Java/ByteVerify virus

I have aquired this virus in: Jvb.class,MainApp.class &
proc[1].jar-c/documents and my virus scan can not heal it.
Was told I can get update from Windows to do so. Need to know what update I
need & also how to apply it.
I am not really computer literate.
Was downloading updates & got booted & now can not find the link to continue
doing it. Thanks for any help.Mary

Windows version?

> Was told I can get update from Windows to do so. Need to know what update
> I need & also how to apply it.

Install all critical and recommended updates.

How to configure and use Automatic Updates in Windows XP:
http://support.microsoft.com/?kbid=306525

To deal with Java/Byte-Verify:

1. Uninstall your current Java package via Add/Remove Programs.

2. Next, navigate to and delete:

C:\Program Files\Java <=this folder

3. Then go to http://www.java.com/en/download/manual.jsp and click the link
to download the Windows (Offline Installation) package: Save it, do NOT run
it.

4. When the download is complete, close the browser and install it.

If the problem persists: Control Panel > Java > General > Delete Temporary
Internet Files.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org


Grannimom wrote:
> I have aquired this virus in: Jvb.class,MainApp.class &
> proc[1].jar-c/documents and my virus scan can not heal it.
> Was told I can get update from Windows to do so. Need to know what update
> I need & also how to apply it.
> I am not really computer literate.
> Was downloading updates & got booted & now can not find the link to
> continue doing it. Thanks for any help.Mary

From: "PA Bear" <>

| Windows version?
|
>> Was told I can get update from Windows to do so. Need to know what update
>> I need & also how to apply it.
|
| Install all critical and recommended updates.
|
| How to configure and use Automatic Updates in Windows XP:
| http://support.microsoft.com/?kbid=306525
|
| To deal with Java/Byte-Verify:
|
| 1. Uninstall your current Java package via Add/Remove Programs.
|
| 2. Next, navigate to and delete:
|
| C:\Program Files\Java <=this folder
|
| 3. Then go to http://www.java.com/en/download/manual.jsp and click the link
| to download the Windows (Offline Installation) package: Save it, do NOT run
| it.
|
| 4. When the download is complete, close the browser and install it.
|
| If the problem persists: Control Panel > Java > General > Delete Temporary
| Internet Files.

Robear:

Unless it is a vulnerable version of Sun Java, there is no reason to remove the whole Java
software package. It should also be noted that removing the software won't remove the Java
Script Trojan !

Java script Trojans are found as .CLASS files outside of a Java Jar (ZIP type file) or
inside a a Java Jar.

If they are found in a .CLASS file outside a Java Jar, the AV software will remove the
..CLASS file without a problem.

If the AV software is enabled to "scan archive" files then the AV software can find .CLASS
files inside a Java Jar. The problem with AV software is they can decompress and scan
within an archive file, but they are unable to remove a file from within an archive file
(depending on the archive type). Either the AV software will have to delete the archive
file or it will just generate a notification and will do nothing with it. Most AV software
will tend to do anything with it and therefore all scans will continuously show the Trojan.

The following is an extract from a Mcafee Command Line Scanner log file...

C:\Documents and
Settings\cd23\.jpi_cache\jar\1.0\archive.jar-31686245-729d3073.zip\BINNY.CLASS ... Found the
JV/Shinwow trojan !!!
C:\Documents and
Settings\cd23\.jpi_cache\jar\1.0\loaderadv295.jar-37a25aad-40142848.zip\DUMMY.CLASS ...
Found the Exploit-ByteVerify trojan !!!
C:\Documents and
Settings\cd23\.jpi_cache\jar\1.0\loaderadv295.jar-37a25aad-40142848.zip\MATRIX.CLASS ...
Found the JV/Shinwow trojan !!!

The user has two choices...

1. Have Sun Java dump the cache
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings --> delete
files


2. Manually delete all ZIP files from...
C:\Documents and Settings\<USER_ACCOUNT>\.jpi_cache\jar\1.0\




--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

It is easy enough to disable Java caching in the Java console, which is
where the offending items sit..

