R
Ronald Smyth
Norton av (2002) alert: Yesterday after running a full scan it showed I
had five trojan.byte.verify viruses. When I tried to clean them it could
only erase two. 3 refused to be removed or quarantined.
Then I got latest definitions (8-20-04) and ran full scan again. This
time it showed 4 trojan byte viruses and I was able to quarantine only
1. I ran a full scan again this time it showed NO VIRUSES.
Neither did my secondary program AVG.
But I then went in and saw that two of those infected files were still
in there but with an idx instead of zip extension. I then manually
deleted them.
I also noticed that one of the files(or folders) Norton reports
'C:\Documents and Settings\Ronald\JPI_CA~1' doesn't exist on my PC
altogether. The .jpi_cache folder is there. I have hidden files revealed
in my settings.
I have Windows XP. I have all Microsoft critical updates installed
before this incident(with the exception of the controversial SP2
update). Why would Norton tell me there are no viruses when it just told
me I have several unremovable ones?
Norton AV report:
------
Date: 8/24/2004, Time: 23:21:24, Ronald on xxxxxxxx
Virus scan started.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The compressed file Dummy.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\classload.jar-10ffa0b5-33193c73.zip is
infected with the Trojan.ByteVerify virus.
The file was quarantined.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The file C:\Documents and
Settings\Ronald\.jpi_cache\jar\1.0\counter.jar-5a966237-3fdb9d30.zip is
infected with the Trojan.ByteVerify virus.The file was quarantined.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The compressed file counter.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\counter.jar-5a966237-3fdb9d30.zip is
infected with the Trojan.ByteVerify virus.
The file was quarantined.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The compressed file VerifierBug.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\counter.jar-5a966237-3fdb9d30.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The compressed file Dummy.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\counter.jar-5a966237-3fdb9d30.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 111764
Infected: 5
Repaired: 0
Quar'ed: 3
Deleted: 0
Date: 8/25/2004, Time: 0:01:40, Ronald on xxxxxxxx
Virus scan started.
Date: 8/25/2004, Time: 0:46:26, Ronald on xxxxxxxx
Virus scan started.
Date: 8/25/2004, Time: 0:46:26, Ronald on xxxxxxxx
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 2
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Date: 8/25/2004, Time: 0:46:46, Ronald on xxxxxxxx
Virus scan started.
Date: 8/25/2004, Time: 0:46:46, Ronald on xxxxxxxx
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 2
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
The file C:\Documents and
Settings\Ronald\.jpi_cache\jar\1.0\classload.jar-10ffa0b5-33193c73.zip
is infected with the Trojan.ByteVerify virus.
The file was quarantined.
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
The compressed file GetAccess.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\classload.jar-10ffa0b5-33193c73.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
The compressed file InsecureClassLoader.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\classload.jar-10ffa0b5-33193c73.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
The compressed file Installer.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\classload.jar-10ffa0b5-33193c73.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 111764
Infected: 4
Repaired: 0
Quar'ed: 1
Deleted: 0
Date: 8/25/2004, Time: 0:57:06, Ronald on xxxxxxxx
Virus scan started.
Date: 8/25/2004, Time: 1:03:40, Ronald on xxxxxxxx
Virus scan canceled.
had five trojan.byte.verify viruses. When I tried to clean them it could
only erase two. 3 refused to be removed or quarantined.
Then I got latest definitions (8-20-04) and ran full scan again. This
time it showed 4 trojan byte viruses and I was able to quarantine only
1. I ran a full scan again this time it showed NO VIRUSES.
Neither did my secondary program AVG.
But I then went in and saw that two of those infected files were still
in there but with an idx instead of zip extension. I then manually
deleted them.
I also noticed that one of the files(or folders) Norton reports
'C:\Documents and Settings\Ronald\JPI_CA~1' doesn't exist on my PC
altogether. The .jpi_cache folder is there. I have hidden files revealed
in my settings.
I have Windows XP. I have all Microsoft critical updates installed
before this incident(with the exception of the controversial SP2
update). Why would Norton tell me there are no viruses when it just told
me I have several unremovable ones?
Norton AV report:
------
Date: 8/24/2004, Time: 23:21:24, Ronald on xxxxxxxx
Virus scan started.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The compressed file Dummy.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\classload.jar-10ffa0b5-33193c73.zip is
infected with the Trojan.ByteVerify virus.
The file was quarantined.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The file C:\Documents and
Settings\Ronald\.jpi_cache\jar\1.0\counter.jar-5a966237-3fdb9d30.zip is
infected with the Trojan.ByteVerify virus.The file was quarantined.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The compressed file counter.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\counter.jar-5a966237-3fdb9d30.zip is
infected with the Trojan.ByteVerify virus.
The file was quarantined.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The compressed file VerifierBug.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\counter.jar-5a966237-3fdb9d30.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
The compressed file Dummy.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\counter.jar-5a966237-3fdb9d30.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/24/2004, Time: 23:56:10, Ronald on xxxxxxxx
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 111764
Infected: 5
Repaired: 0
Quar'ed: 3
Deleted: 0
Date: 8/25/2004, Time: 0:01:40, Ronald on xxxxxxxx
Virus scan started.
Date: 8/25/2004, Time: 0:46:26, Ronald on xxxxxxxx
Virus scan started.
Date: 8/25/2004, Time: 0:46:26, Ronald on xxxxxxxx
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 2
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Date: 8/25/2004, Time: 0:46:46, Ronald on xxxxxxxx
Virus scan started.
Date: 8/25/2004, Time: 0:46:46, Ronald on xxxxxxxx
Virus scanning completed.
Master boot records:
Scanned: 0
Infected: 0
Repaired: 0
Boot records:
Scanned: 0
Infected: 0
Repaired: 0
Files:
Scanned: 2
Infected: 0
Repaired: 0
Quar'ed: 0
Deleted: 0
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
The file C:\Documents and
Settings\Ronald\.jpi_cache\jar\1.0\classload.jar-10ffa0b5-33193c73.zip
is infected with the Trojan.ByteVerify virus.
The file was quarantined.
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
The compressed file GetAccess.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\classload.jar-10ffa0b5-33193c73.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
The compressed file InsecureClassLoader.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\classload.jar-10ffa0b5-33193c73.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
The compressed file Installer.class within C:\Documents and
Settings\Ronald\JPI_CA~1\jar\1.0\classload.jar-10ffa0b5-33193c73.zip is
infected with the Trojan.ByteVerify virus.
Unable to delete the file.
Date: 8/25/2004, Time: 0:49:24, Ronald on xxxxxxxx
Virus scanning completed.
Master boot records:
Scanned: 1
Infected: 0
Repaired: 0
Boot records:
Scanned: 1
Infected: 0
Repaired: 0
Files:
Scanned: 111764
Infected: 4
Repaired: 0
Quar'ed: 1
Deleted: 0
Date: 8/25/2004, Time: 0:57:06, Ronald on xxxxxxxx
Virus scan started.
Date: 8/25/2004, Time: 1:03:40, Ronald on xxxxxxxx
Virus scan canceled.