Java Byte Verify virus

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I recently (stupidly) downloaded a few .exe files via a filesharing internet
program and I seem to have picked up the above. AVG antivirus detects it but
I can't delete it - it says it is an 'infected embedded object'?

I started the PC this morning and it halted itself with a message (can't
remember full details) saying something was trying to 'write to read only
memory'?? From my limited knowledge this sounds like a virus. I reset the PC
and it started OK.

Can anyone help me get rid of this one?
6 answers Last reply
More about java byte verify virus
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Billjones85 wrote:

    > I recently (stupidly) downloaded a few .exe files via a filesharing
    > internet program and I seem to have picked up the above. AVG antivirus
    > detects it but I can't delete it - it says it is an 'infected embedded
    > object'?
    >
    > I started the PC this morning and it halted itself with a message
    > (can't remember full details) saying something was trying to 'write to
    > read only memory'?? From my limited knowledge this sounds like a
    > virus. I reset the PC and it started OK.
    >
    > Can anyone help me get rid of this one?

    Start by running TrendMicro's Sysclean in Safe Mode:

    TrendMicro's Sysclean is an extensive antivirus tool which has the
    advantage of not needing to be installed. It requires two parts - the
    scanning engine and the virus pattern files.

    1. Create a new folder on your Desktop or the C: drive named something
    useful like "Sysclean".
    2. Go here and download the two parts of the program to that folder:

    http://www.trendmicro.com/download/dcs.asp - Sysclean
    http://www.trendmicro.com/download/pattern.asp - virus pattern files

    The pattern files will be zipped - extract them with your unzipper (like
    WinZip) or if you have XP, you can just open the folder. You need to
    put the extracted files in the Sysclean folder you made.

    3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
    tapping the F8 key as the computer is starting up to get to the proper
    menu.
    4. Go to the Sysclean folder you made and double-click on sysclean.com.
    Start the scan. After the scan is finished, look at the log. You may
    need to make a note of where any viruses were found if they were not
    able to be removed so you can manually delete them.

    Then update AVG and do a full scan with it in Safe Mode.

    After you've done that, continue to clean house by:

    1) Scan in Safe Mode with current version (not earlier than 2004)
    antivirus using updated definitions. (Obviously you will have already
    done this.)

    Before you remove malware, get LSPFix (or WinSockFix for XP which you
    can get from MajorGeeks) - see links below.

    2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
    programs are free, so use them both since they complement each other.
    There is a new version of CWShredder from Intermute. I would not
    install the other Intermute programs, however. Alternately, there are
    CoolWebSearch malware removal steps at SilentRunners.

    Be sure to update these programs before running, and it is a good idea
    to do virus/spyware scans in Safe Mode. Make sure you are able to see
    all hidden files and extensions (View tab in Folder Options).

    If the malware remains even after you used Ad-aware and Spybot, you can
    scan with HijackThis. HijackThis is an excellent tool to discover and
    disable hijackers, but it requires expert skill. See below for
    HijackThis links, including sites where you can post your HJT logs. A
    combination of HijackThis and About:Buster works well in removing the
    About:Blank homepage hijacker. Again, this is an expert tool and
    novices should get help with it.

    3) If you are running Windows ME or XP, you should disable/enable System
    Restore after the system is clean because malware will be in the
    Restore Points. With ME, you must disable System Restore completely.
    With XP, you can delete all but the most recent (presumably clean)
    System Restore point from the More Options section of Disk Cleanup
    (Run>cleanmgr).

    4) Make sure you've visited Windows Update and applied all security
    patches. Do not install driver updates from Windows Update.

    5) Run a firewall.

