anyone know how to get rid of verifierbug.class trojan? Seems to be very new and probably disables Norton.

Did Norton identify it after you did a download using Kazaa?

free trojin scan
http://www.trojanscan.com/trojanscan/scanner.htm
panda scan
http://www.pandasoftware.es/activescan/
housecall
http://housecall.trendmicro.com/housecall/start_corp.asp
nrav av
http://www.ravantivirus.com/scan/
avast cleaning tool
http://www.avast.com/i_idt_171.html
mcafee avert stinger
http://vil.nai.com/vil/stinger/
scans for open trojin ports
http://scan.sygate.com/pretrojanscan.html
test my sheilds grc
https://nanoprobe.grc.com/x/ne.dll?bh0bkyd2
dsl port scan
http://www.dslreports.com/scan
pest patrol scan mediocre
http://www.pestscan.com/Scan.asp
security scan
http://www.it-sec.de/index/inhalt/vulchk.php/?sid=2eb8ea121e57434616fa2c6f283c63b7

There is something to this alert. I found a detailed paper written on the subject.

http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf (around page 85)

If I read this correctly, the file itself is not the virus, but more like a gateway for one to invade. I'm not very literate on the subject, and the writer's command of English seems poor sometimes, but at least it can give you some insights.

I plan to simply delete each of these files: they are not present on my office system, but WERE present on my home system.

Regards, James

Norton quarantined the virus. I've just run the latest update and Norton was not able to repair the item.

I send the virus to Norton. The answer came back to run NAV and that it would repair the file. Did not work. So Norton is not so sure about this Virus at this point. Also I did not find it in the list of virus, which is strange.

I run a computer company.
I advise you to have Norton Antivirus 2003 on all systems. That alone is not enough.
You have to configure your Norton to update automatically and stay connected all the time if possible.
If you do the above and install a good software and hardware firewall, you will be protected.
Norton, on all 6 of my home computers has caught the VerifierBug.class virus and killed it several times.
If you need help, visit us at our website
http://www.datatechs.net and we will offer further assistance.

kaz

I ran Norton (full virus scan) Norton detected, but failed to repair VerifierBug.class I, too searched for the name in Norton's encyclopedia, but it wasn't there. i Quarantined and submitted to Norton.
I believe I got the virus sometime between aug25th(last full scan) and now. I also was totally up to date ...but i still got what ever it is. I would appreiciate any help thanks, Theresa

My friend just caught it to...and the funny thing is...we were able to quarantine the virus and delete it. Rebooted, ran full sytem scan...nothing there. But then we went into start -> then search, and ran a search for the two viruses bb.class and verifierbug.class...and for the bb.class, it found 4 files. I ran norton again, doesn't show up as anything being infected. Is it possible that this virus disables norton?

Also, if norton could detect it...how could they possibly not have a single bit of information on it. Only place i found information that was a bit help was this forums...but i think some us are in the same boat still here.

Any new info?

I got it too. It showed up on my weekly scan this morning (first since 8/30). I'm new to this sort of thing. When I saw it quarantined, I simply deleted it. Then it occurred to me what had happened, so I found this forum.

Interesting!!!

I woke up this morning and updated the firmware on my netgear fr-114p box. I then noticed that Netbios connection attempts were being made from the Netgear box to my laptop (which has zonelab pro configured not to trust the netgear box network). It also detected attempts from public addy's to connect via netbios! Most come from 192.168.0.1 though-and I'm still getting them. Zonealarm pro is blocking the connection attempts.

After I re-installed the old firmware and this problem I thought it might have been related to the anonmyizer service I just purchased.

Anyways, I scanned with NAV and detected this virus this morning - I quarantined it. Repair would not work.

The netbios connection attempts (port 137) still continue to appear.

The "problem" is related to verifierbug.class superclass in Java, and of course it appears via JVM. Well, the problem is that this security flaw is well known to Microsoft, but they are not doing anything to fix it - go figure. This particular class (not designed as a trojan keylogger) is responsible for taking notes on your keystrokes and processing them. Verifierbug.class is not designed to be a virus, or a trojan. There may be some bugs in the code that cause the Norton to detect it, because it carries the same signature as some known viruses.