--
Mike Hall
MVP - Windows Shell/User


"PA Bear" <> wrote in message
news:...
> Windows version?
>
>> Was told I can get update from Windows to do so. Need to know what update
>> I need & also how to apply it.
>
> Install all critical and recommended updates.
>
> How to configure and use Automatic Updates in Windows XP:
> http://support.microsoft.com/?kbid=306525
>
> To deal with Java/Byte-Verify:
>
> 1. Uninstall your current Java package via Add/Remove Programs.
>
> 2. Next, navigate to and delete:
>
> C:\Program Files\Java <=this folder
>
> 3. Then go to http://www.java.com/en/download/manual.jsp and click the
> link to download the Windows (Offline Installation) package: Save it, do
> NOT run it.
>
> 4. When the download is complete, close the browser and install it.
>
> If the problem persists: Control Panel > Java > General > Delete Temporary
> Internet Files.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>
>
> Grannimom wrote:
>> I have aquired this virus in: Jvb.class,MainApp.class &
>> proc[1].jar-c/documents and my virus scan can not heal it.
>> Was told I can get update from Windows to do so. Need to know what update
>> I need & also how to apply it.
>> I am not really computer literate.
>> Was downloading updates & got booted & now can not find the link to
>> continue doing it. Thanks for any help.Mary
>

Have you tried doing so in v1.5.0_06?
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org

Mike Hall (MS-MVP) wrote:
> It is easy enough to disable Java caching in the Java console, which is
> where the offending items sit..
>
>
> "PA Bear" <> wrote in message
> news:...
> > Windows version?
> >
> > > Was told I can get update from Windows to do so. Need to know what
> > > update I need & also how to apply it.
> >
> > Install all critical and recommended updates.
> >
> > How to configure and use Automatic Updates in Windows XP:
> > http://support.microsoft.com/?kbid=306525
> >
> > To deal with Java/Byte-Verify:
> >
> > 1. Uninstall your current Java package via Add/Remove Programs.
> >
> > 2. Next, navigate to and delete:
> >
> > C:\Program Files\Java <=this folder
> >
> > 3. Then go to http://www.java.com/en/download/manual.jsp and click the
> > link to download the Windows (Offline Installation) package: Save it, do
> > NOT run it.
> >
> > 4. When the download is complete, close the browser and install it.
> >
> > If the problem persists: Control Panel > Java > General > Delete
> > Temporary Internet Files.
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
> >
> >
> > Grannimom wrote:
> > > I have aquired this virus in: Jvb.class,MainApp.class &
> > > proc[1].jar-c/documents and my virus scan can not heal it.
> > > Was told I can get update from Windows to do so. Need to know what
> > > update I need & also how to apply it.
> > > I am not really computer literate.
> > > Was downloading updates & got booted & now can not find the link to
> > > continue doing it. Thanks for any help.Mary

From: "Mike Hall (MS-MVP)" <>

| It is easy enough to disable Java caching in the Java console, which is
| where the offending items sit..
|

That is clear the cache first, then disable the cache.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

I stand by my post to enable OP's best protection and to take care of the
Java/Byte-Verify notifications (assuming she's fully patched at WU).
--
~PA Bear

David H. Lipman wrote:
> From: "PA Bear" <>
>
> > Windows version?
> >
> > > Was told I can get update from Windows to do so. Need to know what
> > > update I need & also how to apply it.
> >
> > Install all critical and recommended updates.
> >
> > How to configure and use Automatic Updates in Windows XP:
> > http://support.microsoft.com/?kbid=306525
> >
> > To deal with Java/Byte-Verify:
> >
> > 1. Uninstall your current Java package via Add/Remove Programs.
> >
> > 2. Next, navigate to and delete:
> >
> > C:\Program Files\Java <=this folder
> >
> > 3. Then go to http://www.java.com/en/download/manual.jsp and click the
> > link to download the Windows (Offline Installation) package: Save it,
> > do NOT run it.
> >
> > 4. When the download is complete, close the browser and install it.
> >
> > If the problem persists: Control Panel > Java > General > Delete
> > Temporary Internet Files.
>
> Robear:
>
> Unless it is a vulnerable version of Sun Java, there is no reason to
> remove the whole Java software package. It should also be noted that
> removing the software won't remove the Java Script Trojan !
>
> Java script Trojans are found as .CLASS files outside of a Java Jar (ZIP
> type file) or inside a a Java Jar.
>
> If they are found in a .CLASS file outside a Java Jar, the AV software
> will remove the .CLASS file without a problem.
>
> If the AV software is enabled to "scan archive" files then the AV
> software can find .CLASS files inside a Java Jar. The problem with AV
> software is they can decompress and scan within an archive file, but they
> are unable to remove a file from within an archive file (depending on the
> archive type). Either the AV software will have to delete the archive
> file or it will just generate a notification and will do nothing with it.
> Most AV software will tend to do anything with it and therefore all scans
> will continuously show the Trojan.
>
> The following is an extract from a Mcafee Command Line Scanner log file...
>
> C:\Documents and
> Settings\cd23\.jpi_cache\jar\1.0\archive.jar-31686245-729d3073.zip\BINNY.CLASS
> ... Found the JV/Shinwow trojan !!!
> C:\Documents and
> Settings\cd23\.jpi_cache\jar\1.0\loaderadv295.jar-37a25aad-40142848.zip\DUMMY.CLASS
> ... Found the Exploit-ByteVerify trojan !!!
> C:\Documents and
> Settings\cd23\.jpi_cache\jar\1.0\loaderadv295.jar-37a25aad-40142848.zip\MATRIX.CLASS
> ... Found the JV/Shinwow trojan !!!
>
> The user has two choices...
>
> 1. Have Sun Java dump the cache
> Start --> settings --> control panel --> Java applet --> cache --> clear
> or
> Start --> settings --> control panel --> Java applet --> general -->
> settings --> delete files
>
>
> 2. Manually delete all ZIP files from...
> C:\Documents and Settings\<USER_ACCOUNT>\.jpi_cache\jar\1.0\

