Infected files found in my Windows (XP) directory

B

Bob S

I just recently upgraded to Windows XP Pro and did the automatic
updates. Then I upgraded my Virus scanner to run with XP (EZ Trust
Antivirus version 6.1). The software isolated a bunch of files it said
were infected. It could not clean them and did not delete them. Their
names look very similar to those around them in the directory. Could
someone tell me whether files of these names should be a part of XP pro?

Here are the lines from the scan log. Thanks for your help.

c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.zip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.zip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zip>Colors.class
- Java.Shinwow.B trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>Dummy.class -
Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>Colors.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.zip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.zip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zip>Colors.class
- Java.Shinwow.B trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zip contains
infected files.


Thank you in advance.
 
J

Jim Macklin

They are viruses, perhaps EZ Trust has removal tools,
otherwise try McAfee or Norton.

You can simply delete the files, but there may be some
registry entries left.


| I just recently upgraded to Windows XP Pro and did the
automatic
| updates. Then I upgraded my Virus scanner to run with XP
(EZ Trust
| Antivirus version 6.1). The software isolated a bunch of
files it said
| were infected. It could not clean them and did not delete
them. Their
| names look very similar to those around them in the
directory. Could
| someone tell me whether files of these names should be a
part of XP pro?
|
| Here are the lines from the scan log. Thanks for your
help.
|
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>RunString.class
| - Java.Shinwow trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>Parser.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>Dummy.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip contains
| infected files.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>Dummy.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>Parser.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>RunString.class
| - Java.Shinwow trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip contains
| infected files.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>RunString.class
| - Java.Shinwow trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Parser.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Dummy.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Colors.class
| - Java.Shinwow.B trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p contains
| infected files.
|
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>R
unString.class
| - Java.Shinwow trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>P
arser.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>D
ummy.class -
| Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>C
olors.class
| - Java.Shinwow trojan.
| c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip
contains
| infected files.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>Dummy.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>Parser.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>RunString.class
| - Java.Shinwow trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip contains
| infected files.
|
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>RunString.class
| - Java.Shinwow trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>Parser.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>Dummy.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip contains
| infected files.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>RunString.class
| - Java.Shinwow trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Parser.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Dummy.class
| - Java.ByteVerify.exploit trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Colors.class
| - Java.Shinwow.B trojan.
|
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p contains
| infected files.
|
|
| Thank you in advance.
|
 
C

Cyndi

Those are in the java files........my son's computer has the same ones....they show as a trojan virus. We have deleted them every time, and they come back again............I have EZ Trust too, and I ran Panda Software and one other free online scan and those came back as clean, no virus. Someone told me that sometimes false positives can come up in EZ Trust.......they have caused no problems, and as I said, I have deleted them and they still come back.
 
J

Jim Macklin

Byte verify is a virus, not a valid Java program although it
is probably written using Java.

Those are in the java files........my son's computer has the
same ones....they show as a trojan virus. We have deleted
them every time, and they come back again............I have
EZ Trust too, and I ran Panda Software and one other free
online scan and those came back as clean, no virus. Someone
told me that sometimes false positives can come up in EZ
Trust.......they have caused no problems, and as I said, I
have deleted them and they still come back.
--
Cyndi -

Bob S said:
I just recently upgraded to Windows XP Pro and did the automatic
updates. Then I upgraded my Virus scanner to run with XP (EZ Trust
Antivirus version 6.1). The software isolated a bunch of files it said
were infected. It could not clean them and did not delete them. Their
names look very similar to those around them in the directory. Could
someone tell me whether files of these names should be a part of XP pro?

Here are the lines from the scan log. Thanks for your help.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>Dummy.class
- Java.ByteVerify.exploit trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>RunString.class
- Java.Shinwow trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Colors.class
- Java.Shinwow.B trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>R
unString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>P
arser.class
- Java.ByteVerify.exploit trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>D
ummy.class -
Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>C
olors.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>RunString.class
- Java.Shinwow trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>Dummy.class
- Java.ByteVerify.exploit trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Colors.class
- Java.Shinwow.B trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p contains
 
J

Jim Macklin

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100261
Read McAfee's description of ...
Virus Profile

Virus Information
Name: Exploit-ByteVerify
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 4/9/2003
Date Added: 4/22/2003
Origin: Unknown
Length: Varies
Type: Trojan
SubType: Exploit
DAT Required: 4258





Those are in the java files........my son's computer has the
same ones....they show as a trojan virus. We have deleted
them every time, and they come back again............I have
EZ Trust too, and I ran Panda Software and one other free
online scan and those came back as clean, no virus. Someone
told me that sometimes false positives can come up in EZ
Trust.......they have caused no problems, and as I said, I
have deleted them and they still come back.
--
Cyndi -

Bob S said:
I just recently upgraded to Windows XP Pro and did the automatic
updates. Then I upgraded my Virus scanner to run with XP (EZ Trust
Antivirus version 6.1). The software isolated a bunch of files it said
were infected. It could not clean them and did not delete them. Their
names look very similar to those around them in the directory. Could
someone tell me whether files of these names should be a part of XP pro?

Here are the lines from the scan log. Thanks for your help.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip>Dummy.class
- Java.ByteVerify.exploit trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-18c96186-3b40474d.
zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip>RunString.class
- Java.Shinwow trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-7aa72b25-64f67f27.
zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p>Colors.class
- Java.Shinwow.B trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-74b14aa4-58e1e360.zi
p contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>R
unString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>P
arser.class
- Java.ByteVerify.exploit trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>D
ummy.class -
Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip>C
olors.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\tb.jar-796b13a3-141cbc87.zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip>RunString.class
- Java.Shinwow trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\archive.jar-9ccf676-7e9902be.z
ip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip>Dummy.class
- Java.ByteVerify.exploit trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\counter.jar-7a8c7511-7c927f18.
zip contains
infected files.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>RunString.class
- Java.Shinwow trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Parser.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Dummy.class
- Java.ByteVerify.exploit trojan.
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p>Colors.class
- Java.Shinwow.B trojan.
Click to expand...
c:\WINDOWS\.jpi_cache\jar\1.0\count.jar-6d27bc27-76e82fcd.zi
p contains
 
Top