Trojan Worry XP Home

Archived from groups: microsoft.public.windowsxp.general (More info?)

Hello,
I have Norton Anti-virus installed and after a long session on the web this
evening
just to be safe I ran the Anti-virus in safe mode and it detected 4
infections.
Dummy.Class, Get Access.Class, Insecure Class Loader.Class, Installer.Class

All of the above were the Trojan. Byte Verify.

Norton couldn't repair so had me quarantine the 4 files which I have done.

My question is have I done enough or is there something else I should be
doing?

By quarantining am I to understand the infected file are still on my P.C.
but can't do any harm, should I remove them and in simple clear terms how do
I achieve this?

--
Sandal
9 answers Last reply
More about trojan worry home
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Is the machine fully up-to-date at Windows Update?

    See http://forum.grisoft.cz/freeforum/read.php?4,10178,backpage=,sv
    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security


    Sandal wrote:
    > Hello,
    > I have Norton Anti-virus installed and after a long session on the web
    > this evening
    > just to be safe I ran the Anti-virus in safe mode and it detected 4
    > infections.
    > Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
    > Installer.Class
    >
    > All of the above were the Trojan. Byte Verify.
    >
    > Norton couldn't repair so had me quarantine the 4 files which I have done.
    >
    > My question is have I done enough or is there something else I should be
    > doing?
    >
    > By quarantining am I to understand the infected file are still on my P.C.
    > but can't do any harm, should I remove them and in simple clear terms how
    > do I achieve this?
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Download, install, update and run all of the following.

    Ad-Aware
    http://www.lavasoftusa.com/software/adaware/

    Spybot search and destroy
    http://www.safer-networking.org/en/download/

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en


    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Sandal" <Sandal@discussions.microsoft.com> wrote in message
    news:FBC3A7BB-7BDF-42D6-AEDB-3C8213281FDA@microsoft.com...
    > Hello,
    > I have Norton Anti-virus installed and after a long session on the web
    > this
    > evening
    > just to be safe I ran the Anti-virus in safe mode and it detected 4
    > infections.
    > Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
    > Installer.Class
    >
    > All of the above were the Trojan. Byte Verify.
    >
    > Norton couldn't repair so had me quarantine the 4 files which I have done.
    >
    > My question is have I done enough or is there something else I should be
    > doing?
    >
    > By quarantining am I to understand the infected file are still on my P.C.
    > but can't do any harm, should I remove them and in simple clear terms how
    > do
    > I achieve this?
    >
    > --
    > Sandal
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Hello,

    Thankyou for your response.

    I'm all most ashamed to say I had the first two programes you mentioned
    already installed and didn't think to run them.

    So after updating I ran them and between them they came back with a stack
    load of goodies.

    What I didn't have was Microsoft's Beta Version, I installed that, ran it,
    it too came back with a couple of results to be removed.

    Hopefully my P.C. is now clean.

    Many thanks
    --
    Sandal


    "pcbutts1" wrote:

    > Download, install, update and run all of the following.
    >
    > Ad-Aware
    > http://www.lavasoftusa.com/software/adaware/
    >
    > Spybot search and destroy
    > http://www.safer-networking.org/en/download/
    >
    > Microsoft Windows AntiSpyware (Beta1)
    > http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >
    >
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "Sandal" <Sandal@discussions.microsoft.com> wrote in message
    > news:FBC3A7BB-7BDF-42D6-AEDB-3C8213281FDA@microsoft.com...
    > > Hello,
    > > I have Norton Anti-virus installed and after a long session on the web
    > > this
    > > evening
    > > just to be safe I ran the Anti-virus in safe mode and it detected 4
    > > infections.
    > > Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
    > > Installer.Class
    > >
    > > All of the above were the Trojan. Byte Verify.
    > >
    > > Norton couldn't repair so had me quarantine the 4 files which I have done.
    > >
    > > My question is have I done enough or is there something else I should be
    > > doing?
    > >
    > > By quarantining am I to understand the infected file are still on my P.C.
    > > but can't do any harm, should I remove them and in simple clear terms how
    > > do
    > > I achieve this?
    > >
    > > --
    > > Sandal
    >
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Hello,

    Thankyou for your response.

    Yes the P.C. is bang up to date as of early hours of this morning.
    The scans found a barn full of spyware.

    From my first post on the trojans the question still is by quarantining am I
    to understand the infected file are still on my P.C. but can do no harm or
    should I remove them, in simple clear terms how do I search for them
    to achieve this?

    --
    Sandal


    "PA Bear" wrote:

    > Is the machine fully up-to-date at Windows Update?
    >
    > See http://forum.grisoft.cz/freeforum/read.php?4,10178,backpage=,sv
    > --
    > ~Robear Dyer (PA Bear)
    > MS MVP-Windows (IE/OE) & Security
    >
    >
    > Sandal wrote:
    > > Hello,
    > > I have Norton Anti-virus installed and after a long session on the web
    > > this evening
    > > just to be safe I ran the Anti-virus in safe mode and it detected 4
    > > infections.
    > > Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
    > > Installer.Class
    > >
    > > All of the above were the Trojan. Byte Verify.
    > >
    > > Norton couldn't repair so had me quarantine the 4 files which I have done.
    > >
    > > My question is have I done enough or is there something else I should be
    > > doing?
    > >
    > > By quarantining am I to understand the infected file are still on my P.C.
    > > but can't do any harm, should I remove them and in simple clear terms how
    > > do I achieve this?
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    You're Welcome.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "Sandal" <Sandal@discussions.microsoft.com> wrote in message
    news:053F94AB-3889-4F3A-BA4D-7C451DBE9C78@microsoft.com...
    > Hello,
    >
    > Thankyou for your response.
    >
    > I'm all most ashamed to say I had the first two programes you mentioned
    > already installed and didn't think to run them.
    >
    > So after updating I ran them and between them they came back with a stack
    > load of goodies.
    >
    > What I didn't have was Microsoft's Beta Version, I installed that, ran it,
    > it too came back with a couple of results to be removed.
    >
    > Hopefully my P.C. is now clean.
    >
    > Many thanks
    > --
    > Sandal
    >
    >
    > "pcbutts1" wrote:
    >
    >> Download, install, update and run all of the following.
    >>
    >> Ad-Aware
    >> http://www.lavasoftusa.com/software/adaware/
    >>
    >> Spybot search and destroy
    >> http://www.safer-networking.org/en/download/
    >>
    >> Microsoft Windows AntiSpyware (Beta1)
    >> http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >>
    >>
    >>
    >> --
    >>
    >>
    >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> See it all at http://www.seedsv.com/products.htm
    >> Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >> "Sandal" <Sandal@discussions.microsoft.com> wrote in message
    >> news:FBC3A7BB-7BDF-42D6-AEDB-3C8213281FDA@microsoft.com...
    >> > Hello,
    >> > I have Norton Anti-virus installed and after a long session on the web
    >> > this
    >> > evening
    >> > just to be safe I ran the Anti-virus in safe mode and it detected 4
    >> > infections.
    >> > Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
    >> > Installer.Class
    >> >
    >> > All of the above were the Trojan. Byte Verify.
    >> >
    >> > Norton couldn't repair so had me quarantine the 4 files which I have
    >> > done.
    >> >
    >> > My question is have I done enough or is there something else I should
    >> > be
    >> > doing?
    >> >
    >> > By quarantining am I to understand the infected file are still on my
    >> > P.C.
    >> > but can't do any harm, should I remove them and in simple clear terms
    >> > how
    >> > do
    >> > I achieve this?
    >> >
    >> > --
    >> > Sandal
    >>
    >>
    >>
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "Sandal" <Sandal@discussions.microsoft.com>

    | Hello,
    | I have Norton Anti-virus installed and after a long session on the web this
    | evening
    | just to be safe I ran the Anti-virus in safe mode and it detected 4
    | infections.
    | Dummy.Class, Get Access.Class, Insecure Class Loader.Class, Installer.Class
    |
    | All of the above were the Trojan. Byte Verify.
    |
    | Norton couldn't repair so had me quarantine the 4 files which I have done.
    |
    | My question is have I done enough or is there something else I should be
    | doing?
    |
    | By quarantining am I to understand the infected file are still on my P.C.
    | but can't do any harm, should I remove them and in simple clear terms how do
    | I achieve this?
    |
    | --
    | Sandal

    What you have are Java script Trojans in .CLASS files outside or .CLASS files inside Java
    Jars (ZIP files). The best way to handle these types of Trojans is to dump the Browser and
    Java caches. Trojans like the "Exploit-ByteVerify --
    http://vil.nai.com/vil/content/v_100261.htm" take advantage of vulnerabilituies in the OS
    and OS components. Therefore you *must* make sure you install *all* MS Critical Updates to
    mitigate the exploitation attempts.

    1) Dump the contents of your IE cache -
    Start --> settings --> control panel --> Internet options --> delete files

    2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear

    3) Dump the contents of your Sun Java cache -
    Start --> settings --> control panel --> Java applet --> cache --> clear
    or
    Start --> settings --> control panel --> Java applet --> general --> settings -->
    delete files

    The .CLASS files should be deleted not quarantined.

    In addition, please perform the following after you dump the above caches...


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove
    viruses and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
    through your FireWall to allow them to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Hello,

    Thankyou for your response.

    Let me say it was a joy to receive clear advice from yourself and others who
    have replied to my post.

    I am not a P.C. whiz so this evening I will work through your advice step by
    step and I will report back the results.
    Many Thanks
    --
    Sandal


    "David H. Lipman" wrote:

    > From: "Sandal" <Sandal@discussions.microsoft.com>
    >
    > | Hello,
    > | I have Norton Anti-virus installed and after a long session on the web this
    > | evening
    > | just to be safe I ran the Anti-virus in safe mode and it detected 4
    > | infections.
    > | Dummy.Class, Get Access.Class, Insecure Class Loader.Class, Installer.Class
    > |
    > | All of the above were the Trojan. Byte Verify.
    > |
    > | Norton couldn't repair so had me quarantine the 4 files which I have done.
    > |
    > | My question is have I done enough or is there something else I should be
    > | doing?
    > |
    > | By quarantining am I to understand the infected file are still on my P.C.
    > | but can't do any harm, should I remove them and in simple clear terms how do
    > | I achieve this?
    > |
    > | --
    > | Sandal
    >
    > What you have are Java script Trojans in .CLASS files outside or .CLASS files inside Java
    > Jars (ZIP files). The best way to handle these types of Trojans is to dump the Browser and
    > Java caches. Trojans like the "Exploit-ByteVerify --
    > http://vil.nai.com/vil/content/v_100261.htm" take advantage of vulnerabilituies in the OS
    > and OS components. Therefore you *must* make sure you install *all* MS Critical Updates to
    > mitigate the exploitation attempts.
    >
    > 1) Dump the contents of your IE cache -
    > Start --> settings --> control panel --> Internet options --> delete files
    >
    > 2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    > Tools --> Options --> Privacy --> Cache --> Clear
    >
    > 3) Dump the contents of your Sun Java cache -
    > Start --> settings --> control panel --> Java applet --> cache --> clear
    > or
    > Start --> settings --> control panel --> Java applet --> general --> settings -->
    > delete files
    >
    > The .CLASS files should be deleted not quarantined.
    >
    > In addition, please perform the following after you dump the above caches...
    >
    >
    > Download MULTI_AV.EXE from the URL --
    > http://www.ik-cs.com/programs/virtools/Multi_AV.exe
    >
    > It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    > http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    > (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    > simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    > remove
    > viruses and various other malware.
    >
    > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    > This will bring up the initial menu of choices and should be executed in Normal Mode. This
    > way all the components can be downloaded from each AV vendor’s web site.
    > The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
    >
    > You can choose to go to each menu item and just download the needed files or you can
    > download the files and perform a scan in Normal Mode. Once you have downloaded the files
    > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    > during boot] and re-run the menu again and choose which scanner you want to run in Safe
    > Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
    >
    > When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    > file.
    >
    > To use this utility, perform the following...
    > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    > Choose; Unzip
    > Choose; Close
    >
    > Execute; C:\AV-CLS\StartMenu.BAT
    > { or Double-click on 'Start Menu' in C:\AV-CLS }
    >
    > NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
    > through your FireWall to allow them to download the needed AV vendor related files.
    >
    > * * * Please report back your results * * *
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    What scans? What spyware?

    Did http://forum.grisoft.cz/freeforum/read.php?4,10178,backpage=,sv help at
    all?

    Check for Hijackware
    http://aumha.org/a/parasite.htm
    http://aumha.org/a/quickfix.htm
    http://mvps.org/winhelp2002/unwanted.htm
    http://inetexplorer.mvps.org/Darnit.htm
    http://www.mvps.org/sramesh2k/Malware_Defence.htm
    http://defendingyourmachine.blogspot.com/

    When all else fails, HijackThis
    (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
    use. It will help you to both identify and remove any hijackware/spyware.
    **Post your files to http://forums.spywareinfo.com/,
    http://castlecops.com/forum67.html or
    http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**