    Links to help with malware:

    Software/Methods:
    http://www.safer-networking.org - Spybot Search & Destroy
    http://www.lavasoftusa.com - Ad-aware
    http://www.majorgeeks.com - good download site
    http://www.intermute.com/spysubtract/cwshredder_download.html
    http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
    http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
    removing spyware
    http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe

    HijackThis:
    http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    Eshelman
    http://aumha.net - forums
    http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
    forum
    http://www.wilderssecurity.com/
    http://forums.tomcoyote.org/

    General:
    http://aumha.net - look under "Security" for various forums
    http://rgharper.mvps.org/cleanit.htm
    http://mvps.org/winhelp2002/unwanted.htm
    http://www.aumha.org/a/parasite.htm - The Parasite Fight
    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    Malke
    --
    MS MVP - Windows Shell/User
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    1) Dump the contents of your IE cache -
    Start --> settings --> control panel --> Internet options --> delete files

    2) Dump the contents of your Sun Java cache -
    Start --> settings --> control panel --> Java plug-in --> cache --> clear

    3) Download the following two items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend signature files.
    http://www.trendmicro.com/download/pattern.asp

    Create a directory.
    On drive "C:\"
    (e.g., "c:\New Folder")
    or the desktop
    (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

    Download SYSCLEAN.COM and place it in that directory.
    Download the Trend Pattern File by obtaining the ZIP file.
    For example; lpt416.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    SYSCLEAN.COM .

    4) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    5) Reboot your PC into Safe Mode then shutdown as many applications as possible.
    6) Using the Trend Sysclean utility, perform a Full Scan of your platform and
    clean/delete any infectors found
    7) Restart your PC and perform a "final" Full Scan of your platform
    8) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    9) Reboot your PC.
    10) Create a new Restore point


    * * * Please report back your results * * *

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html


    "Billjones85" <Billjones85@discussions.microsoft.com> wrote in message
    news:22E3F1A2-6B7C-451E-BCCF-D87D5CE2B40E@microsoft.com...
    | I recently (stupidly) downloaded a few .exe files via a filesharing internet
    | program and I seem to have picked up the above. AVG antivirus detects it but
    | I can't delete it - it says it is an 'infected embedded object'?
    |
    | I started the PC this morning and it halted itself with a message (can't
    | remember full details) saying something was trying to 'write to read only
    | memory'?? From my limited knowledge this sounds like a virus. I reset the PC
    | and it started OK.
    |
    | Can anyone help me get rid of this one?
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi, try this NG, they might have some good suggestions
    news://msnews.microsoft.com/microsoft.public.security.virus
    Security - Viruses


    "Billjones85" <Billjones85@discussions.microsoft.com> wrote in message
    news:22E3F1A2-6B7C-451E-BCCF-D87D5CE2B40E@microsoft.com...
    >I recently (stupidly) downloaded a few .exe files via a filesharing internet
    > program and I seem to have picked up the above. AVG antivirus detects it but
    > I can't delete it - it says it is an 'infected embedded object'?
    >
    > I started the PC this morning and it halted itself with a message (can't
    > remember full details) saying something was trying to 'write to read only
    > memory'?? From my limited knowledge this sounds like a virus. I reset the PC
    > and it started OK.
    >
    > Can anyone help me get rid of this one?
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I'm having a similar problem as the other people but my AVG virus detector is
    finding many, many javabyte/verify virus, not on the scan but as a regular
    popup on the screen. I can't heal,delete or move them to the vault as it says
    "Requested action is not available for this object" I am doing your
    "Housecall" scan as we speak. My virus's are "found" in the
    C:Windows\Temp\tmp files. I have cleared my Java cache and when that didn't
    work I deleted the Java program(?) off the computer and this message is still
    coming up.
    I was comparing AVG against NAV before I get rid of one of these off my
    computer and NAV is not even finding one occurence of this virus so whats
    going on? Is it a real virus or not? If it is, should I be able to get rid of
    it with the same message as the one below?

