Skip to content

Java vulnerability exploited in Firefox


Yesterday I was of 23:00 to the 03:00 in the morning to turn off and just today I managed to resolve definitively the infection that explored the Java vulnerability in Firefox (Figure 1), being that I am already with version 11.

I noticed that when entering the website a legitimate software company, Java icon appeared and installed a fake antivirus that does not let me open or the command prompt, Task Manager, or other applications.

Additionally he has disabled the McAfee and did not allow access for updating Dat for having policies and disabled the services, as shown in the NAP Manager connection my corporate network (Figure 2).

And the worst is that the McAffee saw only the trojan (Figure 1) after I manually did the DAT update (Daily DAT Update) and already had found the virus in safe mode, which is a file with the name VWTFRZIUZ.exe in the TEMP directory within the user’s profile.

The reason is that the JRE is the Java 6.0.31 vulnerable, but does not update Firefox which continues with the old version (Figure 3) because the JRE Installer 6.0.31 doesn’t remove the JRE 6.0.30 which is vulnerable and with the two installed the vulnerability remains active (Figure 4).

I recommend you to do what I had to do after already infected:

  • Check which JRE that Firefox you are using
  • If it is earlier than JRE manually remove the JRE by 6.0.31 Windows Control Panel
  • Install the JRE 6.0.31 by link: if you need Java
  • Disable the Java plugin in browsers and enable only the sites that really need


Figure 1 – Trojan installed using the vulnerability in JRE 6.0.1


Figure 2 – Antivirus disabled by trojan


Figure 3 – Firefox’s Warning that the JRE 6.0.3 was still installed


Figure 4 – Coexistance of JREs, 6.0.3 is the vulnerable

From → Security

  1. bookmarked!!, I really like your web site!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: