trojan hit

Hi everyone


I just got hit by Java exploit bytverify trojan.

Nod32 gave an elert saying it couldn't clean it because it is new file.
I wasn't sure what to do so i just deleted it.

This is the file

Time   Module   Object   Name   Virus   Action   User   Info
11/11/2003 21:59:47 PM   AMON   file   C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\GHWV4BOF\VerifierBug[1].class   Java/Exploit.Bytverify trojan   deleted

I haven't had much experience wit infections.

Did i do the right thing?

Thanks

Snowbound   

 

Sorry i had to delete my first message on this.

Noticed i forgot some information

 

Hi snowbound,

Yes. You did the right thing. Here is another thread on ByteVerify: http://www.wilderssecurity.com/showthread.php?t=13039

Regards,

Pieter

 

Hi Pieter

Thanks for the link, it was very helpful. I got rid of my temp files also.

I'm wondering why my boclean didn't also pick this up?

Is it because the trojan wasn't active yet?



Snowbound

 

Hi snowbound,

Please read this as well:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html and install the patch it points to, if you didn't already.

I don't think ByteVerify itself was active in the memory, so that would be a reason for BoClean to miss it. But that is guesswork, so you will have to wait for someone who knows.

Regards,

Pieter

 

Hi Pieter

I went t the link u posted and downloaded the patch. I actually had this patch when it first came out in the spring but it slowed my computer to a halt so i uninstalled it. Seems to be more compatible now with xp so that's good news.

Thanks again Pieter as always.

Oh one more question. Do u think i should post a hijackthis log after having this trojan?

Just wondering.



Snowbound

 

Hi Snowbound,

If you'd like us to have a look, by all means, post a log.

Regards,

Pieter