Not sure if this is really the correct forum or not, so apologies if it isn't.

Some info:

My PC runs XP SP2, & I use Kaspersky Internet Security 7 (Firewall & AV etc.), Spybot S&D, AdAware, Spywareblaster, cwshredder, & HiJackThis. All are up to date. I also use Firefox with AdBlockPlus & NoScript for web browsing (with IE7 only generally being used for Windows Update).

I tend to do a full My Computer scan with KIS7 every few days or so, with it set to "Maximum", but customised to make it, well, more than Maximum.

On Saturday (IIRC), I performed a few free online scans using BitDefender, Trend Micro Housecall, a squared, & F Secure.

BitDefender claimed it found two java .class files infected with "Java.Trojan.Exploit.Bytverify", somewhere within "C:\Documents and Settings\[My Wife's Profile]\Application Data\Sun\Java\Deployment\cache\".

BD then cleaned it, & the other online scans (after the BD scan/clean) found nothing. A full KIS scan also later found nothing.

She had not used my PC in a week or so, having finally got her new laptop, while the last full KIS scan before this "incident" was only a day or two earlier, & found absolutely nothing.

So, did KIS somehow miss this "Bytverify" thing?

Or could it have been a false positive by BD?


Also, what are the chances of anything dodgy having been done with this "Bytverify" trojan?

Checking it out on Google, it seems it exploits a vulnerability in the Microsoft Virtual Machine, & was discovered in 2003. The exploit was patched in 2003.

http://www.bitdefender.com/site/VirusInfo/showVirusInfo/547

http://secunia.com/advisories/8559/

http://www.microsoft.com/technet/security/bulletin/MS03-011.asp


So... seeing as my PC actually uses the current up to date Sun Java, rather than the MS Virtual Machine, could this "Java.Trojan.Exploit.Bytverify" have done anything anyway?


Do I have anything to worry about?


Any help/advice much appreciated

I don't want to go to the hassle of nuking my PC & changing all passwords for nothing.

Anti-malware companies are not consistent in how they name various viruses, trojans, etc. Two companies may use different names for the same exploit or the same name for different exploits. To determine the characteristics and possible adverse effects of the malware detected on your computer you need to look at the malware data base for the particular anti-malware program that detected the malware.

The first search result in Google for "Java.Trojan.Exploit.Bytverify" was the link I gave in my first post for Bitdefender.com's description (http://www.bitdefender.com/site/VirusInfo/showVirusInfo/547), and it was BitDefender's online scan that found it.

Does anyone have any ideas/help?

did you empty java cache? in any case nothing to worry about

Cudni

Thanks.


I'm not sure - didn't realise that there actually was a separate Java cache that you could empty.


You're sure there would be nothing to worry about anyway?

Anyone?

I strongly recommend that you follow CastleCops' Malware Removal and Prevention procedure, a system CastleCops devised to enable users to either partially, or fully clean their systems without the direct aid of an expert.

Please read these instructions carefully. You will find the Malware Removal and Prevention Procedure here:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

If that doesn't fix the problem, then go to this Forum, read the instructions at the top of the page carefully:

/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Follow these instructions:

/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

and one of CC's trained 1st Responders or Security Experts will help you.

Note to everyone: You must be a CastleCops member to post for help in the HJT forum. Do not post a HJT log anywhere other than in our HJT forum. If you post them here or in other forums, they will be deleted or ignored.

Hi,

Sorry, but I think you've misread the problem/question


I've already removed an alleged infection using the BitDefender Online Scan, & have since scanned with other online scanners, plus my own Kaspersky etc.


I just want to know if it sounds like it was a real infection or not, & if there is actually anything to worry about...

...Seeing as KIS never previously detected this "Java.Trojan.Exploit.Bytverify" thing, only the BitDefender Online Scan did, plus the BitDefender entry for "Java.Trojan.Exploit.Bytverify" mentions that it exploits a flaw in an old unpatched version of the MS Virtual Machine