Broadband Tech > Security > Security > Java/Byte Verify

Java/Byte Verify

If I'm not mistaken, if that thing is in your browser cache (temporary internet files or something) then just empty your browser cache.
--
Mikami Vvian, resident Girlfriend of Steel, care of the Tokyo-3 Middle Daughters Club

Cool. As easy as that?

I'm no expert, but afaik (and from the few times that same problem bit me in the ass), it was from files in the cache. If anyone knows where else Java/Byte Verify appears feel free to correct.
--
Mikami Vvian, resident Girlfriend of Steel, care of the Tokyo-3 Middle Daughters Club

reply to aussie in uk
It's in your Java cache, this is for xp. start...control panel..(classic view) double click on the Java plug-in..cache...clear. This isn't a virus if your patched..»java.com/en/download/help/cache_virus.jsp

reply to Vvian Kalyss
Vvian is correct in deleting the files detected is the way to go, they are temporary internet files anyway. It is important to have your Java updated from the original MS JVM (Java Virtual Machine) however because the Byte/Verify exploit is the preferred method of infecting your PC with CoolWebSearch. The more secure versions of Sun Java allow the byte/verify files to load but not execute. Here is a link to load Sun's latest Java Runtime environment (JRE):
»java.sun.com/j2se/1.5.0/download.jsp

reply to aussie in uk
BTW, if you are running the latest Sun version of Jave or a patched version of MS's, the virus can't hurt. Your AV just picked it up within some jar file. You will need to delete it from the cache as well as recycle bin. If it is quarantined somewhere, you will have to delete it from there also. But as far as I was able to tell, it did not do any damage while it is visiting your system.

Rich

Are a significant portion of these Byte/Verify findings false positives?

I ask because I've seen it reported fairly frequently, even on machines that were otherwise clean.

-- B
--
In a realm outside causality and function

reply to aussie in uk
I guess the issue is "what is a false positive".

At one time the virus could cause damage, but now it has been rendered harmless because of changes in the Java engine.

The way I would prefer it be treated, is with a warning or an alarm with a reasonable explanation of what is going on. Unfortunately, the only way to get information about the current status of this virus is by asking on a forum such as this. I am sure there are tons of people, who are not familar with the situation, who get very nervous when their AV detects the virus and can't remove it readily. But that is the way the AV guys have set it up - for whatever reason.

Rich

reply to B
Hmm, which av would be reporting that? I've always gotten hit during forays into shady sites that love to throw popups at you, none otherwise, and I use avast!.
--
Mikami Vvian, resident Girlfriend of Steel, care of the Tokyo-3 Middle Daughters Club

Mostly AVG, but I think some Norton users as well. Goes back a bit.

I actually thought they were "true" false positives; in other words the AV or antispyware program was simply wrong and that the identified files were not malicious in any context.

-- B
--
In a realm outside causality and function

reply to aussie in uk
Some further info: »ByteVerify Myth within Sun Java Cache

Thanks, mens rea ! Perfect thread reference.

So then the files may be harmless in context, but they DO contain intentionally malicious code?

I wouldn't call those "false positives" then. It's the same as finding a Windows file in a .ZIP archive while scanning on a Linux server.

-- B
--
In a realm outside causality and function

reply to mens rea
Hi all, Thanks for all the info. Really appreciate it.

I have had a look at all the suggestions, I am not running any version (To my knowledge) of sun java....
I have been able to locate the jar files & delete them & my av is not picking it up as a threat anymore - but there is an infected archive I noticed on the av that appears locked or I can not delete it? Any problems with this? If it is all ok, what is best to protect in the future?

reply to aussie in uk
It took me a while to get rid of, but this is a trojan which comes in a few flavours. I heard a few things to fix, from delete (including turning off sys restore) while in safe mode and also to remove old java versions (1.0 directory).
Mine hasnt come back since...gl

I use AntiVir and it deletes it.

reply to aussie in uk
KAV 4.5 detected but couldn't delete in the form it was in. I reported it to KAV but they really didn't say or do anything about it.

Rich

reply to aussie in uk
That was interesting, never having investigated SunJava before; we live & learn. But for those familiar with v 1.5.0, what is the zi sub dir all about? One can see a lavish spread of countries here. But found no cache, though there is an option to delete Temp Internet files "With caution".

Cheers
--
2.66g/533fsb Intel CPU @ 3.28g512meg Twinmos PC3700~466 DDR @ 2.8v ATI 9500 Pro @ 9700 Pro @1.6v--AMD ASUS A7N8X-E ~2500+ @3200 ATI 9500 Pro, Corsair 512LL.-- Aristotle.net

reply to aussie in uk

Awesome thanks, Have checked all that & appears that I am running version 3810, So Happy now.
Cheers all. Aussie in UK.