Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Java/Anogre.E" Will not Die!


  • Please log in to reply
2 replies to this topic

#1 Alupinu

Alupinu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 06 July 2014 - 05:35 PM

I'm not super computer savvy so excuse me if I sound like a blockhead. About two weeks ago my computer started crashing a lot, playing online games, I expected a virus or similar malicious software. So I ran Microsoft Security Essentials and sure enough something came up.  "Java/Anogre.E" So I had MSE delete it and I thought my problems where solved. But now every time I start my computer and go on-line, this Java/Anogre.E seems to re-invade my computer and the problems start all over again. I've used MSE several times to delete it but it keeps coming back. I've also tried AdwCleaner and ComboFix but with no avail. Can somebody help me? Thanks.


Edited by Chris Cosgrove, 06 July 2014 - 05:55 PM.
Moved to 'Am I infected?'


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:36 AM

Posted 06 July 2014 - 06:18 PM

If this is Java/Anogre.E then it is a variation of the infection described below.

 

 

Exploit:Java/Anogre.A is a detection for an obfuscated Java class component associated with the exploit kit called SweetOrange. Similar to any other exploit kit, such as Blacole, it first determines information about your browser. This includes the browser you use (for example, Internet Explorer or Mozilla Firefox), its version, and what plug-ins are installed.

SweetOrange can exploit vulnerabilities in Java, specifically the vulnerability discussed in CVE-2013-0422.

Exploit:Java/Anogre.A usually comes bundled with another file detected as Exploit:Java/CVE-2013-0422.

 

Your M.S.E should be set to always run in the background, and I set mine to run a deeper scan several times a day.

Please check in the Settings area of M.S.E.

 

Please follow the instructions in ==>This Guide<== starting at Step 6.

 

Once the proper logs are created, then make a NEW TOPIC and post it ==> HERE<==

 

Do not run ComboFix. Just include the requested logs from the guide above. Please be sure to include a description of your computer issues and what you have done to try to resolve them.

 

If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why along with a description of your computer issues.

 

Please post the link to your new topic back here so we can lock this one, and then only the Malware Response Team should handle your problem.



#3 infocus

infocus

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 31 July 2014 - 12:15 PM

Alupinu
Anogre.E is a java exploit.Did you know Java has its own temporary file folder?
You will find it there.
Click control panel,click programs ,find and click Java.
On the general tab you will find temp internet file folder.
Click settings,click delete then OK. It takes a few seconds to delete.
Did you notice MSE popped back up? Java dumps its deleted files into Windows temporary internet file folder.
Go back into MSE and remove.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users