(Java.ByteVerify.exploit trojan

Discussion in 'malware problems & news' started by PhiloVance, Aug 29, 2003.

Thread Status:
Not open for further replies.
  1. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi BigE,

    The information and links are all here in this thread. You have to empty IE's Temporary Internet files, and get the patch from Windows Update web site. Do an on-line virus scan too.

    Please read through the thread again. :)

    Regards,

    snap
     
  2. Big E

    Big E Guest

    Hi Snap,
    Thanks for answering my question. Apparently Windows Update patch will not come up as a critical update, thereby I will have to choose from a list. Do you know the name of the patch? Or by chance provide a link? I'm between an expert and a computer illerate user.
    Thanks,
    Big E
     
  3. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi BigE,

    You can check the link below for more detailed information on this particular flaw and the critical update. Look under the "Frequently asked questions" link on that page and you'll find steps there to show you how you can check the version of Microsoft Virtual Machine and if you have a vulnerable build number. Any build 3809 or less, you are vulnerable and need to apply the critical update to bring it up to build 3810 or higher:
    Flaw in Microsoft VM Could Enable System Compromise (816093) MS03-011

    If you find that you do have the vulnerable build for the Microsoft VM, then it should show up on the Windows Update site for you, along with any other available critical updates, since this was/is a critical update and released back on April 9, 2003. Microsoft still provides critical updates for Win98se on their update site.
    Critical security updates will be provided on the Windows Update site through June 30, 2006.

    Have you been able to get any other security updates/service packs, etc.?

    For now, you can disable the MS Java in Internet Explorer, though any web pages that require the use of Java will not function properly:
    Open IE and click on Tools --> Internet Options -->Security tab, and under the Internet Zone click on Custom Level. Scroll down until you find Microsoft VM - Java permissions, and place a dot in the circle beside "Disable Java". Click "OK", then "Yes" to the prompt.

    Clear your IE's Temporary Internet Files by clicking on the General tab --> Delete Files (put a check in the box beside Delete all offline content), click OK, then click on the Clear History button.

    Empty your Recycle Bin, then do an on-line virus scan: Free Services

    You can find in the link below some great advice and recommendations that will help tighten your security and prevent future infection:
    Why did I get infected in the first place?

    Hope the above helps a bit more.

    Regards,

    snap
     
    Last edited: Sep 30, 2004
  4. Big E

    Big E Guest

    Thanks for the info, Snap, but my Microsoft Virtual Machine is up to date. I check often with the Window Update web page although no Critical Updates haven't been posted in a while. AVG did it's regularly update last night and showed that no viruses were found, but I've noticed that this virus continues to show up days after. I'm not sure that disabling MS Java will solve my problem running the risk of it not working properly. I guess it's coming from some web pages I'm browsing. Appreciate your help. If you think of any other info I will be checking this web thread often.
     
  5. AKEITH

    AKEITH Guest

    How do i remove this java-byteberify if i don't use sun java?
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    99,907
    Location:
    Texas
  7. thbjr

    thbjr Registered Member

    Joined:
    Nov 25, 2004
    Posts:
    1
    I just had the Java/ByteVerify problem. My Ad-Aware spyware removal software found it in 7 differant files. My AVG AV did not remove it. I got rid of it by running a search (from the START menu) for the ending part of the file name as it was ID'ed by Ad-Aware, ie C:/DOCUMENTS AND SETTINGS/DEFAULT/......./COUNTER.CLASS (4 were found in the search for 'counter.class', 2 were found in a search for 'parser.class' and 1 in 'Dc2.class'). Do your search in 'all files and folders', scroll down to 'More advanced options' and click it and check system folders, hidden files and folders, and subfolders. When you try to open the files the search locates, if the are infected, the virus warning pops up. At that point, I simply hit the delete key. Some were deleted and some were sent to the recycle bin that I emptied and all my infected files are now gone. Ad-Aware once again runs cleanly. I hope that helps.
     
