trojan hit

Discussion in 'malware problems & news' started by snowbound, Nov 11, 2003.

Thread Status:
Not open for further replies.
  1. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi everyone


    I just got hit by Java exploit bytverify trojan.

    Nod32 gave an elert saying it couldn't clean it because it is new file.
    I wasn't sure what to do so i just deleted it.

    This is the file

    Time   Module   Object   Name   Virus   Action   User   Info
    11/11/2003 21:59:47 PM   AMON   file   C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\GHWV4BOF\VerifierBug[1].class   Java/Exploit.Bytverify trojan   deleted

    I haven't had much experience wit infections.

    Did i do the right thing?

    Thanks

    Snowbound   
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Sorry i had to delete my first message on this.

    Noticed i forgot some information :oops:
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi snowbound,

    Yes. You did the right thing. Here is another thread on ByteVerify: http://www.wilderssecurity.com/showthread.php?t=13039

    Regards,

    Pieter
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi Pieter

    Thanks for the link, it was very helpful. I got rid of my temp files also.

    I'm wondering why my boclean didn't also pick this up?

    Is it because the trojan wasn't active yet?



    Snowbound
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi snowbound,

    Please read this as well:
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html and install the patch it points to, if you didn't already.

    I don't think ByteVerify itself was active in the memory, so that would be a reason for BoClean to miss it. But that is guesswork, so you will have to wait for someone who knows.

    Regards,

    Pieter
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi Pieter

    I went t the link u posted and downloaded the patch. I actually had this patch when it first came out in the spring but it slowed my computer to a halt so i uninstalled it. Seems to be more compatible now with xp so that's good news.

    Thanks again Pieter as always.

    Oh one more question. Do u think i should post a hijackthis log after having this trojan?

    Just wondering.



    Snowbound
     
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi Snowbound,

    If you'd like us to have a look, by all means, post a log. :)

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.