Author Topic: Virus? Exploit:Jsvs/CVE-2012-1723  (Read 19266 times)

0 Members and 1 Guest are viewing this topic.

2globose

  • Guest
Virus? Exploit:Jsvs/CVE-2012-1723
« on: December 18, 2012, 07:48:55 AM »
Something is disabling functions on my machine.  Cannot open most of the applications in the Control Panel.  I think it is    Exploit:Jsvs/CVE-2012-1723

I tried to include a DDS.txt log but it was too long and Avast system would not let me post because the message exceded the 10000 character limit.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #1 on: December 18, 2012, 08:22:19 AM »
Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR..!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #2 on: December 18, 2012, 08:40:19 AM »
is your java updated?

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Exploit%3AJava%2FCVE-2012-1723

Quote
The following versions of Java are vulnerable to this exploit:

JDK and JRE 7 Update 4 and earlier Java SE
JDK and JRE 6 Update 32 and earlier Java SE
JDK and JRE 5.0 Update 35 and earlier Java SE
SDK and JRE 1.4.2_37 and earlier Java SE


2globose

  • Guest
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #3 on: December 18, 2012, 06:07:21 PM »
No I don't think Java is up to date.  I am in the process of creating logs as instructed.

2globose

  • Guest
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #4 on: December 18, 2012, 06:29:01 PM »
her they are

2globose

  • Guest
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #5 on: December 18, 2012, 06:40:06 PM »
Tried to run the antiroot program and it unexpectedly stopped working. 

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #6 on: December 18, 2012, 06:51:57 PM »
Tried to run the antiroot program and it unexpectedly stopped working.
you may try run it from safe mode....if no success essexboy have more tools if needed  ;)

2globose

  • Guest
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #7 on: December 18, 2012, 06:57:18 PM »
Here is the aswMBR log. 

2globose

  • Guest
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #8 on: December 18, 2012, 07:07:26 PM »
Do I need to continue with the next steps starting with:

SPECIFIC INFECTIONS LOGS

If you have the hard drive infection and are no longer able to see your files/folders/start menu then do not run any temporary file cleaners but download and run the following programme:

Download RogueKiller  and save it on your desktop.
 
NOTE: If using IE8 or better Smartscreen Filter will need to be disabled


Quit all programs
Start RogueKiller.exe.

Wait until Prescan has finished ... 
    Click on Scan

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #9 on: December 18, 2012, 07:23:37 PM »
Could you delete the copy of combofix that you have

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xqtpcpmu.sys -- (xqtpcpmu)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\wdmiuyya.sys -- (wdmiuyya)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2012/10/22 06:56:33 | 000,097,641 | ---- | C] () -- C:\ProgramData\puisyngkqqeuabd
[2011/11/24 23:43:08 | 000,000,240 | ---- | C] () -- C:\ProgramData\~EcQdpl2SHOEmMXr
[2011/05/02 10:29:23 | 000,000,088 | -HS- | C] () -- C:\Users\USER\AppData\Roaming\27FGHDTZQ43K327FV6JFD8LTD7

:Files
C:\Users\keithf\AppData\Local\{8527c484-1c70-49fc-e80c-ca7403d90f70}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

2globose

  • Guest
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #10 on: December 18, 2012, 07:43:41 PM »
Here is the first log requested, from the OTL scan.

2globose

  • Guest
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #11 on: December 18, 2012, 07:48:43 PM »
Tried to run Combofix but I get a warning that Microsoft Security Essentials is running.  I cannot open it to disable it.  I get a dialogue box that goes away so fast that I cannot read it but I saw .dll at the end of the program listed.

I have no system tray icon for Microsoft Security Essentials nor can I access the uninstall feature in Control Panel.  Should I run the combofix scan even the it states that results will be unpredictable?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #12 on: December 18, 2012, 07:50:40 PM »
Yes accept the warning

2globose

  • Guest
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #13 on: December 18, 2012, 08:01:15 PM »
HEre is the Combofix log

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Virus? Exploit:Jsvs/CVE-2012-1723
« Reply #14 on: December 18, 2012, 08:16:25 PM »
What problems remain