I remember seeing a warning about JAVA. I immediately exited whatever web page I was on and also exited the VPN. Since MSE said it blocked it, I wasn't too worried.
Fast forward 24 to 48 hours (I forget which), and I started a deep scan, then went to sleep. The next morning, when I looked in the 'history' section of MSE, it said it had "removed" three files, all of which were 'SEVERE' threats, and one of them was a Trojan Downloader that could execute code remotely (I looked that sucker up). Great!
Anyway, here are the file names:
So I do not know what, if anything, I need to do from here. MSE says they are 'removed'. I have not deleted those files from the history section of MSE just yet because I wanted to know more about them, and also wanted to post the names here.
Here's what I have done so far: I looked up the file names, and saw something about the exploits needing older versions of Java, so I checked my JAVA folder, and sure enough, there were three older versions in there, for the three previous updates before this latest one. I thought I had removed them but I had not. Today, I uninstalled those using a link someone in this forum gave me (on another thread). I now have ONLY the most current version of JAVA in that folder (update #27). Lesson learned.
I also uninstalled Hotspot Shield using Revo. I don't know for sure that using a VPN had anything to do with this problem, but I also realized I really do not fully understand the risks either, so until I do....forget it.
Do I need to do anything else? Is it possible the Trojan Downloader executed some code and I don't know about it? Or that one of the exploits worked? Also, are those separate, independent threats, or does the Trojan work in tandem with the JAVA exploit files?
I do not know how long those files were there or whether they had time to cause any damage. I would guess they were there a few days at most. They did not come up on a quick scan that I did a few days ago; they only came up on the deep scan.
Other info: I was using a 'drop my rights' version of Firefox at the time, and my IE internet security setting was either at 'medium high' or 'high'. A lot of times, if I want to do something and it doesn't work, then I have to lower the Internet security setting in IE to 'medium high' from 'high' (then I can play the video or whatever). The setting in IE seems to control what I can do in Firefox. So I go back and forth between those 2 settings (medium high and high) in IE, but I try to keep the 'net security setting at highest possible most of the time.
Besides the above protection, if I was using the 'drop my rights' version of FF at the time I picked up these exploits/downloader, as is my guess, wouldn't that mean that a Trojan could not have executed any code? Or that a JAVA exploit could not have occurred (if the exploit could not write script)?
My computer appears to be behaving normally.
This is a lot of information and I would really appreciate if someone could give me some direction as to what I need to do, if anything.
Thank you in advance...very much appreciated.
WinXP, Security Pack3, Microsoft Security Essentials, latest versions of Firefox and IE browsers. I use FF almost all the time, and have 'drop my rights version' of the browser that I use...unless I need to download something, in which case I use the regular version of FF.