Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Exploit:Java/CVE-2012-0507 won't go away


  • Please log in to reply
20 replies to this topic

#1 BagelAnne

BagelAnne

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 27 October 2014 - 08:46 AM

I have a Dell Inspiron 580 desktop with Windows 7.

Went to do a cleaning on it after Java update kept popping up

ADW found and removed chrome extension mkfikfff........

Jrt found and removed coupon printer and wininiti.ini

Malware bytes found nothing

Spybot found 18 low level items

 

ESET found 16 including Win32/toolbar.widgi.B

Msert found and only partially removed:

Exploit:Java/blacole.et

Exploit:Java/CVE-2011-3544

Exploit:Java/CVE-2012-0507

 

Running other programs, Hitman pro, Slim Cleaner, Advanced Systen Care, SFC, Microsoft security essentials and ESET in safe mode,

I got rid of the first 2 of the exploits

BUT No matter what I do, Exploit:Java/CVE-2012-0507 keeps showing up in the Msert scan.

Been working on this for 2 days.

Can anyone help? Please?!!!!



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:23 AM

Posted 27 October 2014 - 08:53 AM

If Java is still installed on the computer, have you cleaned your Java cache? Also clean your browser cache.

#3 BagelAnne

BagelAnne
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 27 October 2014 - 09:05 AM

Thanks for the quick reply!

have cleaned Java cache but not the browser cache.

Will google how to do that.



#4 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:23 AM

Posted 27 October 2014 - 09:10 AM

Most users don't need Java. Unless you have a specific need for it, best to either uninstall or at least disable the Java plugins in your browser(s).

 

Uninstall Slim Cleaner, Advanced System Care.

Spybot S&D is a mediocre security program. Suggest you replace it with MBAM. It will interfere with other security programs scanning and removal

of malware, too.

What is SFC? System File Checker...?

 

Google Chrome gives you the option to reset your browser settings in one easy click. In some cases, programs that you install can change your Chrome settings without your knowledge. You may see additional extensions and toolbars or a different search engine. Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Reset your browser settings

  1. In the top-right corner of the browser window, click the Chrome menu
  2. Select Settings.
  3. At the bottom, click Show advanced settings.
  4. Under the section "Reset settings,” click Reset settings.
  5. In the dialog that appears, click Reset.

 

After removing the programs and resetting Chrome, Rerun AdwCleaner, JRT and MBAM. If they find anything, post their scan logs back here.

 

Remove all but the last Restore Points which may be where the culprit is being found.

Click Start > All Programs > Accessories > System Tools > Click Disc Cleanup
Now launch this utility and click More Options tab. Under which click System Restore and followed by that click Clean Up tab a message will popup -Are you sure you want to delete all but the most recent restore point?Click Yes then OK. Finally another message will  popup-Are you sure you want to perform these actions?Click Yes.

 

Use CCleaner to clean caches, temporary files, cookies, etc. Use the default settings. No need to use the Registry Cleaner.

Pay close attention while installing and UNcheck offers of toolbars such as Yahoo.

CCleaner - PC Optimization and Cleaning - Free Download


Edited by buddy215, 27 October 2014 - 09:13 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 BagelAnne

BagelAnne
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 27 October 2014 - 09:38 AM

Wow! thank you!!!!

I am on it,

Slim Cleaner, Advanced System Care.

Spybot S&D have all been uninstalled. I just use them for a scan and then remove them

SFC is system file checker

Have reset Chrome and deleted all history on IE 11

On to the scans!!


Scan in normal or safe mode??



#6 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:23 AM

Posted 27 October 2014 - 09:40 AM

Normal mode...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 BagelAnne

BagelAnne
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 27 October 2014 - 05:49 PM

just got back from work.

Adwcleaner found nothing

JRT found nothing

Mbam found nothing



#8 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:23 AM

Posted 27 October 2014 - 06:09 PM

If you have installed and cleaned the computer with CCleaner, deleted the Restore Points, reset Google Chrome and

you still get the notice that a Java exploit still exists, then check in your Add/ Remove program list and uninstall ALL old Java

programs.

 

Then run this scan:

Download TDSSKiller and save it to your desktop.

  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear.
  • Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.
  • Please copy and paste the contents of that file here.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 BagelAnne

BagelAnne
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 27 October 2014 - 07:38 PM

MSERT still finding the exploit

CCleaner cleaned 343 items

Will run TDSSKiller now



#10 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:23 AM

Posted 27 October 2014 - 07:42 PM

Does it give a path....where to find the exploit? The actual file name? 

 

The file may be in a quarantine folder. Either in Eset or MBAM. I would uninstall Eset and permanently remove

the quarantined files MBAM.


Edited by buddy215, 27 October 2014 - 07:50 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 BagelAnne

BagelAnne
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 27 October 2014 - 07:45 PM

TDSSKiller found nothing

 This is very frustrating!



#12 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:23 AM

Posted 27 October 2014 - 08:14 PM

The Java exploit was patched back in Feb. / March of 2012. Did you uninstall any old Java programs today or recently from the Add/ Remove list?

Be sure to read my last post and comment on it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 BagelAnne

BagelAnne
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 27 October 2014 - 08:14 PM

the name  is just Exploit:Java/CVE-2012-0507 but there is no way to know where it sits on my computer.

I have uninstalled eset and MBAM after each time I scanned.

I also deleted the folders for each that were left behind on the harddrive

You got me thinking .

Let me clean out Norton's quarantine



#14 BagelAnne

BagelAnne
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:23 AM

Posted 27 October 2014 - 08:18 PM

I did find an old version of Java (7.5?) on this machine and removed it via Add/remove

I installed the newest version (Java 8) thinking it might have a patch but still got the exploit message so I uninstalled Java8



#15 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:01:23 AM

Posted 27 October 2014 - 08:22 PM

I am beginning to think this is a false positive finding of that malware. Maybe it is in Norton's quarantine folder if you had Norton

installed 3 years ago.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users