Sign in with
Sign up | Sign in
Your question

Trojan Worry XP Home

Tags:
  • Trojan
  • Norton
  • Windows XP
Last response: in Windows XP
Share
Anonymous
July 15, 2005 10:43:02 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello,
I have Norton Anti-virus installed and after a long session on the web this
evening
just to be safe I ran the Anti-virus in safe mode and it detected 4
infections.
Dummy.Class, Get Access.Class, Insecure Class Loader.Class, Installer.Class

All of the above were the Trojan. Byte Verify.

Norton couldn't repair so had me quarantine the 4 files which I have done.

My question is have I done enough or is there something else I should be
doing?

By quarantining am I to understand the infected file are still on my P.C.
but can't do any harm, should I remove them and in simple clear terms how do
I achieve this?

--
Sandal

More about : trojan worry home

Anonymous
July 16, 2005 4:09:24 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Is the machine fully up-to-date at Windows Update?

See http://forum.grisoft.cz/freeforum/read.php?4,10178,back...
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security


Sandal wrote:
> Hello,
> I have Norton Anti-virus installed and after a long session on the web
> this evening
> just to be safe I ran the Anti-virus in safe mode and it detected 4
> infections.
> Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
> Installer.Class
>
> All of the above were the Trojan. Byte Verify.
>
> Norton couldn't repair so had me quarantine the 4 files which I have done.
>
> My question is have I done enough or is there something else I should be
> doing?
>
> By quarantining am I to understand the infected file are still on my P.C.
> but can't do any harm, should I remove them and in simple clear terms how
> do I achieve this?
Anonymous
July 16, 2005 5:59:39 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Download, install, update and run all of the following.

Ad-Aware
http://www.lavasoftusa.com/software/adaware/

Spybot search and destroy
http://www.safer-networking.org/en/download/

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/details.aspx?FamilyI...



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Sandal" <Sandal@discussions.microsoft.com> wrote in message
news:FBC3A7BB-7BDF-42D6-AEDB-3C8213281FDA@microsoft.com...
> Hello,
> I have Norton Anti-virus installed and after a long session on the web
> this
> evening
> just to be safe I ran the Anti-virus in safe mode and it detected 4
> infections.
> Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
> Installer.Class
>
> All of the above were the Trojan. Byte Verify.
>
> Norton couldn't repair so had me quarantine the 4 files which I have done.
>
> My question is have I done enough or is there something else I should be
> doing?
>
> By quarantining am I to understand the infected file are still on my P.C.
> but can't do any harm, should I remove them and in simple clear terms how
> do
> I achieve this?
>
> --
> Sandal
Related resources
Anonymous
July 16, 2005 5:59:40 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello,

Thankyou for your response.

I'm all most ashamed to say I had the first two programes you mentioned
already installed and didn't think to run them.

So after updating I ran them and between them they came back with a stack
load of goodies.

What I didn't have was Microsoft's Beta Version, I installed that, ran it,
it too came back with a couple of results to be removed.

Hopefully my P.C. is now clean.

Many thanks
--
Sandal


"pcbutts1" wrote:

> Download, install, update and run all of the following.
>
> Ad-Aware
> http://www.lavasoftusa.com/software/adaware/
>
> Spybot search and destroy
> http://www.safer-networking.org/en/download/
>
> Microsoft Windows AntiSpyware (Beta1)
> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>
>
>
> --
>
>
> The best live web video on the internet http://www.seedsv.com/webdemo.htm
> NEW Embedded system W/Linux. We now sell DVR cards.
> See it all at http://www.seedsv.com/products.htm
> Sharpvision simply the best http://www.seedsv.com
>
>
>
> "Sandal" <Sandal@discussions.microsoft.com> wrote in message
> news:FBC3A7BB-7BDF-42D6-AEDB-3C8213281FDA@microsoft.com...
> > Hello,
> > I have Norton Anti-virus installed and after a long session on the web
> > this
> > evening
> > just to be safe I ran the Anti-virus in safe mode and it detected 4
> > infections.
> > Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
> > Installer.Class
> >
> > All of the above were the Trojan. Byte Verify.
> >
> > Norton couldn't repair so had me quarantine the 4 files which I have done.
> >
> > My question is have I done enough or is there something else I should be
> > doing?
> >
> > By quarantining am I to understand the infected file are still on my P.C.
> > but can't do any harm, should I remove them and in simple clear terms how
> > do
> > I achieve this?
> >
> > --
> > Sandal
>
>
>
Anonymous
July 16, 2005 7:55:01 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello,

Thankyou for your response.

Yes the P.C. is bang up to date as of early hours of this morning.
The scans found a barn full of spyware.

From my first post on the trojans the question still is by quarantining am I
to understand the infected file are still on my P.C. but can do no harm or
should I remove them, in simple clear terms how do I search for them
to achieve this?

--
Sandal


"PA Bear" wrote:

> Is the machine fully up-to-date at Windows Update?
>
> See http://forum.grisoft.cz/freeforum/read.php?4,10178,back...
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE) & Security
>
>
> Sandal wrote:
> > Hello,
> > I have Norton Anti-virus installed and after a long session on the web
> > this evening
> > just to be safe I ran the Anti-virus in safe mode and it detected 4
> > infections.
> > Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
> > Installer.Class
> >
> > All of the above were the Trojan. Byte Verify.
> >
> > Norton couldn't repair so had me quarantine the 4 files which I have done.
> >
> > My question is have I done enough or is there something else I should be
> > doing?
> >
> > By quarantining am I to understand the infected file are still on my P.C.
> > but can't do any harm, should I remove them and in simple clear terms how
> > do I achieve this?
>
>
Anonymous
July 16, 2005 9:06:02 AM

Archived from groups: microsoft.public.windowsxp.general (More info?)

You're Welcome.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Sandal" <Sandal@discussions.microsoft.com> wrote in message
news:053F94AB-3889-4F3A-BA4D-7C451DBE9C78@microsoft.com...
> Hello,
>
> Thankyou for your response.
>
> I'm all most ashamed to say I had the first two programes you mentioned
> already installed and didn't think to run them.
>
> So after updating I ran them and between them they came back with a stack
> load of goodies.
>
> What I didn't have was Microsoft's Beta Version, I installed that, ran it,
> it too came back with a couple of results to be removed.
>
> Hopefully my P.C. is now clean.
>
> Many thanks
> --
> Sandal
>
>
> "pcbutts1" wrote:
>
>> Download, install, update and run all of the following.
>>
>> Ad-Aware
>> http://www.lavasoftusa.com/software/adaware/
>>
>> Spybot search and destroy
>> http://www.safer-networking.org/en/download/
>>
>> Microsoft Windows AntiSpyware (Beta1)
>> http://www.microsoft.com/downloads/details.aspx?FamilyI...
>>
>>
>>
>> --
>>
>>
>> The best live web video on the internet http://www.seedsv.com/webdemo.htm
>> NEW Embedded system W/Linux. We now sell DVR cards.
>> See it all at http://www.seedsv.com/products.htm
>> Sharpvision simply the best http://www.seedsv.com
>>
>>
>>
>> "Sandal" <Sandal@discussions.microsoft.com> wrote in message
>> news:FBC3A7BB-7BDF-42D6-AEDB-3C8213281FDA@microsoft.com...
>> > Hello,
>> > I have Norton Anti-virus installed and after a long session on the web
>> > this
>> > evening
>> > just to be safe I ran the Anti-virus in safe mode and it detected 4
>> > infections.
>> > Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
>> > Installer.Class
>> >
>> > All of the above were the Trojan. Byte Verify.
>> >
>> > Norton couldn't repair so had me quarantine the 4 files which I have
>> > done.
>> >
>> > My question is have I done enough or is there something else I should
>> > be
>> > doing?
>> >
>> > By quarantining am I to understand the infected file are still on my
>> > P.C.
>> > but can't do any harm, should I remove them and in simple clear terms
>> > how
>> > do
>> > I achieve this?
>> >
>> > --
>> > Sandal
>>
>>
>>
Anonymous
July 16, 2005 1:23:43 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

