Follow:

 

Exploit:JS/DonxRef.A


Microsoft security software detects and removes this threat.

It uses vulnerabilities in Java to install malware on your PC.

You might get this threat if you visit a malicious or hacked website, or by clicking a malicious link in an email.

Find out ways that malware can get on your PC.



What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Update Java

Make sure you install all available Java updates. You can read more about this vulnerability and download software updates from these links:

You should remove older versions of Java, as keeping old and unsupported versions of Java on your PC is a serious security risk:

If you continue to get alerted about this threat, deleting your temporary Java files can help:

Update Adobe products

Make sure you install all available Adobe updates. You can read more about this vulnerability and download software updates from these links:

It's also important to keep your other software up to date:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Exploit:JS/DonxRef.A might try to exploit various vulnerabilities in Java, Adobe Flash Player, and Windows to run other malware on your PC. It may detect a component of a specific exploit kit referred to as "Gong Da" or "KaiXin".

If your PC has a vulnerable version of these programs, Exploit:JS/DonxRef.A downloads and runs arbitrary files.

It checks if your PC is vulnerable to the following:

Exploit:JS/DonxRef.A has also been observed to exploit a vulnerability in Microsoft XML Core Services resolved with the release of Microsoft Security Bulletin MS12-043, (CVE-2012-1889).

Analysis by Jim Wang and Methusela Cebrian Ferrer


Symptoms

Alerts from your security software may be the only symptom.


Prevention


Alert level: Severe
First detected by definition: 1.141.164.0
Latest detected by definition: 1.167.1420.0 and higher
First detected on: Nov 21, 2012
This entry was first published on: Nov 21, 2012
This entry was updated on: Sep 05, 2014

This threat is also detected as:
No known aliases