Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Concern


  • Please log in to reply
7 replies to this topic

#1 ras60

ras60

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 17 November 2007 - 01:10 PM

Hi.
I received some great help here before, and I'm back.
I renewed my Norton security on Thursday, 11/15, and ran a virus scan and everything was fine.
Today, 11/17, I ran it again, and came up with four security concerns, all called Trojan.ByteVerify

I've been real careful since I bought a new computer, and usually just visit a select few sites on the internet. This is the first concern I've had in a couple years.
Perhaps it came through in an email?

Anyway, I ran Norton, and it said it resolved the security problems. Here it was it said when it was done:

Trojan.ByteVerify

Risk category-Virus
Risk level-High
Component-Virus scanner
Risk state-Fully removed
Recommended action-Resolved, no action
Definitions Version-2007.11.16.009

I suppose the resolved result is good news, but should I take any other action to be sure, or to make sure this doesn't come back?

Thanks in advance for the help!

Edited by ras60, 17 November 2007 - 01:11 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:04 PM

Posted 17 November 2007 - 02:05 PM

Java.ByteVerify is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. Attackers can exploit the vulnerability by creating malicious Java applets and inserting them into web pages that could be hosted on a web site or sent to users as an attachment. Trojan Exploit ByteVerify indicates that a Java applet - a malicious Java archive file (JAR) - was found on your system containing the exploit code.

When a browser runs an applet, the Java Runtime Environment (JRE) stores all the downloaded files into its cache directory for better performance. Microsoft stores the applets in the Temporary Internet Files. The Java.ByteVerify will typically arrive as a component of other malicious content. An attacker could use the compiled Java class file to execute other code...Notification of infection does not always indicate that a machine has been infected; it only indicates that a program included the viral class file. This does not mean that it used the malicious functionality.

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011). If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer. See: here.

AVG, eTrust EZ Antivirus, Pest Patrol and others will find Java/ByteVerify but cannot get rid of them. If you have the Java-Plugin installed, then deleting them from the Java cache should eliminate the problem. The Java Plug-In in the Control Panel is only present if you are using Sun's Java. If you don't have the Java-Plugin installed then just delete the files manually. The Microsoft Virtual machine stores the applets in the Temporary Internet Files.

Recommended Solution:
If your using Sun Java, follow the instructions for Clearing the Java Runtime Environment (JRE) Cache.
If your using IE, Netscape, Mozilla, Opera, or AOL, follow the instructions for Clearing your Web Browser Cache.

To read more about this vulnerability issue please see Microsoft Security Bulletin MS03-011 and MS Article ID: 816093.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ras60

ras60
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 17 November 2007 - 02:18 PM

I also noticed I have two program files named Trojans.sbi
Is this something I need to get rid of, or are they there to protect against trojans?
Thanks.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:04 PM

Posted 17 November 2007 - 03:35 PM

Are you using Spybot - Search & Destroy?

These are files in the program's Includes folder:
Includes\Cookies.sbi
Includes\Dialer.sbi
Includes\Hijackers.sbi
Includes\Keyloggers.sbi
Includes\LSP.sbi
Includes\Malware.sbi
Includes\Revision.sbi
Includes\Security.sbi
Includes\Spybots.sbi
Includes\Tracks.uti
Includes\Trojans.sbi

Trojans.sbi is a data file installed and used by Spybot to detect Trojan infections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 ras60

ras60
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 17 November 2007 - 04:59 PM

I do have Spybot, and now that you mention it, I have used it.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:04 PM

Posted 17 November 2007 - 05:01 PM

Then that explains the presence of the file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ras60

ras60
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:04 PM

Posted 17 November 2007 - 05:15 PM

I ran a second Norton full system scan, and the Trojan.ByteVerify that were there before are not there now.
Thanks again.
While I'm here, though, I did want to ask about something that's been happening since yesterday which may or may not be related.
I have Windows IE.
My provider is Optimum online, so my main email is with optonline.net.
For the last day or two, whenever I click to check my email, a popup window says this page contains both secure and non secure items, and asks whether I want to show the non secure items. This just started and I don't know why.
I always have to say yes, no or cancel. I never had to do this before.
What wouold cause this?
Thank you.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:04 PM

Posted 18 November 2007 - 07:52 AM

"This Page Contains Both Secure and Non-Secure Items Error Message".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users