Windows Defender detects and removes this threat.

This is a generic detection for specially crafted, malicious shortcut files that target the vulnerability exploited by the Win32/Stuxnet family.

When you browse a folder that has the malicious shortcut using an app that displays shortcut icons, the malware runs instead.

Find out ways that malware can get on your PC.  

Windows Defender detects and removes this threat.

Exploit:Win32/ShellCode.gen!C is a generic detection for JavaScript files that have malicious code. Generally, attackers use this malicious code to infect your computer with other malware.

These files are often downloaders which use the malicious code to exploit vulnerabilities in various software.

A vulnerability is like a hole in your software that malware can use (or exploit) to get on your computer. These holes are fixed by installing updates to the vulnerable software; this is why it is extremely important to keep all of the programs on your computer up to date.

See here for information on how to update some software.

As this is a generic detection, we cannot identify the precise files that use this code or the particular exploits that the code uses.

Exploit:Win32/Pdfjsc.NJ is the detection for a PDF file that contains an obfuscated JavaScript. This JavaScript exploits certain vulnerabilities, such as CVE-2010-0188, in Adobe Acrobat and Adobe Reader, allowing it to download arbitrary files into the affected computer.

Exploit:JS/CVE-2010-0806.gen!A is the generic detection for specially crafted JavaScript that attempts to exploit the vulnerability in Internet Explorer resolved with the release of Microsoft Security Bulletin MS10-018.

Exploit:Win32/Pdfjsc.OL is the detection for malicious Portable Document Format (PDF) files that contain an obfuscated JavaScript. These files exploit a vulnerability in Adobe Acrobat and Adobe Reader that allows it to download and execute arbitrary files. The vulnerability is discussed in the following links:

• CVE-2010-0188
• APSB10-07

TrojanDownloader:Java/OpenStream.AQ is a Java applet trojan that can be distributed inside a Java .jar package that varies in size. It is a variation of Exploit:Java/CVE-2010-0840.W and exploits the vulnerability described in CVE-2010-0840.

Exploit:JS/Blacole.AR is the detection for malicious JavaScript that loads a series of other exploits that are distributed as components of the "Blackhole kit". If the computer runs a vulnerable version of certain software and exploitation is successful, various malware may be downloaded.

Exploit:JS/Blacole.DC is a variant of JS/Blacole, JavaScript malware that consists of several exploits and is created by the "Blackhole" exploit kit.

TrojanDownloader:Java/OpenConnection.PM is an obfuscated Java applet that attempts to download and execute arbitrary files from a remote host. It is usually bundled with other malware that exploits the vulnerability described in CVE-2010-0840.

The vulnerability allows this malware to download and run arbitrary files. The trojan may also be encountered when visiting a compromised or malicious webpage with a vulnerable computer.

The following versions of Java are vulnerable to this exploit:

• JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux; Java SE
• JDK 5.0 Update 23 and earlier for Solaris; Java SE
• SDK 1.4.2_25 and earlier for Solaris; Java SE
• JDK and JRE 6 Update 18 and earlier for Windows, Solaris and Linux; Java for Business
• JDK and JRE 5.0 Update 23 and earlier for Windows, Solaris and Linux; Java for Business
• SDK and JRE 1.4.2_25 and earlier for Windows, Solaris and Linux; Java for Business

Install updates to prevent infection

This malware exploits known vulnerabilities.

Make sure that you install all available updates from the vendor and remove old versions of Java in order to avoid this exploit. You can read more about this vulnerability and download software updates from these links:

• CVE-2010-0840
• Oracle advisory
• Java Download
• Remove older versions of Java

Trojan:JS/Redirector.JE is a JavaScript that adds a hidden IFrame that points to other malware distributed via Blackhole kit servers. It may be embedded in an HTML file, which had been modified without the owner's knowledge. Hence it might be present in otherwise legitimate webpages.