Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I have a virus and need help!


  • Please log in to reply

#1
†_Moose_†

†_Moose_†

    Member

  • Member
  • PipPip
  • 91 posts
I did a full scan on with my AVG Anti Virus Free Edition, it found 4 infected areas with the same named virus. AVG cannot heal it nor quarrantine it. What can I do? The exact AVG test result message is below, and I have Windows XP (Home Edition). Any help would be GREATLY Appreciated. (P.S. I couldn't find the fix that is supposed to be available at WindowsUpdate.Microsoft.com) :whistling:

Java/ByteVerify
Virus Encyclopedia
Java/ByteVerify
This virus abuses the security vulnerability in Java Virtual Machine described in MS03-011, which gives posibility of runing potentially dangerous operation to java program (like working with files).

Trojan horse using this vulnerability changes Internet Explorer Home page.

The fix is available on Microsoft web pages like WindowsUpdate.Microsoft.com

Edited by †_Moose_†, 13 August 2006 - 07:50 PM.

  • 0

Advertisements


#2
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Retired Staff
  • 1,802 posts
If you think you've got an infection, then please follow all the directions found here. After you get to step 5, if your problem is not resolved, post a HijackThis log in the Malware forum. If your problem persists after getting a clean bill of health from a malware expert, return here and we'll continue troubleshooting.

Keep in mind, the malware forum is very busy and can take up to 5 days to receive a reply. There is a special forum called The Waiting Room if you've been waiting for 3 or more days. You can put a link to your topic & a short description of your problem and someone will get with you soon.
  • 0

#3
AitrusSkyy

AitrusSkyy

    Member

  • Member
  • PipPipPip
  • 330 posts
I was going to mention, that some scanners pick up a bit of coding in the java package download once its installed. The coding is similar to that of a virus, however it is not.

Try uninstalling java before you do anything durastic, then scan and see if it still exists.

Also I think you will find that avg cant remove it because it is compressed. It will not harm your computer. Not all scanners find this file a virus.

Once you uninstall java, try scanning to see if its still there, then reinstall java, and you will probably see it again. I think this issue has been fixed with symantec. My friends and I used to argue over this because I refused to use java for that reason and I would use the old Microsoft VM java, and they were convinced it held no virus, yet some scanners found it as one and others did not.

Eventually I researched and found that it is as I said, there is a code in the java which is similar to the code in a virus.
  • 0

#4
computerwiz12890

computerwiz12890

    Fixer-upper guy

  • Retired Staff
  • 1,802 posts
Interesting...

Do as AitrusSkyy says, and if you still have the problem, or want to make sure you're clean, then follow my directions.

Good researching AitrusSkyy :whistling:
  • 0

#5
†_Moose_†

†_Moose_†

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Interesting AitrusSkyy, because I scanned with Ad-Aware and it did not find this "virus", but AVG did. I will follow your instructions and let you know. Thanks sooo much :whistling:
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hold off on uninstalling Java so fast if you would I will reply to your topic in the malware forum
Its also likely it just some gunk in the temp folders of Java and just cleaning them out does the trick
  • 0

#7
AitrusSkyy

AitrusSkyy

    Member

  • Member
  • PipPipPip
  • 330 posts
HERE http://www.java.com/...cache_virus.xml


Error Messages


Printable Version

Virus found in the Java Runtime Environment (JRE) cache directory


This article applies to:
Platform(s):
Windows 98, Windows ME, Windows 2000 (SP4+), Windows XP (SP1 SP2), Windows 2003
JRE version(s):
1.4.2_xx, 1.5.0



SYMPTOMS

Malicious applets have been discovered in the JRE cache directory. Anti-virus programs have detected such malicious applets in the following directory:

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011).

If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer.

Examples of the JAR files are:
javainstaller.jar
menu.jar
archive.jar
classload.jar
285.jar
count4.jar
loaderdmitriy.jar




CAUSE

When the browser runs an applet, the JRE stores all the downloaded files into its cache directory for better performance. We have received reports of the following malicious applets in the cache directory:

Trojan.ByteVerify
VerifierBug.class
Java.JJBlack worm
Java.Shinwow trojan
However, in this instance, storing these applets in the cache directory can not cause any harm to your computer because they are designed to exploit a vulnerability in the Microsoft VM, not the Sun JVM.



SOLUTION

If you find one of these malicious applets on your computer, please use an anti-virus program to delete the applet, or you can clean the cache directory manually.

Here are the instructions on how to manually remove these malicious applets from the JRE cache directory:

From the Start button, click Settings > Control Panel
In the Control Panel, open the "Java Plug-in Control Panel"
Select the Cache Tab
Click the Clear button inside the Cache Tab, which will clear your JRE cache directory

Edited by AitrusSkyy, 13 August 2006 - 10:27 PM.

  • 0

#8
†_Moose_†

†_Moose_†

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Many thanks to everyone who responded to the Trojan.ByteVerify problem I had. But, I remembered having a similar issue some time ago, and at the AVG Anti-Virus website, (http://www.grisoft.com) I had picked up a virus remover called vcleaner.exe. What you do is, on the Grisoft Home Page, click on "Virus information" on menu at the left. Then download the remover vcleaner.exe. Restart your computer in Safe mode and run the remover on the infected computer. Vcleaner removal utility will detect and remove the Trojan.ByteVerify, plus tons of other viruses, worms, etc. They tell you that if the infection is not removed, to rename the utility, like "KillVirus" or any name you want, then repeat the procedure and the virus will be removed. What a great little utility it is, and it's only 104 KB (106,496 bytes). I did a full scan with my AVG Anti-Virus program, and the Trojan.ByteVerify is Gone. I even did one more scan and it really is gone from my computer. Thanks again to all who responded to my plea for help, it is greatly appreciated. :whistling:
  • 0

#9
AitrusSkyy

AitrusSkyy

    Member

  • Member
  • PipPipPip
  • 330 posts
Anytime :whistling:
  • 0

#10
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Thanks for letting us know the problem is sorted and how you resloved it :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP