Windows 7 Exploit:Java/CVE-2011-3544.B

Discussion in 'Windows Security' started by iflog, Jan 30, 2012.

  1. iflog

    iflog Senior Member

    Joined:
    Jan 19, 2010
    Messages:
    43
    Likes Received:
    0
    I am trying to backup my computer to a flash drive using Windows 7's backup and restore feature. It gets part way through and then Microsoft Security Essentials pops up saying it found a virus, Exploit:Java/CVE-2011-3544.B and it stops. I run the anti virus program and it removes the file until I start to do the backup again and it finds the same virus, over and over. The history in MSE says the virus has been removed. Anyone have an idea what I should do?
     
    #1 iflog, Jan 30, 2012
    Last edited by a moderator: Feb 12, 2012
  2. iflog

    iflog Senior Member

    Joined:
    Jan 19, 2010
    Messages:
    43
    Likes Received:
    0
    Re: Exploit:Java

    No response. I must be in the wrong forum.
     
  3. catilley1092

    catilley1092 Extraordinary Member

    Joined:
    Nov 19, 2010
    Messages:
    1,034
    Likes Received:
    46
    Re: Exploit:Java

    No, I don't believe you're in the wrong forum, as this is the security forum. Anything that has to do with security can be discussed here.

    Java, is a feature that can be exploited, if not kept up to date. And remember, when updating Java, remove the old version first (this applies to Flash also). Then install the newest version of Java. I can't find the bookmark right now, but I recall reading that the older version should be uninstalled before installing the new.

    Here it is, straight from Oracle itself:

    Why should I remove older versions of Java from my system?

    In the article, it clearly states that keeping older & unsupported versions of Java is a security risk. This may very well be the answer to your question.

    Best of Luck,
    Cat
     
  4. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    Hi iflog,

    If you are still experiencing this problem, let's calm down, take one step at a time, and make a game plan for resolving your problem. It is important that you understand that if this is a real threat identified by Microsoft Security Essentials (MSE), it is very important that you quarantine and eliminate the threat immediately.

    Assess the threat: Identify the nature of the threat

    Exploit:Java/CVE-2011-3544.B is malware that affects Java and its related systems. Because Java is platform independent, and can function in nearly all mainstream operating systems, these threats can be extremely severe. This one, in particular, is capable of infecting both Windows and Linux workstations and servers, and is not limited to the Sun Java in your Windows computer. The malware exploit was assessed to impact computers with IBM Java, Oracle Java, and most systems that have any version or derivative of Java 1.6.0* installed, Avaya VoIP systems, Apple Mac OS X, and so on were all at risk. Sun Systems released a patch to prevent the Java exploit in October and many OS vendors distributed this information to their customers. So severe and common is this one, that the U.S. Department of Homeland Security NIST rated the severity of this exploit to be 10.0 for both impact and exploitability.

    "Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service." - NIST, Department of Homeland Security website 10/2011

    This is a major security penetration of your system that is easy for an attacker to use. In some cases, it will appear as a variant or fake anti-virus or anti-malware product.

    Isolate, quarantine, and eliminate the exploit

    MSE cannot handle the removal of the problem without the latest definitions and software. To further understand this, please consult with the Microsoft Malware Protection Center regarding Java/CVE-2011-3544.B.

    Make sure that both the signature definition database and the engine for Microsoft Security Essentials is up-to-date. If you have no idea how to do so, download MSE again, and begin to update the definitions from within the software.


    • This step will help determine that the threat identified by MSE is legitimate and not a false positive.
    • This thread may completely eliminate the threat from your system or eliminate the files creating the threat.
    • If you still cannot eliminate the threat, it is time to call further software into action.
    Eliminating the Threat in Safe Mode

    If Microsoft Security Essentials cannot eliminate the threat, consider running MSE from Safe Mode. You can access your computer in Safe Mode, by restarting the computer, and repeatedly hitting the F8 key before the Windows logo screen appears on your computer. From the menu, select Safe Mode. Run MSE again and perform a complete scan of your system. There are contingencies if this does not work.

