JS_EXCEPTION.GEN
Virus type: JavaScript

Destructive: No

Description:

This is Trend Micro's generic detection for JavaScript malware that take advantage of a known security vulnerability on unpatched Internet Explorer browsers.

The vulnerability allows Java applets to run any desired ActiveX control from a Web page, or from within an HTML-based email message, that would enable it to read, write, and run files from accessible drives. This vulnerability also allows applets to download a file from a specified Web site and execute this file locally.

JavaScript malware containing this vulnerability are often embedded in HTML sites and are usually used to modify the default Internet Explorer home page and to add web links to the Favorites folder. Other malware samples modify the default stationery for Outlook Express, while some are found to have mailing capabilities.

More information on this vulnerability is available at the Microsoft Security Bulletin article, Patch Available for 'Microsoft VM ActiveX Component' Vulnerability.

Solution:


NOTE: Different samples of this malware have different effects on your system. Apply the security patch and scan your system to clean it of this malware, then run the other procedures as necessary.

Applying Patches

This malware exploits known vulnerabilities in Internet Explorer and the Microsoft Virtual Machine. Download and install a VM build with a fix for this vulnerability supplied by Microsoft. Refrain from using this product until the appropriate patch has been installed.

Read more: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS_EXCEPTION.GEN