Sign in with
Sign up | Sign in
Your question

Java Byte Verify virus

Last response: in Windows XP
Share
Anonymous
February 17, 2005 6:11:04 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I recently (stupidly) downloaded a few .exe files via a filesharing internet
program and I seem to have picked up the above. AVG antivirus detects it but
I can't delete it - it says it is an 'infected embedded object'?

I started the PC this morning and it halted itself with a message (can't
remember full details) saying something was trying to 'write to read only
memory'?? From my limited knowledge this sounds like a virus. I reset the PC
and it started OK.

Can anyone help me get rid of this one?

More about : java byte verify virus

February 17, 2005 8:04:15 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Billjones85 wrote:

> I recently (stupidly) downloaded a few .exe files via a filesharing
> internet program and I seem to have picked up the above. AVG antivirus
> detects it but I can't delete it - it says it is an 'infected embedded
> object'?
>
> I started the PC this morning and it halted itself with a message
> (can't remember full details) saying something was trying to 'write to
> read only memory'?? From my limited knowledge this sounds like a
> virus. I reset the PC and it started OK.
>
> Can anyone help me get rid of this one?

Start by running TrendMicro's Sysclean in Safe Mode:

TrendMicro's Sysclean is an extensive antivirus tool which has the
advantage of not needing to be installed. It requires two parts - the
scanning engine and the virus pattern files.

1. Create a new folder on your Desktop or the C: drive named something
useful like "Sysclean".
2. Go here and download the two parts of the program to that folder:

http://www.trendmicro.com/download/dcs.asp - Sysclean
http://www.trendmicro.com/download/pattern.asp - virus pattern files

The pattern files will be zipped - extract them with your unzipper (like
WinZip) or if you have XP, you can just open the folder. You need to
put the extracted files in the Sysclean folder you made.

3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
tapping the F8 key as the computer is starting up to get to the proper
menu.
4. Go to the Sysclean folder you made and double-click on sysclean.com.
Start the scan. After the scan is finished, look at the log. You may
need to make a note of where any viruses were found if they were not
able to be removed so you can manually delete them.

Then update AVG and do a full scan with it in Safe Mode.

After you've done that, continue to clean house by:

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions. (Obviously you will have already
done this.)

Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and About:Buster works well in removing the
About:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_downloa...
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
removing spyware
http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

General:
http://aumha.net - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke
--
MS MVP - Windows Shell/User
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
Anonymous
February 17, 2005 1:13:20 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java plug-in --> cache --> clear

3) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt416.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
5) Reboot your PC into Safe Mode then shutdown as many applications as possible.
6) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your platform
8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) Create a new Restore point


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html





"Billjones85" <Billjones85@discussions.microsoft.com> wrote in message
news:22E3F1A2-6B7C-451E-BCCF-D87D5CE2B40E@microsoft.com...
| I recently (stupidly) downloaded a few .exe files via a filesharing internet
| program and I seem to have picked up the above. AVG antivirus detects it but
| I can't delete it - it says it is an 'infected embedded object'?
|
| I started the PC this morning and it halted itself with a message (can't
| remember full details) saying something was trying to 'write to read only
| memory'?? From my limited knowledge this sounds like a virus. I reset the PC
| and it started OK.
|
| Can anyone help me get rid of this one?
Related resources
Anonymous
February 18, 2005 1:23:05 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi, try this NG, they might have some good suggestions
news://msnews.microsoft.com/microsoft.public.security.virus
Security - Viruses


"Billjones85" <Billjones85@discussions.microsoft.com> wrote in message
news:22E3F1A2-6B7C-451E-BCCF-D87D5CE2B40E@microsoft.com...
>I recently (stupidly) downloaded a few .exe files via a filesharing internet
> program and I seem to have picked up the above. AVG antivirus detects it but
> I can't delete it - it says it is an 'infected embedded object'?
>
> I started the PC this morning and it halted itself with a message (can't
> remember full details) saying something was trying to 'write to read only
> memory'?? From my limited knowledge this sounds like a virus. I reset the PC
> and it started OK.
>
> Can anyone help me get rid of this one?
Anonymous
March 30, 2005 5:45:10 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I'm having a similar problem as the other people but my AVG virus detector is
finding many, many javabyte/verify virus, not on the scan but as a regular
popup on the screen. I can't heal,delete or move them to the vault as it says
"Requested action is not available for this object" I am doing your
"Housecall" scan as we speak. My virus's are "found" in the
C:Windows\Temp\tmp files. I have cleared my Java cache and when that didn't
work I deleted the Java program(?) off the computer and this message is still
coming up.
I was comparing AVG against NAV before I get rid of one of these off my
computer and NAV is not even finding one occurence of this virus so whats
going on? Is it a real virus or not? If it is, should I be able to get rid of
it with the same message as the one below?

