Trojan.Maljava - How to remove?
Trojan.Maljava (Symantec) or Mal/JavaCmC (Sophos) is Java – based Trojan parasite that can target both PCs and Macs. Current Maljava version uses same vulnerability on both platforms, which is allready closed on patched up versions of all OSes. You can get attacked by this trojan if you visit exploit pages, which can be hosted on usually harmless, but infected websites.
If your system is vulnerable to Trojan.Maljava, the trojan will download and execute an executable or Python script (depending on OS version). This script will install a backdoor to your PC, which allows botnet owners to control your PC in the way they wish. The Backdoor trojan, used by Maljava allows accessing CPU, Disk, Memory details and installing/executing new executables, accessing your files and documents. Some of the trojans using this exploit are responsible for redirection and clickjacking like notorious Happili redirect or Flashback Mac trojan. To avoid detection, the malware encrypts the traffic.
The Trojan.Maljava infection is easy prevented by using antivirus and having patched versions of Java and OS. Apple does not provides patches for OS versions below Snow Leopard, so you should upgrade. It is highly advisable to turn Java off if you do not use it as well.
To confirm that you were infected by Trojan.Maljava do following:
- On Apple system, check for the files /Users/Shared/update.sh and /Users/Shared/update.py . These can be deleted safely. You should use antivirus software on Mac as well.
- On PC Scan with anti-malware programs like spyhunter and check for file ntshrui.dll .
Trojan.Maljava!Gen24 or CVE-2012-4681 is detection of the latest malicious JAVA exploit on infected websites. This parasite is from Maljava family, aka malicious Java programs. The exploit CVE-2012-4681 was discovered only recently (on late August 2012), and it is not patched in Java versions, so every PC using Java in their browsers are susceptible. Typically, Trojan.Maljava!Gen24 means that particular site or advertisements on it hosts Blackhole exploit kit or similar one, which tries to infect your PC and install botnet software on your computer. In some cases the exploits might install rogue antivirus like Security Shield, though hidden threats are not less dangerous.
If your antivirus detected Trojan.Maljava!Gen24, it means that it partially blocked the exploits. The problem is following: the blackhole exploit pack uses more than single exploit, so you might still get infected, and antiviruses started detecting this parasite couple days after it was released. Thus you should do a full system scan with your antivirus and second opinion scanners like spyhunter or Hitman Pro. These programs would ensure that no parasite, distributed by Trojan.Maljava!Gen24 was installed on your PC during the time you were defenseless.
To prevent Trojan.Maljava!Gen24 we recommend disabling JAVA plugins from your browser at least to the point Oracle releases software updates.
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Plugins panel.
Click on the Java (TM) Platform plugin to select it.
Click on the Disable button (if the button says Enable, Java is already disabled).
On Internet explorer you can disable Java applets this way:
Click Tools | Internet Options | Advanced.
If Java is installed in your browser, you will see a listing for Sun Java in the Internet Options menu. Just uncheck it to disable.
Enter chrome://plugins in URL bar.
search for Java, Press on links Disable.
When Java is disabled in the browser, Trojan.Maljava!gen24 is no longer dangerous. While you might need Java in your browser for some applications, these cases are relatively rare (some banks use it) and then it would be much safer if you use separate browser for banking alone.
Automatic Trojan.Maljava removal toolsWe might be affiliated with some of these programs. Full information is available in disclosure
Manual Trojan.Maljava removal
Important Note: Although it is possible to manually remove Trojan.Maljava, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using TDSSKiller or other tools found on 2-viruses.com.
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other Trojan.Maljava infected files and get help in Trojan.Maljava removal by using TDSSKiller scanner.