cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alanrf
Contributor III
Message 11 of 15
‎05-23-2011 04:49 AM

Re: Downloader-BCS Trojan

Jump to solution

Thanks for that further info.  The interesting point on the Microsoft page is their recommendation - To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product ..

Fascinating - hopefully, therefor, we have to assume, (can we?), that McAfee is up to the job.  Although, as I noted before, why didn't the Real Time Scan detect any anomalies.

As a point of interest though, the issue occurs, (occurred?) on a Dell box that was installed 'by the book' from new and the various updates required were not invoked until after the McAfee software was initialized - on the (hopeful,if naive) basis that that would be a good first step to take.

All of my Java components are the latest, showing as v 1.6.0_24 on both FireFox and Explorer 8.  Mind you;looking at the Control panel shows that I apparently also have v 1.6.0_18 (64-bit), but ths is  not normally invoked as IE runs in 32-bit mode by default anyway.

As I'm runnng Win 7 there is no way to either stop, or invoke any update procedure, all of which happens on the fly as and when deemd necessary by Sun  Microsystems, unlike Vista where I can at least make my own choice if I so wish.

All very strange as it appears  that I have and continue to have the latest version installed.  Indeed, the same version as on my other boxes, none of which have detected any anomalies =-so far!

Message was edited by: alanrf on 23/05/11 11:49:52 GMT
0 Kudos
Reply
exbrit
MVP
Message 12 of 15
‎05-23-2011 05:05 AM

Re: Downloader-BCS Trojan

Jump to solution

Downloader-BCS is on McAfee's books since 2007:  http://vil.nai.com/vil/content/v_142494.htm however, maybe some variants are out there.  Java exploits can happen just about anywhere at any time unfortunately.

My Java updated to 1.6.0-25 the other day (IE9 and FF4) and I don't bother installing the 64-bit one as I never use the 64-bit I.E. browser which is really only a novelty at the moment.

I set the Java Console to advise me when updates are available:

Capture.JPG

Message was edited by: Ex_Brit on 23/05/11 8:06:49 EDT AM
0 Kudos
Reply
Hayton
Honored Contributor III
Message 13 of 15
‎05-23-2011 05:27 AM

Re: Downloader-BCS Trojan

Jump to solution

Why didn't real-time scanning detect this? Well, I think the relevant phrase in the Microsoft description is probably  "security checks may be bypassed". The downloaded code would almost certainly have been obfuscated to evade detection. McAfee will only notice this when the code has been installed and has a recognisable signature (although signature-based detection is on the way out, being replaced by Cloud-based detection).

As for the non-McAfee updates, I hope you didn't leave the updating for too long after installing McAfee. Exploits targetting unpatched software will be picked up by McAfee, but software vendors get their own fixes in first.  The good news is that Windows 7 is less likely to be affected by malware than Vista or XP.

Java : you're not on the latest version, I'm afraid. That's Version 6 Update 25 (see below). If you have more than one version of Java on your system, uninstall them all and reinstall the latest version. Java seems vulnerable to exploits against older versions, which seem to run with newer patches loaded on top (and for whatever reason, the older versions can still get bypassed by malware. Don't ask me how it's done). Java Version.PNG

0 Kudos
Reply
alanrf
Contributor III
Message 14 of 15
‎05-23-2011 05:44 AM

Re: Downloader-BCS Trojan

Jump to solution

Coincidentally, just as I was reading the last post the Java Update notification came through on the other, (possibly infected), box.  So now, one box on 1.6.0_25 and three more to go.

As I'm running Java on Vista and Win 7 boxes, and as by default Win 7 is an automatic update, I'll just sit back and wait for things to happen. On this (Vista) box the last update, (1.6.0_24), was on 27 February so I'll wait until the end of the week when the latest version should fire up.

Yes, your explanation of the possible failure of the real time scan seems quite plausible.   I am assuming that something was found on the initial scan, then the subsequent Quick scan found something that it could act on and then deleted it, so that when I checked the Quarantine drawer everything had gone.

Again, I agree with you that there is a window of opportunity that occurs between the various stages of initial installation, although in practice it is hard to see how this can be closed down.   Finally, checking my Win 7 box via Control panel confirms the current installation, as noted above, but gives the original installation date as around a month before I actually purchased the computer in August last year.   Not sure what version would have been installed by the makers, (Dell) but that may have been the weak link.

