Exploit:Java/CVE-2008-5353.B;Trojan:Java/Selace.A and B

[Barbara511]

Help! I ran the Windows Safety Scanner. It detected four issues, but apparently, the scanner cannot clean three:

Exploit:Java/CVE-2008-5353.B
Trojan:Java/Selace.A
Trojan:Java/Selace.B

There is no concrete information on how to get rid of these unwanted visitors and prevent them from inviting themselves back. Please help! The virus keeps on re-directing me 80% of the time...

Thank you!

 

[zigzag3143]

Help! I ran the Windows Safety Scanner. It detected four issues, but apparently, the scanner cannot clean three:

Exploit:Java/CVE-2008-5353.B
Trojan:Java/Selace.A
Trojan:Java/Selace.B

There is no concrete information on how to get rid of these unwanted visitors and prevent them from inviting themselves back. Please help! The virus keeps on re-directing me 80% of the time...

Thank you!

Hi Barbara and welcome to seven forums

What do you have as an anti virus now?
If you can get to malwarebytes web page you can download from them and run. It isnt as known as a major AV and therefor less likely to be blocked
You can also try to boot in safe mode with networking.

Let us know what you find and how we can help

Ken J

 

[Barbara511]

Thank you for the prompt response... I have McAfee. I ran Malwarebytes last night (I had fake alerts, slowness and re-directing as symptoms) and it did pick up some issues, which were all removed (and I restarted the PC). Today, I ran Windows Safety Scanner, because one of the infection symptoms was still there (the re-directing). There is very little info on the virus in question, other then the two trojans come as a package with the Exploit bit... So, what should be my next step?

Thank you once again!

 

[Barbara511]

PS: I am running the Malwarebytes again... I will report on the result within the next hour and 15 minutes.

PS2: Also, when I tried to locate the infected files on c: drive, I could not... They were just not there (at least, not under the given address). :huh:

 

[Barbara511]

OK. Malwarebytes just completed its scan and did not pick up on any of the problems. But, they are still there, as the incessant re-directing proves... HELP!

Thanx,
B

 

[iseeuu]

OK. Malwarebytes just completed its scan and did not pick up on any of the problems. But, they are still there, as the incessant re-directing proves... HELP!

Thanx,
B

Barbara;

I found some links about your Trojan:Java/Selace.A:

Encyclopedia entry: Trojan:Java/Selace.A - Learn more about malware - Microsoft Malware Protection Center

Java Byte/Verify and Trojan Java/Classloader - Wilders Security Forums

Java Trojan and Trojans Are Hitting Us Hard!

Vmyths

Microsoft suggests installing a different anti virus (you will want to disable your McAfee while running other anti virus programs) like

http://www.microsoft.com/security_essentials/

I like AVG Free - Download Free Antivirus and Antispyware for Windows 7, Vista and XP

Link to some others: http://www.sevenforums.com/system-security/34542-mse-voted-best-free-anti-virus.html

You might need to use another computer to download the anti virus programs and install them on yours?

Let us know how it goes?

Robert

 

[Barbara511]

Robert: Thank you for the links. I scanned them quickly and think I may be able to find some good info there. It is late now though. I will deal with this again tomorrow and report on progress (I hope there will be one ). Meanwhile, if anything else comes to mind, please post.

Thank you once again!
B

 

[Dinesh]

http://www.microsoft.com/Security_Essentials/ .
Update and run a full scan.

 

[Jacee]

Barbara,
Download ATF Cleaner ATF-Cleaner.exe - www.atribune.org
Click "Main" > check 'select all' (except Prefetch) this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.
Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

Next,

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u17 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Programs and Features and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Scan your computer again with antimalware programs.

 

[grenneam]

It showed up on my PC too.

Hi Barbara,
I ran the the windows protection center on my PC too and the same problems showed up. Sneaky little devils! However, when I went to the path indicated I was able to see the JRECache file that was mentioned in the output. You may not have been able to see it because of having the Hide Protected Operating System Files box checked in Explorer. You can uncheck this box and see if the files show up. I was able to delete them without any problem. Afterward, you may want to check re-hide the OS files. The checkbox can be found under Explorer - Tools - FolderOptions - View. It about the 8th item in the list. BTW - I haven't noticed any Redirection problems or unwanted Pop-ups on my PC while surfing. Does anyone know what the Symptom are in regard to these Java programs? I mention this because you may have something else hiding somewhere in your PC. You may want to run an external Virus checker or contact a site like PCPitStop and submit a HJT log for analysis. Good Luck!

