Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Exploit-byte-verify Infection


  • Please log in to reply
6 replies to this topic

#1 zinnia26

zinnia26

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 March 2006 - 01:29 PM

Hi, my computer was infected with trojan Exploit-byte-verify on 3-18-06. I've got an old Dell Optiplex,
Gx110, won it in a sweepstakes in 2001. It's got Windows 98 ME, I've done all security updates from Microsoft when they came out and have McAfee VirusScan 2006 for security installed about a month ago after my Defender Pro expired.

When McAfee detected the trojan, it said it couldn't be quarantined or deleted. After hours of reading about this trojan, I want to know if I understand what Mcafee is saying about it. It appears that if I have the patch Microsoft Security Bulletin MS03-011, the trojan isn't able to execute any malicious code. This is a copy and paste of the McAfee info about it: "All vulnerable systems should apply the patch from Microsoft.
Patched systems are immune from the effects of the exploit code. However, detection will still occur on files attempting to make use of this exploit." I have very little computer savvy, most of this is like trying to understand greek and I doubt I have the computer skills to remove this trojan myself even with help.

I live out in the boonies and the only ISP available is so slow and wretched that I can't download 99% of anything from the internet, so I don't have access to most of the downloads that your site tells people to use.

So here's the questions I have: so far my computer seems to be operating fairly normally, should I try to get rid of the trojan or will it be ok to leave it as is? What should I look for as signs that the trojan might have done anything to my computer? I can't seem to find much about what this trojan actually does, but it seems like I should have noticed something by now if it was able to damage my computer.

Any suggestions are greatly appreciated!
zinnia26

BC AdBot (Login to Remove)

 


#2 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:08 AM

Posted 20 March 2006 - 02:09 PM

Hi zinnia26, I don't have my 98 in front of me, but see if this works for you.

Clear your JRE Cache
From the Start button, click Settings -> Control Panel
In the Control Panel, open the "Java Plug-in Control Panel"
Select the Cache Tab
Click the Clear button inside the Cache Tab, which will clear your JRE cache directory

Reboot

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#3 zinnia26

zinnia26
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 March 2006 - 02:35 PM

Thanks for the quick reply! I wrote down your directions, and I'll report back to let you know if I succeeded.
Thanks again,
zinnia26

#4 zinnia26

zinnia26
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 March 2006 - 03:17 PM

Darn, this must be where my lack of computer savvy comes in! I opened the control panel, clicked on the little Java icon and brought up the Java control panel but I can't find the Cache in it. It has tabs that read:
General-Update-Java-Security-Advanced. I looked through all of them and didn't see a "cache" tab in anything. Under the General tab it has a section that says "Temporary Internet Files" along with two buttons that say "Delete Files" and "Settings" I didn't dare to just click the delete files without checking back here to see if that's the right thing to do. If I click on the Settings tab it pops up a box with 3 buttons on it that say=
Delete Files....View Application...View Applets. Then it has settings, location with=location Data\Sun\Java\Deployment\Cache. This was the only thing I could find with Cache in it.

I guess with my lack of know-how I might need some more instructions on what I'm looking at and where to find the Cache you are talking about or if I can just click on one of 2 buttons that say "Delete Files"? I was a little worried about clicking on delete when it warns about only Advanced users deleting files or modifying settings when I have no clue about what I'm doing. Sigh, it always seems like nothing looks like it's supposed to when I go looking for these kind of things.

Hope you can help again, thanks,
zinnia26

I have to be offline for a while but will check back again in a couple of hours.

#5 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:08 AM

Posted 20 March 2006 - 04:41 PM

Yes, you want to delete all temporary internet files. Is there a button to delete the Java cache?

For Win98:

Quoted dvk01 Wilderssecurity.com

If you still are using JAVA 1.4 or earlier
open control panel, select java plug in control panel, select cache and then press clear cache

if you still use M$ java for some reason then

1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive


MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop


#6 zinnia26

zinnia26
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:08 AM

Posted 20 March 2006 - 07:05 PM

Ok, I managed to delete the Java cache, thanks again! I got so wrapped up in trying to figure this out that I forgot to ask for sure if that is supposed to get rid of the trojan? I did see on another website that that was where the wretched thing was setting up house was in the Java area. Now I'm going to delete the temp. internet files on my browser and then dump the cookies.

Thanks so much Jacee, I really appreciate it!

#7 Jacee

Jacee

    Bleeping around


  • Malware Response Team
  • 3,716 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:08 AM

Posted 20 March 2006 - 11:27 PM

You're welcome :thumbsup:

Download and install Stardownloader, so you can resume incase you get kicked off the net http://www.stardownloader.com/

I know you're on dial-up (same as me) but you really need to update Java, due to the new exploits: http://www.java.com/en/download/manual.jsp

Choose "offline installation"

Once it's downloaded, go offline.......
Uninstall Java via Add/Remove Programs.

Remember where Stardownloader downloaded
jre-1_5_0_06-windows- i586-p...
Setup Launcher

(should be in C:\download folder) double cick on the new icon and install it.

Reboot

MS_MVP.gif
MS MVP Windows-Security 2006-2016
Member of UNITE, the Unified Network of Instructors and Trusted Eliminators

Admin PC Pitstop





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users