    "Malke" wrote:

    > Billjones85 wrote:
    >
    > > I recently (stupidly) downloaded a few .exe files via a filesharing
    > > internet program and I seem to have picked up the above. AVG antivirus
    > > detects it but I can't delete it - it says it is an 'infected embedded
    > > object'?
    > >
    > > I started the PC this morning and it halted itself with a message
    > > (can't remember full details) saying something was trying to 'write to
    > > read only memory'?? From my limited knowledge this sounds like a
    > > virus. I reset the PC and it started OK.
    > >
    > > Can anyone help me get rid of this one?
    >
    > Start by running TrendMicro's Sysclean in Safe Mode:
    >
    > TrendMicro's Sysclean is an extensive antivirus tool which has the
    > advantage of not needing to be installed. It requires two parts - the
    > scanning engine and the virus pattern files.
    >
    > 1. Create a new folder on your Desktop or the C: drive named something
    > useful like "Sysclean".
    > 2. Go here and download the two parts of the program to that folder:
    >
    > http://www.trendmicro.com/download/dcs.asp - Sysclean
    > http://www.trendmicro.com/download/pattern.asp - virus pattern files
    >
    > The pattern files will be zipped - extract them with your unzipper (like
    > WinZip) or if you have XP, you can just open the folder. You need to
    > put the extracted files in the Sysclean folder you made.
    >
    > 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
    > tapping the F8 key as the computer is starting up to get to the proper
    > menu.
    > 4. Go to the Sysclean folder you made and double-click on sysclean.com.
    > Start the scan. After the scan is finished, look at the log. You may
    > need to make a note of where any viruses were found if they were not
    > able to be removed so you can manually delete them.
    >
    > Then update AVG and do a full scan with it in Safe Mode.
    >
    > After you've done that, continue to clean house by:
    >
    > 1) Scan in Safe Mode with current version (not earlier than 2004)
    > antivirus using updated definitions. (Obviously you will have already
    > done this.)
    >
    > Before you remove malware, get LSPFix (or WinSockFix for XP which you
    > can get from MajorGeeks) - see links below.
    >
    > 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
    > programs are free, so use them both since they complement each other.
    > There is a new version of CWShredder from Intermute. I would not
    > install the other Intermute programs, however. Alternately, there are
    > CoolWebSearch malware removal steps at SilentRunners.
    >
    > Be sure to update these programs before running, and it is a good idea
    > to do virus/spyware scans in Safe Mode. Make sure you are able to see
    > all hidden files and extensions (View tab in Folder Options).
    >
    > If the malware remains even after you used Ad-aware and Spybot, you can
    > scan with HijackThis. HijackThis is an excellent tool to discover and
    > disable hijackers, but it requires expert skill. See below for
    > HijackThis links, including sites where you can post your HJT logs. A
    > combination of HijackThis and About:Buster works well in removing the
    > About:Blank homepage hijacker. Again, this is an expert tool and
    > novices should get help with it.
    >
    > 3) If you are running Windows ME or XP, you should disable/enable System
    > Restore after the system is clean because malware will be in the
    > Restore Points. With ME, you must disable System Restore completely.
    > With XP, you can delete all but the most recent (presumably clean)
    > System Restore point from the More Options section of Disk Cleanup
    > (Run>cleanmgr).
    >
    > 4) Make sure you've visited Windows Update and applied all security
    > patches. Do not install driver updates from Windows Update.
    >
    > 5) Run a firewall.
    >
    > Links to help with malware:
    >
    > Software/Methods:
    > http://www.safer-networking.org - Spybot Search & Destroy
    > http://www.lavasoftusa.com - Ad-aware
    > http://www.majorgeeks.com - good download site
    > http://www.intermute.com/spysubtract/cwshredder_download.html
    > http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
    > http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
    > removing spyware
    > http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
    >
    > HijackThis:
    > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    > Eshelman
    > http://aumha.net - forums
    > http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
    > forum
    > http://www.wilderssecurity.com/
    > http://forums.tomcoyote.org/
    >
    > General:
    > http://aumha.net - look under "Security" for various forums
    > http://rgharper.mvps.org/cleanit.htm
    > http://mvps.org/winhelp2002/unwanted.htm
    > http://www.aumha.org/a/parasite.htm - The Parasite Fight
    > http://www.spywarewarrior.com/rogue_anti-spyware.htm
    >
    > Malke
    > --
    > MS MVP - Windows Shell/User
    > Elephant Boy Computers
    > www.elephantboycomputers.com
    > "Don't Panic!"
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Diane J" wrote:

