New
#1
Java Exploit / Trojan magically re-appears even with a system re-image
I re-imaged my system hard drive the other day after getting infected with a google redirect virus, and a lot of other nasty malware that was apparently smart enough to be able to tell what you're doing and shuts your system down after making it unbootable. Seems to have been a Java exploit.
I re-imaged the drive with a system image I made when the computer was new, after I had installed all the programs I wanted, to make such things easier rather than always having to do a fresh install from discs.
However, this time, after doing the re-image, (and updating Windows, plus removing Java) I did a scan with MSE and it detected
Exploit:Java/Toniper (the same thing I had prior to the re-image) and
TrojanDownloader:Java/OpenConnection.OU
Both of these were detected on single files located in the Java 6 Cache, I assume from the Java SSV Helper browser plugin in IE9 since the Java 7+ cache was removed when uninstalling the actual Java program.
There aren't any symptoms of the redirect or any other infections so far, I've run TDSSkiller and it comes up with nothing, so I'm just wondering if these are false positives, or if these things can really infect a system so badly that they can just resurrect themselves even after a re-image.
There doesn't seem to be a whole lot of info out there on Java/Toniper, apparently these exploits are supposed to be old news, but MSE keeps letting stuff like this by, and by the time it does (or when a manual full scan is performed) the system to too compromised to salvage, and a re-image or fresh install is needed.