Home › Forums › Archives › Computer Support › Online Privacy, Safety & Security › Java/Exploit.Bytverify trojan. Need Help!!
- This topic has 3 replies, 3 voices, and was last updated 18 years, 10 months ago by Aqeel.
-
AuthorPosts
-
June 21, 2005 at 8:45 am #18811AqeelParticipant
hi,
it’s about a month now that I’ve got some problem, I’m using Windows XP, NOD32 Antivirus System, during my online sessions, my antivirus indicates that that there is a file downloading from the following link. http://www.norad.fr/c/archive.jar the pc hangs or it slows too much. After the dowloading antivirus finds following files infected, i.e.
D:WINDOWSSystem32221.exe
D:WINDOWSSystem32TFTP584
D:WINDOWSSystem32TFTP3032
D:WINDOWSSystem32windesktop
Infected with, Win32/Rbot trojanhttp://www.norad.fr/c/archive.jar and this link contains Java/Exploit.Bytverify trojan
After all this I’d reinstalled my whole operating system 2 times with ghost, but the problem continues. How could I solve this? and what program actually causing the problem.
Regards.June 21, 2005 at 2:35 pm #124736Jeff HesterKeymasterarchive.jar contains A.class, BlackBox.class which are both infected with Java/Exploit.Bytverify says Kaspersky.
are you sure that you have windows fully up to date? maybe some hole inside Windows is causing it to be downloaded. if you do not wish to update windows at least get some kind of firewall.
maybe if you uninstall java, the files won’t be able to run!
to find out what file is downloading all these files… type “netstat -ano” (in command prompt: start>>run>>cmd or winkey+r>>cmd) then look for “62.193.226.24” which is the ip for http://www.norad.fr (find most current ip type “ping http://www.norad.fr”). in the pid collumn you will find the process id for the process that is making these connections. then (if using xp pro) type “tasklist /svc” (in command prompt). this will show you all the processs that are running (inc. services) and their process id’s.
if you do not have winxp pro you should download Process Explorer (http://www.sysinternals.com/Utilities/ProcessExplorer.html, free). this software will allow you to figure out what process id is connected to what process (and it’s location). you can do much more stuff with Process Explorer like find out what programs are connecting to “the internet”.
June 22, 2005 at 12:41 am #124738AqeelParticipantThanks alot User91c for your kind help, I’d decided that I’ll h’ve to use some firewall, what freeware firewall is best and recomended for me to use.
June 22, 2005 at 12:48 am #124737TigerbladeParticipantZoneAlarm is pretty good in my experience…
-
AuthorPosts
- You must be logged in to reply to this topic.