    > I'm having a similar problem as the other people but my AVG virus detector is
    > finding many, many javabyte/verify virus, not on the scan but as a regular
    > popup on the screen. I can't heal,delete or move them to the vault as it says
    > "Requested action is not available for this object" I am doing your
    > "Housecall" scan as we speak. My virus's are "found" in the
    > C:Windows\Temp\tmp files. I have cleared my Java cache and when that didn't
    > work I deleted the Java program(?) off the computer and this message is still
    > coming up.
    > I was comparing AVG against NAV before I get rid of one of these off my
    > computer and NAV is not even finding one occurence of this virus so whats
    > going on? Is it a real virus or not? If it is, should I be able to get rid of
    > it with the same answer as the one below?
    One more thing--I do have that patch on my computer but I probably have a
    couple hundred of these virus messages popping up on a regular basis. Where
    are they coming from, is there a backdoor open? and how do I stop them from
    coming back in???


    >
    > "Malke" wrote:
    >
    > > Billjones85 wrote:
    > >
    > > > I recently (stupidly) downloaded a few .exe files via a filesharing
    > > > internet program and I seem to have picked up the above. AVG antivirus
    > > > detects it but I can't delete it - it says it is an 'infected embedded
    > > > object'?
    > > >
    > > > I started the PC this morning and it halted itself with a message
    > > > (can't remember full details) saying something was trying to 'write to
    > > > read only memory'?? From my limited knowledge this sounds like a
    > > > virus. I reset the PC and it started OK.
    > > >
    > > > Can anyone help me get rid of this one?
    > >
    > > Start by running TrendMicro's Sysclean in Safe Mode:
    > >
    > > TrendMicro's Sysclean is an extensive antivirus tool which has the
    > > advantage of not needing to be installed. It requires two parts - the
    > > scanning engine and the virus pattern files.
    > >
    > > 1. Create a new folder on your Desktop or the C: drive named something
    > > useful like "Sysclean".
    > > 2. Go here and download the two parts of the program to that folder:
    > >
    > > http://www.trendmicro.com/download/dcs.asp - Sysclean
    > > http://www.trendmicro.com/download/pattern.asp - virus pattern files
    > >
    > > The pattern files will be zipped - extract them with your unzipper (like
    > > WinZip) or if you have XP, you can just open the folder. You need to
    > > put the extracted files in the Sysclean folder you made.
    > >
    > > 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
    > > tapping the F8 key as the computer is starting up to get to the proper
    > > menu.
    > > 4. Go to the Sysclean folder you made and double-click on sysclean.com.
    > > Start the scan. After the scan is finished, look at the log. You may
    > > need to make a note of where any viruses were found if they were not
    > > able to be removed so you can manually delete them.
    > >
    > > Then update AVG and do a full scan with it in Safe Mode.
    > >
    > > After you've done that, continue to clean house by:
    > >
    > > 1) Scan in Safe Mode with current version (not earlier than 2004)
    > > antivirus using updated definitions. (Obviously you will have already
    > > done this.)
    > >
    > > Before you remove malware, get LSPFix (or WinSockFix for XP which you
    > > can get from MajorGeeks) - see links below.
    > >
    > > 2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
    > > programs are free, so use them both since they complement each other.
    > > There is a new version of CWShredder from Intermute. I would not
    > > install the other Intermute programs, however. Alternately, there are
    > > CoolWebSearch malware removal steps at SilentRunners.
    > >
    > > Be sure to update these programs before running, and it is a good idea
    > > to do virus/spyware scans in Safe Mode. Make sure you are able to see
    > > all hidden files and extensions (View tab in Folder Options).
    > >
    > > If the malware remains even after you used Ad-aware and Spybot, you can
    > > scan with HijackThis. HijackThis is an excellent tool to discover and
    > > disable hijackers, but it requires expert skill. See below for
    > > HijackThis links, including sites where you can post your HJT logs. A
    > > combination of HijackThis and About:Buster works well in removing the
    > > About:Blank homepage hijacker. Again, this is an expert tool and
    > > novices should get help with it.
    > >
    > > 3) If you are running Windows ME or XP, you should disable/enable System
    > > Restore after the system is clean because malware will be in the
    > > Restore Points. With ME, you must disable System Restore completely.
    > > With XP, you can delete all but the most recent (presumably clean)
    > > System Restore point from the More Options section of Disk Cleanup
    > > (Run>cleanmgr).
    > >
    > > 4) Make sure you've visited Windows Update and applied all security
    > > patches. Do not install driver updates from Windows Update.
    > >
    > > 5) Run a firewall.
    > >
    > > Links to help with malware:
    > >
    > > Software/Methods:
    > > http://www.safer-networking.org - Spybot Search & Destroy
    > > http://www.lavasoftusa.com - Ad-aware
    > > http://www.majorgeeks.com - good download site
    > > http://www.intermute.com/spysubtract/cwshredder_download.html
    > > http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
    > > http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
    > > removing spyware
    > > http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe
    > >
    > > HijackThis:
    > > http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
    > > Eshelman
    > > http://aumha.net - forums
    > > http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
    > > forum
    > > http://www.wilderssecurity.com/
    > > http://forums.tomcoyote.org/
    > >
    > > General:
    > > http://aumha.net - look under "Security" for various forums
    > > http://rgharper.mvps.org/cleanit.htm
    > > http://mvps.org/winhelp2002/unwanted.htm
    > > http://www.aumha.org/a/parasite.htm - The Parasite Fight
    > > http://www.spywarewarrior.com/rogue_anti-spyware.htm
    > >
    > > Malke
    > > --
    > > MS MVP - Windows Shell/User
    > > Elephant Boy Computers
    > > www.elephantboycomputers.com
    > > "Don't Panic!"
    > >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Diane J" <DianeJ@discussions.microsoft.com>

