P3
FULL PRODUCT VERSION :
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b16)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.2.9200]
A DESCRIPTION OF THE PROBLEM :
Windows Defender reports the following threat on my computer:
Exploit: Java/CVE-2010-0840
Category: Exploit
Description: This program is dangerous and exploits the computer on which it is run.
Recommended action: Remove this software immediately.
Items:
containerfile:G:\Users\CElliott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-5ea9a372
file:G:\Users\CElliott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-5ea9a372->smbkhrnvpetuqumq/jjvefskfgsqheydmybmfw.class
Get more information about this item online. (http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Exploit%3aJava%2fCVE-2010-0840&threatid=2147643366)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run Windows Defender on a vulnerable computer.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No malware
ACTUAL -
Windows Defender indicates that there is a trojan hidden in a java class inside the sun/Java/deployment cache.
You should be aware that the directory indicated by Windows Defender (WD) is now empty. It is possible that WD has already hidden the offending file. However, the entire cache is now devoid of contents. The date the cache was created is 04/30/2013.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Category: Exploit
Description: This program is dangerous and exploits the computer on which it is run.
Recommended action: Remove this software immediately.
Items:
containerfile:G:\Users\CElliott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-5ea9a372
file:G:\Users\CElliott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-5ea9a372->smbkhrnvpetuqumq/jjvefskfgsqheydmybmfw.class
Get more information about this item online.
(http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Exploit%3aJava%2fCVE-2010-0840&threatid=2147643366)
REPRODUCIBILITY :
This bug can be reproduced rarely.
CUSTOMER SUBMITTED WORKAROUND :
You should be aware that the directory indicated by Windows Defender (WD) is now empty. It is possible that WD has already hidden the offending file.
java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b16)
Java HotSpot(TM) 64-Bit Server VM (build 23.25-b01, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.2.9200]
A DESCRIPTION OF THE PROBLEM :
Windows Defender reports the following threat on my computer:
Exploit: Java/CVE-2010-0840
Category: Exploit
Description: This program is dangerous and exploits the computer on which it is run.
Recommended action: Remove this software immediately.
Items:
containerfile:G:\Users\CElliott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-5ea9a372
file:G:\Users\CElliott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-5ea9a372->smbkhrnvpetuqumq/jjvefskfgsqheydmybmfw.class
Get more information about this item online. (http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Exploit%3aJava%2fCVE-2010-0840&threatid=2147643366)
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run Windows Defender on a vulnerable computer.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No malware
ACTUAL -
Windows Defender indicates that there is a trojan hidden in a java class inside the sun/Java/deployment cache.
You should be aware that the directory indicated by Windows Defender (WD) is now empty. It is possible that WD has already hidden the offending file. However, the entire cache is now devoid of contents. The date the cache was created is 04/30/2013.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Category: Exploit
Description: This program is dangerous and exploits the computer on which it is run.
Recommended action: Remove this software immediately.
Items:
containerfile:G:\Users\CElliott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-5ea9a372
file:G:\Users\CElliott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-5ea9a372->smbkhrnvpetuqumq/jjvefskfgsqheydmybmfw.class
Get more information about this item online.
(http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Exploit%3aJava%2fCVE-2010-0840&threatid=2147643366)
REPRODUCIBILITY :
This bug can be reproduced rarely.
CUSTOMER SUBMITTED WORKAROUND :
You should be aware that the directory indicated by Windows Defender (WD) is now empty. It is possible that WD has already hidden the offending file.