Author Topic: JS:ByteVerify-Counter  (Read 13676 times)

0 Members and 1 Guest are viewing this topic.

Culpeper

  • Guest
Re:JS:ByteVerify-Counter
« Reply #15 on: January 02, 2004, 03:23:01 PM »
I have IE, Mozilla, Mozilla Thunderbird, K-Meleon, and Opera.  Why?  I have no idea!

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re:JS:ByteVerify-Counter
« Reply #16 on: January 05, 2004, 02:54:28 AM »
I'm not sure if this was a false-positive situation, or what.  By way of background, I've got Home-4, both program and database are current, and in addition to my resident scanners I like to do a full-disk scan once a week or so.  So far those have always come up clean.

I also like to once in a while pop into to Trend's HouseCall too, for an "outside" check.  Tonight it said I'd picked up this one (the Java Bytverify.A), but it couldn't delete the infected files because they were in use.  That's probably because a good chunk of Java (I use Sun's) is a plug-in for IE6, and of course that's how I get to Trend.

So I dropped offline and tried an avast scan again, thorough this time -- again no infections found.  Interestingly, I searched for the supposedly infected zip file, to possibly delete it myself, and there's no sign of it on my drive.

Ok, next step -- rebooted in safe mode (XP-Home, by the way) and tried again, just in case it was one of those "in use by another process" things.  Exactly the same results, nothing -- no infection, and no such file.

So should I just assume it was probably a HouseCall false-positive, and quit worrying about it?  Or is there additional checking of some kind I should be doing?

Sorry so long-winded, but sometimes I do ramble, plus I wanted to give you the info as complete as possible on the first try.

Thanks and best,
Mike
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:JS:ByteVerify-Counter
« Reply #17 on: January 05, 2004, 03:06:37 AM »
best to try another "outside check"

try bitdefender http://www.bitdefender.com/scan/license.php
"People who are really serious about software should make their own hardware." - Alan Kay

Culpeper

  • Guest
Re:JS:ByteVerify-Counter
« Reply #18 on: January 05, 2004, 04:10:28 AM »
I believe that byteverify trojan works on lower version of MS Virtual Machine.  Since you're using Sun Java I don't think your machine is vulnerable.  
« Last Edit: January 05, 2004, 04:13:34 AM by Culpeper »

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re:JS:ByteVerify-Counter
« Reply #19 on: January 05, 2004, 04:21:20 AM »
Done, ML, thanks, and I've added them to my Favorites in the process for next time I want a "third opinion".  Boy, their first-time setup sure takes forever on a dialup, doesn't it?   ;)

They agreed with HouseCall, though, about the same files, so I accepted that as a majority vote.  Turned out they were in the Sun's applet cache, which made them VERY easy to clean out, just opened its control panel and cleared the cache.

I'm more than a little surprised avast missed them (I think someone else mentioned the same experience) -- but these were zip's inside jar's, and it's possible that even with archive scanning on (which I always use), avast-home can't handle archives-within-archives.

Anyway, thanks again -- Polly wanna cracker?  No??  How about a k-cookie, then?  :)
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Culpeper

  • Guest
Re:JS:ByteVerify-Counter
« Reply #20 on: January 05, 2004, 04:26:50 AM »
You could also remove those files from memory through the task manager before or during scanning so the AV program can do it's work on them.  I think you can ???

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re:JS:ByteVerify-Counter
« Reply #21 on: January 05, 2004, 04:42:28 AM »
I believe that byteverify trojan works on lower version of MS Virtual Machine.  Since you're using Sun Java I don't think your machine is vulnerable.  

That one baffled me too.  I remember searching both here and Trend's "encyclopedia", once I'd learned the name of the beast, and it seemed to be generally agreed that the culprit was a security gap in the MS VM.  But the infected files were definitely in the Sun folders. And more importantly, in the applet cache, which the VM never offered.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Culpeper

  • Guest
Re:JS:ByteVerify-Counter
« Reply #22 on: January 05, 2004, 06:33:35 AM »
Well, we need to make sure.  I try to do some research tomorrow if I find time at work.

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re:JS:ByteVerify-Counter
« Reply #23 on: January 05, 2004, 08:30:35 AM »
I'll be curious to see if you find anything interesting.

While you're doing that, I probably should have mentioned another one HouseCall found at the same time -- they might be related, or it might have been sheer conicidence.  That was Troj Istbar.I -- it didn't concern me because HouseCall was quite happy to remove it, and a return visit showed that it apparently came out clean, no detectable traces afterwards.

And a couple of times in the last week or two, some website (maybe two different ones) that's not one of my regular "stops" managed to sneakily install the dialer for DIDI, whatever/wherever that is.  Fortunately it seemed to need no more than removal from Internet Options/Connections -- no trace of it turned up after I did that, not even in the registry.

I get 30 lashes with a wet noodle for forgetting "minor details", right?   :-[

(Edited to add:)  One more precaution, which didn't occur to me till I'd gotten up today (Monday) -- considering where that Java one wound up, I've now gone back into the Java Plug-In control panel, double-checked that the applet cache was still empty, and disabled applet caching.

And the cache, while a good idea in theory, doesn't really make much difference on gaming sites I frequent, with the exception of SimSlots (yes, I'm a comfirmed wanna-be gambler  ;) ).  Most of the others regularly upgrade their servers and/or applets once a week or so, so have to be downloaded from scratch again anyway.
« Last Edit: January 05, 2004, 07:54:59 PM by MikeBCda »
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:JS:ByteVerify-Counter
« Reply #24 on: January 05, 2004, 08:27:19 PM »
istbar is also detected by spybot search and destroy so its no false positive. I HATE SPYWARE!
yes it takes a while to download the updates but not to worry I have cable hehehe ;D

Quote
managed to sneakily install the dialer for DIDI

download spyware blaster (its less than 1 MB) and update it to prevent those from being installed. If you have it open it and click check for updates
« Last Edit: January 05, 2004, 08:30:54 PM by MacLover2000 »
"People who are really serious about software should make their own hardware." - Alan Kay

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re:JS:ByteVerify-Counter
« Reply #25 on: January 05, 2004, 10:36:36 PM »

download spyware blaster (its less than 1 MB) and update it to prevent those from being installed. If you have it open it and click check for updates

Thanks again, ML.  I went to take a look at it here (from DogPile search) -- and when I clicked on the "Spyware Blaster" link there, it sent me to SpyKiller.  Are we still talking the same thing, or should I use a different starting point entirely?

I do have and use AdAware, but it's the basic freeware version (disk scans only, no resident protection), and it sounds like I do need some kind of resident protection for those dialers.  I was interested that both times that DIDI thing went in, it immediately started dialing (and I think successfully connected) even though I was already online with my local connection.  Ain't science wonderful?  ;D
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:JS:ByteVerify-Counter
« Reply #26 on: January 05, 2004, 10:42:46 PM »
spyware blaster is here and keep it from being installed (weekly updates) http://www.javacoolsoftware.com/spywareblaster.html

spyware guard is here and is the resident scanner (updates are monthly sometimes bi-monthly) http://www.wilderssecurity.net/spywareguard.html

both made and updates by javacool

i believe these are in technical's links post too
« Last Edit: January 05, 2004, 10:43:46 PM by MacLover2000 »
"People who are really serious about software should make their own hardware." - Alan Kay

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re:JS:ByteVerify-Counter
« Reply #27 on: January 05, 2004, 11:48:34 PM »
Got it (the Blaster one) this time, ML, thanks - hope k-cookies don't cause you a weight problem.  ;)  Signed up for their forums too while I was at it, although since Blaster's not even an active process (works by setting "traps" in the registry, if I understand correctly) I doubt if I'll be there much.

Sounds like the Blaster doesn't require you to do a thing, other than open it and check for updates periodically.

Hopefully we've finally beaten this one to death -- although it'll be interesting to see if Culpeper turned up anything new.

Thanks again, and best,
Mike
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:JS:ByteVerify-Counter
« Reply #28 on: January 06, 2004, 01:44:28 AM »
i use both. the guard has really good browser hijack protection. And yes the blaster uses a kill switch/trap door like thingy
Quote
hope k-cookies don't cause you a weight problem.  
;D
« Last Edit: January 06, 2004, 01:45:56 AM by MacLover2000 »
"People who are really serious about software should make their own hardware." - Alan Kay

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:JS:ByteVerify-Counter
« Reply #29 on: October 25, 2004, 12:00:05 PM »
I have these trojans in a zip file. I scanned them with avast 4.5 (VPS 0443-3) did not detect any trojan.
I think avast added them to the db in VPS 0311-6 dated 16/12/2003. How come avast can't detect them? Does the virus team  drop some viruses/trojans periodically?
« Last Edit: October 25, 2004, 12:01:49 PM by minacross »
MW