JavaByte/Verify

Discussion in 'malware problems & news' started by Muerte Roja, Oct 12, 2004.

Thread Status:
Not open for further replies.
  1. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    I run AVG Antivirus free edition, and I have had the virus "JavaByte/Verify" come up. Symantec doesn't have any information on this virus, and I can't seem to find any place that does. When I open up, java, and go to "Cache" there is no option to delete the JAR cache, only the option to "Clear JAR Cache". I run Windows 98 SE. I have been to the other threads discussing this virus but have had no help there. Any help on how to remove it would be appreciated.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,757
    Location:
    Texas
  3. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    :D :D :D

    You're too quick for me Ron, i was just about to post that thread. ;)


    snowbound
     
  4. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Yeah, I've read that one, but the advice doesn't seem to help me. My problem is that the Cache Tab in Java plugin has only one button (which I have clicked) that says "Clear JAR Cache", there doesn't seem to be any way of deleting the JAR Cache, which is where the virus is apparently. Furthermore, I don't know how to get to the actual folder, and AVG just identifies it, but doesn't delete it. Even more, all the online scans (Panda, Symantec, Housecall, PcPitstop) all don't seem to work anymore for me. They might not becuase I just recently installed Zone Alarm Firewall.
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Clear the cache, that should get rid of it, it is the same as delete. As for the ActiveX based sites, you most likely enabled mobile code control in ZA, Either allow it on those sites you need it for, or turn mobile code control off.
     
  6. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    I have cleared the cache, and AVG still detects the virus. I'll try that mobile code control thing.

    If I delete the entire program and re-install it, will that get rid of the virus?

    Is there a registry key for the virus that anyone knows of?
    Also, if you want data I have HijackThis and ASViewer.
     
    Last edited: Oct 16, 2004
  7. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    I ran Symantec's online scan and it didn't identify anything. Panda's scan is not working, and TrendMirco's didn't work either, something about connecting to a server didn't work. I was just thinking to myself that this might just be something harmless, but when I started up today I got some weird messages about the printer being offline, and I don't even have a printer plugged in. Any ideas at all?
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Just to be sure your system is clean, you may want to try the steps found here

    Let us know how you go...

    Cheers :D
     
  9. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Ay dios mio, that's a lot of steps...but I'm willing to try about anything, thanks man, I'll do that.
     
  10. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    Well I didn't do any of those things, but I ran Panda's scan a couple of times and there was no virus detected. Furthermore, AVG has stopped detecting it. I would think that it was cured, but this has happened before with the SecThought.E virus. It will detect it, stop detecting it for a while, then start again. Do you think I should still do all that?
     
  11. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    for peace of mind it might be a good idea to run all of the steps, it is a lot to do but it should be worth it.

    bigc
     
  12. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    I have the Java/Byte Verify virus also but it isnt in the same file mentioned above. it's supposedly in C:\DOCUME~1\Owner\LOCALS~1\Temp\AAWTMP\C3598671\179F87\Counter.class but when i search my computer for this file it's not there. can anybody tell me how to get rid of the virus in this location?
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Empty your Temp files by doing the following:

    Open up Internet Explorer

    Click on Tools

    Internet Options

    General TAB

    Temporary Internet Files

    Delete Files

    Delete All Offline Content.


    Hope this helps...

    Cheers :D
     
  14. eboula

    eboula Registered Member

    Joined:
    Oct 21, 2004
    Posts:
    9
    that seems to have done the trick. thanks
     
  15. mahdikaz5

    mahdikaz5 Guest

    i have got two vireses java agv is not deleting them what do i do plz
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,757
    Location:
    Texas
    If using XP, turn off system restore and restart/rescan.

    If you are using Microsoft Java Virtual Machine, update it or use Sun Java.

    Grisoft

    Microsoft
     
  17. Rhuin

    Rhuin Guest

    I kept getting this message whenever I ran Ad-Aware. I noticed in the address temp was AAWTMP. I had forgotten to delete my quarantines and it seemed to be picking it up from there. All better now.
     
  18. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    I ran AdAware and it didn't get anything when I had the Byte/Verify virus.
     
  19. Rhuin

    Rhuin Guest

    I meant in my case I believe AVG was signaling a virus, when there was not one, because of what was quarantined in my AdAware. For me, when I deleted the quarantines I stoped getting that exact message you posted. I was guessing that the AAWTMP in the virus location represented an "AdAWare TeMP" location.
     
  20. Muerte Roja

    Muerte Roja Registered Member

    Joined:
    Jun 30, 2004
    Posts:
    39
    That's weird because I didn't even do anything, and AVG stopped detecting it.
     
Thread Status:
Not open for further replies.