"Malke" wrote:

> Billjones85 wrote:
>
> > I recently (stupidly) downloaded a few .exe files via a filesharing
> > internet program and I seem to have picked up the above. AVG antivirus
> > detects it but I can't delete it - it says it is an 'infected embedded
> > object'?
> >
> > I started the PC this morning and it halted itself with a message
> > (can't remember full details) saying something was trying to 'write to
> > read only memory'?? From my limited knowledge this sounds like a
> > virus. I reset the PC and it started OK.
> >
> > Can anyone help me get rid of this one?
>
> Start by running TrendMicro's Sysclean in Safe Mode:
>
> TrendMicro's Sysclean is an extensive antivirus tool which has the
> advantage of not needing to be installed. It requires two parts - the
> scanning engine and the virus pattern files.
>
> 1. Create a new folder on your Desktop or the C: drive named something
> useful like "Sysclean".
> 2. Go here and download the two parts of the program to that folder:
>
> http://www.trendmicro.com/download/dcs.asp - Sysclean
> http://www.trendmicro.com/download/pattern.asp - virus pattern files
>
> The pattern files will be zipped - extract them with your unzipper (like
> WinZip) or if you have XP, you can just open the folder. You need to
> put the extracted files in the Sysclean folder you made.
>
> 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
> tapping the F8 key as the computer is starting up to get to the proper
> menu.
> 4. Go to the Sysclean folder you made and double-click on sysclean.com.
> Start the scan. After the scan is finished, look at the log. You may
> need to make a note of where any viruses were found if they were not
> able to be removed so you can manually delete them.
>
> Then update AVG and do a full scan with it in Safe Mode.
>
> After you've done that, continue to clean house by:
>
> 1) Scan in Safe Mode with current version (not earlier than 2004)
> antivirus using updated definitions. (Obviously you will have already
> done this.)
>
> Before you remove malware, get LSPFix (or WinSockFix for XP which you
> can get from MajorGeeks) - see links below.
>
> 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> programs are free, so use them both since they complement each other.
> There is a new version of CWShredder from Intermute. I would not
> install the other Intermute programs, however. Alternately, there are
> CoolWebSearch malware removal steps at SilentRunners.
>
> Be sure to update these programs before running, and it is a good idea
> to do virus/spyware scans in Safe Mode. Make sure you are able to see
> all hidden files and extensions (View tab in Folder Options).
>
> If the malware remains even after you used Ad-aware and Spybot, you can
> scan with HijackThis. HijackThis is an excellent tool to discover and
> disable hijackers, but it requires expert skill. See below for
> HijackThis links, including sites where you can post your HJT logs. A
> combination of HijackThis and About:Buster works well in removing the
> About:Blank homepage hijacker. Again, this is an expert tool and
> novices should get help with it.
>
> 3) If you are running Windows ME or XP, you should disable/enable System
> Restore after the system is clean because malware will be in the
> Restore Points. With ME, you must disable System Restore completely.
> With XP, you can delete all but the most recent (presumably clean)
> System Restore point from the More Options section of Disk Cleanup
> (Run>cleanmgr).
>
> 4) Make sure you've visited Windows Update and applied all security
> patches. Do not install driver updates from Windows Update.
>
> 5) Run a firewall.
>
> Links to help with malware:
>
> Software/Methods:
> http://www.safer-networking.org - Spybot Search & Destroy
> http://www.lavasoftusa.com - Ad-aware
> http://www.majorgeeks.com - good download site
> http://www.intermute.com/spysubtract/cwshredder_downloa...
> http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> removing spyware
> http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
>
> HijackThis:
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> Eshelman
> http://aumha.net - forums
> http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> forum
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> General:
> http://aumha.net - look under "Security" for various forums
> http://rgharper.mvps.org/cleanit.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://www.aumha.org/a/parasite.htm - The Parasite Fight
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
>
Anonymous
March 30, 2005 6:37:01 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Diane J" wrote:

> I'm having a similar problem as the other people but my AVG virus detector is
> finding many, many javabyte/verify virus, not on the scan but as a regular
> popup on the screen. I can't heal,delete or move them to the vault as it says
> "Requested action is not available for this object" I am doing your
> "Housecall" scan as we speak. My virus's are "found" in the
> C:Windows\Temp\tmp files. I have cleared my Java cache and when that didn't
> work I deleted the Java program(?) off the computer and this message is still
> coming up.
> I was comparing AVG against NAV before I get rid of one of these off my
> computer and NAV is not even finding one occurence of this virus so whats
> going on? Is it a real virus or not? If it is, should I be able to get rid of
> it with the same answer as the one below?
One more thing--I do have that patch on my computer but I probably have a
couple hundred of these virus messages popping up on a regular basis. Where
are they coming from, is there a backdoor open? and how do I stop them from
coming back in???



