Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Not sure. It's a Java Virual Machine class which are mostly used to quietly extract user info. Might be part of Kazaa - is or was Kazaa ever run on this machine? Could be spyware other than kazaa but my quick search showed mostly Kazaa as the perp for this one.
Install/run Ad-Aware 6, build 181 + updates + set to deep-everything and se what it finds.
- Jonathan
0 
My Norton AV with current defns (9/4/03)picked it up on my machine this evening.
Kazaa never used on this machine to the best of my knowledge.
Quarantined and sent to Symantec, but reply of no real use!
filename: VerifierBug.class
machine: BUSINESS-XXUOSP
result: This file is infected with Trojan.ByteVerify
Funny thing, I did google searches and found AdAware was posting info about it, and that was a program I installed within the last week or two to catch spyware! Plus, I update theri definitions and run the scan a few times a week - hmmm!
Anyone know if this trojan could have been reporting back important info from me (I use a Dlink 4-port router on a cable modem)?
The file was found in (I beleive):
(why doesn't Norton AV retain "Original Location??
- something with i beleive local settings, cookies and IE5 in the path name. Anyone know how I can get Norton to tell me where it found it?
More of a concern, if defns and updates were all current, how did it get in?
0
There's info coming up in german/french forums if you google search. Also in Lavasoft (AdAware)
From ? (German):
http://translate.google.com/translate?hl=en&sl=de&u=http://spotlight.de/zforen/sec/m/sec-1062704484-9189.html&prev=/search%3Fq%3Dverifierbug.class%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8
From (CCM, French):
http://translate.google.com/translate?hl=en&sl=fr&u=http://www.commentcamarche.net/forum/affich-343334&prev=/search%3Fq%3Dverifierbug.class%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8
* C:\Documents and Settings\[mon nom]\Local Settings\Temporary Internet Files\Content.IE5\UPT6JUTK\archive[1].jar Infection: Famous Exploit.Java.Bytverify.
Also, see the Java Sub forums:
http://forum.java.sun.com/thread.jsp?forum=17&thread=439931&tstart=0&trange=15
There's also another thread one step away at computing.net!
Somethings bubbling...!
Funny, Symantec names it specifically as Trojan.ByteVerify, but you can't find that name on their site (encyclopedia), or the definitions virus list.
0
I picked up verifierbug(1) while surfing the net. McAfee grabbed it and I quaranteed it. It can't be cleaned it says, but you can delete it (went to my temp file) and then has to be replaced with backup. I don't know how to replace the file that was infected. Any help is appreciated.
0
I also got it surfing the net....but my Norton 2003 with definitions updated to 9/4/2003 couldn't do anything about it. It only detected it, but didn't quarantine or anything else. What should I do? Are there any removal instructions yet?
0
This has come up at another forum and I found a very technical paper about it on Google (but no real answers as to how dangerous it is or how to get rid of it)
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?s=3f770f3267c35a32c84fbfd647765eea;act=ST;f=6;t=5647
0
PANDA is the only place with any real info on it but feel it is inactive.. I told them to search google and Yahoo.. People are talking about it...
I have written NAV.. I am very concerned that it has come down to my hard drives 3 times in 24 hours and norton can't catch it until a scan is done..Scarey
0
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=39922
Sorry here is that panda link
0
I also have the verifier.class and yes NAV doesnt cut it. wHat I did find was moosoft.com trojan cleaner. and TDS-3 cleaners. Now Iv'e done the scans and Moosoft didnt detect the trojan...Strange. TDS-3 did and all the other joke viruses etc. I havent subscribed to TDS-3 as of yet as I always prefer to trial before purchasing anything! good luck but try moosofts 30 day trial and see what happens! cheers!
0
I picked up this Trojan while on the net over the weekend. Funny thing was I think it occured while I was away but still connected. My norton firewall detected two "high risk" attacks against my PC. I presumed that the firewall had done it's job. However Sunday mu IE6 was playing up everytime I tried to get into google or other home pages. They would load but shortly after they would close with a request to send a report to Microsoft via the net. When this happened i figured somthing was up and I updated my virus definitions with Norton. I then launched a complete scan of my system. No surprises when I discovered I was infected with not one but two Trojan horses. One was _BlackBox[1].clas and Verifierbug.clas. I did a search for the Blackbox on google but came up empty handed. My rearch on the Verifierbug ended me up here. Norton (as per others in this forum) could not delete or repair the file and thus they were quarantined. Norton found the Trojan in the following path:
C:\Documents and Settings\Useer\Local Settings\Temporary Internet Files\Content.IE5\GJNJM05L\counter[1].jar
The other Trojan I mentioned was also located in IE5
I have submitted this to Symnatec. It appears a previous person has sent the verifier with little help from them, so no doubt I can expect the same on the Blackbox Trojan. Sorry cant be much more help except that i can report my IE seems to be fine since the quarantine. I am just afraid to place this pc back on my local network at home for fear of it spreading to those machines!
0
After the first complete scan of my harddisk since three weeks, Norton AV 2002 identified today the following 21 threats on my comp:
1. BB.class (1 x) => "Trojan Horse"
2. jarutil.zip (3 x) => "Backdoor.Trojan"
3. javautil.zip (3 x) => "Download.Trojan"
4. verifierbug.class (7 x) => "Trojan Horse or Hacktool"
5. verifierbug.class(...someletters&numbers) (7 x) => "Trojan Horse"
Norton AV only showed a path for the last 7 files.
Now, since apparently a number of people are getting these scanresults from Norton at the moment, two things might be the case:
1. These are real trojans/threats
2. Norton added new virus definitions, which lead to false positive (i.e. infected) reports.But how to decide what is true? I tried to find something on the net about these files, but came up with almost nothing. There was nothing on the Symantec website.
I will probably remove them anyway and reinstall java, then scan again.
Anybody else any bright ideas?
Thanx,
John
0
Hey, if you're intersted: take a look at this forum, there is more of an explanation about verifierbug.class, incl. an official response from Symantec:
http://www.dslreports.com/forum/remark,7864810~root=security,1~mode=flat.
greetings,
John
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
