"Java / Byte Verify" fround with AVG Free

First off this Java/ByteVerify is, to my knowledge just begining to affect FireFox. Also it is probably one of the easiest types of trojans to remove,"delete it" in XP it will be located somewhere in the C:\Documents and Settings\<account name>\Application Data\Sun\Java\Deployment\cache\javapi. This trojan does not affect the Java JVM only the MVM (Microsoft Virtual Machine). Simply having it does not mean your system has been compromised. The DSO Exploit is or should I say was a security gap in Windows. This has been patched by Microsoft and poses no threat as long as you have all your windows updates. If however you feel that you must remove this message from your SB S&D report then using regedit (start/run/open:regedit/ok) perform the following steps. P.S. disabling Java in in your browser options will prevent the JavaByte Trojan from loading to the JRE cache.


1) Make a note of the location of the exploit shown in Spybot, something similar to:

HKEY_USERS\S-1-5-21-1614895754-73586283-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

2) Click on Start, Run, and type REGEDIT and Press Enter to open the Windows Registry Editor

3) Find the location of the exploit above in the registry by clicking on the pluses(+) next to each title

4) After opening the Zones section and clicking on '0' look to the right window, under 'name' is the key '1004' and the type is REG_SZ simply right click and delete this REG_SZ value.Then right click and create new>DWORD Value, name it 1004, then right click on that and goto modify, give it the Hex Value of 3, Click ok.

If there is only a DWORD Value for the key (in this case 1004), then double click on the key and change the HEX value to 3 and click Ok.

5) Close the Registry Editor and Reboot your computer

6) The DSO Exploit should now be removed and it should no longer appear in the Spybot Search and Destroy log as a problem.

 

I can confirm that Java/Byte Verify is affecting FireFox because I've got it! Last week, I installed a new PC running Windows XP with FireFox as browser. Last night, AVG Free informed me that eight files had been infected with Java/ByteVerify, six of which couldn't be healed because they are inside the archive. I'm also using the ZoneAlarm firewall. I'd like to get rid of the trojan but don't want to risk billy jack's problems with downloads.
I have three questions:
1. Is there a failsafe way to remove Java/Byte Verify without any downside?
2. How did it get through ZoneAlarm?
3. If I ignore it, and continue using FireFox as the default browser, will it harm my computer?
Thanks in anticipation.

 

Yes, but please tell us the exact file path and name as given by AVG in its Logs/Reports. If Byte Verify is in your Java cache you just delete the contents of the cache. See this thread:- https://www.wilderssecurity.com/showthread.php?t=13039&page=1&pp=25

You let it in by browsing the Web! ZA is a FW not an AV! If you want to stop nasties from getting into your Java cache, just switch off Java while you browse suspect sites.

If you're on an up to date operating system, fully patched, and using Sun Java rather than MS VM for Java, it will do you no harm at all.

 

Yippeee thanx guys!! Found this thread on google. I had exactly the same virus and problem and you've done it . After getting absolutely no answer fron Sun microsystems for weeks about their vulnerability and how to get rid of the viruse on my system, I run into the solution here. Thanx again

 

Just to let you know that after I moved two of the eight infected files to the vault AVG pronounced my PC virus free.
Yippee!

 

Ok, I Have this virus right now, and i dont know what to do!!! im using XP celeron with AVG and Zone Alarm Pro. I tryed the following things

-internet explorer > tools > internet options > delete files (also delete all offline content). I Also cleared History and cookies.
-updated security from the security microsoft update page
-scaned with AVG in Safe Mode (when i scan in safe mode it doesn't pick up the 2 infected files)

however when i scan in normal mode it picks up 2 files:

C:\Documents and Settings\steve\Local Settings\Temporary Internet Files\Content.IE5\O9A7W9EV\archive[1].jar

and

C:\Documents and Settings\steve\Local Settings\Temporary Internet Files\Content.IE5\O9A7W9EV\archive[1].jar:\beyond.class

but when i go look for these files with windows explorer their not there so i put show hidden files and folders but they still dont appear

I also tryed going into Control panel > Java plug-in because i see that solution helper alot but there is no java plug-in in my control panel please someone help me!

and one more thing, everytime i open windows explorer i get 2 messages from AVG saying virus detected and i heal them cuz the files paths and names are always different everytime i open the internet explorer

 

In Control Panel, switch to Classic View and u should see Java Plug-in.


snowbound

 

I always have it on classic, come on im pretty knowledgeable in computers, i've gotten rid of viruses before, but i cant get rid of this one AHH!!!

 

PLEASE SOME ON HELP its really frustrating

 

one more thing, i ran a complete scan with spybot it detected stuff like

C:\WINDOWS\system32\bdesac24.dll
C:\WINDOWS\system32\bdesac10.dll
C:\WINDOWS\system32\bderastdx6_30002.dll
C:\WINDOWS\BDE\bdeplayer2.dll
C:\WINDOWS\BDE\bdeimage.dll
C:\WINDOWS\BDE\bdeengine2.dll
C:\WINDOWS\system32\bde3d_ref2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Brilliant Digital Entertainment

If i were to leave the check marks on these files and continu in SpyBot will it Affect my computer, like will it delete those files? and then my computer wont function well or something

 

wow wow wow i think my problem's gotten worst i got a error during the spybot scan it said...

Error during check!
Xuron55 (datei C:\WINDOWS\win.ini kann nicht geoffnet werden. The process cannot access the file because it is being used by another process

What do i do

 

Thanks Ronjor.

if anyone can tell me if its ok to keep the boxes checked on spybot with the information that i stated above i would appreciate it thanks.

 

ok im not too familiare with this hijack and logthing can u help me out a bit, sorry!

 

1. Download HijackThis [HJT] from here:
http://www.spychecker.com/program/hijackthis.html
2. Create a folder, "C:\HijackThis" and install HJT to that folder.
3. Run HJT, create a log, then post your log into a new thread --
not here at Wilders but at the other forum [Ron gave links above].
4. Someone at one of those forums should be along to help soon.

 

one of those sites arn't accepting regestrations anymore and the other one(castlecops) doesn't let me sign in. can u give me another site thanks

 

made an account and signed in on the site but i didn't find a room where i can post a topic about hijackthis. maybe i dind't look right, help?

 

ok found it thanks for ur time il report back if i need help thanks

 

how long u think it wall take?

 

was i suppose to copy paste the log onto the thread?