aussie in uk
@range81-132.btcentra | Java/Byte Verify
I have a virus that shows up with my AVG antivirus but cant be removed. Please point me in the right direction to get a removal tool please. It shows as Java/Byte Verify |
|
Vvian Kalyss
join:2003-10-14
Stage 5.0
clubs: | If I'm not mistaken, if that thing is in your browser cache (temporary internet files or something) then just empty your browser cache.
--
Mikami Vvian, resident Girlfriend of Steel, care of the Tokyo-3 Middle Daughters Club |
|
aussie in uk
@range81-132.btcentra | Cool. As easy as that? |
|
Vvian Kalyss
join:2003-10-14
Stage 5.0
clubs:
| I'm no expert, but afaik (and from the few times that same problem bit me in the ass), it was from files in the cache. If anyone knows where else Java/Byte Verify appears feel free to correct.
--
Mikami Vvian, resident Girlfriend of Steel, care of the Tokyo-3 Middle Daughters Club |
|
jram
join:2003-08-06
Albany, NY
| reply to aussie in uk
It's in your Java cache, this is for xp. start...control panel..(classic view) double click on the Java plug-in..cache...clear. This isn't a virus if your patched..»java.com/en/download/help/cache_virus.jsp |
|
PrntRhd
join:2004-11-03
Fairfield, CA
 ·Comcast
·Comcast Formerly ..
| reply to Vvian Kalyss
Vvian is correct in deleting the files detected is the way to go, they are temporary internet files anyway. It is important to have your Java updated from the original MS JVM (Java Virtual Machine) however because the Byte/Verify exploit is the preferred method of infecting your PC with CoolWebSearch. The more secure versions of Sun Java allow the byte/verify files to load but not execute. Here is a link to load Sun's latest Java Runtime environment (JRE):
»java.sun.com/j2se/1.5.0/download.jsp |
|
richrf
join:2000-04-08
Chicago, IL
| reply to aussie in uk
BTW, if you are running the latest Sun version of Jave or a patched version of MS's, the virus can't hurt. Your AV just picked it up within some jar file. You will need to delete it from the cache as well as recycle bin. If it is quarantined somewhere, you will have to delete it from there also. But as far as I was able to tell, it did not do any damage while it is visiting your system.
Rich |
|
B
Premium,MVM
join:2000-10-28
|
Are a significant portion of these Byte/Verify findings false positives?
I ask because I've seen it reported fairly frequently, even on machines that were otherwise clean.
-- B
--
In a realm outside causality and function |
|
richrf
join:2000-04-08
Chicago, IL
| reply to aussie in uk
I guess the issue is "what is a false positive".
At one time the virus could cause damage, but now it has been rendered harmless because of changes in the Java engine.
The way I would prefer it be treated, is with a warning or an alarm with a reasonable explanation of what is going on. Unfortunately, the only way to get information about the current status of this virus is by asking on a forum such as this. I am sure there are tons of people, who are not familar with the situation, who get very nervous when their AV detects the virus and can't remove it readily. But that is the way the AV guys have set it up - for whatever reason.
Rich |
|
Vvian Kalyss
join:2003-10-14
Stage 5.0
clubs:
| reply to B
Hmm, which av would be reporting that? I've always gotten hit during forays into shady sites that love to throw popups at you, none otherwise, and I use avast!.
--
Mikami Vvian, resident Girlfriend of Steel, care of the Tokyo-3 Middle Daughters Club |
|
B
Premium,MVM
join:2000-10-28
|
Mostly AVG, but I think some Norton users as well. Goes back a bit.
I actually thought they were "true" false positives; in other words the AV or antispyware program was simply wrong and that the identified files were not malicious in any context.
-- B
--
In a realm outside causality and function |
|
mens rea
Premium
join:2002-01-31
Canada | reply to aussie in uk
Some further info: »ByteVerify Myth within Sun Java Cache |
|
B
Premium,MVM
join:2000-10-28
|
Thanks, mens rea  ! Perfect thread reference.
So then the files may be harmless in context, but they DO contain intentionally malicious code?
I wouldn't call those "false positives" then. It's the same as finding a Windows file in a .ZIP archive while scanning on a Linux server.
-- B
--
In a realm outside causality and function |
|
aussie in uk
@range81-132.btcentra
| reply to mens rea
Hi all, Thanks for all the info. Really appreciate it.
I have had a look at all the suggestions, I am not running any version (To my knowledge) of sun java....
I have been able to locate the jar files & delete them & my av is not picking it up as a threat anymore - but there is an infected archive I noticed on the av that appears locked or I can not delete it? Any problems with this? If it is all ok, what is best to protect in the future? |
|
Jojo Pinto
join:2005-01-07
| reply to aussie in uk
It took me a while to get rid of, but this is a trojan which comes in a few flavours. I heard a few things to fix, from delete (including turning off sys restore) while in safe mode and also to remove old java versions (1.0 directory).
Mine hasnt come back since...gl |
|
lincolngreen
join:2002-07-04
uk | I use AntiVir and it deletes it. |
|
richrf
join:2000-04-08
Chicago, IL | reply to aussie in uk
KAV 4.5 detected but couldn't delete in the form it was in. I reported it to KAV but they really didn't say or do anything about it.
Rich |
|
Kiwi
Premium
join:2003-05-26
USA
·Comcast
 ·Aristotle Internet
| reply to aussie in uk
That was interesting, never having investigated SunJava before; we live & learn. But for those familiar with v 1.5.0, what is the zi sub dir all about? One can see a lavish spread of countries here. But found no cache, though there is an option to delete Temp Internet files "With caution".
Cheers
--
2.66g/533fsb Intel CPU @ 3.28g512meg Twinmos PC3700~466 DDR @ 2.8v ATI 9500 Pro @ 9700 Pro @1.6v--AMD ASUS A7N8X-E ~2500+ @3200 ATI 9500 Pro, Corsair 512LL.-- Aristotle.net |
|
mens rea
Premium
join:2002-01-31
Canada
·Shaw
| reply to aussie in uk
said by aussie in uk:
I have had a look at all the suggestions, I am not running any version (To my knowledge) of sun java....
I have been able to locate the jar files & delete them & my av is not picking it up as a threat anymore - but there is an infected archive I noticed on the av that appears locked or I can not delete it? Any problems with this? If it is all ok, what is best to protect in the future?
Don't know your OS but it may be worth your while to check to see what version of java you are running (assuming it is MSJVM): Check for MSJVM If it is build 3810 or later it will be a patched version and not vulnerable to the exploit, as Name Game points out in the link I referenced: MSB MS03-011 |
|
aussie in uk
@range81-132.btcentra | Awesome thanks, Have checked all that & appears that I am running version 3810, So Happy now.
Cheers all. Aussie in UK. |
|
