Trojanbyte.verify virus - constant attacks

  • Thread starter Thread starter Moe Hair
  • Start date Start date
M

Moe Hair

No matter how many times I reboot Windows 2000 in safe mode, run Norton Anti-
virus, clean my temp files, ran Ad-Aware, Spyblaster, and do a regedit search
to take out the thing manually, Norton still keeps detecting 2-3 copies at a
time.

Any suggestions?
 
No matter how many times I reboot Windows 2000 in safe mode, run Norton Anti-
virus, clean my temp files, ran Ad-Aware, Spyblaster, and do a regedit search
to take out the thing manually, Norton still keeps detecting 2-3 copies at a
time.
Click to expand...

Have you read this?:

http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

Have you applied the patch? Have you disabled Java in your browser? Do
you use a firewall? You're sure NAV isn't false alarming since the
registry, etc., indicate reinfection? You do reboot each time you
remove intrusive registry entries?


Art
http://www.epix.net/~artnpeg
 
Moe Hair said:
No matter how many times I reboot Windows 2000 in safe mode, run Norton Anti-
virus, clean my temp files, ran Ad-Aware, Spyblaster, and do a regedit search
to take out the thing manually, Norton still keeps detecting 2-3 copies at a
time.

Any suggestions?
Click to expand...

Update your Java virtual machine so that you aren't vulnerable
to that exploit. This won't stop stuff from getting into your temp
files, but you won't be vulnerable to attack.
 
Unfortunately, I've become too familiar with that Symantec bulletin.
So far it's been about 10 hours since the last virus bug was caught.
I have a firewall, but haven't disabled Java. The patch has been applied,
though. What's amazing is that I've just added Spysweeper to the arsenal and
that finds stuff that Ad-Aware doesn't.

(e-mail address removed) opened in
 
Moe Hair said:
Unfortunately, I've become too familiar with that Symantec bulletin.
So far it's been about 10 hours since the last virus bug was caught.
I have a firewall, but haven't disabled Java. The patch has been applied,
though. What's amazing is that I've just added Spysweeper to the arsenal and
that finds stuff that Ad-Aware doesn't.
Click to expand...
Thanks. I just aded it to my arsenal.

-*MORT*-
 
Moe,
The question is ....... where is NAV detecting these files?
If they are located in your cache, log on as Administrator and
delete the cache folders, not just the contents .......

How To: Delete the Internet Explorer Temporary Internet Files
http://www.mvps.org/winhelp2002/delcache.htm
--
The Coolwebsearch trojan uses that exploit ......

How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.
____________________________________________________________
Mike Burgess [MVP Windows Shell\User] http://www.mvps.org/winhelp2002/
Blocking Spyware, Adware, Parasites, Hijackers, Trojans, with a HOSTS file
http://www.mvps.org/winhelp2002/hosts.htm [updated 03-15-04]
Please post replies to this Newsgroup, email address is invalid
--
 
ttp://www.mvps.org/winhelp2002/delcache.htm
--
The Coolwebsearch trojan uses that exploit ......

How to remove Coolwebsearch and affiliates
http://mvps.org/winhelp2002/unwanted.htm#Coolwebsearch

Note: this type hijack indicates an unpatched machine, that is lacking
in "Defense". Please visit Windows Update to avoid these exploits.
Click to expand...

I think I've done most of this already. I used to manage an NT network
several years ago, and it seems that with the Win 2000 and later servers,
there's even more patches and downloads to be aware of, not to mention
running spyware and NAV software across the entire network.

If you're in the entertainment, advertising or fashion biz, and most of your
employees are searching the net all day (in a very risque fashion I may add),
you have to constantly be on your toes. The top execs in my last company
used to LOVE their porn, too! There were days where I would be sitting there
manually deleting viruses from notebook computers step by step (searches
through files and the registry), because Symantec didn't have a download for
it yet.
 
f they are located in your cache, log on as Administrator
Click to expand...

one more thing about the office these days - the more creative and
intellectual the personnel, the greater the chance they are bringing in zip
drives, portable drives, mp3 players, and other peripherals to attach to
their PC's during the day. Years ago, you would just have to worry that an
employee was bring in a 1.44 mg floppy!
 
Back
Top