The problematic folder .jpi_cache downloads all necessary classes to run a certain Java Applet. So, even if you delete the folder and contain the so called infection, next time you visit a site that has applets, the folder will be recreated. Important thing to note is that some of the sites you have been visiting place the infected file in this folder (which I assume has to be in the jar folder). So, each time you go back you will pick it up again.

There is really no known way of protecting yourself against this problem. But I can give some good ideas how to protect yourself:

1. Download the latest cumulative patch for IE. This seemed to work for some people.

2. Try to figure out after which visited website the virus appears. Of course, let the tech support know about it, and stop visiting the site.

3. NOT particulary recommended step is to disable the Microsoft VM in the Internet Options of your browser, and see what happens.

I hope this info is useful to some of you.

Cooloverdrive

Yo,
I use this computer together with my parents.
A couple of days ago the computer started to act really strange, "ticking" (about 10 seconds) on start-up and sometime not able to find start up info to stat the OS. I thought it might be something wrong with the bios files, having trubble to initialize the OS.

Then after a couple of days, the Internet Explorer stoped working after 5 min web surfing. I could ping both my default gateway and dns, so there is no trubble there. I could still connect to servers both by adress and name when making a C program.

These problems still exist and I can't get rid of them. I scanned the computer and found that the verifierBug.class was found in my fathers directories... Today I deleted the file..

Do you think there are a connection between the virus and my problems?
/glifberg

I last did a full scan on my computer last friday and was clean, yesterday I updated my XP using the winupdate and did a scan today and found these so called viruses on my computer.

I also run zonealarm pro on my computer and I have been noticing increased activity on port 137 which zonealarm keeps blocking anyway, zonealarm reports this:

Incident ID: 43907726
Source IP: 220.105.39.169
Source ISP: unknown
Incident Score: 0
Status: The party responsible for the IP address associated with this event is unknown and currently queued DNS lookup analysis.

Also viruses found apart from the verifierbug.class are, verifierbug.class-4d765e21-21ac87ff.class and another one called blackbox.class-719616c7-128df88f.class

I do use kazaa so I wouldn't be suprised if these came from there. Simply deleting them will not work so I suggest definate quarantine and I would also scan documents and settings once a day since thats were they seem to be located.

I would mostly ignore most of my post lol, I'm tired need sleep...its 2:23 here :-p Anyway, I quarantined the files then deleted them and i'm going to run scans on the java folders every few hours to see if I can pick them up again.

My daughter's new computer with Norton AV 2004 and all MS updates was hit with the verifierbug.class virus, which Norton quarantined but could not repair. As others have noted, Norton has no information on it. Not so good, Nort. Any thoughts/suggestions?

Well looks like I'm not the only one with this problem, ut this don't make me feel any better. I have the bugger under lock-down myself. What I went to NAV site and it seems that any on-line help I can get from there needs to be paid for....I don't like that business practice, I can sort of see why they are doing that, but I don't agree with it...oh well. I play on-line games and noticed after my puter got sick....it has a hard time staying connected, I guess the ports have too many bugs knocking on it's door. I'm not going even to try to delete this....yet, if enough people who can afford to get the help on Norton (I'm strapped right now) maybe they will send out a new update for NAV. Good luck all.

Cooloverdrive, is it possible that something like Groopz (that annoying chat popup on sites like Rackspace) could be allowing the virus in?

Hmm, I went to the site in question, and I monitored my .jpi_cache, and nothing - I did pick up a bunch of useless files though. But, it is possible to get it that way, since their chat is applet based (java).

To be honest with all of you guys and ladies, I am still not sure that verifierbug.class is a virus, but I am investigating. In my earlier posting I explained what this class is responsible for in Java.

I am strongly recommending that you all fix the well known issue with Microsoft Virtual Machine. Whatever that thing is, it came through a flaw in this IE service.

For starters I recommend MSBA (Microsoft Security Baseline Analyzer) software from Microsoft. It will analyze your system for flaws and holes, and it will give you links where to download patches.

As for the problem that IE stops working: i did run into the problem a couple of days ago, but I was not able to fix it. However, I did discover that before you boot your computer you should unplug the Cat-5 from your computer, and then boot it. Plug it back in after your system is up and running. Surprisingly, it worked after I did it this way.

Cooloverdrive

Since detecting and deleting the verifierbug.class file after Norton detected it, I'm having major major problems. When I boot up, Norton is disabled, Zone Alarm won't load, and the computer sits there and stews for about five minutes. I can't open any files or folders or do anything, really. Once this time passes, I can open Norton to re-enable auto protection, and then ZoneAlarm loads on its own. However, I can't connect to the internet (cannot obtain IP address). I finally uninstalled Norton and ZoneAlarm, and am still having the same problems. I've gone through all the normal fix-its I usually use when I can't obtain an IP address. My computer appears to be toally unable to send any information to my router. I tried hooking it directly to my modem, and the computer still can't send any information. I am unable to delete my Local Area Connection, XP won't let me do it, so I can't just create a new one. This all happened after I deleted verifierbug.class. Please, I need help very badly. I have combed the web for information and this thread here is the only thing I could find.

Have you tried to use System Restore?

Wow, I'd had problems with System Restore in the past but this time it actually worked. I can't thank you enough! I'll probably never figure out what happened, but it's fixed, so.. LOL! THANKS AGAIN!

Here's some information about WHY and HOW this VerifierBug can be a problem.

Read 8.2 in this file:

http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf

Hi all,

I too had verifierbug.class, but I caught it the moment it came in.
I ran Norton AV 4 times after quarabtaining the virus and had symantec check my pc and server secrurity and was found well-secured on ports and all.

Now, I searched the complete system for traces of the virus, but my pc found nothinf

Maybe this virus can be taken out by fast reaction???

PS: I'm waiting on a reply to my question about this virus, wich I sent to Microsoft

This is what I received from Norton.

We have analyzed your submission. The following is a report of our
findings for each file you have submitted:

filename: C:\WINDOWS\.jpi_cache\file\1.0\VerifierBug.class-6bd7446e-5eaafd7d.class
machine: L9Z1H2
result: This file is infected with Trojan.ByteVerify

Developer notes:
C:\WINDOWS\.jpi_cache\file\1.0\VerifierBug.class-6bd7446e-5eaafd7d.class is non-repairable threat. NAV with the latest beta definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest beta definitions.

The current monthly definitions are capable of detecting and repairing
this virus. Please update your definitions by clicking the "LiveUpdate"
button in your NAV program.
------------
This message was generated by Symantec Security Response automation

Should you have any questions about your submission, please contact
our regional technical support from the Symantec website
(http://www.symantec.com/techsupp/)
and give them the tracking number in the subject of this message.
hat I received from Norton.

I picked up this virus bij surfing. I guess a Javascript put it in my tif's. Norton detected it while scanning but failed either to repair or to delete. The Norton scan did not show the infection any longer although it was stil there. An online scan with pc-cilin showed there were stil 3 infected files:-( I removed the infected files myself.

More information from Sun Micro Inc.

http://www.java.com/en/download/help/cache_virus.jsp

CAUSE

When the browser runs an applet, the Sun JVM stores all the downloaded files into its cache directory for better performance. We have received reports of the following malicious applets in the Java Plug-in cache directory:

"Trojan.ByteVerify
VerifierBug.class
Java.JJBlack worm
Java.Shinwow trojan
However, in this instance, storing these applets in the cache directory can not cause any harm to your computer because they are designed to exploit a vulnerability in the Microsoft VM, not the Sun JVM."

Thank god i'm running sun's VM, thats why it didn't affect my computer :o)

This forum is greatly appreciated by we surfers suffering the darker side of hyperspace - many thanks to Computing.Net for hosting this!

System restore does indeed remove all traces of the verifier.class virus for those fortunate enough to have XP.

To initiate system restore, copy and paste the following links into your browser and hit return: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

and

http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

(read what is written)

Now to run system restore, check out:

http://www.windowsreinstall.com/install/winxp/howto3/lauchsystemrestore.htm

Alternatively, if your machine has been infected you can use the removal tool (called Stinger) that you can download from Network Associates at:
http://vil.nai.com/vil/stinger

Non illigitimi carborundum!

Hi. I have found that trojan.byteverify virus on my computer as well and Norton has failed to fix, quarentine or delete the virus. I am not sure what else to do and I was wondering if anyone could help me fix this. Thanks.

I have been unable to access my wordpad program or any documents that have been created or processed thru it> Norton has proved incapable of detecting the problem, and a thorough scan with a SUN scan has revealed the verifierbug.class virus.
Although I can run everything else, it is a major concern. If I buy a new wp program , will it survive the presence of the virus? Is there any other solution?