I have come across several trojans using the loophole in the java/windows combo to install themselves. They are easy enough to get rid of but I can't seem to correct the problem that lets them in in the first place. Both windows xp pro and java have been updated but the trojans (classloader, archive, etc.) keep getting through.

Also, some info on exactly how these work would be appreciated. I catch them in the java cache as an idx file and a jar file. What is the trip that extracts them ? Basic explanations appreciated.

Thx