From: "PA Bear" <>

| I stand by my post to enable OP's best protection and to take care of the
| Java/Byte-Verify notifications (assuming she's fully patched at WU).

No offense... I just think there could be an improvement on the post.

For example. If the version of Sun Java is up to date. Why remove it ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Robear

Open the Java Control Panel.. use the 'delete files' to clear the cache
ensuring that all three boxes are checked, then go into 'Settings' - view
applets.. at the bottom left corner uncheck 'enable caching'.. ok out of
there..

Job done.. and yes, that is for version 1.5.0_06..

--
Mike Hall
MVP - Windows Shell/User


"PA Bear" <> wrote in message
news:%...
> Have you tried doing so in v1.5.0_06?
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>
> Mike Hall (MS-MVP) wrote:
>> It is easy enough to disable Java caching in the Java console, which is
>> where the offending items sit..
>>
>>
>> "PA Bear" <> wrote in message
>> news:...
>> > Windows version?
>> >
>> > > Was told I can get update from Windows to do so. Need to know what
>> > > update I need & also how to apply it.
>> >
>> > Install all critical and recommended updates.
>> >
>> > How to configure and use Automatic Updates in Windows XP:
>> > http://support.microsoft.com/?kbid=306525
>> >
>> > To deal with Java/Byte-Verify:
>> >
>> > 1. Uninstall your current Java package via Add/Remove Programs.
>> >
>> > 2. Next, navigate to and delete:
>> >
>> > C:\Program Files\Java <=this folder
>> >
>> > 3. Then go to http://www.java.com/en/download/manual.jsp and click the
>> > link to download the Windows (Offline Installation) package: Save it,
>> > do
>> > NOT run it.
>> >
>> > 4. When the download is complete, close the browser and install it.
>> >
>> > If the problem persists: Control Panel > Java > General > Delete
>> > Temporary Internet Files.
>> > --
>> > ~Robear Dyer (PA Bear)
>> > MS MVP-Windows (IE/OE, Shell/User, Security), Aumha.org VSOP, DTS-L.org
>> >
>> >
>> > Grannimom wrote:
>> > > I have aquired this virus in: Jvb.class,MainApp.class &
>> > > proc[1].jar-c/documents and my virus scan can not heal it.
>> > > Was told I can get update from Windows to do so. Need to know what
>> > > update I need & also how to apply it.
>> > > I am not really computer literate.
>> > > Was downloading updates & got booted & now can not find the link to
>> > > continue doing it. Thanks for any help.Mary
>

David H. Lipman wrote:
> > I stand by my post to enable OP's best protection and to take care of
> > the Java/Byte-Verify notifications (assuming she's fully patched at WU).
>
> No offense... I just think there could be an improvement on the post.
>
> For example. If the version of Sun Java is up to date. Why remove it ?

CrystalBall© tells me hers is not up-to-date [OK, so shoot me], so she /may/
be vulnerable to your all-time favorite, Vundo/Winfixer! <VBEG>
--
~PA Bear