Trojan.ByteVerify ?

[TheGateKeeper]

Not sure if this is the right place to ask but here goes. NAV and AVG
both have found Trojan.ByteVerify in my PC. First what is it. I have
been to Google for info and Norton web site. Cant find any real
answers either place about it. Seems to be Java related. In my pc its
been found in c:\windows\.jpi_cache\jar\1.0 . In this file it has
references to Back Door class and Dummy class. (Just my luck) Second
how the hell do I get rid of it. It has been quarantined and deleted
by my and Norton. But after scanning again it comes back. At times
with a different name but always in the .jpi_cache\jar\1.0 folder. Is
this thing harmful? If it is or isn't I would like to get rid if it.
Win98se. Thanks.


Outgoing mail from TheGateKeeper is certified Virus Free.Checked by AVG anti-virus system.
Version: 6.0.541/virus Database:335/release Date:11-14-03

 

[taff]

Not sure if this is the right place to ask but here goes. NAV and AVG
both have found Trojan.ByteVerify in my PC. First what is it. I have
been to Google for info and Norton web site. Cant find any real
answers either place about it. Seems to be Java related. In my pc its
been found in c:\windows\.jpi_cache\jar\1.0 . In this file it has
references to Back Door class and Dummy class. (Just my luck) Second
how the hell do I get rid of it. It has been quarantined and deleted
by my and Norton. But after scanning again it comes back. At times
with a different name but always in the .jpi_cache\jar\1.0 folder. Is
this thing harmful? If it is or isn't I would like to get rid if it.
Win98se. Thanks.


Outgoing mail from TheGateKeeper is certified Virus Free.Checked by AVG anti-virus system.
Version: 6.0.541/virus Database:335/release Date:11-14-03

Spybot http://www.safer-networking.org/index.php?page=mirrors

Taff..........



www.sounds-pa.com | www.thecomputerworkshop.com

 

[David H. Lipman]

Trojan.ByteVerify

http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

Exploit-ByteVerify
http://vil.nai.com/vil/content/v_100261.htm

If you have a virus, Internet worm or Trojan, don't use Google. use AV vendor libraries
McAfee - http://vil.nai.com/vil/advsearch.asp
Symantec - http://securityresponse.symantec.com/avcenter/vinfodb.html

1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
2) Please reboot your PC into Safe Mode
3) Perform a Full Scan of your platform and clean/delete any infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP, re-enable System Restore, reboot the PC
6) If you are using WinME or WinXP, create a new Restore point
7) Please report back your results


Dave



| Not sure if this is the right place to ask but here goes. NAV and AVG
| both have found Trojan.ByteVerify in my PC. First what is it. I have
| been to Google for info and Norton web site. Cant find any real
| answers either place about it. Seems to be Java related. In my pc its
| been found in c:\windows\.jpi_cache\jar\1.0 . In this file it has
| references to Back Door class and Dummy class. (Just my luck) Second
| how the hell do I get rid of it. It has been quarantined and deleted
| by my and Norton. But after scanning again it comes back. At times
| with a different name but always in the .jpi_cache\jar\1.0 folder. Is
| this thing harmful? If it is or isn't I would like to get rid if it.
| Win98se. Thanks.
|
|
| Outgoing mail from TheGateKeeper is certified Virus Free.Checked by AVG anti-virus system.
| Version: 6.0.541/virus Database:335/release Date:11-14-03

 

[Camford]

Not sure if this is the right place to ask but here goes. NAV and AVG
both have found Trojan.ByteVerify in my PC. First what is it. I have
been to Google for info and Norton web site. Cant find any real
answers either place about it. Seems to be Java related. In my pc its
been found in c:\windows\.jpi_cache\jar\1.0 . In this file it has
references to Back Door class and Dummy class. (Just my luck) Second
how the hell do I get rid of it. It has been quarantined and deleted
by my and Norton. But after scanning again it comes back. At times
with a different name but always in the .jpi_cache\jar\1.0 folder. Is
this thing harmful? If it is or isn't I would like to get rid if it.
Win98se. Thanks.


Outgoing mail from TheGateKeeper is certified Virus Free.Checked by AVG anti-virus system.
Version: 6.0.541/virus Database:335/release Date:11-14-03

I think it might be a v good idea to update your AVG

 

[TheGateKeeper]

Not sure if this is the right place to ask but here goes. NAV and AVG
both have found Trojan.ByteVerify in my PC. First what is it. I have
been to Google for info and Norton web site. Cant find any real
answers either place about it. Seems to be Java related. In my pc its
been found in c:\windows\.jpi_cache\jar\1.0 . In this file it has
references to Back Door class and Dummy class. (Just my luck) Second
how the hell do I get rid of it. It has been quarantined and deleted
by my and Norton. But after scanning again it comes back. At times
with a different name but always in the .jpi_cache\jar\1.0 folder. Is
this thing harmful? If it is or isn't I would like to get rid if it.
Win98se. Thanks.


Outgoing mail from TheGateKeeper is certified Virus Free.Checked by AVG anti-virus system.
Version: 6.0.541/virus Database:335/release Date:11-14-03

Thanks for all the help. First I new I would catch heck about my AVG
updates. For posting in news groups I call up a text file for the AVG
outgoing mail thing. I have to update this myself since I use Agent
for my news reader. I haven't posted anything for awhile and I had
forgotten to update the file. I do check for updates and download them
2 or 3 times a week or when I hear a new one is out.
I booted up in safe mode and did the full sys scan. Came up with 3
infected files. I deleted them. Re-booted and scanned again and seems
to have taken care of my problem. All seems well. Thanks a bunch to
all!!
Outgoing mail from TheGateKeeper is certified Virus Free.Checked by AVG anti-virus system.
Version: 6.0.544/virus Database:350/release Date:1-2-04

 

[Why so many stars for so few four-leaf clovers?]

In

Trojan.ByteVerify

http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

Exploit-ByteVerify
http://vil.nai.com/vil/content/v_100261.htm

Yes, interesting,

However I shall be interested to have more information about how this kind
of malware can work.

We have about one Trojan.ByteVerify per week (among 10 000 computers).

The worm is always found in the Internet Explorer cache (i.e. Temporary
Internet Files Folder).

Also, there is always a downloader somewhere on the hard drive : in c:\winnt
folder (or subfolders such as c:\winnt\system32).

Despite my efforts to trace back the worm I have been unable, till now, to
understand from where they got it and, consequently, to return on the site
in order to contaminate a computer to test and understand the mechanism.

Thanks

--

Jean-Luc Cavey
Paris, France
E-Mail : (e-mail address removed)
http://canon.cavey.org/

 

[YoKenny]

In
http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html


Yes, interesting,

However I shall be interested to have more information about how this
kind
of malware can work.

We have about one Trojan.ByteVerify per week (among 10 000 computers).

The worm is always found in the Internet Explorer cache (i.e.
Temporary Internet Files Folder).

Also, there is always a downloader somewhere on the hard drive : in
c:\winnt folder (or subfolders such as c:\winnt\system32).

Despite my efforts to trace back the worm I have been unable, till
now, to understand from where they got it and, consequently, to
return on the site
in order to contaminate a computer to test and understand the
mechanism.

Thanks

Please read as a few of these are classified as trojans
http://www.spywareinfo.com/~merijn/cwschronicles.html

IE-SPYAD stops a few of them:
http://www.staff.uiuc.edu/~ehowes/resource.htm#IESPYAD

 

[FromTheRafters]

However I shall be interested to have more information about how this kind
of malware can work.

Maybe these will help.

http://lsd-pl.net/projects.html

http://java.sun.com/sfaq/960327.html