Exploit:Java/CVE-2011-3544.B

I am trying to backup my computer to a flash drive using Windows 7's backup and restore feature. It gets part way through and then Microsoft Security Essentials pops up saying it found a virus, Exploit:Java/CVE-2011-3544.B and it stops. I run the anti virus program and it removes the file until I start to do the backup again and it finds the same virus, over and over. The history in MSE says the virus has been removed. Anyone have an idea what I should do?

No response. I must be in the wrong forum.

No, I don't believe you're in the wrong forum, as this is the security forum. Anything that has to do with security can be discussed here.

Java, is a feature that can be exploited, if not kept up to date. And remember, when updating Java, remove the old version first (this applies to Flash also). Then install the newest version of Java. I can't find the bookmark right now, but I recall reading that the older version should be uninstalled before installing the new.

Here it is, straight from Oracle itself:

Why should I remove older versions of Java from my system?

In the article, it clearly states that keeping older & unsupported versions of Java is a security risk. This may very well be the answer to your question.

Best of Luck,
Cat

Hi iflog,

If you are still experiencing this problem, let's calm down, take one step at a time, and make a game plan for resolving your problem. It is important that you understand that if this is a real threat identified by Microsoft Security Essentials (MSE), it is very important that you quarantine and eliminate the threat immediately.

Assess the threat: Identify the nature of the threat

Exploit:Java/CVE-2011-3544.B is malware that affects Java and its related systems. Because Java is platform independent, and can function in nearly all mainstream operating systems, these threats can be extremely severe. This one, in particular, is capable of infecting both Windows and Linux workstations and servers, and is not limited to the Sun Java in your Windows computer. The malware exploit was assessed to impact computers with IBM Java, Oracle Java, and most systems that have any version or derivative of Java 1.6.0* installed, Avaya VoIP systems, Apple Mac OS X, and so on were all at risk. Sun Systems released a patch to prevent the Java exploit in October and many OS vendors distributed this information to their customers. So severe and common is this one, that the U.S. Department of Homeland Security NIST rated the severity of this exploit to be 10.0 for both impact and exploitability.

"Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service." - NIST, Department of Homeland Security website 10/2011

This is a major security penetration of your system that is easy for an attacker to use. In some cases, it will appear as a variant or fake anti-virus or anti-malware product.

Isolate, quarantine, and eliminate the exploit

MSE cannot handle the removal of the problem without the latest definitions and software. To further understand this, please consult with the Microsoft Malware Protection Center regarding Java/CVE-2011-3544.B.

Make sure that both the signature definition database and the engine for Microsoft Security Essentials is up-to-date. If you have no idea how to do so, download MSE again, and begin to update the definitions from within the software.

• This step will help determine that the threat identified by MSE is legitimate and not a false positive.
• This thread may completely eliminate the threat from your system or eliminate the files creating the threat.
• If you still cannot eliminate the threat, it is time to call further software into action.

Eliminating the Threat in Safe Mode

If Microsoft Security Essentials cannot eliminate the threat, consider running MSE from Safe Mode. You can access your computer in Safe Mode, by restarting the computer, and repeatedly hitting the F8 key before the Windows logo screen appears on your computer. From the menu, select Safe Mode. Run MSE again and perform a complete scan of your system. There are contingencies if this does not work.

Download Malwarebytes
Install the software and run a full scan
Eliminate all threats that are found
Run MSE again.

OR

Microsoft Standalone System Sweeper Beta | Microsoft Connect

If All of the Above Steps Fail...

Malwarebytes will operate with Microsoft Security Essentials without any compatibility problems. If this does not solve the issue, uninstall MSE and replace it with a commercial anti-virus solution. I professionally recommend ESET Smart Security as a full solution without question. We sponsor this software at Windows7Forums.com specifically because of its detection rate, its advanced heuristics, and its enormous reliability.

Update Java Now and Keep it Automatically Updated

First, do yourself a favor with Java. Go to Start -> Search -> Java

In 64-bit Windows, it will come up in the Windows Search Index as Java (32-bit). Go ahead and open this up, go to the Update tab, and select Notify me: Before Installing.

Then, make sure the box for Check for Updates Automatically is flagged as selected.

Click on Advanced, and set the update check frequency to weekly or daily instead of monthly, and choose a time when you believe your computer will be on, but unlikely to be in use.

I highly recommend this so that you can prevent the possibility of Java exploits infiltrating your system again. A lapse in timely updates being applied was likely a major contributor to this problem.

Delete Java's Temporary Internet Files under the same section in the General tab.

Make sure you are running the latest version of Java.

Under Java -> General -> About get your version information.

Today, on February 12, 2012, that version is Version 6 Update 30 (1.6.0_30-b12). That will likely change very soon, and in many cases, as soon as the next exploit is discovered.

Resources:

National Vulnerability Database (NVD) National Vulnerability Database (CVE-2011-3544)

I was checking on Java updates today, since I had a prompt to update. Where are all of these new Java updates coming from? Java's in the 1.7 range now. There's been 5 releases since 1.6.0.30. But on my Win 2K install, Version 6 Update 30 is far as it will update (at this time).

The latest is actually 1.7.0.3 (32 bit). Source:

Download Java Runtime Environment 1.7.0.3 (32-bit) - Technical Details - FileHippo.com

My Windows 7 installs just updated to this version, but I chose to download manually, removed the old version (per Oracle's instructions in my post above) & installed the new.

I bring this up because different sites reports different versions as being current. There are many updates that I get from File Hippo, but that latest version that's listed is what my computers updated to (through Oracle, not File Hippo). The release date is 02/15/2012.

Cat

Why is Java SE 7 not yet available on java.com?
The new release of Java is first made available to the developers to ensure no major problems are found before we make it available on the java.com website for end users to download the latest version. If you are interested in trying Java SE 7 it can be downloaded from Oracle.com

Java SE 7

(Is Java a security nightmare? The answer to that question, in my opinion, is yes. This is because it is a cross-platform system, and it is always going to be a primary target. Even releasing a new version on their main site would drive security problems through the roof on older systems.)

After carefully reading through this thread, & many of the links, I've decided to get the latest version straight from the source, Oracle.

That way I should be safe. However, I do follow the advice given by Oracle, and have for a while. That's to uninstall the old before installing the new. Given that the older versions may pose a security risk, we need to completely remove it. Revo Uninstaller is good for this, as it gets the registry entries (using the most aggressive method).

Cat

Bye Bye, Java! I remove it from every install as soon as I get to it. Some users needs it, but that number is actually small. Meaning that most of us can go without Java.

If Java isn't installed on the system, and all remnants of the program removed, then it's no threat at all.

Cat