Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by a couple viruses


  • Please log in to reply
1 reply to this topic

#1 alalx

alalx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 15 March 2010 - 06:20 PM

Hello all,
I am running Windows 7 x64
Recently Avast detected these viruses:
Sign of "Java:Djewers-H [Trj]" has been found in "C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\30736e02-5dc1ab33\ffssn\Etyutve.class" file.
Sign of "Java:Djewers-G [Trj]" has been found in "C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\5227c4df-32bd90e7\AppletX.class" file.
Sign of "Java:Djewers-J [Trj]" has been found in "C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\30736e02-5dc1ab33\ffssn\Byodsadc.class" file.
Sign of "Win32:MalWarrior [Tool]" has been found in "C:\Windows\MEMORY.DMP" file.

I had Avast remove them but I am worried that maybe things have gotten infected that Avast cannot pick up. What should I do? (I read the log posting forum and have made DDS, Attach logs from DDS and also have a hijack this thing, but I know this is not the place to post them and I do not know if they are relevant yet)

I've got some contract work coming up and I'd like to know if this is all quick to fix (if avast didn't do its job entirely), or if i have anything to worry about with distributing files to other people.
Thanks.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 PM

Posted 16 March 2010 - 12:17 PM

Java:Djewers is the name given by avast for Java.ByteVerify which is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. Attackers can exploit the vulnerability by creating malicious Java applets and inserting them into web pages that could be hosted on a web site or sent to users as an attachment. Trojan Exploit ByteVerify indicates that a Java applet - a malicious Java archive file (JAR) - was found on your system containing the exploit code.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality.

These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011). If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer. See: here.

A number of anti-virus programs (AVG, avast, eTrust, etc) and scanners will find Java/ByteVerify (Java:Djewers) but cannot get rid of them. If you have the Java-Plugin installed, then deleting them from the Java cache should eliminate the problem. The Java Plug-In in the Control Panel is only present if you are using Sun's Java. If you don't have the Java-Plugin installed then just delete the files manually. The Microsoft Virtual machine stores the applets in the Temporary Internet Files.

Recommended Solution:When Windows crashes or you experience a Blue Screen Of Death (BSOD), the system writes a file called memory dump which contains "Debugging" info.. Minidumps are created in the C:\Windows\Minidump folder and the file has a random name with a .DMP extension. Memory.DMP is a full memory dump file which is saved to the C:\Windows\ folder. The detection of the file could be a false positive. See this discussion thread.You can download and install Microsoft Debugging Tools to read and investigate minidump files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users