is byte.verify a virus or not

By joshritger
in Microsoft (Windows)

 Share

Recommended Posts

Rising Star

joshritger

Posted
Posted

The past few days my symantec av has been sending me virus messages about a trojan called byte.verify. I have also scanned with trend micro housecall and the same thing comes up. Is this a real virus, i have done research on it online and some people say that it is just false virus alert. I was wandering if anyone has had a problem with this before or not, and how you fixed it if you did. This trojan or what ever it is has to do with sun's java environment. So after removing the bad files numerous times and not having luck i just uninstalled java and deleted teh directory where the virus was. Did i do the right thing, or do u think it is hiding somewhere else too.

THanks,

Josh

Link to comment
https://www.neowin.net/forum/topic/392482-is-byteverify-a-virus-or-not/
Share on other sites
Veteran

k22

Posted
Posted

http://securityresponse.symantec.com/avcen...byteverify.html

Trojan.ByteVerify is a Trojan Horse that exploits the vulnerability described in Microsoft Security Bulletin MS03-011 and could provide a hacker the ability to run arbitrary code on an infected system.

Also Known As: Exploit-ByteVerify [McAfee], Exploit.Java.Bytverify [KAV], JAVA_BYTVERIFY.A [Trend]

Type: Trojan Horse

Infection Length: various

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

When Trojan.ByteVerify is executed, it performs the following actions:

1. Escapes the sandbox restrictions, using Blackbox.class, by doing the following:

a. Declares a new PermissionDataSet with setFullyTrusted set to TRUE.

b. Creates a trusted PermissionSet.

c. Sets permission to PermissionSet by creating its own URLClassLoader class, derived from the VerifierBug.class.

2. Loads Beyond.class using the URLClassLoader from Blackbox.class.

3. Gains unrestricted rights on the local machine by invoking the .assertPermission method of the PolicyEngine class in Beyond.class.

4. Opens the Web page, http://www.clavus.net/lst.backs, and parses the text that this site displays.

For example, SP|www.ewebsearch.net/sp.htm means that the Internet Explorer Start Page will be set up to www.ewebsearch.net/sp.htm

5. Several pornographic links are added into the favorites.

6. May attempt to retrieve dialer programs and install them on the infected computer. The dialer programs may attempt to connect the infected computer to pornographic Web sites.

Notes:

* Trojan.ByteVerify will typically arrive as a component of other malicious content. An attacker could use the compiled Java class file to execute other code. The file will likely exist as VerifierBug.Class. For example, an attacker could create a .html file that uses the Trojan, and then create a script file that will perform other actions, such as setting the Internet Explorer Start Page.

* Notification of infection does not always indicate that a machine has been infected; it only indicates that a program included the viral class file. This does not mean that it used the malicious functionality.

So if you are patched up to date and you run antivirus you have nothing to worry about. A website that you are visiting (probably porn or warez) is probably dropping the file in hopes of infecting you...

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • PDF-XChange Editor 11.0.1.0

      By Copernic · Posted

      PDF-XChange Editor 11.0.1.0 by Razvan Serea PDF-XChange Editor is a comprehensive PDF editor that allows you to create, view, edit, annotate, and digitally sign PDF documents with ease. With advanced features like OCR, document security, and PDF optimization, PDF-XChange Editor is a powerful tool for both personal and professional use. Whether you need to edit text, images, or links, or add comments, stamps, or watermarks, PDF-XChange Editor provides all the necessary tools to make your PDFs look perfect. Additionally, it supports a wide range of file formats, including PDF, XPS, and DOCX, making it easy to convert and share your documents. PDF-XChange Editor key features: Edit text and images in PDF documents Add and remove pages from PDF files Annotate and markup PDFs with comments, highlights, and stamps Use OCR to convert scanned documents into searchable text Create and fill out PDF forms Sign and certify PDF documents digitally Add and edit hyperlinks within PDFs Extract text and images from PDF files Batch process multiple PDF files at once Customize the interface to your preferences Work with multiple documents in tabs Convert PDFs to other formats such as Word, Excel, and HTML Use advanced redaction tools to permanently remove sensitive information Add customizable headers and footers to PDFs Merge multiple PDF documents into a single file Split PDF documents into multiple files Add watermarks to PDF documents Use the measurement tools to calculate distances and areas in PDFs ....and much more PDF-XChange Editor 11.0.1.0 changelog: Fixed a crash in the new Open/Save dialog box when creating a new folder in an unavailable network path. (49552) Fixed a rare/infrequent crash on some dynamic XFA forms after changing their field values. [installer] Fixed an issue where shortcuts were lost during an upgrade from the previous version. [installer] Fixed an issue preventing migration of serial keys during updates from version 10. Fixed the issues with the shell context menu after installation of version 11. Fixed the issue with filtering comments. (49478) Fixed the issue that caused "Error [IO subsystem]: Invalid access mode." when converting PDFs to MS Office formats. Fixed an issue with the context menu position on some multi-monitor systems. (48467) Fixed an issue with handling complex custom file filters, displayed by JS, in the new Open/Save Files dialog box. (49486) Fixed several issues with the new 'Select Folder' dialog box. (49505) Fixed an issue with the new custom 'Open File' dialog box when using double-click to open it. (49498) Fixed an 'infinite' loop/proliferation in the 'Open Files' and 'Manage Places' dialog boxes. (49526) Fixed an issue with handling the mouse wheel inside the document "Find" box. (49539) Fixed an incorrect behaviour in the 'Go back (Alt+Left)' button in the new Open/Save Files dialog box. (49510) Fixed an issue with the shortcut keys (Alt+Left/Right) after navigating via breadcrumb paths in the new Open/Save Files dialog box. (49554) [installer] Fixed an issue with redrawing the progress text in the EXE installers. Fixed the issue where a mouse click outside of the polyline/polygon context menu during annotation creation would cancel the annotation. (49475) We switched back to using the system Open/Save/SelectFolder dialog box by default, instead of using the new one, because some popular features such as the QuickAccess/Recent items are missing in the new version. These will be added in a future release. Replaced the 'Extension' column in the new Open/Save File dialog box with a more user-friendly 'Type' column. Also fixed some issues when handling the 'Show file extension' option. (49497) Added the ability to authenticate local network shares in the new Open/Save Files dialog box. (49557) Improved the handling of dates after 01.01.2030 in XFA files - now such dates are stored properly when set via the dropdown widget. Flags NoZoom and NoRotate are now respected for only a limited subset of annotations. Download: PDF-XChange Editor (64-bit) | Portable ~300.0 MB (Shareware) Download: PDF-XChange Editor (32-bit) | Portable ~200.0 MB Download: PDF-XChange ARM64 | 276.0 MB Download: PDF-XChange Portable @PortableApps.com | 97.0 MB View: PDF-XChange Editor Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Save 31% on Samsung T7 Portable SSD

      By TheGodOfKratos · Posted

      Still 3x what it should cost. So, it seems the trick is to increase price by 6x so that a reduction in price back to 4x looks like a steal. "You savvy shoppers win again!" I'm glad I'm not in a desperate spot to actually even need this overpriced crap. Hopefully, it comes back down by the time for when (or if) I ever do.
    • Does your iPad support the latest iPadOS version? Here's the iPadOS 27 compatibility list

      By Noveed · Posted

      No M1? Wow!
    • Microsoft AI boss no longer believes that AI will replace human workers

      By Noveed · Posted

      Although AI is great and has it's use cases they likely have massively overhyped it and it has not delivered as per their expectations. I fully expect them to start saying the same things again when it does get to a certain level of intelligence!
    • Microsoft wants to end printer driver headaches with Windows Ready Print

      By Usama Jawad96 · Posted

      Microsoft wants to end printer driver headaches with Windows Ready Print by Usama Jawad A few days ago, Microsoft released Windows 11 Experimental build 26300.8553, bringing a ton of enhancements such as Start menu customization, search improvements, Taskbar polish, and other minor UI tweaks. Another relatively major enhancement snuck deep within the change log was related to upgrades to the Windows printing experience. Now, Microsoft has shared more details about these benefits. For starters, Microsoft has renamed its Modern Print Platform to Windows Ready Print. The company believes that this name highlights its shift in strategy, which now focuses on modernizing, securing, and streamlining the printing experience for Windows devices. Some of the upgrades present in Windows Ready Print have already been seeded to customers and partners. This includes ending support for third-party printer drivers via Windows Update and transitioning towards the Internet Printing Protocol (IPP) and the native Windows IPP printer driver. In line with these changes, new printer installations will default to Windows Ready Print on eligible devices starting from July 2026. However, Microsoft recognizes that not all environments will be able to migrate to this platform immediately, so it will allow users to choose between installing the printer via Windows Ready Print or the traditional OEM process. Users will be able to toggle this configuration through Settings > Bluetooth & Devices > Printers & Scanners > Printer preferences. This control applies only to new printer installations, and its functionality can also be modified via Group Policy as follows: Launch Group Policy Editor Navigate to Local Computer Policy -> Administrative Templates -> Printers Find and select 'Configure Windows Ready Print driver ranking' -> double click to open it Select 'Enabled' (if you wish to enable Windows Ready Print driver selection) or 'Disabled' (if you wish to explicitly disable Windows Ready Print driver selection). Select Apply Select OK Similarly, if you set up Windows protected print mode through the same setting in Windows 11, it will also default to using Windows Ready Print exclusively. Microsoft hopes that these improvements will help eradicate dependency on OEM-specific driver installation processes and simplify printer installations. We'll likely find out more about other tangible benefits in the coming months.

  • Recent Achievements

    • One Month Later
      johnjacobb40 earned a badge
      One Month Later
    • One Year In
      Primer1st earned a badge
      One Year In
    • Experienced
      JayZJay went up a rank
      Experienced
    • Reacting Well
      Sir_Timbit earned a badge
      Reacting Well
    • Week One Done
      rubentuben8 earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      506
    2. 2
      PsYcHoKiLLa
      230
    3. 3
      +Edouard
      138
    4. 4
      ATLien_0
      86
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!