    | I'm having a similar problem as the other people but my AVG virus detector is
    | finding many, many javabyte/verify virus, not on the scan but as a regular
    | popup on the screen. I can't heal,delete or move them to the vault as it says
    | "Requested action is not available for this object" I am doing your
    | "Housecall" scan as we speak. My virus's are "found" in the
    | C:Windows\Temp\tmp files. I have cleared my Java cache and when that didn't
    | work I deleted the Java program(?) off the computer and this message is still
    | coming up.
    | I was comparing AVG against NAV before I get rid of one of these off my
    | computer and NAV is not even finding one occurence of this virus so whats
    | going on? Is it a real virus or not? If it is, should I be able to get rid of
    | it with the same message as the one below?


    1) Dump the contents of your IE cache -
    Start --> settings --> control panel --> Internet options --> delete files

    2) Dump the contents of your Sun Java cache -
    Start --> settings --> control panel --> Java applet --> cache --> clear
    or
    Start --> settings --> control panel --> Java applet --> general --> settings -->
    delete files

    3) Download the following two items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend signature files.
    http://www.trendmicro.com/download/pattern.asp

    Trend Sysclean Method 1
    ---------------------------------------
    Create a directory.
    On drive "C:\"
    (e.g., "c:\sysclean")

    Download SYSCLEAN.COM and place it in that directory.
    Download the signature files (pattern files) by obtaining the ZIP file.
    For example; lpt524.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    SYSCLEAN.COM.

    Trend Sysclean Method 2
    ---------------------------------------
    The utility SYSCLEAN_FE in "Procedure F" at the following URL
    http://www.ik-cs.com/got-a-virus.htm automates the download and execution process of the
    Trend Sysclean Package.


    4) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    5) Reboot your PC into Safe Mode then shutdown as many applications as possible.
    6) Using the Trend Sysclean utility, perform a Full Scan of your platform and
    clean/delete any infectors found
    7) Restart your PC and perform a "final" Full Scan of your platform
    8) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    9) Reboot your PC.
    10) Create a new Restore point

    * * Please report back your results * *

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
Ask a new question

Read More

Windows XP