Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Java/ByteVerify Virus


  • Please log in to reply
10 replies to this topic

#1 cooldudenz

cooldudenz

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:08:38 PM

Posted 28 April 2005 - 03:25 AM

I was doing a Ad aware scan and my scanner AVG poped up telling me i have a virus in the \Ad-Aware 6\Cache\GetAccess.class
Virus Identified Java/ByteVerify
There is also another 1 i think its cache\Installer.class
Now when i go to the Ad-aware 6 folder there is no folder inside called " cache "
if i scan the folder it does not find a virus ( normal mode and safe mode ) only when i do a ad aware scan does it find it. A search search of google gives me the idea that its also a trojan. When AVG tells me about it it has the options to delete file or move 2 vault but it says " Requested Action is not available for this object "
Can some1 please help tell me if u need more info.

BC AdBot (Login to Remove)

 


#2 phawgg

phawgg

    Learning Daily


  • Members
  • 4,543 posts
  • OFFLINE
  •  
  • Location:Washington State, USA
  • Local time:04:38 PM

Posted 28 April 2005 - 04:23 AM

Yes, the additional information we'll need is a Hijack this log, cooldudenz.

I think you should shift to the Hijack This logs and analysis forum, read the pinned topic about how to do it, and post a new topic there. :thumbsup:
patiently patrolling, plenty of persisant pests n' problems ...

#3 PC WizKid

PC WizKid

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Battle, nr Hastings, UK
  • Local time:07:38 PM

Posted 28 April 2005 - 04:58 AM

It sounds to me as if you have a virus in your ad-ware program.
I love Windows Vista Ultimate

Windows 7 RC no more :cry:

#4 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:08:38 PM

Posted 28 April 2005 - 05:11 AM

Ok ill make a high jack this log and post it in fourms but isnt that more for internet realted problems?

It sounds to me as if you have a virus in your ad-ware program.

Any idea what to do about that? would uninstalling and reinstalling ad aware have any effect?
Doing a virus scan doesnt pick it up so u sound right cause its only picked up when doing a ad aware scan. But i also cant find the cache folder so i can do much myself.

#5 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:10:38 AM

Posted 28 April 2005 - 07:45 AM

HighjackThis analysis is for assistance removing all kinds of viruses and malware irrespective of the source.

The Ad-Aware cache may well be a protected/hidden/system file which would not normally be visible to you. Here is a tutorial on viewing hidden files: http://www.bleepingcomputer.com/forums/How...dows-tut62.html

Once you post to the HJT Forum follow their instructions and ignore any further suggestions posted here until the HJT analysis is complete.

Edited by Rimmer, 28 April 2005 - 07:47 AM.


Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#6 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:38 PM

Posted 28 April 2005 - 09:06 AM

Since you've have been instructed to ignore any more suggestions let me just say that I've seen this before. When AdAware attempts to scan that file AVG thinks the virus is activating. AVG does not see it as a threat in whatever form that file is in until its accessed. This is a classic example of a conflict between two AV programs and shows in practical terms why you can have problems when you use two at once.

You can't find the AdAware cache because it is a temporary file thats created by the AdAware scanning engine and is deleted when you close AdAware. AdAware scans in the cache and keeps the baddies in that temporary folder and they are deleted and quarantined from there. AVG can't move or delete the file because its in use by and protected by AdAware.

The best idea is to post a log. The HJT team have a lot of experience dealing with that particular virus and you'll learn some cool tricks too.

Sorry about the post Rimmer but I thought that someone else who sees the same occurence could use the info. We talk about AV's conflicting and that is the textbook example.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#7 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:08:38 PM

Posted 28 April 2005 - 11:28 AM

The Byte Verify thing is a Java exploit and is removed by simply clearing your Java cache. But there is no Java cache in Ad-Aware. It's odd that AVG would find it there because there are a lot of us using both AVG and Ad-Aware and we aren't experiencing the problem.

#8 Rimmer

Rimmer

  • Members
  • 2,159 posts
  • OFFLINE
  •  
  • Location:near Sydney, Australia
  • Local time:10:38 AM

Posted 28 April 2005 - 06:01 PM

Sorry about the post Rimmer


Post away! I'm just saying cooldudenz should not be following advice from the HJT forum and trying suggestions from this thread AT THE SAME TIME.

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#9 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:08:38 PM

Posted 28 April 2005 - 09:27 PM

Thanks guy ive posted my log in HJT area and they r helping they found a trojan in there thanks for ur help as well.

#10 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:38 PM

Posted 28 April 2005 - 10:59 PM

cooldudenz

Nice to hear they found something (not) but you'll be clean when your done with the HJT Team. Please post back into this thread when your done and let us know what you thought of the experience of working with the HJT Team.

Don't mind us if we discuss Anti-Virus Conflicts. Join in if you like.

But there is no Java cache in Ad-Aware.


i have a virus in the \Ad-Aware 6\Cache\GetAccess.class


Yes thats right, there is no Java cache in AdAware. But there is Java in the AdAware cache. :thumbsup:

Adaware creates a cache in Ram when you do a scan (similiar to a RamDrive) and scans there by copying files to that cache and scanning in the ramdrive. Its Scan, delete, scan delete. Its a virtual cache. Now, when AdAware hits a baddie it takes that copy, write protects the original and the copy, and holds that baddie to the end of the scan allowing the user to to decide whether to back up, and/or delete. But wait a minute, I can't move or delete the virus that AVG found during the AdAware scan. Well no, of course not. AdaWare has write protected it and it can't be moved or deleted by another program. Meanwhile, Avg is in there doing its job, and it tries to write protect or delete but it can't either.

Ergo, AV conflict.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#11 cooldudenz

cooldudenz
  • Topic Starter

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Christchurch
  • Local time:08:38 PM

Posted 28 April 2005 - 11:32 PM

I'm just saying cooldudenz should not be following advice from the HJT forum and trying suggestions from this thread AT THE SAME TIME.

lol its ok i posted in here tryed what you said first then i was told 2 post in HJT fourm and ive done what they said and it worked great comps and clean now Thanks every1
And Rimmer nice to c another " Red Dwarf " fan :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users