How to remove Java Bytever.A Virus?

[Jack Barrett]

I have run several scanners and found 3 files of Java Bytever.A virus!
None of the scanners will remove it!?
Not sure why.
Can anyone tell me how to remove these files?
Web site tools?

Thanks,

Jack Barrett
http://windsurf_2.tripod.com

 

[null]

I have run several scanners and found 3 files of Java Bytever.A virus!
None of the scanners will remove it!?
Not sure why.
Can anyone tell me how to remove these files?
Web site tools?

Here's info and a link to a patch:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JAVA_BYTEVER.A

Dunno why you can't simply delete the files, unless the scanners find
the files in System Restore. Have you flushed System Restore?.


Art
http://www.epix.net/~artnpeg

 

[Jack Barrett]

Thanks Art =^)
How do you flush System Restore?

Best,

Jack Barrett
http://windsurf_2.tripod.com

 

[null]

Thanks Art =^)
How do you flush System Restore?

http://download.nai.com/products/mcafee-avert/SystemHelpDocs/DisableSysRestore.htm


Art
http://www.epix.net/~artnpeg

 

[Jack Barrett]

Hi Art,

I have shut off system restore, tried to find the file C:\_restore to no
avail, run another online scan (TrendMicro) which still finds 3 Java
Bytever.A files which I can't delete when prompted =(
Updates VM to Build 3810, Reset IE to Default Settings then tried doing all
the above again to no avail =(
I am using AVG Anti Virus with all recent update of virus signatures. AVG
does not pick up these viruses!?
I am totally confused as to what to do now.
Your help is greatly appreciated.

jack

 

[null]

Hi Art,

I have shut off system restore, tried to find the file C:\_restore to no
avail, run another online scan (TrendMicro) which still finds 3 Java
Bytever.A files which I can't delete when prompted =(
Updates VM to Build 3810, Reset IE to Default Settings then tried doing all
the above again to no avail =(
I am using AVG Anti Virus with all recent update of virus signatures. AVG
does not pick up these viruses!?
I am totally confused as to what to do now.
Your help is greatly appreciated.

Do you have any symptoms? Have you applied the patch? Have you
disabled Java for the time being? What version of Windows?

You could try the SUPER d/l from my web site and see what the KAV scan
engine comes up with. It won't delete or clean but it's a excellent
scanner. Maybe it will alert on some .CLA files that you can then
delete yourself. Or maybe Trend's scanner is false alerting.


Art
http://www.epix.net/~artnpeg

 

[Jack Barrett]

Hi Art,

Here are the answers to your questions:

I have no symptoms. I think.? What symptoms would I have?
I am running Windows XP with SP1 and all current patches.
How do I disable Java?

You are the man!

best,
jack

 

[null]

Hi Art,

Here are the answers to your questions:

I have no symptoms. I think.? What symptoms would I have?

Maybe none, according to the descriptions. Maybe a home page redirect
with some versions of bytever

Just guessing based on the descriptions that bytever plants a "seed"
in the form of Java class files on your PC. Then if IE is vulnerable
(unpatched for this particular vulnerability) you can get a real
whammy by going to certain web sites.

If Trend's scanner isn't false alarming, it must be finding these
infested class (.CLA) files. That's why I suggested scanning with
another av scanner. And disabling Java until you get this sorted out.

I am running Windows XP with SP1 and all current patches.

But how about the patch for this particular vulnerability? Did you
install that? The link is at the description site I gave you.

How do I disable Java?

Since I don't use IE I'll give you this:

http://www.microsoft.com/windows/ie/using/howto/security/setup.asp

for your IE security settings info.

You are the man!

Well, the man isn't here right now, but I'll do the best I can


Art
http://www.epix.net/~artnpeg

 

[Shane]

Hi Art,

I have shut off system restore, tried to find the file C:\_restore to no
avail, run another online scan (TrendMicro) which still finds 3 Java
Bytever.A files which I can't delete when prompted =(
Updates VM to Build 3810, Reset IE to Default Settings then tried doing all
the above again to no avail =(
I am using AVG Anti Virus with all recent update of virus signatures. AVG
does not pick up these viruses!?
I am totally confused as to what to do now.
Your help is greatly appreciated.

With regard to your later post: if you're running XP, there is no
C:\_Restore (folder, not file). In XP it's C:\System Volume Information.

Shane

 

[FromTheRafters]

You are the man!

Right! The chimp's the shorter hairier fella. ;o)

 

[null]

Right! The chimp's the shorter hairier fella. ;o)

Oh, I see what Jack meant now. Sorry for the confusion, Jack.




Art
http://www.epix.net/~artnpeg

 

[BoB]

Disabling Windows XP AutoRestore feature
http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml

Also MS java is no longer recommended, even by MS. They lost
another court case, and now suggest Sun Java. Vulnerabilities
related to java are significantly reduced with Sun. Art may
have an opinion on this too.

BoB

 

[null]

Disabling Windows XP AutoRestore feature
http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml

Also MS java is no longer recommended, even by MS. They lost
another court case, and now suggest Sun Java. Vulnerabilities
related to java are significantly reduced with Sun. Art may
have an opinion on this too.

BoB

Well, you know Art's opinion Don't use IE in the first place. And
don't install Java unless you have some real need or use for it.


Art
http://www.epix.net/~artnpeg

 

[BoB]

Well, you know Art's opinion Don't use IE in the first place. And
don't install Java unless you have some real need or use for it.

Art
http://www.epix.net/~artnpeg

I like that java can be toggled very easily in Firebird, if
the need arises. And I have Sun installed for those rare needs.

Although I haven't eradicated anything, IE, OE, Explorer and WMP
all retired from active duty quite sometime back.

BoB