Thanks both of you for your interest and helpful contributions - much appreciated.  I know how frustrating it can be offering suppor when no one ever responds or reports back!

0 Kudos
Reply
exbrit
MVP
Message 15 of 15
‎05-23-2011 05:52 AM

Re: Downloader-BCS Trojan

Jump to solution

Thanks and all the best 😉

0 Kudos
Reply
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community

* Important Terms and Offer Details:

  Subscription, Free Trial, Pricing and Automatic Renewal Terms:

  • The amount you are charged upon purchase is the price of the first term of your subscription. The length of your first term depends on your purchase selection (e.g. 1 month or 1 year).  Once your first term is expired, your subscription will be automatically renewed on an annual basis (with the exception of monthly subscriptions, which will renew monthly) and you will be charged the renewal subscription price in effect at the time of your renewal, until you cancel (Vermont residents must opt-in to auto-renewal.)
  • Unless otherwise stated, if a savings amount is shown, it describes the difference between the introductory first term price (available only to customers without an existing McAfee subscription) and the renewal subscription price (e.g., first term price vs. each year thereafter).
  • Pricing is subject to change. If the renewal price changes, we will notify you in advance so you always know what’s going on.
  • You can cancel your subscription or change your auto-renewal settings any time after purchase from your My Account page. To learn more, click here.
  • You may request a refund by contacting Customer Support within 30 days of initial purchase or within 60 days of automatic renewal (for 1 year terms or longer).
  • Your subscription is subject to our License Agreement and Privacy Notice. Subscriptions covering "all" devices are limited to supported devices that you own. Product features may be added, changed or removed during the subscription term.  Not all features may be available on all devices.  See System Requirements for additional information.
  • Free Trial Terms: At the end of your trial period you will be charged $39.99 for the first term. After the first term, you will be automatically renewed at the renewal price (currently $124.99/yr). We will charge you 7-days before renewal. You can cancel at any time before you are charged. ​

 **Free Benefits With Auto-Renewal:

  • For many qualifying product subscriptions McAfee offers additional benefits for free when you are enrolled in auto-renewal. You can check your eligibility for these benefits in your My Account page. Not all benefits are offered in all locations or for all product subscriptions.  System Requirements apply.   Turning off auto-renewal terminates your eligibility for these additional benefits. 
  • Virus Protection Pledge (VPP): If we cannot remove a virus from your supported device we’ll refund you the amount you paid for your current term subscription.  The refund does not apply to any damage or loss caused by a virus.  You are responsible for backing up your data to prevent data loss. See terms here: mcafee.com/pledge.
  • Safe Connect VPN:  You will receive free, unlimited access to our VPN wireless on supported devices. Users not on auto-renewal have access to 500 MB/month of bandwidth.

   Additional Terms Specific to Identity Monitoring Service:

  • Eligibility: McAfee® Identity Monitoring Service Essentials is available within active McAfee Total Protection and McAfee LiveSafe subscriptions with identity monitoring for up to 10 unique emails. Phone number monitoring is enabled upon activation of Automatic Renewal. Not all identity monitoring elements are available in all countries. See Product Terms of Service for more information. 
  • Your subscription is subject to our License Agreement and Privacy Notice. Product features may be added, changed or removed during the subscription term. Some features may require registration and a valid ID number to activate. See System Requirements for additional information.
  • While McAfee Identity Monitoring Service provides you tools and resources to protect yourself from identity theft, no identity can be completely secure.
  • US Only:
    Fair Credit Reporting Act: You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute, but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.
  • Identity theft coverage is not available in New York due to regulatory requirements.


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Products

McAfee® Total Protection
McAfee® Gamer Security
McAfee® Identity Monitoring Service
McAfee® Security Scan Plus
McAfee® WebAdvisor
McAfee® Techmaster Concierge
McAfee® Virus Removal Service

Resources

Antivirus
Free Downloads
Parental Controls
Malware
Firewall
 Blogs
Activate Retail Card
Threat Center
McAfee Enterprise

Support

Consumer Support
FAQs
Renewals
Support Community

About

About McAfee
Careers
Contact Us
Newsroom
Investors
Legal Terms
Your Privacy Choices
System Requirements
Sitemap

Copyright © 2022 McAfee, LLC
Copyright © 2022 McAfee, LLC