trojan hit

Discussion in 'malware problems & news' started by snowbound, Nov 11, 2003.

Thread Status:
Not open for further replies.
  1. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi everyone


    I just got hit by Java exploit bytverify trojan.

    Nod32 gave an elert saying it couldn't clean it because it is new file.
    I wasn't sure what to do so i just deleted it.

    This is the file

    Time   Module   Object   Name   Virus   Action   User   Info
    11/11/2003 21:59:47 PM   AMON   file   C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\GHWV4BOF\VerifierBug[1].class   Java/Exploit.Bytverify trojan   deleted

    I haven't had much experience wit infections.

    Did i do the right thing?

    Thanks

    Snowbound   
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Sorry i had to delete my first message on this.

    Noticed i forgot some information :oops:
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi snowbound,

    Yes. You did the right thing. Here is another thread on ByteVerify: http://www.wilderssecurity.com/showthread.php?t=13039

    Regards,

    Pieter
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi Pieter

    Thanks for the link, it was very helpful. I got rid of my temp files also.

    I'm wondering why my boclean didn't also pick this up?

    Is it because the trojan wasn't active yet?



    Snowbound
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi snowbound,

    Please read this as well:
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html and install the patch it points to, if you didn't already.

    I don't think ByteVerify itself was active in the memory, so that would be a reason for BoClean to miss it. But that is guesswork, so you will have to wait for someone who knows.

    Regards,

    Pieter
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi Pieter

    I went t the link u posted and downloaded the patch. I actually had this patch when it first came out in the spring but it slowed my computer to a halt so i uninstalled it. Seems to be more compatible now with xp so that's good news.

    Thanks again Pieter as always.

    Oh one more question. Do u think i should post a hijackthis log after having this trojan?

    Just wondering.



    Snowbound
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Snowbound,

    If you'd like us to have a look, by all means, post a log. :)

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.