 

[Jacee]

more here: http://www.microsoft.com/security/p...ame=Trojan:Java/Selace.A&ThreatID=-2147338233
and here:
Encyclopedia entry: Trojan:Java/Selace.B - Learn more about malware - Microsoft Malware Protection Center

 

[grenneam]

Thank You, Jacee - That was good info.

 

[Jacee]

You're welcome grenneam

 

[Barbara511]

Hello Everyone! Thank you for all your responses. I have been digesting and studying all the info provided and will likely proceede with the steps suggested by Jacee.

Grenneam: I think you are correct about the hidden files. I remember choosing the option to hide them a few months ago (due to another problem I was having). I will check tomorrow.

All in all, there is so little info available on this bugger! Most of what's out there deals with prevention, rather then annihilation... So, all the suggestions here have been priceless!


I will report tomorrow how it goes.
Thank you once again!
B

 

[Barbara511]

Barbara,
Download ATF Cleaner ATF-Cleaner.exe - www.atribune.org
Click "Main" > check 'select all' (except Prefetch) this first time using it, then click "Empty Selected". Do the same for FireFox or Opera if you use either of those browsers.
Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.

Next,

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java Runtime Environment (JRE) 6u17 allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Programs and Features and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

Scan your computer again with antimalware programs.

Hello Jacee!

I did everything. A few snagges along the way, but Java is back in, and according to Windows Safety Scanner, the three viruses are now gone... The computer is working decidedly faster. On the other hand, the re-directing is still present... I think I will contact Microsoft and see if they can fix...

Thank you for your help though! It did help me get rid of the three problems.

B

 

[iseeuu]

I did everything. A few snagges along the way, but Java is back in, and according to Windows Safety Scanner, the three viruses are now gone... The computer is working decidedly faster. On the other hand, the re-directing is still present... I think I will contact Microsoft and see if they can fix...

Thank you for your help though! It did help me get rid of the three problems.

B

Barbara;

Here is a Microsoft link on help to stop browser hijacking of IE.

Browser Not Working? Prevent Browser Hijacking - Microsoft Security

It is easy to hijack, the bad guys just send IE through their proxy server. In IE: go to "Internet Options", "Connections", "Lan settings", and see if there is a "Proxy server" listed. Delete (assuming you are not using a proxy server) the address and untic the "Proxy server" box to stop using the Proxy server.

Cheers!
Robert

 

[justabill]

Barbara,
Hello, I have the same problem. For the last month, my Internet Explorer has been crashing. I ran the safety scanner, and it came up with the same 3 things you did. My question is, I have AVG full on my computer and do a daily scanner. Why wouldn't the AVG pick them up? Any ideas from anyone?

I'll try the method someone suggested and let you know.

JustABill

 

[NickofTime]

I just started using Microsoft Security Essentials which did in fact detect and quarantine exploit:java/cve-2008-5353.oz
I was a very happy camper.
Also don't forget the old staples: system restore and as a last resort: re-load operating system.

Just my HO

 

[mr pc]

Just ran MSSE and found three similar files/exploits

Java/CVE-2008-5353.JH
Java/CVE-2008-5353.EQ
Java/CVE-2009-3867.EH

I quarantined and tried finding any connection of these with any of the programs on my machine - no dice

I just updated to IE9, Opera 10.10, and just installed Bumptop out of curiosity

I'm apprehensive to remove if these are false positives

I also have Threatfire on my machine, Win Firewall on and presumably my Belkin router firewall

Threatfire scan did not detect it

MBAM didn't detect anything

hmmm

 

[Jacee]

If you've left old versions of Java on your computer and not installed the latest version, (JRE) 6u21, then you can see why these exploits were detected:
Please read this Encyclopedia entry: Trojan:Java/Selace.D - Learn more about malware - Microsoft Malware Protection Center