From: "Sandal" <Sandal@discussions.microsoft.com>

| Hello,
| I have Norton Anti-virus installed and after a long session on the web this
| evening
| just to be safe I ran the Anti-virus in safe mode and it detected 4
| infections.
| Dummy.Class, Get Access.Class, Insecure Class Loader.Class, Installer.Class
|
| All of the above were the Trojan. Byte Verify.
|
| Norton couldn't repair so had me quarantine the 4 files which I have done.
|
| My question is have I done enough or is there something else I should be
| doing?
|
| By quarantining am I to understand the infected file are still on my P.C.
| but can't do any harm, should I remove them and in simple clear terms how do
| I achieve this?
|
| --
| Sandal

What you have are Java script Trojans in .CLASS files outside or .CLASS files inside Java
Jars (ZIP files). The best way to handle these types of Trojans is to dump the Browser and
Java caches. Trojans like the "Exploit-ByteVerify --
http://vil.nai.com/vil/content/v_100261.htm" take advantage of vulnerabilituies in the OS
and OS components. Therefore you *must* make sure you install *all* MS Critical Updates to
mitigate the exploitation attempts.

1) Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

3) Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings -->
delete files

The .CLASS files should be deleted not quarantined.

In addition, please perform the following after you dump the above caches...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
through your FireWall to allow them to download the needed AV vendor related files.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
Anonymous
July 16, 2005 1:45:36 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello,

Thankyou for your response.

Let me say it was a joy to receive clear advice from yourself and others who
have replied to my post.

I am not a P.C. whiz so this evening I will work through your advice step by
step and I will report back the results.
Many Thanks
--
Sandal


"David H. Lipman" wrote:

> From: "Sandal" <Sandal@discussions.microsoft.com>
>
> | Hello,
> | I have Norton Anti-virus installed and after a long session on the web this
> | evening
> | just to be safe I ran the Anti-virus in safe mode and it detected 4
> | infections.
> | Dummy.Class, Get Access.Class, Insecure Class Loader.Class, Installer.Class
> |
> | All of the above were the Trojan. Byte Verify.
> |
> | Norton couldn't repair so had me quarantine the 4 files which I have done.
> |
> | My question is have I done enough or is there something else I should be
> | doing?
> |
> | By quarantining am I to understand the infected file are still on my P.C.
> | but can't do any harm, should I remove them and in simple clear terms how do
> | I achieve this?
> |
> | --
> | Sandal
>
> What you have are Java script Trojans in .CLASS files outside or .CLASS files inside Java
> Jars (ZIP files). The best way to handle these types of Trojans is to dump the Browser and
> Java caches. Trojans like the "Exploit-ByteVerify --
> http://vil.nai.com/vil/content/v_100261.htm" take advantage of vulnerabilituies in the OS
> and OS components. Therefore you *must* make sure you install *all* MS Critical Updates to
> mitigate the exploitation attempts.
>
> 1) Dump the contents of your IE cache -
> Start --> settings --> control panel --> Internet options --> delete files
>
> 2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> Tools --> Options --> Privacy --> Cache --> Clear
>
> 3) Dump the contents of your Sun Java cache -
> Start --> settings --> control panel --> Java applet --> cache --> clear
> or
> Start --> settings --> control panel --> Java applet --> general --> settings -->
> delete files
>
> The .CLASS files should be deleted not quarantined.
>
> In addition, please perform the following after you dump the above caches...
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
> http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
> (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
> remove
> viruses and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode. This
> way all the components can be downloaded from each AV vendor’s web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
> through your FireWall to allow them to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
Anonymous
July 18, 2005 6:53:58 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

What scans? What spyware?

Did http://forum.grisoft.cz/freeforum/read.php?4,10178,back... help at
all?

