is byte.verify a virus or not

By joshritger
in Microsoft (Windows)

 Share

Recommended Posts

Rising Star

joshritger

Posted
Posted

The past few days my symantec av has been sending me virus messages about a trojan called byte.verify. I have also scanned with trend micro housecall and the same thing comes up. Is this a real virus, i have done research on it online and some people say that it is just false virus alert. I was wandering if anyone has had a problem with this before or not, and how you fixed it if you did. This trojan or what ever it is has to do with sun's java environment. So after removing the bad files numerous times and not having luck i just uninstalled java and deleted teh directory where the virus was. Did i do the right thing, or do u think it is hiding somewhere else too.

THanks,

Josh

Link to comment
https://www.neowin.net/forum/topic/392482-is-byteverify-a-virus-or-not/
Share on other sites
Veteran

k22

Posted
Posted

http://securityresponse.symantec.com/avcen...byteverify.html

Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system.

Also Known As: Exploit-ByteVerify [McAfee], Exploit.Java.Bytverify [KAV], JAVA_BYTVERIFY.A [Trend]

Type: Trojan Horse

Infection Length: various

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Trojan.ByteVerify is executed, it performs the following actions:

1. Escapes the sandbox restrictions, using Blackbox.class, by doing the following:

a. Declares a new PermissionDataSet with setFullyTrusted set to TRUE.

b. Creates a trusted PermissionSet.

c. Sets permission to PermissionSet by creating its own URLClassLoader class, derived from the VerifierBug.class.

2. Loads Beyond.class using the URLClassLoader from Blackbox.class.

3. Gains unrestricted rights on the local machine by invoking the .assertPermission method of the PolicyEngine class in Beyond.class.

4. Opens the Web page, http://www.clavus.net/lst.backs, and parses the text that this site displays.

For example, SP|www.ewebsearch.net/sp.htm means that the Internet Explorer Start Page will be set up to www.ewebsearch.net/sp.htm

5. Several pornographic links are added into the favorites.

6. May attempt to retrieve dialer programs and install them on the infected computer. The dialer programs may attempt to connect the infected computer to pornographic Web sites.

Notes:

* Trojan.ByteVerify will typically arrive as a component of other malicious content. An attacker could use the compiled Java class file to execute other code. The file will likely exist as VerifierBug.Class. For example, an attacker could create a .html file that uses the Trojan, and then create a script file that will perform other actions, such as setting the Internet Explorer Start Page.

* Notification of infection does not always indicate that a machine has been infected; it only indicates that a program included the viral class file. This does not mean that it used the malicious functionality.

So if you are patched up to date and you run antivirus you have nothing to worry about. A website that you are visiting (probably porn or warez) is probably dropping the file in hopes of infecting you...

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Save 31% on Samsung T7 Portable SSD

      By TheGodOfKratos · Posted

      Still 3x what it should cost. So, it seems the trick is to increase price by 6x so that a reduction in price back to 4x looks like a steal. "You savvy shoppers win again!" I'm glad I'm not in a desperate spot to actually even need this overpriced crap. Hopefully, it comes back down by the time for when (or if) I ever do.
    • Does your iPad support the latest iPadOS version? Here's the iPadOS 27 compatibility list

      By Noveed · Posted

      No M1? Wow!
    • Microsoft AI boss no longer believes that AI will replace human workers

      By Noveed · Posted

      Although AI is great and has it's use cases they likely have massively overhyped it and it has not delivered as per their expectations. I fully expect them to start saying the same things again when it does get to a certain level of intelligence!
    • Microsoft wants to end printer driver headaches with Windows Ready Print

      By Usama Jawad96 · Posted

      Microsoft wants to end printer driver headaches with Windows Ready Print by Usama Jawad A few days ago, Microsoft released Windows 11 Experimental build 26300.8553, bringing a ton of enhancements such as Start menu customization, search improvements, Taskbar polish, and other minor UI tweaks. Another relatively major enhancement snuck deep within the change log was related to upgrades to the Windows printing experience. Now, Microsoft has shared more details about these benefits. For starters, Microsoft has renamed its Modern Print Platform to Windows Ready Print. The company believes that this name highlights its shift in strategy, which now focuses on modernizing, securing, and streamlining the printing experience for Windows devices. Some of the upgrades present in Windows Ready Print have already been seeded to customers and partners. This includes ending support for third-party printer drivers via Windows Update and transitioning towards the Internet Printing Protocol (IPP) and the native Windows IPP printer driver. In line with these changes, new printer installations will default to Windows Ready Print on eligible devices starting from July 2026. However, Microsoft recognizes that not all environments will be able to migrate to this platform immediately, so it will allow users to choose between installing the printer via Windows Ready Print or the traditional OEM process. Users will be able to toggle this configuration through Settings > Bluetooth & Devices > Printers & Scanners > Printer preferences. This control applies only to new printer installations, and its functionality can also be modified via Group Policy as follows: Launch Group Policy Editor Navigate to Local Computer Policy -> Administrative Templates -> Printers Find and select 'Configure Windows Ready Print driver ranking' -> double click to open it Select 'Enabled' (if you wish to enable Windows Ready Print driver selection) or 'Disabled' (if you wish to explicitly disable Windows Ready Print driver selection). Select Apply Select OK Similarly, if you set up Windows protected print mode through the same setting in Windows 11, it will also default to using Windows Ready Print exclusively. Microsoft hopes that these improvements will help eradicate dependency on OEM-specific driver installation processes and simplify printer installations. We'll likely find out more about other tangible benefits in the coming months.
    • Proton releases Proton Drive CLI for Windows, Mac, and Linux

      By IATW · Posted

      Hey what's about the proton vpn firefox extension ? It's not working today

  • Recent Achievements

    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done
    • Week One Done
      ARaclen earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      513
    2. 2
      PsYcHoKiLLa
      230
    3. 3
      Edouard
      138
    4. 4
      ATLien_0
      87
    5. 5
      Steven P.
      81
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!