Self replicating VIRUS help needed please.. :(

Stervo

Oh golly, well, I've got a mean virus on my computer that I just can't shift. The virus is Trojan.ByteVerify (so Norton AV tells me) or its called JAVA_BYTEVER.A or JAVA_BYTEVER.C according to PC-cillin and its located in this directory:

C:\WINDOWS\TEMP

And it calls itself something like tmp6B.tmp. Now that's all and well since I know where it is you'd think I could delete it. Wrong. Well, I can delete it but I think this virus is self replicating because a new one is created after the old one is deleted, but it calls itself something slightly different like tmp7B.tmp or tmp6C.tmp.

It's really starting to annoy me now because I can't get rid of it and the pop ups from Norton saying that a new virus has been found are not fun. What I want to know is what is creating these .tmp files, is there some kind of .exe program buried in my computer somewhere which is churning them out?

Any help and advice on how to delete this virus for good would be a real help, thanks in advance…

Stervo

GreenFingers_2

I’m assuming you have Norton Anti-Virus and your definitions are up to date. If not then do an update first. Go to the link below and read the notes on Trojan.ByteVerify then follow the instructions for its removal - these are listed briefly below. The detailed notes describe how to disable System Restore and start in Safe Mode (Windows XP). It will not be removed unless you are in Safe Mode.

http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

Then do the following….
1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Restart the computer in Safe mode or VGA mode.
4. Run a full system scan and delete all the files detected as Trojan.ByteVerify.

Hope this helps.

Fran

My son's computer has had this and has got it clear but then it came back, he plays a lot of games so could it be that you are downloading it again?

Magentasue

Same as Fran, have removed only to find it back again. Have just removed again as per Norton instructions. Son insists he's not downloading/playing anything dodgy but I'm not convinced!

Stervo

Thank you GreenFingers for your help, I'll do all those things in a second and post back the results after the scan... I have a fear that the manual scans, eg. full system scans don't find it for some reason... But I'll give it another go in safe mode.

Fran - I'm not downloading it again so I don't know how it comes back as I'm not connected to the Internet.

Anyways thank you all for your comments, I'll go and have another go, so fingers crossed

Stervo

pchelpman

OK. This is a nasty nuisance that tucks itself away in hidden files. Norton probably won't do it on its own.

Try this.

First you need to reveal the hidden files & folders.....

1. Go to Start > Settings > Control Panel > double click "Folders Options"

2. Click on "View" tab at the top

3. Click "Show hidden files and folders"

4. Click on "Apply" then on "OK"

Next the removal.....

5. Open "Windows Explorer".....if you're on XP it's right click the Start button, left click "Explore all users".

6. In the left hand pane click once through each of the following.... C drive > Documents & Settings > Owner > Application Data > Sun > Java > Deployment > Cache.

7. left click on the Cache folder and inside you will find two more folders...."tmp" and "javapi". Empty/clear everything out of both these folders so they are empty.

That's where the java bytever virus usually hides.

I'm not guaranteeing it will stay away but remember this post so you can fix it in a few clicks if it return.



To get rid of all that other "temporary" stuff your PC accumulates when you are surfing etc. download CleanUp! here…..

http://www.cleanup.stevengould.org/

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Let us know how you get on.

Mr_Skint_2

Funnily enough AVG wont touch this one but Avast will

Stervo

Thank you all for your help. Well I followed GreenFingers advice and did everything according to the instructions, Norton found the virus and deleted it, but as soon as it deleted it, the virus made a new copy of itself so its still here.

Thank you pchelpman for your help, very nice clear instructions, I emptied those folders but it did nothing, the virus is still popping up in C:\WINDOWS\TEMP then I delete it and a new copy is made :(

So... I'm still thinking there is some little .exe file somewhere on my comp that is making all these new copies, or am I totally wrong?

Thanks again - Stervo

pchelpman

I am surprised that clearing out the java deployment cache didn't work. It usually does.

Did you also use CleanUp! as I suggested? That program cleans out all your temp files for you.

If that doesn't work download the fully working trial version of Trojanhunter here......

http://www.trojanhunter.com/

Install it, scan your PC and have it fix anything it finds "bad". I did know of one instance where Trojanhunter killed off java bytever.

Let us know how you get on.

I'll keep thinking.

Mr_Skint_2

Maybe do a clean/scan with system restore off as it could also hide in their.

Stervo

Thanks again mr pchelpman, I'll try CleanUp! and TrojanHunter and I'll let you know how I get on ...

Mr Skint - GreenFingers already advised me to disable system restore, but thank you for your advice anyways

I'll post back my findings.. I hope its gunna be good news

Thanks again - Stervo