Trojanbyte.verify virus - constant attacks

No matter how many times I reboot Windows 2000 in safe mode, run Norton Anti-
virus, clean my temp files, ran Ad-Aware, Spyblaster, and do a regedit search
to take out the thing manually, Norton still keeps detecting 2-3 copies at a
time.

Any suggestions?

On Mon, 15 Mar 2004 19:10:09 GMT, Moe Hair <mohair@nospam.com> wrote:

>No matter how many times I reboot Windows 2000 in safe mode, run Norton Anti-
>virus, clean my temp files, ran Ad-Aware, Spyblaster, and do a regedit search
>to take out the thing manually, Norton still keeps detecting 2-3 copies at a
>time.

Have you read this?:

http://securityresponse.symantec.co...byteverify.html

Have you applied the patch? Have you disabled Java in your browser? Do
you use a firewall? You're sure NAV isn't false alarming since the
registry, etc., indicate reinfection? You do reboot each time you
remove intrusive registry entries?


Art
http://www.epix.net/~artnpeg

"Moe Hair" <mohair@nospam.com> wrote in message news:Xns94AD8FDEFF129mohair@news4.srv.hcvlny.cv.net...
> No matter how many times I reboot Windows 2000 in safe mode, run Norton Anti-
> virus, clean my temp files, ran Ad-Aware, Spyblaster, and do a regedit search
> to take out the thing manually, Norton still keeps detecting 2-3 copies at a
> time.
>
> Any suggestions?

Update your Java virtual machine so that you aren't vulnerable
to that exploit. This won't stop stuff from getting into your temp
files, but you won't be vulnerable to attack.

Unfortunately, I've become too familiar with that Symantec bulletin.
So far it's been about 10 hours since the last virus bug was caught.
I have a firewall, but haven't disabled Java. The patch has been applied,
though. What's amazing is that I've just added Spysweeper to the arsenal and
that finds stuff that Ad-Aware doesn't.

null@zilch.com opened in news:8j5c50h8lhf56m0i042buoeb4ik36bcic1@4ax.com:

> On Mon, 15 Mar 2004 19:10:09 GMT, Moe Hair <mohair@nospam.com> wrote:
>
>>No matter how many times I reboot Windows 2000 in safe mode, run Norton
>>Anti- virus, clean my temp files, ran Ad-Aware, Spyblaster, and do a
>>regedit search to take out the thing manually, Norton still keeps
>>detecting 2-3 copies at a time.
>
> Have you read this?:
>
> http://securityresponse.symantec.co...ojan.byteverify
> .html
>
> Have you applied the patch? Have you disabled Java in your browser? Do
> you use a firewall? You're sure NAV isn't false alarming since the
> registry, etc., indicate reinfection? You do reboot each time you
> remove intrusive registry entries?
>

"Moe Hair" <mohair@nospam.com> wrote in message
news:Xns94AE8DD92075mohair@news4.srv.hcvlny.cv.net...
> Unfortunately, I've become too familiar with that Symantec bulletin.
> So far it's been about 10 hours since the last virus bug was caught.
> I have a firewall, but haven't disabled Java. The patch has been applied,
> though. What's amazing is that I've just added Spysweeper to the arsenal
and
> that finds stuff that Ad-Aware doesn't.
>
>
Thanks. I just aded it to my arsenal.

-*MORT*-

Moe,
The question is ....... where is NAV detecting these files?
If they are located in your cache, log on as Administrator and
delete the cache folders, not just the contents .......

How To: Delete the Internet Explorer Temporary Internet Files
http://www.mvps.org/winhelp2002/delcache.htm
--
The Coolwebsearch trojan uses that exploit ......

How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--

"Moe Hair" <mohair@nospam.com> wrote in message
news:Xns94AE8DD92075mohair@news4.srv.hcvlny.cv.net...
> Unfortunately, I've become too familiar with that Symantec bulletin.
> So far it's been about 10 hours since the last virus bug was caught.
> I have a firewall, but haven't disabled Java. The patch has been applied,
> though. What's amazing is that I've just added Spysweeper to the arsenal
and
> that finds stuff that Ad-Aware doesn't.
>
> null@zilch.com opened in news:8j5c50h8lhf56m0i042buoeb4ik36bcic1@4ax.com:
>
> > On Mon, 15 Mar 2004 19:10:09 GMT, Moe Hair <mohair@nospam.com> wrote:
> >
> >>No matter how many times I reboot Windows 2000 in safe mode, run Norton
> >>Anti- virus, clean my temp files, ran Ad-Aware, Spyblaster, and do a
> >>regedit search to take out the thing manually, Norton still keeps
> >>detecting 2-3 copies at a time.
> >
> > Have you read this?:
> >
> >
http://securityresponse.symantec.co...ojan.byteverify
> > .html
> >
> > Have you applied the patch? Have you disabled Java in your browser? Do
> > you use a firewall? You're sure NAV isn't false alarming since the
> > registry, etc., indicate reinfection? You do reboot each time you
> > remove intrusive registry entries?
> >
>

"Mike Burgess" <winhelp2002@spamthis.com> opened in news:OuZy3REDEHA.2052
@TK2MSFTNGP11.phx.gbl:

> ttp://www.mvps.org/winhelp2002/delcache.htm
> --
> The Coolwebsearch trojan uses that exploit ......
>
> How to remove Coolwebsearch and affiliates
> http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch
>
> Note: this type hijack indicates an unpatched machine, that is lacking
> in "Defense". Please visit Windows Update to avoid these exploits.
>

I think I've done most of this already. I used to manage an NT network
several years ago, and it seems that with the Win 2000 and later servers,
there's even more patches and downloads to be aware of, not to mention
running spyware and NAV software across the entire network.

If you're in the entertainment, advertising or fashion biz, and most of your
employees are searching the net all day (in a very risque fashion I may add),
you have to constantly be on your toes. The top execs in my last company
used to LOVE their porn, too! There were days where I would be sitting there
manually deleting viruses from notebook computers step by step (searches
through files and the registry), because Symantec didn't have a download for
it yet.

"Mike Burgess" <winhelp2002@spamthis.com> mentioned in news:OuZy3REDEHA.2052
@TK2MSFTNGP11.phx.gbl:

> f they are located in your cache, log on as Administrator

one more thing about the office these days - the more creative and
intellectual the personnel, the greater the chance they are bringing in zip
drives, portable drives, mp3 players, and other peripherals to attach to
their PC's during the day. Years ago, you would just have to worry that an
employee was bring in a 1.44 mg floppy!