    --
    ~Robear Dyer (PA Bear)
    MS MVP-Windows (IE/OE) & Security

    Sandal wrote:
    > Hello,
    >
    > Thankyou for your response.
    >
    > Yes the P.C. is bang up to date as of early hours of this morning.
    > The scans found a barn full of spyware.
    >
    > From my first post on the trojans the question still is by quarantining am
    > I
    > to understand the infected file are still on my P.C. but can do no harm or
    > should I remove them, in simple clear terms how do I search for them
    > to achieve this?
    >
    >
    >> Is the machine fully up-to-date at Windows Update?
    >>
    >> See http://forum.grisoft.cz/freeforum/read.php?4,10178,backpage=,sv
    >> --
    >> ~Robear Dyer (PA Bear)
    >> MS MVP-Windows (IE/OE) & Security
    >>
    >>
    >> Sandal wrote:
    >>> Hello,
    >>> I have Norton Anti-virus installed and after a long session on the web
    >>> this evening
    >>> just to be safe I ran the Anti-virus in safe mode and it detected 4
    >>> infections.
    >>> Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
    >>> Installer.Class
    >>>
    >>> All of the above were the Trojan. Byte Verify.
    >>>
    >>> Norton couldn't repair so had me quarantine the 4 files which I have
    >>> done.
    >>>
    >>> My question is have I done enough or is there something else I should be
    >>> doing?
    >>>
    >>> By quarantining am I to understand the infected file are still on my
    >>> P.C.
    >>> but can't do any harm, should I remove them and in simple clear terms
    >>> how
    >>> do I achieve this?
  9. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Hello PA Bear,

    Thankyou for your response, again as in my last post, it is so much
    appricated when
    advice is given clearly.

    I was hoping to be able to sit down last weekend to do a thorough cleanse of
    the P.C. but have not had time.

    As an interim as you advised I cleared my cookies, tempory files, ect:

    I ran in safe mode and did a Norton Virus Scan it came back with four
    results as already stated in my eairler post which were quaratined.

    Back out of safe mode I ran, ( up to date ), ad-aware, spy-bot and
    downloaded and ran MS Win-ASW, the first two came back with nothing MS came
    back with two results and dealt with them.

    After receiving your post today I visted Aumha.net it told me it could find
    no parasites.

    I downloaded and ran Hijack this and kept the log file.

    I am not sure what I should do next, Hijack This clearly states if you don't
    know what your looking for don't deleate seek advise.
    Many thanks
    --
    Sandal


    "PA Bear" wrote:

    > What scans? What spyware?
    >
    > Did http://forum.grisoft.cz/freeforum/read.php?4,10178,backpage=,sv help at
    > all?
    >
    > Check for Hijackware
    > http://aumha.org/a/parasite.htm
    > http://aumha.org/a/quickfix.htm
    > http://mvps.org/winhelp2002/unwanted.htm
    > http://inetexplorer.mvps.org/Darnit.htm
    > http://www.mvps.org/sramesh2k/Malware_Defence.htm
    > http://defendingyourmachine.blogspot.com/
    >
    > When all else fails, HijackThis
    > (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to
    > use. It will help you to both identify and remove any hijackware/spyware.
    > **Post your files to http://forums.spywareinfo.com/,
    > http://castlecops.com/forum67.html or
    > http://aumha.net/viewforum.php?f=30 for expert analysis, not here.**
    >
    > --
    > ~Robear Dyer (PA Bear)
    > MS MVP-Windows (IE/OE) & Security
    >
    > Sandal wrote:
    > > Hello,
    > >
    > > Thankyou for your response.
    > >
    > > Yes the P.C. is bang up to date as of early hours of this morning.
    > > The scans found a barn full of spyware.
    > >
    > > From my first post on the trojans the question still is by quarantining am
    > > I
    > > to understand the infected file are still on my P.C. but can do no harm or
    > > should I remove them, in simple clear terms how do I search for them
    > > to achieve this?
    > >
    > >
    > >> Is the machine fully up-to-date at Windows Update?
    > >>
    > >> See http://forum.grisoft.cz/freeforum/read.php?4,10178,backpage=,sv
    > >> --
    > >> ~Robear Dyer (PA Bear)
    > >> MS MVP-Windows (IE/OE) & Security
    > >>
    > >>
    > >> Sandal wrote:
    > >>> Hello,
    > >>> I have Norton Anti-virus installed and after a long session on the web
    > >>> this evening
    > >>> just to be safe I ran the Anti-virus in safe mode and it detected 4
    > >>> infections.
    > >>> Dummy.Class, Get Access.Class, Insecure Class Loader.Class,
    > >>> Installer.Class
    > >>>
    > >>> All of the above were the Trojan. Byte Verify.
    > >>>
    > >>> Norton couldn't repair so had me quarantine the 4 files which I have
    > >>> done.
    > >>>
    > >>> My question is have I done enough or is there something else I should be
    > >>> doing?
    > >>>
    > >>> By quarantining am I to understand the infected file are still on my
    > >>> P.C.
    > >>> but can't do any harm, should I remove them and in simple clear terms
    > >>> how
    > >>> do I achieve this?
    >
    >
Ask a new question

Read More

Trojan Norton Windows XP