Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi, I was wondering if anyone here could help me? I did my weekly system scan last night and came up with 3 files that were infected with the Trojan.Byte Verify virus. I qurarntined and then deleted them after I tried to send them to NAV, but was told they were aware of it, and to delete the files. Subsequent scans have come up clean. What I want to know is, is it really gone? I have a HP Pavillion running windows xp. Two of the files said "The compressed file VerifierBug.class within......" and the other one said, "The compressed file BB.class within....." and that they all were infected with the Trojan.Byte Verify virus. The paths were through my temporary internet files. I do not have kazaa installed and everytime I dl any software, I scan it with NAV, and I keep my virus definitions up to date. So, is there anything else I should do to make sure it's gone? And if so, please explain in easy to undestand language, as I am a very new computer owner and am confused quite easily by computer talk. I don't know if I gave enough info, if not ask and I'll try my best to give it to you. Thanks in advance for any help.
Just an idea-run hijack this! and see if you have a file called WINMAIN.exe...I had that verifier bug and removed it-it was attached to a file called winlog......then this appeared that someone posted about those particular files............
read this:
http://www.nsclean.com/psc-htas.html
I think its attached to this veriferbug trojan:)
0 
Thanks! I have another question....where do I find Hijack This? I really am new at this, I've had my computer less than a month, befor that I had a webtv, so virusese weren't an issue. I hope that you won't lose patience with me as I'm sure I'll have lots of questions.
Thanks again!
0
I do beleive this is one of the hijack this locations:)
http://www.tomcoyote.org/hjt/
Best of luck to you:)
Jeanette
0
Thanks Jeanette, you've been so helpful! :)
Here's what my scan showed:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Arcavista\American Idol Insider\PComAmericanIdol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netscape.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us6.hpwis.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: iWon Co-Pilot BHO - {C298FB42-E3E2-11D3-ADCD-0050DAC24E8F} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: i&Won Co-Pilot - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - C:\Program Files\iWon\iWonBar\1.bin\IWONBAR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: American Idol Insider.lnk = C:\Program Files\Arcavista\American Idol Insider\PComAmericanIdol.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0238671b0202f7c42b20/netzip/RdxIE601.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} (iWon Progressive Counter) - http://download.iwon.com/ct/pm3/iwonpm_8_1,0,2,5.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37849.6535069444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5201861F-985A-40BC-9434-0B2A841ADB57}: NameServer = 209.12.246.8 209.12.246.19What am I supposed to be looking for? This is so confusing to me, lol.
0
Jen42,
Go and get either Spybot or Ad-Aware you can find them by going to This Post and clicking on the links. I can tell you right now you have Spyware/Ad-ware on your system. You have quite of bit of it to be honest. Also, please refrain from posting a plea to read a post that is only a few down from your orginal. I know you are seeking help but give people time.
KTTD
0
Hey, the other day I ran a full scan of my system and came up with 3 blackbox.class files and 3 verifierbug.class files. Norton was unable to repair them, so I quarantined them. Now, I've been looking around the net for information on removing the files. Do any of you people know if the files are necessary to windows? Or were they put there somehow, and can i delete them without any harm to my system? If it will cause harm, i'd rather just leave them there, it's all good as long as they are quarantined. Thanks for your help.
0
I just had this virus too. When you have run a full scan in NAV, Norton will offer to quarantine the virus. Once this is done in the NAV system status it will show the Quarantine contents as having a file in it under the system status window.
Double click on that and it will offer to open the Quarantine console. You can delete the file from there.
Does anyone know what this virus acutally does?
0
it appears to chunk away at space and dup itself along with other files; settles in doc & settings. i did trace the time i got it and where, i was at monster.com of all places. this thing is a pain and the same to remove. i have used RAV, detects, but can't remove, norton is useless and this site is not bad, removes but not entirely, appears to aggrevate the situation, i got rid a couple and added some others. #*&*( thing. i'm going to try this nsclean... and hijack. any other ideas. here is the trojan remover site..not bad
http://www.simplysup.com/tremover/details.html
0  |
 Need Opinion
|
who is opening my hotmail...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
