I had a compromised Java version. How do I clean up afterwards?
January 12, 2013 5:14 AM Subscribe
My AV program found 'Exploit:Java/CVE-2012-4681' on my laptop. It's a primer that sets up my machine for future exploits, but I haven't found any further infections using AV or Housecall. What steps should I be taking to assure myself that the machine is clean, and what can I do to prevent this kind of problem in the future.
3 days ago, Microsoft Security Essentials picked up 'Exploit:Java/CVE-2012-4681' on my laptop. By the looks of it, this is an exploit for Java that primes the browser's Java plugin so that when I visit an infected site, that site can install whatever.
When MSSE found the issue, I told MSSE to KILL IT WITH FIRE, which it did, but MSSE warned me to expect possible follow-on infections that the exploit helped to download. So far, I have seen nothing. I ran Trend Micro Housecall to look for anything MSSE missed, and that came back with nothing. I'm not seeing any obvious symptoms like unexplained popups or search hijacking.
This is nice to see, and the optimistic case is that some combination of my security precautions have saved my arse, but I want to be sure of that.
So, Metafilter, this is what I'd like to know:
1) What further steps should I take to find possible threats and make the machine safe? I have access to the original installation media, but would prefer not to use it unless really necessary. I'm also worried that a clean installation would simply get reinfected by music and other files when I restore the machine.
2) What symptoms would I expect to see if the machine is compromised?
Machine details: ~4 year old personal Windows 7 Professional laptop, with legit Win7 and Windows updates installed promptly. I use Security Essentials for AV, and keep that up to date with Windows Update. I browse with Firefox and thought I was keeping everything up to date, although apparently I was a bit patchy with the Adobe stuff. Firefox has Flashblock and NoScript installed, although it looks like I disabled Flashblock a while back to make something work and forgot to turn it back on. Windows Firewall is on. The machine is backed up online using Carbonite, but obviously that won't help if infected files have been synched over to the remote server.
I don't torrent or use pirated software. I am Windows-literate and comfortable working from the command line.
Thanks everyone.
posted by Urtylug to computers & internet (3 answers total) 1 user marked this as a favorite
However, the exploit's existence is not equivalent to its use on your system. It is unlikely that you have had rogue software installed, and you do not need to do anything more at this time. I would suggest keeping your AV software updated and follow your normal preventative steps (run scans regularly, install OS and AV updates, etc.).
Were your machine to have been compromised, the symptoms would depend upon what software was installed via the Java vulnerability. Typical cases of third-party malware that have been seen recently include fake anti-virus software messages that claim that you have been infected, and offer to "clean" your machine in exchange for buying some software, along with so-called "hostage ware" that locks the machine, typically at boot, until you offer up payment for access to it. Both are most likely attempts to gain your credit card or financial information.
For what it is worth, music files are unlikely to carry any kind of "infection"; they are not executable files, and as such, they have not been traditional vectors of malware or virus transmission.
posted by ellF at 6:07 AM on January 12