Check for Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/

When all else fails, HijackThis
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
use. It will help you to both identify and remove any hijackware/spyware.
**Post your files to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or
http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security

Sandal wrote:
> Hello,
>
> Thankyou for your response.
>
> Yes the P.C. is bang up to date as of early hours of this morning.
> The scans found a barn full of spyware.
>
> From my first post on the trojans the question still is by quarantining am
> I
> to understand the infected file are still on my P.C. but can do no harm or
> should I remove them, in simple clear terms how do I search for them
> to achieve this?
>
>
>> Is the machine fully up-to-date at Windows Update?
>>
>> See http://forum.grisoft.cz/freeforum/read.php?4,10178,back...
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE/OE) & Security
>>
>>
>> Sandal wrote:
>>> Hello,
>>> I have Norton Anti-virus installed and after a long session on the web
>>> this evening
>>> just to be safe I ran the Anti-virus in safe mode and it detected 4
>>> infections.
>>> Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
>>> Installer.Class
>>>
>>> All of the above were the Trojan. Byte Verify.
>>>
>>> Norton couldn't repair so had me quarantine the 4 files which I have
>>> done.
>>>
>>> My question is have I done enough or is there something else I should be
>>> doing?
>>>
>>> By quarantining am I to understand the infected file are still on my
>>> P.C.
>>> but can't do any harm, should I remove them and in simple clear terms
>>> how
>>> do I achieve this?
Anonymous
July 18, 2005 6:53:59 PM

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello PA Bear,

Thankyou for your response, again as in my last post, it is so much
appricated when
advice is given clearly.

I was hoping to be able to sit down last weekend to do a thorough cleanse of
the P.C. but have not had time.

As an interim as you advised I cleared my cookies, tempory files, ect:

I ran in safe mode and did a Norton Virus Scan it came back with four
results as already stated in my eairler post which were quaratined.

Back out of safe mode I ran, ( up to date ), ad-aware, spy-bot and
downloaded and ran MS Win-ASW, the first two came back with nothing MS came
back with two results and dealt with them.

After receiving your post today I visted Aumha.net it told me it could find
no parasites.

I downloaded and ran Hijack this and kept the log file.

I am not sure what I should do next, Hijack This clearly states if you don't
know what your looking for don't deleate seek advise.
Many thanks
--
Sandal


"PA Bear" wrote:

> What scans? What spyware?
>
> Did http://forum.grisoft.cz/freeforum/read.php?4,10178,back... help at
> all?
>
> Check for Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/Darnit.htm
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
>
> When all else fails, HijackThis
> (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
> use. It will help you to both identify and remove any hijackware/spyware.
> **Post your files to http://forums.spywareinfo.com/,
> http://castlecops.com/forum67.html or
> http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
>
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE) & Security
>
> Sandal wrote:
> > Hello,
> >
> > Thankyou for your response.
> >
> > Yes the P.C. is bang up to date as of early hours of this morning.
> > The scans found a barn full of spyware.
> >
> > From my first post on the trojans the question still is by quarantining am
> > I
> > to understand the infected file are still on my P.C. but can do no harm or
> > should I remove them, in simple clear terms how do I search for them
> > to achieve this?
> >
> >
> >> Is the machine fully up-to-date at Windows Update?
> >>
> >> See http://forum.grisoft.cz/freeforum/read.php?4,10178,back...
> >> --
> >> ~Robear Dyer (PA Bear)
> >> MS MVP-Windows (IE/OE) & Security
> >>
> >>
> >> Sandal wrote:
> >>> Hello,
> >>> I have Norton Anti-virus installed and after a long session on the web
> >>> this evening
> >>> just to be safe I ran the Anti-virus in safe mode and it detected 4
> >>> infections.
> >>> Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
> >>> Installer.Class
> >>>
> >>> All of the above were the Trojan. Byte Verify.
> >>>
> >>> Norton couldn't repair so had me quarantine the 4 files which I have
> >>> done.
> >>>
> >>> My question is have I done enough or is there something else I should be
> >>> doing?
> >>>
> >>> By quarantining am I to understand the infected file are still on my
> >>> P.C.
> >>> but can't do any harm, should I remove them and in simple clear terms
> >>> how
> >>> do I achieve this?
>
>
!