Archived from groups: microsoft.public.windowsxp.general (
More info?)
Hello,
Thankyou for your response.
Let me say it was a joy to receive clear advice from yourself and others who
have replied to my post.
I am not a P.C. whiz so this evening I will work through your advice step by
step and I will report back the results.
Many Thanks
--
Sandal
"David H. Lipman" wrote:
> From: "Sandal" <Sandal@discussions.microsoft.com>
>
> | Hello,
> | I have Norton Anti-virus installed and after a long session on the web this
> | evening
> | just to be safe I ran the Anti-virus in safe mode and it detected 4
> | infections.
> | Dummy.Class, Get Access.Class, Insecure Class Loader.Class, Installer.Class
> |
> | All of the above were the Trojan. Byte Verify.
> |
> | Norton couldn't repair so had me quarantine the 4 files which I have done.
> |
> | My question is have I done enough or is there something else I should be
> | doing?
> |
> | By quarantining am I to understand the infected file are still on my P.C.
> | but can't do any harm, should I remove them and in simple clear terms how do
> | I achieve this?
> |
> | --
> | Sandal
>
> What you have are Java script Trojans in .CLASS files outside or .CLASS files inside Java
> Jars (ZIP files). The best way to handle these types of Trojans is to dump the Browser and
> Java caches. Trojans like the "Exploit-ByteVerify --
> http://vil.nai.com/vil/content/v_100261.htm" take advantage of vulnerabilituies in the OS
> and OS components. Therefore you *must* make sure you install *all* MS Critical Updates to
> mitigate the exploitation attempts.
>
> 1) Dump the contents of your IE cache -
> Start --> settings --> control panel --> Internet options --> delete files
>
> 2) Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> Tools --> Options --> Privacy --> Cache --> Clear
>
> 3) Dump the contents of your Sun Java cache -
> Start --> settings --> control panel --> Java applet --> cache --> clear
> or
> Start --> settings --> control panel --> Java applet --> general --> settings -->
> delete files
>
> The .CLASS files should be deleted not quarantined.
>
> In addition, please perform the following after you dump the above caches...
>
>
> Download MULTI_AV.EXE from the URL --
>
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
>
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
> (.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
> simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
> remove
> viruses and various other malware.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in Normal Mode. This
> way all the components can be downloaded from each AV vendor’s web site.
> The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files or you can
> download the files and perform a scan in Normal Mode. Once you have downloaded the files
> needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
> file.
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
> through your FireWall to allow them to download the needed AV vendor related files.
>
> * * * Please report back your results * * *
>
>
> --
> Dave
>
http://www.claymania.com/removal-trojan-adware.html
>
http://www.ik-cs.com/got-a-virus.htm
>
>
>