Re: Java/ByteVerify

From: Andy (anomynous_at_discussions.microsoft.com)
Date: 04/18/05 

Date: Mon, 18 Apr 2005 09:31:54 +0200

Bill,
Further to my OP, I have no idea how this infection entered my computer. I
have ZoneAlam Firewall, Grisoft's AVG 7, MSAS, Spybot S&D, SpywareGuard,
SpywareBlaster, HijackThis, WinPatrol, Ad-Aware SE, MailWasher (I remove ALL
unrecognised mails without downloading them) and others installed on my
computer. Eventually I will end up with more prevention/clean-up software
than other data on my computer. I think it is time for National
Governments/ Legal Systems to become more aggressively active in
apprehending, prosecuting and imprisoning the culprits of these viruses/spam
(commercial or otherwise).
Andy

"David H. Lipman" <DLipma(commercial or otherwisen~nospam~@Verizon.Net>
wrote in message news:%23NtrdFvQFHA.3880@tk2msftngp13.phx.gbl...
> "Andy" <anomynous@discussions.microsoft.com> wrote in message
> news:%230LWLRsQFHA.3096@TK2MSFTNGP12.phx.gbl
> | OS Windows XP Home SP2, IE6. Security Patches are kept up to date, AVG
> has
> | latest Definitions.
> |
> | AVG Has reported a virus in my computer:
> | "Java/ByteVerify. This virus abuses the security vulnerability in Java
> | Virtual Machine described in MS03-011, which gives possibility of
> running
> | potentially dangerous operation to java program (like working with
> files).
> | Trojan horse using this vulnerability changes Internet Explorer Home
> page.
> | The fix is available on Microsoft web pages like
> | WindowsUpdate.Microsoft.com". It goes on to say "Selected object is
> located
> | inside the archive and cannot be healed" [located C:\Documents and
> | Settings\Andy\Applications
> Data\SUN\Java\Deployment\cache\javapi\v1.0\jar].
> | MS03-011 is dated 9 April 2003 and surely must have been included in the
> SP2
> | upgrade. If so why have I been infected?
> |
> | Is there a removal tool available?
> |
> | Andy
>
>
> 1) Dump the contents of your IE cache -
> Start --> settings --> control panel --> Internet options -->
> delete files
>
> 2) Dump the contents of the Mozilla FireFox Cache
> Tools --> Options --> Privacy --> Cache --> Clear
>
> 3) Dump the contents of your Sun Java cache -
> Start --> settings --> control panel --> Java applet --> cache -->
> clear
> or
> Start --> settings --> control panel --> Java applet -->
> general --> settings -->
> delete files
>
> 4) Download TrendMicro Sysclean by one of the following 2 methods
>
> Trend Sysclean Method 1
> ---------------------------------------
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend signature files.
> http://www.trendmicro.com/download/pattern.asp
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\sysclean")
>
> Download SYSCLEAN.COM and place it in that directory.
> Download the signature files (pattern files) by obtaining the ZIP file.
> For example; lpt576.zip
>
> Extract the contents of the ZIP file and place the contents in the same
> directory as
> SYSCLEAN.COM.
>
> Trend Sysclean Method 2
> ---------------------------------------
> Download the utility SYSCLEAN_FE at the following URL --
> http://www.ik-cs.com/got-a-virus.htm
> SYSCLEAN_FE automates the download and execution process of the Trend
> Sysclean Package.
> Direct URL --
> http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
>
>
> 5) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 6) Reboot your PC into Safe Mode and shutdown as many applications as
> possible.
> 7) Using Trend Sysclean utility, perform a Full Scan of your platform
> and clean/delete
> any infectors/parasites found.
> (a few cycles may be needed)
> 8) Restart your PC and perform a "final" Full Scan of your platform
> using the
> Trend Sysclean utility.
> 9) If you are using WinME or WinXP,Re-enable System Restore and
> re-apply any
> System Restore preferences, (e.g. HD space to use suggested 400 ~
> 600MB),
> 10) Reboot your PC.
> 11) If you are using WinME or WinXP, create a new Restore point
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

Relevant Pages

  • Re: Java/ByteVerify
    ... Security Patches are kept up to date, AVG has ... Trend Sysclean Package ... Download SYSCLEAN.COM and place it in that directory. ...
    (microsoft.public.security.virus)
  • Re: Possible Trojan/Worm
    ... | On my main XP Home PC, which is providing Internet access to another PC ... | trying again, which eventually means XP reaches it's port limit, gives ... Download TrendMicro Sysclean by other of the following 2 methods ... Trend Sysclean Package ...
    (microsoft.public.security.virus)
  • Re: Desparate for help!!!!!!
    ... | possible as some of the sites I am working with require IE6. ... Other javascripts work just fine. ... Trend Sysclean Package ... Download SYSCLEAN.COM and place it in that directory. ...
    (alt.computer.security)
  • Re: Virus problem
    ... | screen a open file security warning comes up about a file called svhost.exe. ... What can I do to clear the virus off my machine? ... Trend Sysclean Package ... Download SYSCLEAN.COM and place it in that directory. ...
    (microsoft.public.security.virus)
  • Re: Generic Backdoor.t virus... Cant get rid of it....
    ... | Backdoor.t" virus. ... | trying to infect our machines? ... Trend Sysclean Package ... Download SYSCLEAN.COM and place it in that directory. ...
    (microsoft.public.security.virus)
Loading