Thanks for that further info. The interesting point on the Microsoft page is their recommendation - To detect and remove this threat and other malicious software that may be installed in your computer, run a full-system scan with an up-to-date antivirus product ..
Fascinating - hopefully, therefor, we have to assume, (can we?), that McAfee is up to the job. Although, as I noted before, why didn't the Real Time Scan detect any anomalies.
As a point of interest though, the issue occurs, (occurred?) on a Dell box that was installed 'by the book' from new and the various updates required were not invoked until after the McAfee software was initialized - on the (hopeful,if naive) basis that that would be a good first step to take.
All of my Java components are the latest, showing as v 1.6.0_24 on both FireFox and Explorer 8. Mind you;looking at the Control panel shows that I apparently also have v 1.6.0_18 (64-bit), but ths is not normally invoked as IE runs in 32-bit mode by default anyway.
As I'm runnng Win 7 there is no way to either stop, or invoke any update procedure, all of which happens on the fly as and when deemd necessary by Sun Microsystems, unlike Vista where I can at least make my own choice if I so wish.
All very strange as it appears that I have and continue to have the latest version installed. Indeed, the same version as on my other boxes, none of which have detected any anomalies =-so far!Message was edited by: alanrf on 23/05/11 11:49:52 GMT
Downloader-BCS is on McAfee's books since 2007: http://vil.nai.com/vil/content/v_142494.htm however, maybe some variants are out there. Java exploits can happen just about anywhere at any time unfortunately.
My Java updated to 1.6.0-25 the other day (IE9 and FF4) and I don't bother installing the 64-bit one as I never use the 64-bit I.E. browser which is really only a novelty at the moment.
I set the Java Console to advise me when updates are available:
Message was edited by: Ex_Brit on 23/05/11 8:06:49 EDT AM
Why didn't real-time scanning detect this? Well, I think the relevant phrase in the Microsoft description is probably "security checks may be bypassed". The downloaded code would almost certainly have been obfuscated to evade detection. McAfee will only notice this when the code has been installed and has a recognisable signature (although signature-based detection is on the way out, being replaced by Cloud-based detection).
As for the non-McAfee updates, I hope you didn't leave the updating for too long after installing McAfee. Exploits targetting unpatched software will be picked up by McAfee, but software vendors get their own fixes in first. The good news is that Windows 7 is less likely to be affected by malware than Vista or XP.
Java : you're not on the latest version, I'm afraid. That's Version 6 Update 25 (see below). If you have more than one version of Java on your system, uninstall them all and reinstall the latest version. Java seems vulnerable to exploits against older versions, which seem to run with newer patches loaded on top (and for whatever reason, the older versions can still get bypassed by malware. Don't ask me how it's done).
Coincidentally, just as I was reading the last post the Java Update notification came through on the other, (possibly infected), box. So now, one box on 1.6.0_25 and three more to go.
As I'm running Java on Vista and Win 7 boxes, and as by default Win 7 is an automatic update, I'll just sit back and wait for things to happen. On this (Vista) box the last update, (1.6.0_24), was on 27 February so I'll wait until the end of the week when the latest version should fire up.
Yes, your explanation of the possible failure of the real time scan seems quite plausible. I am assuming that something was found on the initial scan, then the subsequent Quick scan found something that it could act on and then deleted it, so that when I checked the Quarantine drawer everything had gone.
Again, I agree with you that there is a window of opportunity that occurs between the various stages of initial installation, although in practice it is hard to see how this can be closed down. Finally, checking my Win 7 box via Control panel confirms the current installation, as noted above, but gives the original installation date as around a month before I actually purchased the computer in August last year. Not sure what version would have been installed by the makers, (Dell) but that may have been the weak link.
Thanks both of you for your interest and helpful contributions - much appreciated. I know how frustrating it can be offering suppor when no one ever responds or reports back!
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: