[†_Moose_†]

I did a full scan on with my AVG Anti Virus Free Edition, it found 4 infected areas with the same named virus. AVG cannot heal it nor quarrantine it. What can I do? The exact AVG test result message is below, and I have Windows XP (Home Edition). Any help would be GREATLY Appreciated. (P.S. I couldn't find the fix that is supposed to be available at WindowsUpdate.Microsoft.com)

Java/ByteVerify
Virus Encyclopedia
Java/ByteVerify
This virus abuses the security vulnerability in Java Virtual Machine described in MS03-011, which gives posibility of runing potentially dangerous operation to java program (like working with files).

Trojan horse using this vulnerability changes Internet Explorer Home page.

The fix is available on Microsoft web pages like WindowsUpdate.Microsoft.com

Edited by †_Moose_†, 13 August 2006 - 07:50 PM.

[Advertisements]

If you think you've got an infection, then please follow all the directions found here. After you get to step 5, if your problem is not resolved, post a HijackThis log in the Malware forum. If your problem persists after getting a clean bill of health from a malware expert, return here and we'll continue troubleshooting.

Keep in mind, the malware forum is very busy and can take up to 5 days to receive a reply. There is a special forum called The Waiting Room if you've been waiting for 3 or more days. You can put a link to your topic & a short description of your problem and someone will get with you soon.

[computerwiz12890]

If you think you've got an infection, then please follow all the directions found here. After you get to step 5, if your problem is not resolved, post a HijackThis log in the Malware forum. If your problem persists after getting a clean bill of health from a malware expert, return here and we'll continue troubleshooting.

Keep in mind, the malware forum is very busy and can take up to 5 days to receive a reply. There is a special forum called The Waiting Room if you've been waiting for 3 or more days. You can put a link to your topic & a short description of your problem and someone will get with you soon.

[AitrusSkyy]

I was going to mention, that some scanners pick up a bit of coding in the java package download once its installed. The coding is similar to that of a virus, however it is not.

Try uninstalling java before you do anything durastic, then scan and see if it still exists.

Also I think you will find that avg cant remove it because it is compressed. It will not harm your computer. Not all scanners find this file a virus.

Once you uninstall java, try scanning to see if its still there, then reinstall java, and you will probably see it again. I think this issue has been fixed with symantec. My friends and I used to argue over this because I refused to use java for that reason and I would use the old Microsoft VM java, and they were convinced it held no virus, yet some scanners found it as one and others did not.

Eventually I researched and found that it is as I said, there is a code in the java which is similar to the code in a virus.

[computerwiz12890]

Interesting...

Do as AitrusSkyy says, and if you still have the problem, or want to make sure you're clean, then follow my directions.

Good researching AitrusSkyy

[†_Moose_†]

Interesting AitrusSkyy, because I scanned with Ad-Aware and it did not find this "virus", but AVG did. I will follow your instructions and let you know. Thanks sooo much

[don77]

Hold off on uninstalling Java so fast if you would I will reply to your topic in the malware forum
Its also likely it just some gunk in the temp folders of Java and just cleaning them out does the trick

[AitrusSkyy]

HERE http://www.java.com/...cache_virus.xml


Error Messages


Printable Version

Virus found in the Java Runtime Environment (JRE) cache directory


This article applies to:
Platform(s):
Windows 98, Windows ME, Windows 2000 (SP4+), Windows XP (SP1 SP2), Windows 2003
JRE version(s):
1.4.2_xx, 1.5.0



SYMPTOMS

Malicious applets have been discovered in the JRE cache directory. Anti-virus programs have detected such malicious applets in the following directory:

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011).

If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer.

Examples of the JAR files are:
javainstaller.jar
menu.jar
archive.jar
classload.jar
285.jar
count4.jar
loaderdmitriy.jar



CAUSE

When the browser runs an applet, the JRE stores all the downloaded files into its cache directory for better performance. We have received reports of the following malicious applets in the cache directory:

Trojan.ByteVerify
VerifierBug.class
Java.JJBlack worm
Java.Shinwow trojan
However, in this instance, storing these applets in the cache directory can not cause any harm to your computer because they are designed to exploit a vulnerability in the Microsoft VM, not the Sun JVM.


SOLUTION

If you find one of these malicious applets on your computer, please use an anti-virus program to delete the applet, or you can clean the cache directory manually.

Here are the instructions on how to manually remove these malicious applets from the JRE cache directory:

From the Start button, click Settings > Control Panel
In the Control Panel, open the "Java Plug-in Control Panel"
Select the Cache Tab
Click the Clear button inside the Cache Tab, which will clear your JRE cache directory

Edited by AitrusSkyy, 13 August 2006 - 10:27 PM.

[†_Moose_†]

Many thanks to everyone who responded to the Trojan.ByteVerify problem I had. But, I remembered having a similar issue some time ago, and at the AVG Anti-Virus website, (http://www.grisoft.com) I had picked up a virus remover called vcleaner.exe. What you do is, on the Grisoft Home Page, click on "Virus information" on menu at the left. Then download the remover vcleaner.exe. Restart your computer in Safe mode and run the remover on the infected computer. Vcleaner removal utility will detect and remove the Trojan.ByteVerify, plus tons of other viruses, worms, etc. They tell you that if the infection is not removed, to rename the utility, like "KillVirus" or any name you want, then repeat the procedure and the virus will be removed. What a great little utility it is, and it's only 104 KB (106,496 bytes). I did a full scan with my AVG Anti-Virus program, and the Trojan.ByteVerify is Gone. I even did one more scan and it really is gone from my computer. Thanks again to all who responded to my plea for help, it is greatly appreciated.

[AitrusSkyy]

Anytime

[don77]

Thanks for letting us know the problem is sorted and how you resloved it