Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying To Help Virus Found.. Exploit Byteverify


  • Please log in to reply
4 replies to this topic

#1 Special_k

Special_k

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 16 March 2007 - 01:12 AM

Hello , I am trying to help someone fix their system.. I know that this is a dell dimension b110 less than one yr old.
The lady updated Mcaffe, and i guess ie 7.. she cannot surf the net... her browser window doesnt even show page cannot be verified. or the progress bar.. it is simply a open blank window.. it is not set to open blank page or work offline..
When i ran her anti-virus software.. it showed two infected files.. Both infected by the Exploit ByteVerify trojan virus.. It apparently hijacks the start page. The Mcaffee ( UGHGH) refered me to MS03-011
No instructions on how to manually remove or anything.. it said update dat files.. install path.. thats it.. the browser still is not functional.. we tried dell support they used remote support and basically emptied the temp folder and deleted the temp internet files and deleted the system restore.. and refered her to paid for tech support to remove thevirus.. i did quarantine the files but dell recommended to restore them..Can anyone here help?I would like to be able to fix this properly without having to pay Dell.. I can give more info about system.. but.. Thank you all. (K

Edited by Special_k, 16 March 2007 - 01:13 AM.


BC AdBot (Login to Remove)

 


m

#2 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:04:34 AM

Posted 16 March 2007 - 01:28 AM

Your friend or you need to
1)Disable restore point

Guide on how to disable restore points.




2) download updates here.

3) Startup in Safe mode

4) Scan and have the trojan be removed.

5) After removal start up in normal mode and enable restore point again

Pleae make sure that her computer is upto date with latest patches

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:34 PM

Posted 16 March 2007 - 07:50 AM

Java.ByteVerify is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. Attackers can exploit the vulnerability by creating malicious Java applets and inserting them into web pages that could be hosted on a web site or sent to users as an attachment. Trojan Exploit ByteVerify indicates that a Java applet - a malicious Java archive file (JAR) - was found on your system containing the exploit code. See here.

AVG, eTrust EZ Antivirus, Pest Patrol and others will find Java/ByteVerify but cannot get rid of them.

Follow the instructions here to clean your JAVA cache.
Follow the instructions here to clean your your Web Browser Cache: IE, Netscape, Mozilla, Opera, AOL.

To read more about this vulnerability issue please see Microsoft Security Bulletin MS03-011 and MS Article ID: 816093.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Special_k

Special_k
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 21 March 2007 - 04:25 PM

Fozzie I am trying to have my freind delete the files that
are infected with the Byte verify thing, and Mcaffe says it cannot delete these files and the internet explorer is not funtioning at all.. Any suggestions?

Your friend or you need to
1)Disable restore point

Guide on how to disable restore points.




2) download updates here.

3) Startup in Safe mode

4) Scan and have the trojan be removed.

5) After removal start up in normal mode and enable restore point again

Pleae make sure that her computer is upto date with latest patches



#5 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:04:34 AM

Posted 21 March 2007 - 07:20 PM

Run it in safe mode? Also take into corporation the instructions by QM7




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users