I had a compromised Java version. How do I clean up afterwards?
January 12, 2013 5:14 AM Subscribe
My AV program found 'Exploit:Java/CVE-2012-4681' on my laptop. It's a primer that sets up my machine for future exploits, but I haven't found any further infections using AV or Housecall. What steps should I be taking to assure myself that the machine is clean, and what can I do to prevent this kind of problem in the future.
posted by Urtylug to computers & internet (3 answers total) 1 user marked this as a favorite
3 days ago, Microsoft Security Essentials picked up 'Exploit:Java/CVE-2012-4681' on my laptop. By the looks of it, this is an exploit for Java that primes the browser's Java plugin so that when I visit an infected site, that site can install whatever.
When MSSE found the issue, I told MSSE to KILL IT WITH FIRE, which it did, but MSSE warned me to expect possible follow-on infections that the exploit helped to download. So far, I have seen nothing. I ran Trend Micro Housecall to look for anything MSSE missed, and that came back with nothing. I'm not seeing any obvious symptoms like unexplained popups or search hijacking.
This is nice to see, and the optimistic case is that some combination of my security precautions have saved my arse, but I want to be sure of that.
So, Metafilter, this is what I'd like to know:
1) What further steps should I take to find possible threats and make the machine safe? I have access to the original installation media, but would prefer not to use it unless really necessary. I'm also worried that a clean installation would simply get reinfected by music and other files when I restore the machine.
2) What symptoms would I expect to see if the machine is compromised?
Machine details: ~4 year old personal Windows 7 Professional laptop, with legit Win7 and Windows updates installed promptly. I use Security Essentials for AV, and keep that up to date with Windows Update. I browse with Firefox and thought I was keeping everything up to date, although apparently I was a bit patchy with the Adobe stuff. Firefox has Flashblock and NoScript installed, although it looks like I disabled Flashblock a while back to make something work and forgot to turn it back on. Windows Firewall is on. The machine is backed up online using Carbonite, but obviously that won't help if infected files have been synched over to the remote server.
I don't torrent or use pirated software. I am Windows-literate and comfortable working from the command line.