>
> "Malke" wrote:
>
> > Billjones85 wrote:
> >
> > > I recently (stupidly) downloaded a few .exe files via a filesharing
> > > internet program and I seem to have picked up the above. AVG antivirus
> > > detects it but I can't delete it - it says it is an 'infected embedded
> > > object'?
> > >
> > > I started the PC this morning and it halted itself with a message
> > > (can't remember full details) saying something was trying to 'write to
> > > read only memory'?? From my limited knowledge this sounds like a
> > > virus. I reset the PC and it started OK.
> > >
> > > Can anyone help me get rid of this one?
> >
> > Start by running TrendMicro's Sysclean in Safe Mode:
> >
> > TrendMicro's Sysclean is an extensive antivirus tool which has the
> > advantage of not needing to be installed. It requires two parts - the
> > scanning engine and the virus pattern files.
> >
> > 1. Create a new folder on your Desktop or the C: drive named something
> > useful like "Sysclean".
> > 2. Go here and download the two parts of the program to that folder:
> >
> > http://www.trendmicro.com/download/dcs.asp - Sysclean
> > http://www.trendmicro.com/download/pattern.asp - virus pattern files
> >
> > The pattern files will be zipped - extract them with your unzipper (like
> > WinZip) or if you have XP, you can just open the folder. You need to
> > put the extracted files in the Sysclean folder you made.
> >
> > 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
> > tapping the F8 key as the computer is starting up to get to the proper
> > menu.
> > 4. Go to the Sysclean folder you made and double-click on sysclean.com.
> > Start the scan. After the scan is finished, look at the log. You may
> > need to make a note of where any viruses were found if they were not
> > able to be removed so you can manually delete them.
> >
> > Then update AVG and do a full scan with it in Safe Mode.
> >
> > After you've done that, continue to clean house by:
> >
> > 1) Scan in Safe Mode with current version (not earlier than 2004)
> > antivirus using updated definitions. (Obviously you will have already
> > done this.)
> >
> > Before you remove malware, get LSPFix (or WinSockFix for XP which you
> > can get from MajorGeeks) - see links below.
> >
> > 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
> > programs are free, so use them both since they complement each other.
> > There is a new version of CWShredder from Intermute. I would not
> > install the other Intermute programs, however. Alternately, there are
> > CoolWebSearch malware removal steps at SilentRunners.
> >
> > Be sure to update these programs before running, and it is a good idea
> > to do virus/spyware scans in Safe Mode. Make sure you are able to see
> > all hidden files and extensions (View tab in Folder Options).
> >
> > If the malware remains even after you used Ad-aware and Spybot, you can
> > scan with HijackThis. HijackThis is an excellent tool to discover and
> > disable hijackers, but it requires expert skill. See below for
> > HijackThis links, including sites where you can post your HJT logs. A
> > combination of HijackThis and About:Buster works well in removing the
> > About:Blank homepage hijacker. Again, this is an expert tool and
> > novices should get help with it.
> >
> > 3) If you are running Windows ME or XP, you should disable/enable System
> > Restore after the system is clean because malware will be in the
> > Restore Points. With ME, you must disable System Restore completely.
> > With XP, you can delete all but the most recent (presumably clean)
> > System Restore point from the More Options section of Disk Cleanup
> > (Run>cleanmgr).
> >
> > 4) Make sure you've visited Windows Update and applied all security
> > patches. Do not install driver updates from Windows Update.
> >
> > 5) Run a firewall.
> >
> > Links to help with malware:
> >
> > Software/Methods:
> > http://www.safer-networking.org - Spybot Search & Destroy
> > http://www.lavasoftusa.com - Ad-aware
> > http://www.majorgeeks.com - good download site
> > http://www.intermute.com/spysubtract/cwshredder_downloa...
> > http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
> > http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
> > removing spyware
> > http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
> >
> > HijackThis:
> > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
> > Eshelman
> > http://aumha.net - forums
> > http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
> > forum
> > http://www.wilderssecurity.com/
> > http://forums.tomcoyote.org/
> >
> > General:
> > http://aumha.net - look under "Security" for various forums
> > http://rgharper.mvps.org/cleanit.htm
> > http://mvps.org/winhelp2002/unwanted.htm
> > http://www.aumha.org/a/parasite.htm - The Parasite Fight
> > http://www.spywarewarrior.com/rogue_anti-spyware.htm
> >
> > Malke
> > --
> > MS MVP - Windows Shell/User
> > Elephant Boy Computers
> > www.elephantboycomputers.com
> > "Don't Panic!"
> >
Anonymous
March 30, 2005 11:07:35 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

From: "Diane J" <DianeJ@discussions.microsoft.com>

| I'm having a similar problem as the other people but my AVG virus detector is
| finding many, many javabyte/verify virus, not on the scan but as a regular
| popup on the screen. I can't heal,delete or move them to the vault as it says
| "Requested action is not available for this object" I am doing your
| "Housecall" scan as we speak. My virus's are "found" in the
| C:Windows\Temp\tmp files. I have cleared my Java cache and when that didn't
| work I deleted the Java program(?) off the computer and this message is still
| coming up.
| I was comparing AVG against NAV before I get rid of one of these off my
| computer and NAV is not even finding one occurence of this virus so whats
| going on? Is it a real virus or not? If it is, should I be able to get rid of
| it with the same message as the one below?



1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

3) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Trend Sysclean Method 1
---------------------------------------
Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt524.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
The utility SYSCLEAN_FE in "Procedure F" at the following URL
http://www.ik-cs.com/got-a-virus.htm automates the download and execution process of the
Trend Sysclean Package.


4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
5) Reboot your PC into Safe Mode then shutdown as many applications as possible.
6) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your platform
8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) Create a new Restore point

* * Please report back your results * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
!