Re: virus\trojan help. dissertation due in tomorrow aarrgh

---

• From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
• Date: Mon, 2 May 2005 12:28:04 -0400

---

From: "James Fabulous" <James.Fabulous@xxxxxxxxxxx>

| The best way to clean this one is to boot into safe mode and run a full
| virus scan. You'll also want to right-click 'My Computer' choose the System
| Restore tab and check the 'Turn Off System Restore' chcek box and click
| Apply and/ or OK.
|
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
| will explain how to boot into safe mode ( no plug - it's simply a widely
| trusted site).
|
| When you scan ensure that you scan 'all files' not just default files you
| are likely to find the offending files in c:\documents and
| settings\[username]\application
| data\Sun\Java\Deployment\cache\javapi\v1.0\jar folder.
|
| When you are completely done scanning and have booted back into normal mode
| you can turn on System restore by following the instructions above and
| removing the check you placed earlier.
|
| -JF
|

James:

You are on the right track but not all the way there.

Java Trojans are usually found in .CLASS files in Java Jars. Java Jars are ZIP compressed
files and while a given AV application may be able to scan inside a ZIP file, AV
applications are NOT able extract all files in an archive file, delete the infected and then
re-compress the archive file. Therefore it is *best* to delete the archive file that is
found to have an infector.

With Java Trojans, they are often found in the Browser Cache and/or the Sun Java cache.
Therefore, the respective caches should be "cleared" (empty the caches of cached data) and
then scan the system with an AV scanner.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

---

• References:
  • virus\trojan help. dissertation due in tomorrow aarrgh
    • From: nickynfal
  • Re: virus\trojan help. dissertation due in tomorrow aarrgh
    • From: James Fabulous

• Prev by Date: Re: Search not working in XP
• Next by Date: Re: Downloaded Program Files
• Previous by thread: Re: virus\trojan help. dissertation due in tomorrow aarrgh
• Next by thread: PLEASE HELP - spool problem after gaobot infection :((
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Yahoo Chess ... This is the message I get when I try to run it in firefox. ... an old version of the client in your cache. ... Under LAN settings what do you reccomend for checking in the boxes. ... "old" game room applet my java starts and everything goes just fine. ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: Trojan Generic Aun ... says cache under any tab. ... > The JS/ByteVerify Trojan is most likely a .CLASS inside a Java Jar. ... > FireWall to allow it to download the needed AV vendor related files. ... > This will bring up the initial menu of choices and should be executed in Normal Mode. ... (microsoft.public.windowsxp.general) Re: Java/ByteVerify!Exploit ... I can see the need to get a new version of Java. ... what will happen if I clear the cache on my present version? ... If you are using any version of Sun Java that is prior to JRE Version 5.0, ... Dump the contents of the Mozilla FireFox Cache {if you use ... (microsoft.public.security.virus) Re: Fake Virus Alert ... How do I get to norman or safe mode ... If you are using any version of Sun Java that is prior to JRE Version 5.0, ... On Win9x/ME platforms the report will not be ... copy of the HTML ... (microsoft.public.security.virus) Re: HMAC and timing ... Benchmarking in Java is a bit tricky, ... If you want a measure with about 1% accuracy, you have to hash ... kernel and its cache subsystem. ... the CPU cache. ... (sci.crypt)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.general  > 2005-05