Author Topic: Java Byte Verify (Read 4897 times)

ianb · « **on:** August 22, 2004, 07:39:39 PM »

First of all thanks to Awil for supplying this free software.

I'm using Avast Home (free). I have run a few tests on the software and find it very good but why can't it seem to detect the Java Byte Verify virus ?

MikeBCda · « **Reply #1 on:** August 22, 2004, 08:56:59 PM »

Hi ianb, and welcome to the avast family,

If you have reporting enabled and check the report after the scan, I'll bet you'll find that avast couldn't scan because of a "corrupted archive". What Sun Java (I presume that's what you're using) calls "zip" files aren't true zips, but use their own oddball compression method. And that seems to be the favorite target of the byte-verify thing.

I suspect that any infected files that are turning up are probably in your Java cache folders and nowhere else. Those are easy enough to get rid of, just open your Java control panel and empty the cache.

Hopefully that'll get you cleaned up again. If it's still turning up afterwards, let us know and someone else should be able to give you additional help.

Best,
Mike

Eddy · « **Reply #2 on:** August 22, 2004, 09:50:14 PM »

Avast may have this one under amother name in the vps.
Java.ByteVerify.exploit also known as Blackbox Trojan, Exploit-ByteVerify, HTML.ByteVerify.exploit, Java/ByteVerify.Exploit.240.Troj, Java/Shinwow.F.Blackbox.Trojan, Verify.

It is not a virus.

This is not a virus, but rather a method to exploit a security vulnerability in the Microsoft Virtual Machine. This vulnerability arises as the ByteCode verifier in the Microsoft Virtual machine does not correctly check for the presence of certain malformed code when a Java applet is loaded. Attackers could exploit this vulnerability by creating malicious Java applets and inserting them into web pages. These web pages could be hosted on a site by a malicious web master, or could be sent to users as an attachment.

More about this exploit and the patch can be found HERE

Negeltu · « **Reply #3 on:** August 22, 2004, 11:07:46 PM »

Mike,

The compressed archives that are in the sun folder aren't zip files. They are Java Archive Files( JAR) files.

ianb · « **Reply #4 on:** August 22, 2004, 11:53:21 PM »

Thanks for the replys.

I run XP SP2 (fully updated), Avast, Zone Alarm, Spy Bot, Ad Aware, Spywareblaster and MYIE2 with pop up blocker enabled ....... also clean frequently with Absolute Shield Internet Eraser.

I understand that Java Byte Verify is related to the Microsoft VM and am not too worried as I have uninstalled that and put Sun Java in it's place. I would still like to be warned about it though (if poss) as Norton, Trend etc do.

It was this test (amongst others) that impressed me with Avast http://www.gfi.com/emailsecuritytest/

MikeBCda · « **Reply #5 on:** August 23, 2004, 03:46:28 AM »

Quote from: Negeltu on August 22, 2004, 11:07:46 PM

Mike,

The compressed archives that are in the sun folder aren't zip files. They are Java Archive Files( JAR) files.

Hi Negeltu,

Part of the confusion is that Sun puts things in a zillion different places on the drive -- sounds like their people all learned MS's tactics very thoroughly.

I agree that Sun uses mostly JAR's -- but in the cache folder (somewhere under Documents & Settings, on XP) it also uses some ZIP's.

Best,
Mike

Author Topic: Java Byte Verify (Read 4897 times)

ianb

Java Byte Verify

MikeBCda

Re:Java Byte Verify

Eddy

Re:Java Byte Verify

Negeltu

Re:Java Byte Verify

ianb

Re:Java Byte Verify

MikeBCda

Re:Java Byte Verify