    Download Malwarebytes
    Install the software and run a full scan
    Eliminate all threats that are found
    Run MSE again.

    OR

    Microsoft Standalone System Sweeper Beta | Microsoft Connect

    If All of the Above Steps Fail...

    Malwarebytes will operate with Microsoft Security Essentials without any compatibility problems. If this does not solve the issue, uninstall MSE and replace it with a commercial anti-virus solution. I professionally recommend ESET Smart Security as a full solution without question. We sponsor this software at Windows7Forums.com specifically because of its detection rate, its advanced heuristics, and its enormous reliability.

    Update Java Now and Keep it Automatically Updated

    First, do yourself a favor with Java. Go to Start -> Search -> Java

    In 64-bit Windows, it will come up in the Windows Search Index as Java (32-bit). Go ahead and open this up, go to the Update tab, and select Notify me: Before Installing.

    Then, make sure the box for Check for Updates Automatically is flagged as selected.

    Click on Advanced, and set the update check frequency to weekly or daily instead of monthly, and choose a time when you believe your computer will be on, but unlikely to be in use.

    I highly recommend this so that you can prevent the possibility of Java exploits infiltrating your system again. A lapse in timely updates being applied was likely a major contributor to this problem.

    Delete Java's Temporary Internet Files under the same section in the General tab.

    Make sure you are running the latest version of Java.

    Under Java -> General -> About get your version information.

    Today, on February 12, 2012, that version is Version 6 Update 30 (1.6.0_30-b12). That will likely change very soon, and in many cases, as soon as the next exploit is discovered.

    Resources:

    National Vulnerability Database (NVD) National Vulnerability Database (CVE-2011-3544)
     
    #4 Mike, Feb 12, 2012
    Last edited by a moderator: Feb 12, 2012
  5. catilley1092

    catilley1092 Extraordinary Member

    Joined:
    Nov 19, 2010
    Messages:
    1,034
    Likes Received:
    46
    I was checking on Java updates today, since I had a prompt to update. Where are all of these new Java updates coming from? Java's in the 1.7 range now. There's been 5 releases since 1.6.0.30. But on my Win 2K install, Version 6 Update 30 is far as it will update (at this time).

    The latest is actually 1.7.0.3 (32 bit). Source:

    Download Java Runtime Environment 1.7.0.3 (32-bit) - Technical Details - FileHippo.com

    My Windows 7 installs just updated to this version, but I chose to download manually, removed the old version (per Oracle's instructions in my post above) & installed the new.

    I bring this up because different sites reports different versions as being current. There are many updates that I get from File Hippo, but that latest version that's listed is what my computers updated to (through Oracle, not File Hippo). The release date is 02/15/2012.

    Cat
     
  6. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    Java SE 7

    (Is Java a security nightmare? The answer to that question, in my opinion, is yes. This is because it is a cross-platform system, and it is always going to be a primary target. Even releasing a new version on their main site would drive security problems through the roof on older systems.)
     
  7. catilley1092

    catilley1092 Extraordinary Member

    Joined:
    Nov 19, 2010
    Messages:
    1,034
    Likes Received:
    46
    After carefully reading through this thread, & many of the links, I've decided to get the latest version straight from the source, Oracle.

    That way I should be safe. However, I do follow the advice given by Oracle, and have for a while. That's to uninstall the old before installing the new. Given that the older versions may pose a security risk, we need to completely remove it. Revo Uninstaller is good for this, as it gets the registry entries (using the most aggressive method).

    Cat
     
  8. catilley1092

    catilley1092 Extraordinary Member

    Joined:
    Nov 19, 2010
    Messages:
    1,034
    Likes Received:
    46
    Bye Bye, Java! I remove it from every install as soon as I get to it. Some users needs it, but that number is actually small. Meaning that most of us can go without Java.

    If Java isn't installed on the system, and all remnants of the program removed, then it's no threat at all.

    Cat
     

Share This Page

Loading...