Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: Bytverify.F Trojan: I am infected

  1. #1
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941

    Exclamation Bytverify.F Trojan: I am infected

    I have tried and tried repeatedly to get rid of this.. I have disabled system restore. Run NOD32 repeatedly on deep scan.. Manually deleted the files.. scanned system came out clean...

    Couple days later it comes back.. I have run the recommended updates MS recommends:

    http://www.microsoft.com/technet/sec.../MS03-011.mspx

    I've checked this site:
    http://answers.google.com/answers/threadview?id=452561

    I may stop using NOD32 and make the switch to Avast as I know conan and Fastgame recommend it..

  2. #2
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    Have you tried any of the online scans or offline boot scans?

  3. #3
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    well i just updated my java version. I am running NOD32 again.. and will try trend micro online in the morning

  4. #4
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    I'm wondering if NOD32 has been "modified" - unless you are using Process Guard which will prevent writing to any app.

  5. #5
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    I use both Nod32 and Avast together...paranoid I am.

  6. #6
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    lots of websites with nod32 and byteverify.f in them.

    It seems your not alone BB

    It uses a java exploit so you might want to go to www.java.com and get the latest sun java 1.5

    Tell us more info

    firefox?

    You are getting the trojan from an infected website or an advertiser has intentionally useing it.

    this is not a main stream trojan yet and you will find this in the dark side of internet where web operators will blast you with popups that seem to go on forever.
    try trojan hunter 4.2
    free for 30 days. should block it from coming in.

    www.trojanhunter.com
    ------------------------------------------------------------



  7. #7
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    Uninstall the microsoft JVM - that is what contains the weakness - and use the proper Sun Java Runtime (latest version) from Sun microsystems. If you need a way of losing MS JVM let me know and I will enlighten you.

  8. #8
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536

  9. #9
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    nice and thourough investigationlynch.

    I guess I need to get some antivirus. Paris Hilton camera phone websites could easily use that to lure you and get you infected.
    ------------------------------------------------------------



  10. #10
    Techzonez Governor Super Moderator Conan's Avatar
    Join Date
    Apr 2002
    Location
    Philippines
    Posts
    4,343
    Quote Originally Posted by Curio
    Uninstall the microsoft JVM - that is what contains the weakness - and use the proper Sun Java Runtime (latest version) from Sun microsystems. If you need a way of losing MS JVM let me know and I will enlighten you.
    Nope it's not Microsoft's Java that's the culprit. Sun Java is the one that's vulnerable to this one. I get that occassionally. I get a warning from Avast when surfing questionable sites. You have to do a manual scan after you receive the warning. I just scan the "Documents and Settings" folder and then Avast removes it.

  11. #11
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    MS JVM has always had ByteVerify vulnerabilities. From Microsoft website -
    All builds of the Microsoft VM up to and including build 5.0.3809 are affected by these vulnerabilities
    As far as your AV goes it does not matter which program you are using - if you download the linked class in the page it will detect the file as infected.

    post2
    Should also read
    All future builds of the Microsoft VM are also likely to be vulnerable
    post3
    Why do you think BB (using MS JVM) is infected while you (using Sun) are not? On your system the code doesn't execute.

    post4
    Four posts in a row - is that a record?

    post5
    Not now - woohoo!
    Last edited by egghead; February 27th, 2005 at 23:57 PM. Reason: Merged posts together ;)

  12. #12
    Titanium Member
    Join Date
    Jul 2002
    Location
    blk helo target, WA
    Posts
    3,536
    post 11
    huh?

    nice and thourough investigationlynch
    - hehe, I had no choice when it killed all my startups (all but one) - just glad that's all it did. **edit - wait, you mean THE "investigation" - into the "underbelly" of the web - lol
    Last edited by lynchknot; February 28th, 2005 at 00:22 AM.

  13. #13
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    all your investigations into the underbelly of the web are belong to us
    ------------------------------------------------------------



  14. #14
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    Quote Originally Posted by Curio
    Uninstall the microsoft JVM - that is what contains the weakness - and use the proper Sun Java Runtime (latest version) from Sun microsystems. If you need a way of losing MS JVM let me know and I will enlighten you.
    I was using SUN's JAVA version 1.4.2 I just updated to version 1.5.. I have never installed MS's JVM...

    And I tried to remove it just in case I might have installed it via the windows update:

    A. You might want to remove the Microsoft JVM, which Microsoft no longer supports, in favor of the more recent Sun Microsystems JVM. To remove the Microsoft JVM, perform the following steps:

    1. From the Start menu, select Run.
    2. Enter the command

    RunDll32 advpack.dll,LaunchINFSection java.inf,UnInstall
    Well I got an error when I ran that...

    I dunno why I keep getting this stupid trojan.. I have patched everything from windows update.. run NOD32 constantly. I use firefox exclusively.. apart from my wife's occassional jaunt to her weblog with IE... and my Windows update with IE...

    I keep NOD32 updated constantly... I might just have to make a switch to a new AV... one that does a better job at catching them as they are downloaded...

    I might have to break out process guard and try a new AV.. one that can detect and remove it as I view the webpages that load it on my PC.
    Last edited by Big Booger; February 28th, 2005 at 09:30 AM.

  15. #15
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Location
    Watching Your every move...
    Posts
    4,688
    At home I run Avast and NOD32 together. I also have Spyware Blaster and Spyware Gaurd running actively in the background, Ad-Aware for cleaning, and just lastnight I installed the MS Anti-Spyware app, more just to see it than anything else, and mysystem stays fairly clean. Aside from the occasional accidental "odd" link that I may clink on that jumps to the dark side, I have had no problems.

    I realize that I'm somewhat paranoid but it works...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •