Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / June 2006

Tip: Looking for answers? Try searching our database.

Virus in Java

Thread view: 
Enable EMail AlertsStart New Thread
Simon Carrington - 05 Jun 2006 18:45 GMT
My virus checker has found the following on my system, can anyone tell me
how to remove it, Im told there is a fix on windows.update but when I try
that im told me system is up todate, thanks in advance for any assistance

The Exploit/ByteVerify Virus was found in file C:\Documents and
Settings\Shazza\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4253870d-51ed4935.class

The Exploit/ByteVerify Virus was found in file C:\Documents and
Settings\Shazza\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-27ed3cdf.zip

The Exploit/ByteVerify Virus was found in file C:\Documents and
Settings\Shazza\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-27ed3cdf.zip

The Exploit/ByteVerify Virus was found in file C:\Documents and
Settings\Shazza\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-27ed3cdf.zip

The Exploit/ByteVerify Virus was found in file C:\Documents and
Settings\Shazza\Application
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-27ed3cdf.zip
Reply to this Message
IchBin - 05 Jun 2006 19:51 GMT
> My virus checker has found the following on my system, can anyone tell me
> how to remove it, Im told there is a fix on windows.update but when I try
[quoted text clipped - 19 lines]
> Settings\Shazza\Application
> Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-1f4eade4-27ed3cdf.zip

I do not have the answer. What I normally do is to Google for the Virus
and usually find a resolution. This is not a virus but a Trojan.

You will most likely be asked to run a program called HijackThis. This
will give all the information that will help in deleting these files.

I understand that to avoid this problem in the future, set you Java cash
to 0.

Sorry I could not be more specific but you will find that by using Google.

Thanks in Advance...
IchBin, Pocono Lake, Pa, USA
http://weconsultants.servebeer.com/JHackerAppManager
__________________________________________________________________________

'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor,  Regular Guy (1952-)
Reply to this Message
Thomas Hawtin - 06 Jun 2006 11:31 GMT
>> My virus checker has found the following on my system, can anyone tell
>> me how to remove it, Im told there is a fix on windows.update but when
[quoted text clipped - 4 lines]
>> Settings\Shazza\Application
>> Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4253870d-51ed4935.class

> I do not have the answer. What I normally do is to Google for the Virus
> and usually find a resolution. This is not a virus but a Trojan.

I don't think Trojan is a particularly good label for it - you don't
appear to need to accept that it is to be trusted. Presumably it does
not spread, so not a virus. But if you run an (unsigned) applet you
should expect to be safe (so long as your JRE is up to date).

> I understand that to avoid this problem in the future, set you Java cash
> to 0.

That will just stop it being reported. It wont stop you running it, you
just wont know about it.

The important point is that the file is just cached on your machine -
*it is not being reported as functioning*. So long as you have a
reasonably modern JRE (or no JRE at all), you should be okay.

> Sorry I could not be more specific but you will find that by using Google.

Googling is good. The virus checking tool even gives you some keywords
to go on. Understanding the pages returned might be more difficult.

Tom Hawtin
Signature

Unemployed English Java programmer
http://jroller.com/page/tackline/

Reply to this Message
IchBin - 06 Jun 2006 15:55 GMT
>>> My virus checker has found the following on my system, can anyone
>>> tell me how to remove it, Im told there is a fix on windows.update
[quoted text clipped - 12 lines]
> not spread, so not a virus. But if you run an (unsigned) applet you
> should expect to be safe (so long as your JRE is up to date).

I only call it a Trojan because it will not spread like a virus. Also
all of the references I have found on the Internet call it a Trojan. I
did not take the liberty to call it one by my own derived definition.

>> I understand that to avoid this problem in the future, set you Java
>> cash to 0.

I only mention this so that once the OP finds the files and deletes them
that by setting the cash to zero this will prevent this from happing
again. This is recommended again from what I found out on the Internet.

> That will just stop it being reported. It wont stop you running it, you
> just wont know about it.
[quoted text clipped - 5 lines]
>> Sorry I could not be more specific but you will find that by using
>> Google.

Most of the sites I found ask for some repost like the HijackThis
program and two other programs. From this they can determine which files
to delete. A lot of the references and recommendations are not very
foreword but some did give a satisfactory resolution.

> Googling is good. The virus checking tool even gives you some keywords
> to go on. Understanding the pages returned might be more difficult.
>
> Tom Hawtin

Thanks in Advance...
IchBin, Pocono Lake, Pa, USA
http://weconsultants.servebeer.com/JHackerAppManager
__________________________________________________________________________

'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor,  Regular Guy (1952-)
Reply to this Message
Thomas Hawtin - 06 Jun 2006 17:39 GMT
>>> I understand that to avoid this problem in the future, set you Java
>>> cash to 0.

[I've put the quoted text back into the correct order. -- th]

>> That will just stop it being reported. It wont stop you running it,
>> you just wont know about it.

> I only mention this so that once the OP finds the files and deletes them
> that by setting the cash to zero this will prevent this from happing
> again. This is recommended again from what I found out on the Internet.

That wont do anything to stop the hostile code working. It will just
mean that virus software wont come up with the inappropriate warnings.

Switching off the cache seems like a daft thing to do.

Tom Hawtin
Signature

Unemployed English Java programmer
http://jroller.com/page/tackline/

Reply to this Message
Oliver Wong - 06 Jun 2006 16:51 GMT
>>> Exploit/ByteVerify

> The important point is that the file is just cached on your machine - *it
> is not being reported as functioning*. So long as you have a reasonably
> modern JRE (or no JRE at all), you should be okay.

From what I saw on websites, this virus/trojab/whatever seems to be
exploiting flaws in the Microsoft JVM. Since AFAIK, MS has stopped making
updates for this JVM, users will never see a "Your JVM is out of date,
please update it" message.

So it might be worth mentioning that anyone who is using a Microsoft JVM
should probably uninstall it and replace it with a JVM from Sun:
http://java.sun.com/j2se/1.5.0/download.jsp (click on the "Download JRE"
option, not the "Download JDK" option).

   - Oliver
Reply to this Message
Oliver Wong - 06 Jun 2006 16:48 GMT
> My virus checker has found the following on my system, can anyone tell me
> how to remove it, Im told there is a fix on windows.update but when I try
[quoted text clipped - 3 lines]
> Settings\Shazza\Application
> Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4253870d-51ed4935.class
[...]

The patch from Microsoft to fix this is at
http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx

From there, click on "patch availability", and you should see a list of
links to download from, depending on whether you're using a Japanese copy of
Windows or not.

Note that the patch will make your system resilient to this
virus/trojan/whatever, but it won't actually delete the above mentioned
files for you.

   - Oliver
Reply to this Message
IchBin - 06 Jun 2006 17:18 GMT
>> My virus checker has found the following on my system, can anyone tell
>> me how to remove it, Im told there is a fix on windows.update but when
[quoted text clipped - 19 lines]
>
>    - Oliver

Thanks Oliver. I did find the fix at MS but did not mention because it
seem that the OP had checked their system and it was already applied.

Maybe not.

Thanks in Advance...
IchBin, Pocono Lake, Pa, USA
http://weconsultants.servebeer.com/JHackerAppManager
__________________________________________________________________________

'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor,  Regular Guy (1952-)
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.