Exploit:Win32/Pdfjsc.ADF is the detection for specially-crafted PDF files that target software vulnerabilities in Adobe Acrobat and Adobe Reader. The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

Exploit:JS/Coolex.A is script contained within an exploit pack known as the "Cool Exploit Kit". It can install arbitrary malware on your computer, including variants from the Trojan:Win32/Reveton family of ransomware trojans that may lock your computer and demand payment of a supposed fine.

For more information on ransomware, please see our FAQs at http://www.microsoft.com/security/portal/Shared/Ransomware.aspx.

Exploit:JS/Cooexp.A is script contained within an exploit pack known as the "Cool Exploit Kit". It can install arbitrary malware on your computer.

Exploit:Win32/Pdfjsc.AGC is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.

The vulnerabilities, discussed in CVE-2010-0188, allow this malware to download and run arbitrary files.

The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:

• Adobe Acrobat and Adobe Reader earlier than 8.2.1
• Adobe Acrobat and Adobe Reader earlier than 9.3.1

Install updates to prevent infection

This malware exploits known vulnerabilities.

You should always install the latest updates available from the software vendor to prevent reinfection from this threat, and possible infection from other threats.

Download updates for Adobe products from the following link:

• Updating Software

Windows Defender detects and removes this threat.

This threat uses a Java vulnerability to download and run files on your PC, including other malware.

It runs when you visit a hacked or malicious website and you have a vulnerable version of Java.

The following versions of Java are vulnerable:

• Java Development Kit, Java Runtime Environment 7 Update 11 and earlier

To check if you're running a vulnerable version of Java:

1. Go to the control panel (Select Start then Control Panel)
2. Select Programs. If Java is installed you will see it in the list of installed programs. Click it to open the Java Control Panel.
3. On the General tab, click About to see which version of Java you have installed.

You might get an alert about this threat even if you're not using a vulnerable version of Java. This is because we detect when a website tries to use the vulnerability, even if it isn't successful.

TrojanDownloader:JS/Psyme.MR is a detection for script that attempts to use a certain exploit to download and run other malware.

Exploit:JS/IframeWrite.A is the detection for specially formed IFrame tags that point to remote websites containing malicious content. For example, the IFrame may point to a malicious JavaScript containing an exploit for a specific vulnerability.

Exploit:Win32/Anicmoo.A is generic detection for exploit of a vulnerability in the way certain un-patched versions of Microsoft Windows handle animated cursor (.ani) files. Exploit could allow an attacker to remotely execute arbitrary code on impacted systems. Further details on the vulnerability are found in Microsoft Security Advisory (935423).

Exploit:Win32/Siveras.A is detection for specific known malware used to exploit a vulnerability in the Domain Name System (DNS) Server Service. This vulnerability impacts Microsoft Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. For vulnerability details, workarounds, and patch information, please refer to the Microsoft Security Advisory (935964).

Trojan:JS/Psyme.AD exploits publicly published vulnerabilities via the Web browser Internet Explorer to execute malicious JavaScript. This malicious JavaScript is commonly used to download and execute other malware onto the system. 

Exploit:JS/Mult.K is detection for a JavaScript trojan that runs multiple vulnerability exploitations in order to download, execute or otherwise run arbitrary code. The malicious JavaScript trojan may be hosted on compromised Web sites.

Exploit:Win32/Exrec.gen is a generic detection of malicious code that attempts to exploit a vulnerability in Microsoft Office Excel.

Trojan:JS/Redirector.L is detection for specific JavaScript contained within Web pages. This JavaScript trojan may be injected into an HTML page via an SQL injection attack, or may be present on a malicious Web site, and may redirect users to Web sites other than expected. It is also possible for an attacker to craft HTML-based e-mail messages containing the script.

Exploit:JS/Mult.AG is a detection for malicious shellcode that attempts to exploit certain vulnerabilities in order to download and run arbitrary files. The shellcode is obfuscated.

 

Some files detected as Exploit:JS/Mult.AG may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.AG is loaded, the shellcode is executed in the system.

 

This is the case for files detected as Exploit:JS/Mult.AG that may be associated with a vulnerability in Internet Explorer as discussed in Microsoft Security Advisory (961051). Users are advised to refer to these resources for more information.

 

Exploit:JS/Mult.BF is a detection for malicious shellcode that attempts to exploit certain vulnerabilities in order to download and run arbitrary files. The shellcode is obfuscated.

 

Some files detected as Exploit:JS/Mult.BF may arrive in the system when a user browses certain sites using a vulnerable version of Internet Explorer. When a webpage that includes Exploit:JS/Mult.BF is loaded, the shellcode is executed in the system.

 

In the wild, this exploit may download a trojan detected as TrojanDropper:Win32/Letrofen.A in systems that do not have the Microsoft Security Bulletin MS09-002 update installed.

Exploit:Win32/Evenex.gen is a generic detection for malware, which exploit a vulnerability in a specially crafted Excel document that may corrupt system memory allowing the attacker to execute arbitrary code.
Microsoft has published Microsoft Security Advisory 968272 related to this threat: