Trojan

Discussion in 'malware problems & news' started by FukenFooser 007.5, Sep 28, 2003.

Thread Status:
Not open for further replies.
  1. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :mad:
    Just got fricked by this forum also, (had huge story typed here and lost when didn't put txt @ end of Att, #$@^$#$^%&$%&*)

    Got a bunch of "opinions" about "Trojan.ByteVerify" if anybody wants to type @ me

    Anyway not a expert or even a novice, but just another "sucker"
     
  2. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Hi FukenFooser 007.5 and welcome to the forum
    Would you please translate this part of your post, I think I don't understand what you mean
    Dolf
     
  3. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    o_O
    :'(
    Nobody want to laugh @ me for being to stupid to have a back-up?

    just got hosed real good by the "Trojan.ByteVerify" or "VerifierBug.class" as also showed

    could use an "opinion" or two anyway


    thanks anyway
    :(
     
  4. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    had the whole story of what happened to my sys (it's getting brain-wiped right now. lucky to have brothers sys to use till up again)

    And tried to put a "cute" att on it and when did it errored out and lost all typing



    :mad:
     
  5. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :cool:
    OK I give, (up)

    Brother home now and will want his sys to use for his thing,"Race track building",
    (F1 Cars around our home town) {crazy as he is}

    will b next door cursing OUTLOUD about puters an all else that seem 2 b out of my control

    hope extra drive lives thru this

    And last but NOT least, Foosball is not a game, it's a "Faith", to the gifted that can keep-up that is!
     
  6. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html
     
  7. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Had already tried the link to norton, wouldn't do anything with my 2002 version, cleared all temp files that I knew of and still got nothing but a system that wouldn't even boot up.

    Finaly got it to reinstall xp pro on other drive, but between the virus or me I lost all from main drive, (60G)
    lucky to have some backed up on this drive,Not what I wanted the most of course! Do have some notes from when trying to get back in and or reformat c drive if anybody is interested in.
    Am more of a danger to puter than the virus's or worm's, when trying to follow stuff wrote up on bulletins, Just have hard time following the way they put it. Need the straight-up info. o_O o_O o_O
    :'(
    :'(
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    I'll take it you did have a look at this thread concerning the same issue as well?

    regards.

    paul
     
  9. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    o_O
    Did, and again I don't see anything listing "Java" anywhere in the control panelo_O

    Got xp po reinstalled on other drive and the more I look and find anti-V's & stuff the more it act's like it has a problem again o_O (Can we realy trust these places?, I mean who bennifits the most from "new" virus's and all??)!!!
    As stated b4 "tech-challenged", need "layman's" terms and the simple easy words. What is "Java" anyway? another puter language? what ever happened to basic? (remembering from puter class in 7?'s) And yes I totaly understand the dif between then and now,(used 2 spend weeks getting a 30s game 2 run.). Life,wifes,kids, and busness only sys's,(afraid to break){never touched a sys I couldn't lock-up},[Thats how got this one, younger bro's feeling sorry 4 older one I share pad with, gave 4 x-mas 01], got in way of the learning my way around billie's glass house that we all play in now!
     
  10. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi FukenFooser 007.5,

    The two sites below describe the differences between Java and JavaScript. In doing so they might give you a better understanding of what both can do.
    http://pheatt.emporia.edu/courses/cs220f03/hand23.htm
    http://www.beva.org/publish/week8/javavsjs.htm

    The fact that you could not find the Java Plug-In in your Control Panel most likely means that you do not have the Sun Java installed.

    In that case the files would be stored in IE´s Temporary Internet Files.
    I take it from your previous posts that you already cleared those out.

    Regards,

    Pieter
     
  11. fiji00

    fiji00 Guest

    Re:Java/ByteVerify

    What is the ByteVerify bug, what does it do, is it hamless what is the point of this thing.
     
  12. fiji00

    fiji00 Guest

    Re:Java/ByteVerify

    I don't want to sound to inapt to this pest but every time i run my virus program this thing always pop up . I would like to get my hands on the one who created this thing.
     
  13. fiji00

    fiji00 Guest

    Re:Trojan: ByteVerify

    Do you have any information on this thing. I don't even know if it is a virus or a Trojan. What does it do once on your machine.
     
  14. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi fiji00,

    All the information about just what this is was provided via the link above to Symantec's info page. See it here:

    http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

    Basically, if you are current with this Microsoft patch (MS03-011) you'll be okay. All that remains is to determine where your AV is finding this infection and removing it. Where is it found on your system?

    More often than not it is in the browser cache, so emptying your cache should remove it.

    See also this thread for how to clear the SUN Java cache, if you are using SUN's Java machine.
     
  15. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    o_O
    o_O
    o_O
    Now that system is running on "extra" HD, the on-line scan's and my old standby's (antiV's) are showing a bunch of new stuff??

    Probebly all "false-pos" but never had any show up before, and was DL 24-7 for about 2 years.

    Latest one, (about an hour ago), had a movie on pause, and when back it showed that "AVgaurd" found this o_O?
    " 'C:\system volume information\.Restore {0733930d-1904-46AF-AD3F-169573900B37}\RP42\A0004605.DLL' in file

    Contains signature of the VBS script virus VBS/Newlove.A "

    This "Newlove.A" also showed up this morning after leaving sys running multi-scan's, when I finaly gave up to sleep a little.

    AVgaurd's Luke filewalker gave this report.
    " C:\WINDOWS\system32\Active Scan
    imscan.dll
    contains signature of the VBS Script Virus VBS/newLove.A "


    Deleted! Was the response I gave it.

    Any Experts out there got any advice for thiso_O

    movie was on a cd (I Burned a year ago).


    Thanks for all the help already recieved!!!!!!!!!!!!!

    :)

    :cool:
     
  16. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    The file that was found in the last scan was in your System Restore files. So that is only the backup of the one you removed before.

    It has absolutely nothing to do with the movie.

    Regards,

    Pieter
     
  17. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :)

    Thanks "Again" Pieter!!!

    While doing that post, Luke filewalker was running!

    As allways it gave two warnings,

    hiberfil.sys locked
    pagefile.sys locked

    Any concern here??

    am learning to understand what I try to read in the reports now.

    :D

    :cool:
    ps. luke running now with report file size reduced to 100k and only to show the problems, not full info.
     
  18. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    hiberfil.sys holds the information that windows needs to "wake up" should it go into Hibernation.
    If you don't use that functionality you can disable it under Start > Control Panel > Power Options > Hibernate tab

    pagefile.sys is the virtual memory

    Both files are very well protected by Windows. That is why the scanner can't access them.

    Regards,

    Pieter
     
  19. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :) ;) :D :D

    Thanks again to the main man "PIETER"!!!!!!!!!!!!!

    It also showed zipped files to be locked, is this normal??

    just wondering?

    And am glad to see from "FAQ", (looking for max size), that posting here is as hard as it seems. Takes a couple tries sometimes.


    :) :)
    :cool:
     
  20. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    That depends on the scanner. Password-protected zip-files will be inaccessible anyway. The others shouldn't be too difficult to scan, but maybe they excluded them because the pose no threat.

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.