Trojan Byte Verify

pug_in_a_bed · 29 December 2005 at 7:17PM

Hello

I have started a new thread about this annoying java thin gso as not to get confused with the more recent one.

Mcafee kept finding this self-replicating trojan and I had gone through the steps to get rid, at least I think anyway.

Anyhoo, I have just put two and two together. I kept scanning with mcafee the past few days, and also the online scans available from trend micro and panda.

I have just realised that every time I do a scan with trend micro, half way through I get a pop up from mcafee telling me that it has found the trojan 'exploit-obscuredhtml' in c\docs and settings\my name\temp, and it has been cleaned and deleted. It is this which has prompted me previously to scan fully with mcafee, which was then showing up every time the 'Byte Verify' one.

Is this a false finding? or is it something to do with trend micro and what it is accessing when scanning?

Quite confused now, as I'm wondering if trend micro is having some effect on the virus....

Thanks for any suggestions, I will go through all the steps again I used previously.

EDIT: just gone back through the steps suggested by pchelpman in the first thread about the java deployment cache and the folder i emptied now has something in it again - a folder called v1.0. In this is a fodler called 'jar' with a zip file in (i think). Should I delete this?

StephenB_2 · 29 December 2005 at 8:07PM

Well, I can certainly fill in the broad brush of things. You have an infected file. When the online scanner opens the file to check it, McAfee also checks it - that's (part of) what McAfee does, it checks files when they are opened. So now you have two antivirus applications looking at the same file at once.

FWIW McAfee updated their detection files for exploit-obscuredhtml recently, and while we're at it here's McAfee's description of exploit-byteverify. Neither are an infection as such, just a means of infecting. Remind me, why can't you just delete the dodgy files?

SJB

StephenB_2 · 29 December 2005 at 8:59PM

And remember, if you are using Sun Java, byteverify shouldn't hurt you.

SJB

pug_in_a_bed · 29 December 2005 at 9:56PM

well i've deleted the files in the deployment bit, done al the scans in safe mode with system restore turned off and nothing was found so I'm hoping this is to be the end of it! I'm sure I must ahve the patch from microsoft as I'm careful about updates, is there anything else I can do?

StephenB_2 · 30 December 2005 at 12:13PM

TBH, I wouldn't be surprised if you're right, and the Trend scan is the root cause of the byteverify detection. Trend does claim to test for vulnerabilities.

You've cleared all the java caches, you've installed Sun java, you've scanned and can't find anything amiss, so that's a fair way down the line. If you want, you can do a scan from safe mode: boot to 'safe mode with command prompt' then enter

cd \prog*\comm*\net*\e*
(depending on your McAfee, that might be cd \prog*\comm*\net*\v*\4*)
scan /adl /all /clean

Again, if you want, you can rip out Microsoft's java altogether, see this page at www.java.com for instructions.

SJB

intel · 30 December 2005 at 12:40PM

Just a note AVG wont and cant get shot of this but Avast will.

Dont ask why its just like that and thats the way it is.. Insert bass beat where applicable

Trojan Byte Verify

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free