  8. MARKWW

    MARKWW Guest

    Re: (Java.ByteVerify.exploit trojan *** INFO FOR ALL

    OK The file is built into JAVA, some body when they wrote the program could have interjected the Trojan into the program. This isnt the first program I have found that was not infected. I have found some on downloads.com that were bigger than expected as to BYTE SIZE like Startup Mechanic the exe file had a virus in it and deleted it. AS TO JAVA, the virus is about 26k in the folder all u do is delete it and its gone. It was probally put in by a vonerablability of the program or the writer some where took it injected a virus that was fired and was mad.

    ONE THING MORE I also have anti spy built into my WEB BROWSER and have found back door trojans coming from safe web sites so the crackers are having fun.

    ADAWARE cant find them all either so I run anti spy from Yahoo and adaware and both work fine together.

    ONE THING THAT REALLY GETS MY GOAT- is that ANTI VIRUS companies tout their Anti Virus programs and say they can get viruses and trojans YEA RIGHT have had both and the anti virus program couldn't capture them.
    ]
    Kinda like throwing money into the trash. I hate antivirus people who say their programs work wonders and after you but it it turns to **** and your screwed.

    Mark
     
  9. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, you could try a different AV, many have free trials, or reinstall your Java.
     
  10. joemama

    joemama Registered Member

    Joined:
    Feb 19, 2004
    Posts:
    1
    Greetings, I just want to Thank this member "Stanger" for posting this. For 3 days I've tried to find a fix for this , and the only supposed "fixes" found were no less than at least an hour or so making changes in the registry, and that was just for starters.

    I knew there had to be something simpler , probably more effective, & quicker. And everyone claimed to have the correct fix yet no 2 were alike and not one mentioned this particular fix.

    This may have taken a whole 45 seconds, if that, and it worked perfectly. Thank You.

    I also have ez e-trust av which does a good job finding them "after they're already installed" which makes absolutely NO sense to me at all. "Totally Worthless". It ALLOWS these Trojans in to your computer, It DOES find them AFTER they've installed, But DOES NOT have a CLUE how to FIX them. IT say's, CAN'T DELETE, CAN'T CLEAN, CAN'T RE-NAME, and then leaves it up to YOU to figure out what to do about getting rid of them, With NO Help. But It DOES Warn you that you'd better get rid of it Real Quick to Avoid damage.

    Thanks Again, I'm Just Glad I Came Here to Check the Forum. barterjunkie
    :D :D :D :D
     
  11. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Joemama, welcome to Wilders. Good to see that you got things sorted out, you may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

    Let us know how you go…

    Cheers :D
     
  12. actech

    actech Guest

    my adaware shows the following each run.

    JAVA/BYTEVERIFY

    C:\windows\temp\AAWTMP\C26489340\GETACCESS.CLASS
    C:\windows\temp\AAWTMP\C26489340\INSECURECLASSLOADER.CLASS
    C:\windows\temp\AAWTMP\C26489340\INSTALLER.CLASS
    C:\windows\temp\AAWTMP\C26489340\GETACCESS.CLASS
    C:\windows\temp\AAWTMP\C26489340\INSECURECLASSLOADER.CLASS
    C:\windows\temp\AAWTMP\C26489340\INSTALLER.CLASS

    There is no windows\temp\AAWTMP on my computer and I have done a file search and nothing shows up with the above referenced file names.

    Any ideas?
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi Actech. If your problem is Trojan or Virus related, then you will probably benefit from following the comprehensive steps found in General Cleaning.

    The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum.

    Once your system is clean, please don’t hesitate to ask further about using this and other security to protect your computer.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  14. shamsul2293

    shamsul2293 Guest

    I got the virus too. Delete by selecting all files in the folder JAR while in window explorer. Tq StAnger
     
  15. barbadosalan

    barbadosalan Guest


    Many thanks worked perfectly.
     
  16. Sin Wicked

    Sin Wicked Guest



    Thanks for the fix!
     
  17. TBizjet

    TBizjet Guest

    Thanks to all that posted to this thread. I had the same problem and just found t his site on a search, your recomendations cleaned me up and I set the auto cache off. Hopefully this will help in the future. Thanks again...

    Carl
     
  18. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Hi everyone,

    I found the java exploit trojan on my system in the java cache directory. KAV was able to move it to its "infected" folder. Is there any AV or AT that stops this type of file from being downloaded. I have KAV 4.5, BOClean, and Ewido running in real-time, but it took a batch scan to detect it. I'm not worried about it, but it does seem like there is a hole in my security somewhere. Any ideas or comments?

