The Classloader files are part of Internet Explorer homepage hijacker
trojans, that infect IE through malicous web page that uses Java
classloader byteverify exploit or other vulnerability in Internet Explorer.
These trojans usually change the browser start page and search
settings and download other trojan/spyware components on the system.
The easiest way to be safe from these trojans is to make sure that
Internet Explorer is up to date. Although even with updated IE
the trojans are sometimes downloaded but cannot activate.
Usually the classloader files are in a .zip or .jar archive along
with several other files. One of the files should have more
descriptive name, that indicates which Trojan it is.
If none of the files have a descriptive name, please send the archive
to F-Secure for analysis.
The Classloader based trojans install themselves from a malicious web page
that contains a reference to the trojan. The trojan uses a vulnerability
in the classloader system of Microsoft Java runtime, that allows the
malicious applet to break out of the sandbox, and gain same access as any
other executable running with users permissions.
Spreading in
Malicious web pages that contain references to the trojans.
Payload
After being executed these trojans usually download executable components
that are either further parts of the trojan or spyware being dropped by
the trojan.
![](/images/pixel.gif"){kind=tracking}
