TrojanDropper:Win32/Ilomo
TrojanDownloader:HTML/Iframe.F
Exploit:JS/Pdfupf.A
Exploit:Win32/Pidief.B
Exploit:JS/Pdfcmi.C
Exploit:JS/Mult.BB
Exploit:JS/Elecom.D
Exploit:HTML/IframeRef.gen
Windows Defender detects and removes this threat.
This is a generic detection for specially formed IFrame tags pointing to webpages that have malicious content.
Exploit:Java/CVE-2013-1493
Windows Defender detects and removes this threat.
This threat uses a Java vulnerability (CVE-2013-1493) to download and run files on your PC, including other malware.
It runs when you visit a hacked or malicious website and if you have a vulnerable version of Java.
The following versions of Java are vulnerable:
- Oracle Java JDK and JRE 7 Update 15 and earlier
- Oracle Java JDK and JRE 6 Update 41 and earlier
- Oracle Java JDK and JRE 5 Update 40 and earlier
To check if you're running a vulnerable version of Java:
- In Control Panel, double-click Programs.
- If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
- On the General tab, click About to see which version of Java you have installed.
You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful. This doesn't mean that you have been hacked; it means someone has tried to hack into your PC.
Exploit:Java/CVE-2010-0840.NT
Exploit:Java/CVE-2010-0840.NT is a malicious Java applet that exploits a vulnerability of privilege escalation in JRE (Java Runtime Environment) versions 5 and 6 as described in CVE-2010-0840. The Java exploit is a component of the "Blackhole" exploit pack and is hosted on compromised web sites.
Exploit:Win32/Pdfjsc.YQ
Exploit:Win32/Pdfjsc.YQ is a specially-crafted Portable Document File (PDF), which exploits vulnerabilities in Adobe Acrobat and Adobe Reader discussed in the following articles:
Exploit:JS/Neclu.L
Windows Defender detects and removes this threat.
This threat is on a website that downloads malware onto your PC. You might be redirected to this website when you visit a hacked webpage.
It tries to use vulnerabilities in your software to infect your PC.
You may get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.
See our page about exploits and learn how to update common software.
Exploit:Java/CVE-2010-0840
Windows Defender detects and removes this threat.
This threat uses a vulnerability in your software to download other malware.
It runs when you visit a hacked website and you have a vulnerable version of Java installed on your PC. A number of legitimate websites could be hacked or unwillingly host this threat.
The following versions of Java are vulnerable:
- Oracle Java SE and Java for Business 6 Update 18 and earlier
To check if you're running a vulnerable version of Java:
- Go to the control panel (Select Start then Control Panel)
- Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
- On the General tab, click About to see which version of Java you have installed.
You might get a detection for this threat if you visit a website that has the malicious code, even if you're not using a vulnerable version of Java. This doesn't mean that you have been hacked; it means someone has tried to hack into your PC.
The vulnerability that this threat exploits is described in CVE-2010-0840.
Exploit:JS/Neclu.C
Windows Defender detects and removes this threat.
This threat is on a website that downloads malware onto your PC. You might be redirected to this website when you visit a hacked webpage.
It tries to use vulnerabilities in your software to infect your PC.
You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.
See our page about exploits and learn how to update common software.
Exploit:Win32/Pdfjsc.AFE
Exploit:Win32/Pdfjsc.AFE is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.
The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.
The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:
- Adobe Acrobat and Adobe Reader earlier than 8.2.1
- Adobe Acrobat and Adobe Reader earlier than 9.3.1
Install updates to prevent infection
This malware exploits known vulnerabilities.
You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.
Download updates for Adobe products from the following link:
Exploit:Java/CVE-2013-0422.B
Exploit:Java/CVE-2013-0422.B is a variant of the Exploit:Java/CVE-2013-0422 family of exploits; malicious Java applets that attempt to exploit a vulnerability (CVE-2013-0422) the Java Runtime Environment (JRE), in order to download and install files of an attacker’s choice onto your computer.
If you visit a website containing the malicious code while using a vulnerable version of Java, the exploit is loaded. Note, however, that a number of legitimate websites could be compromised or unwillingly host a malicious applet through advertising frames which could redirect to or host a malicious Java applet.
Update vulnerable Java applications
This threat exploits a known vulnerability in Java. After removing this threat, make sure that you install the updates available from the vendor. You can read more about this vulnerability in Java, as well as where to download the software update from the following links:
It may be necessary to remove older versions of Java that are still present. Keeping old and unsupported versions of Java on your system presents a serious security risk. To read more about why you should remove older versions of Java, see the following information.
Exploit:Win32/Pdfjsc.AGC
Exploit:Win32/Pdfjsc.AGC is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.
The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.
The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:
- Adobe Acrobat and Adobe Reader earlier than 8.2.1
- Adobe Acrobat and Adobe Reader earlier than 9.3.1
Install updates to prevent infection
This malware exploits known vulnerabilities.
You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.
Download updates for Adobe products from the following link: