Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antispy Storm - Cant Get Rid Of It


  • Please log in to reply
8 replies to this topic

#1 CLBINCALIF

CLBINCALIF

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 30 October 2007 - 06:22 PM

Hi, Somehow this virus or malware, not sure what is, infected my PC. Ive tried running all my virus, spyware and etc to no avail. It gets to the point during the scan where it locks up the computer and wont let the scan complete and shuts it down. When this happens the screen that pops up states: CA Anti virus scanner has encountered a problem and needs to close. This always happens when it comes to this file,
C:Documents and setting/user/local setings/temp/temporary intenet files?content.ies/index.dat . Yet during the scan the anti virus program has found 7 infected files and the files are java/byteverifylexploit. Any help with this would be much appreciated.
:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,923 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:06 PM

Posted 30 October 2007 - 07:48 PM

Hello CLBINCALIF, Welcome to BC.
Run your scan from safe mode it stops all but essential apps and should stop the freezing scan.
How to start Windows in Safe Mode

Download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All <LI>Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt. <LI>If you use Opera browser click Opera at the top and choose: Select All <LI>Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now Download (Free Home User version),Install SUPERAntiSpyware. Then click the desktop icon and check for updates
Run this scan from safe mode also

Under Scanner Options make sure the following are checked (leave all others unchecked)
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
After the scan is finished ,click the OK to remove button in the summary box.
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes". "


You may also need the latest version of Java, Install that from here Version 6 Update 3
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:06 PM

Posted 31 October 2007 - 07:57 AM

Download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)
  • Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the prompts.
  • During installation an icon will automatically be created on your Desktop.
  • If the program does not open after installation, double-click on the RogueRemover icon to launch.
  • Select "Check for Updates" and click Download if any are found.
  • Wait for the updates to finish downloading, then Close the update window.
  • Select "Scan" and follow the onscreen directions to remove anything found.
  • If nothing is found, exit RogueRemover.
  • If RogueRemover finds something, it will present a list of detected items.
  • Click "Remove selected", then Yes at the prompt.
  • Wait for the removal to complete and then close RogueRemover.
If using Windows Vista be sure to Run As Administrator.

...anti virus program has found 7 infected files and the files are java/byteverifylexploit...


Java.ByteVerify is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. Attackers can exploit the vulnerability by creating malicious Java applets and inserting them into web pages that could be hosted on a web site or sent to users as an attachment. Trojan Exploit ByteVerify indicates that a Java applet - a malicious Java archive file (JAR) - was found on your system containing the exploit code.

When a browser runs an applet, the Java Runtime Environment (JRE) stores all the downloaded files into its cache directory for better performance. Microsoft stores the applets in the Temporary Internet Files. The Java.ByteVerify will typically arrive as a component of other malicious content. An attacker could use the compiled Java class file to execute other code...Notification of infection does not always indicate that a machine has been infected; it only indicates that a program included the viral class file. This does not mean that it used the malicious functionality.

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011). If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer. See: here.

AVG, eTrust EZ Antivirus, Pest Patrol and others will find Java/ByteVerify but cannot get rid of them. If you have the Java-Plugin installed, then deleting them from the Java cache should eliminate the problem. The Java Plug-In in the Control Panel is only present if you are using Sun's Java. If you don't have the Java-Plugin installed then just delete the files manually. The Microsoft Virtual machine stores the applets in the Temporary Internet Files.

Recommended Solution:
If your using Sun Java, follow the instructions for Clearing the Java Runtime Environment (JRE) Cache.
If your using IE, Netscape, Mozilla, Opera, or AOL, follow the instructions for Clearing your Web Browser Cache.

However, ATF Cleaner should do the job.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 CLBINCALIF

CLBINCALIF
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 03 November 2007 - 10:31 AM

Ok guys, I did as the two of you advised and all went well until The Super Anti Spyware program found the trojans and at the end of the scan was doing the quarantine but it keeps freezing up at what looks like the end of the quarantine process. It always freezes at the file, C:/B5.TMP . Then if I try to tell the program to finish or cancel it says I cant until the process is finished, or something to that affect. Both times I've had to do a hard shut down to get out of the program. The same thing happened when I ran the ATF program as well with a pop up screen stating it has encountered a problem and needs to close. Where do I go from here. Thank you so much for your time in helping me with this problem. I really do appreciate it.

Edited by CLBINCALIF, 03 November 2007 - 11:21 AM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:06 PM

Posted 03 November 2007 - 02:24 PM

Did you encounter any problems while running RogueRemover?

Are you running ATF Cleaner and scanning with SuperAntispyware in "Safe Mode"?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 CLBINCALIF

CLBINCALIF
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 03 November 2007 - 05:06 PM

Rogue remover was the first program that I ran and actually found no virus', and yes all was done in safe mode.

#7 Crizz44

Crizz44

  • Members
  • 496 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:12:06 PM

Posted 03 November 2007 - 05:48 PM

Give Ccleaner a try to clean out your temp files.


http://www.majorgeeks.com/CCleaner_Slim_No...lbar_d4191.html

#8 CLBINCALIF

CLBINCALIF
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 13 November 2007 - 12:36 PM

Ok, sorry about the delay in getting back. I did all that was suggested and it worked, but after installing a new virus program I have a new problem, so I'll put that in a new post. But thanks to all that helped on this issue.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:06 PM

Posted 13 November 2007 - 12:46 PM

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
If your having a problem with your new anti-virus, start your topic in the AntiVirus, Firewall and Privacy Products and Protection Methods forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users