virus\trojan help. dissertation due in tomorrow aarrgh

[Guest]

Hi not an expert or anything, i run avg scan yestersay as my computer was
running really slow, it detected a virus called Java/byteVerify, it would
not clean this for me. i was advised to go to the location of the file and
delete this, i did and emptied the recycle bin but it is still really slow,
can anyone help as i havent got a clue?

 

[David H. Lipman]

From: "nickynfal" <[email protected]>

| Hi not an expert or anything, i run avg scan yestersay as my computer was
| running really slow, it detected a virus called Java/byteVerify, it would
| not clean this for me. i was advised to go to the location of the file and
| delete this, i did and emptied the recycle bin but it is still really slow,
| can anyone help as i havent got a clue?


There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of the Mozilla FireFox Cache
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

4) Download TrendMicro Sysclean by one of the following 2 methods

Trend Sysclean Method 1
---------------------------------------
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt609.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

5) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
6) Reboot your PC into Safe Mode and shutdown as many applications as possible.
7) Using Trend Sysclean utility, perform a Full Scan of your platform and clean/delete
any infectors/parasites found.
(a few cycles may be needed)
8) Restart your PC and perform a "final" Full Scan of your platform using the
Trend Sysclean utility.
9) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
10) Reboot your PC.
11) Create a new Restore point

* * * Please report back your results * * *

 

[James Fabulous]

The best way to clean this one is to boot into safe mode and run a full
virus scan. You'll also want to right-click 'My Computer' choose the System
Restore tab and check the 'Turn Off System Restore' chcek box and click
Apply and/ or OK.
http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
will explain how to boot into safe mode ( no plug - it's simply a widely
trusted site).

When you scan ensure that you scan 'all files' not just default files you
are likely to find the offending files in c:\documents and
settings\[username]\application
data\Sun\Java\Deployment\cache\javapi\v1.0\jar folder.

When you are completely done scanning and have booted back into normal mode
you can turn on System restore by following the instructions above and
removing the check you placed earlier.

-JF

 

[David H. Lipman]

From: "James Fabulous" <[email protected]>

| The best way to clean this one is to boot into safe mode and run a full
| virus scan. You'll also want to right-click 'My Computer' choose the System
| Restore tab and check the 'Turn Off System Restore' chcek box and click
| Apply and/ or OK.
|
http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
| will explain how to boot into safe mode ( no plug - it's simply a widely
| trusted site).
|
| When you scan ensure that you scan 'all files' not just default files you
| are likely to find the offending files in c:\documents and
| settings\[username]\application
| data\Sun\Java\Deployment\cache\javapi\v1.0\jar folder.
|
| When you are completely done scanning and have booted back into normal mode
| you can turn on System restore by following the instructions above and
| removing the check you placed earlier.
|
| -JF
|

James:

You are on the right track but not all the way there.

Java Trojans are usually found in .CLASS files in Java Jars. Java Jars are ZIP compressed
files and while a given AV application may be able to scan inside a ZIP file, AV
applications are NOT able extract all files in an archive file, delete the infected and then
re-compress the archive file. Therefore it is *best* to delete the archive file that is
found to have an infector.

With Java Trojans, they are often found in the Browser Cache and/or the Sun Java cache.
Therefore, the respective caches should be "cleared" (empty the caches of cached data) and
then scan the system with an AV scanner.