Trojan.ByteVerify

Ask the few things google does not know

Moderator: Dictators in Training

Trojan.ByteVerify

Postby Maeya » Thu Jun 29, 2006 9:11 am

Recently my computer started acting strange. In my Outlook (2000), messages would send, but they would just *sit* in my outbox without moving to the Sent Items folder. I can't move them manually either. I know they get sent, because people will reply to them, and have told me they received my emails that are still sitting in my Outbox.

I tried to run a Inbox Repair tool on it, but was unable to find my .pst file. I checked the profiles on Outlook, and it gave the path to the file, but following the path, I got to the last folder, and there was no Inbox.pst. It just wasn't there. Doing a search on .pst didn't reveal anything either - but I'm still sending and receiving mail.

I thought perhaps I had some sort of a strange virus, so I tried to update my definations on Norton and it told me that I had to check my internet connection because it couldn't connect. I was on the internet at the time, so I knew I had connectivity.

I rebooted in safe mode and ran Norton, and it found an quarantined a Trojan.ByteVerify virus. There were 2 other infected files associated with it that it quarantined as well. I restart my computer and log back into Outlook. It's still not working normally. So I try to run Nortan Live Update. Still can't connect.

I google the Virus and found a blurb on Java's page (which is the file where the virus was found).

SYMPTOMS

Malicious applets have been discovered in the JRE cache directory. Anti-virus programs have detected such malicious applets in the following directory:

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011).

If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer.

Examples of the JAR files are:

* javainstaller.jar
* menu.jar
* archive.jar
* classload.jar
* 285.jar
* count4.jar
* loaderdmitriy.jar




CAUSE

When the browser runs an applet, the JRE stores all the downloaded files into its cache directory for better performance. We have received reports of the following malicious applets in the cache directory:

1. Trojan.ByteVerify
2. VerifierBug.class
3. Java.JJBlack worm
4. Java.Shinwow trojan

However, in this instance, storing these applets in the cache directory can not cause any harm to your computer because they are designed to exploit a vulnerability in the Microsoft VM, not the Sun JVM.


SOLUTION

If you find one of these malicious applets on your computer, please use an anti-virus program to delete the applet, or you can clean the cache directory manually.

Here are the instructions on how to manually remove these malicious applets from the JRE cache directory:

1. From the Start button, click Settings > Control Panel
2. In the Control Panel, open the "Java Plug-in Control Panel"
3. Select the Cache Tab
4. Click the Clear button inside the Cache Tab, which will clear your JRE cache directory

To enable the Sun Java Virtual Machine as the default JVM, please refer to:

Switching between the Microsoft VM and the Sun JVM



I tried to follow the directions to remove the virus manually, but I can not locate a damn "Cache" tab on my Java Window. I have General, Update, Java, Security, and Advanced. I don't see a Cache area on any of those tabs.


I run Windows XP with security patches up-to-date.

Anyone have any suggestions? I've taken this as far as my limited computer knowledge will allow me to take it.

Thank you in advance.
Maeya
NT Veteran
NT Veteran
 
Posts: 1309
Joined: Thu Mar 11, 2004 6:56 am

Postby Maeya » Thu Jun 29, 2006 9:28 am

Wanted to add my connection is refused when trying to access Symantec & TrendMicro websites.
Maeya
NT Veteran
NT Veteran
 
Posts: 1309
Joined: Thu Mar 11, 2004 6:56 am

Postby Arlos » Thu Jun 29, 2006 10:41 am

Check the General tab, there should be something there for Temporary Internet Files, with an option to delete them. That'd be your cache. Just click the button to delete all of the files.

Now me, I run the Sun JVM cause I do actual java coding for school. You might want to go to Sun and download their version and have it try overwriting the MS version, once you get the problems fixed, so as to avoid this in the future.

-Arlos
User avatar
Arlos
Admin Abuse Squad
Admin Abuse Squad
 
Posts: 9021
Joined: Thu Mar 11, 2004 12:39 pm

Postby Maeya » Thu Jun 29, 2006 10:58 am

I *think* I got the virus off the system. At least it's not coming up on Norton's scan anymore, and I can now access the Live Update. However my Outlook is still acting strange. =(
Maeya
NT Veteran
NT Veteran
 
Posts: 1309
Joined: Thu Mar 11, 2004 6:56 am

Postby Arlos » Thu Jun 29, 2006 11:22 am

Might I suggest then NOT using Outlook, and going with something like Eudora? Outlook is, after all, VERY VERY well known for having tons of different security holes. They keep patching it, but keep getting new ones.

-Arlos
User avatar
Arlos
Admin Abuse Squad
Admin Abuse Squad
 
Posts: 9021
Joined: Thu Mar 11, 2004 12:39 pm

Postby Maeya » Thu Jun 29, 2006 11:27 am

I'm sorry, what is Eudora? Would I be able to keep my history of emails from Outlook with Eudora?
Maeya
NT Veteran
NT Veteran
 
Posts: 1309
Joined: Thu Mar 11, 2004 6:56 am

Postby Arlos » Thu Jun 29, 2006 11:42 am

http://www.eudora.com/

I am not sure about your old message history, but it would surprise me if you couldn't.

I've heard a lot of really positive things about Eudora, it started out being the mailer of choice on non-PCs, and was more recently updated to work on Windows as well.

edit: Yep, you can import your old Outlook stuff into it: http://www.eudora.com/techsupport/tutor ... mport.html

Edit #2: a review of Eudora from about.com http://email.about.com/cs/winclientrevi ... eudora.htm

-Arlos
User avatar
Arlos
Admin Abuse Squad
Admin Abuse Squad
 
Posts: 9021
Joined: Thu Mar 11, 2004 12:39 pm

Postby Gidan » Thu Jun 29, 2006 11:54 am

Outlook really is a mess. Eudora is a very good email client as is Thunderbird. Personally I prefer thunderbitd, and if I recall it will import everything from outlook.

Both are vrey sold and work well.
For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.
User avatar
Gidan
Admin Abuse Squad
Admin Abuse Squad
 
Posts: 2892
Joined: Tue Jan 04, 2005 11:01 am

Postby Maeya » Thu Jun 29, 2006 12:07 pm

Thunderbird from Mozilla, right? Might be worth looking into. I doubt very seriously that I"ll get approval to buy any new software. Unless it's a charred, smoking pile on the floor, it's still in good enough working condition for my boss =/
Maeya
NT Veteran
NT Veteran
 
Posts: 1309
Joined: Thu Mar 11, 2004 6:56 am

Postby Arlos » Thu Jun 29, 2006 12:10 pm

The free version of Eudora has almost all of the features of the pay version, it just has a little window for ads in the lower left hand corner.

-Arlos
User avatar
Arlos
Admin Abuse Squad
Admin Abuse Squad
 
Posts: 9021
Joined: Thu Mar 11, 2004 12:39 pm

Postby Maeya » Thu Jun 29, 2006 12:24 pm

Thank you for the advice
Maeya
NT Veteran
NT Veteran
 
Posts: 1309
Joined: Thu Mar 11, 2004 6:56 am

Postby Gidan » Thu Jun 29, 2006 12:54 pm

Yes thunderbird is created by Mozillas and is completely free. http://www.mozilla.com/thunderbird/
For to win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.
User avatar
Gidan
Admin Abuse Squad
Admin Abuse Squad
 
Posts: 2892
Joined: Tue Jan 04, 2005 11:01 am


Return to Tech Support

Who is online

Users browsing this forum: No registered users and 19 guests

cron