    Rich
     
  19. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    I've had 2 hits of this Malware just in the last 3 days and about 5 altogether on seemingly innocent sites and NOD32 caught them all before infection could occur.



    snowbound
     
  20. Laurie

    Laurie Guest

    I have Win98se and have this trojan too....I think.

    I admin a PC gaming website and got from There! We were maliciously attacked from a padonak.info website that uses IFRAME to download the "proc.jar java. archive and run MainApp.class This, again through IFRAME, loads other classes which contain JavaByteVerify exploit.

    I contacted the website owner to shutdown the website to give a good scrubbing to get rid of this.

    I may have gotten this from my own, dang, website! My machine is constantly going through "program loaded and ready" announcements (set it up to verbally say this) then flickers as a "program is loaded". Have to leftclick to make my cursor work and while typing. Frustrating and annoying as it will not allow me to view anything in my Windows Explorer for more than a minute before announcing "program loaded" and shuts it down.

    Read through this thread for any help.

    I managed to check my Java folder (before it closed) and cannot find any extra folders there. Only "Classes" and "Packages" but nothing like JAR. I did delete my Temporary files and clicked on "delete offcontent" first.

    Just Where is the "system restore" or it's equivalent for Win98se? The last thing I need is having this thing come back after reboot. (never done this before)

    I do have AVG Free and it did not find any viruses. I do have the current AdAware/Spybot S&D and run them on a regular basis. Have TDS-3 and it did not find anything.

    I looked for Microsoft updates as suggested in this thread but there are none available for me to get. Keeps giving me "0% Updates available" However, I just went to my Security tab and disabled JavaApplets for now.

    Help.
     
  21. Laurie

    Laurie Guest

    Update.

    Found out how to system restore for Win98se. Downloaded "HijackThis" and posted it elsewhere. Went into SafeMode (first time for me) and troubleshoot. Finally got rid of whatever Exploit was causing the problem.

    My machine runs normal now.

    Got word from a Runegame community member the Bloodworm Exploit 6 is another little nasty that was installed through padonak.info/fa/hta.php/object.cfm object.

    Anytime anyone went to the forums, this gets installed and appears on the taskbar. If clicked up, it disables the ActivX so the pages will not appear properly. Those with good anti virus programs can get rid of it easily enough. However, he was surprised that it got around his router and even his "Black Ice".

    This could have been my "bug" but then again, it could have been some other "narsty" allowed to be installed by through this padonak.info object. My TDS 3 did not spot it. Nor anything with Ad Aware, Spybot S&D or my AVG Free scans.

    One of the "fixed" pieces from my systems folder was a driver "anyumr.dll" found by HiJackThis. Anyone seen anything like this before? After fixing it through the HijackThis, no more problems. I also found a long list of ~df (with numbers/letters).TMPs in my TEMP files. After I deleted all of these (in Safemode) and emptied them out of the recycle bin.....again, no problems. But one would not allow itself to be removed.

    Anyway, thanks for all the postings in this thread....it certainly helped me overall.

    Laurie

    Laurie "the DeepMinded"
    Runegame.com Admin
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Good to see Laurie, and thank you for keeping us up-to-date. You may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

    This is what works really well for me, very simple to use and maintain.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  23. EL Maca

    EL Maca Guest

    Control Panel > Search > Java (folder)
    if your virus scanner has found something in your Java file, find the name and the file this way
     
  24. EL Maca

    EL Maca Guest

    OOOOPS,
    START > SEARCH > Java (File)

    and for all those using IE browser, you can switch to mozilla FireFox broswer...
    much easier to adjust settings and they work...
    the updates are more dependable to resolve problems than create them, in my opinion...
    and the options are more advanced and easy to learn in help options, which you pay for, but that is for noobies, most intermediates or advance computer user will find it a mind easing alternative from IE's constant battle with the forces of spam...
     
  25. El Maca

    El Maca Guest

    OH YEAH!
    and if you have to you can do this in safe mode too, if your virus program keeps detecting the virus:

    START > SEARCH > Java (File)

    ps: always empty your recycler and restart, as my proffessor always said.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.