1 2 Previous Next 11 Replies Latest reply on Jan 14, 2011 5:26 PM by Peter M

    Exploit.ByteVerify

         A scan yesterday found that my PC had the Exploit-ByteVerify trojan, which my up-to-date McAfee Total Protection quarantined. For information about this trojan, read McAfee's description at: http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=100261

       

         Now, I have a few questions related to this trojan that perhaps some of you can help me with:

       

      1. This particular trojan seems to affect a Java vulnerability. From the information I read from McAfee and some other sources, it seems that this trojan may not be a threat if you are running up-to-date versions of Java and Windows. In my case, I always keep my Java updated, and I am running Windows 7 (64bit).  Do I have any reason to even think that this trojan was any threat at all while it was on my computer?  Am I correct that, though it was on my computer, it was unable to do anything?

      2. I have read, both from McAfee and from other sources, that sometimes one must change Windows' settings temporarily to ensure that the System Restore Utility is disabled, so that the virus scanner can scan the restore folders.  Now, it seems to me that this affects mostly Windows ME and XP, and I have Windows 7.  Does this System Restore issue matter for a PC running Windows 7?  (I have Windows 7, 64bit, if that makes a difference.)

      3. Finally, I want to be sure I am not missing any data when I scan my PC!  Do I need to do anything special to ensure I am fully scanning my PC... especially since I just found a trojan on my PC yesterday?  Should I reboot my PC in "Safe Mode with Networking" when I want to fully ensure I am protected, or is that unnecessary unless I know I have a particular virus infection?

       

       

      Thank you so much for your help. Whoever can help me out... well, I am most grateful to you!

       

       

      Message was edited by: JoshWorks on 1/13/11 7:07:46 PM CST
        • 1. Re: Exploit.ByteVerify
          Peter M

          JoshWorks wrote:

           

             A scan yesterday found that my PC had the Exploit-ByteVerify trojan, which my up-to-date McAfee Total Protection quarantined. For information about this trojan, read McAfee's description at: http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=100261

           

             Now, I have a few questions related to this trojan that perhaps some of you can help me with:

           

          1. This particular trojan seems to affect a Java vulnerability. From the information I read from McAfee and some other sources, it seems that this trojan may not be a threat if you are running up-to-date versions of Java and Windows. In my case, I always keep my Java updated, and I am running Windows 7 (64bit).  Do I have any reason to even think that this trojan was any threat at all while it was on my computer?  Am I correct that, though it was on my computer, it was unable to do anything?

          2. I have read, both from McAfee and from other sources, that sometimes one must change Windows' settings temporarily to ensure that the System Restore Utility is disabled, so that the virus scanner can scan the restore folders.  Now, it seems to me that this affects mostly Windows ME and XP, and I have Windows 7.  Does this System Restore issue matter for a PC running Windows 7?  (I have Windows 7, 64bit, if that makes a difference.)

          3. Finally, I want to be sure I am not missing any data when I scan my PC!  Do I need to do anything special to ensure I am fully scanning my PC... especially since I just found a trojan on my PC yesterday?  Should I reboot my PC in "Safe Mode with Networking" when I want to fully ensure I am protected, or is that unnecessary unless I know I have a particular virus infection?

           

           

          Thank you so much for your help. Whoever can help me out... well, I am most grateful to you!

           

           

          Message was edited by: JoshWorks on 1/13/11 7:07:46 PM CST

          1.  Make sure that both Windows and Java are totally up to date.   Set Windows Update to search using Microsoft Updates which then searches for all possible updates for everything on your machine.   The only things that offers that I double-check are any offers of updates to hardware/drivers etc. as often Windows Update lags behind the industry on that in which case you can always choose to hide that particular update.   Also make sure that you only have one Java engine installed (check Control Panel/Programs/Uninstall a Program).   The only exception to that is possibly in the case of a 64-bit machine, there are two Java engines, one for 32 and one for 64-bit browsers.  You should only be using the 32-bit Internet Explorer in that case anyway, so you really only need the usual version of Java.

          The trojan may have been a threat, on the other hand it may have been a false alarm.   There are ways to check outlined HERE. (See To send it to the Threat Center outside of Security Center..... onwards) It also may only have been a warning.

          You can check your quarantined items by double-clicking the taskbar icon and opening Security Center.  Then click Navigation at top right, then Quarantined and Trusted Items (below).

           

          2. System Restore started with Windows ME and effects all system ever since, so anything referring to System Restore applies also to Vista and Windows 7.  Some of McAfee's detection pages need updating and I have pointed that out to them.   Windows ME is no longer supported anyway.

           

          3.  A scan in 'Safe Mode with Networking' certainly wont harm but shouldn't catch anything more than in regular mode, but the difference is that in that mode infections can often be deleted more easily.

           

          I recommend that you try an independent scan using the FREE version of THIS tool.  Update it before running and let it remove anything it finds.  Reboot straight away if asked to.   It's a useful tool to keep around in addition to ones regular antivirus.

           

           


           

           

          Message was edited by: Ex_Brit on 14/01/11 7:31:35 EST AM
          • 2. Re: Exploit.ByteVerify

            Ex_Brit, you've been incredibly helpful to me.  I thank you!

            • 3. Re: Exploit.ByteVerify
              Peter M

              You're welcome ;-)

              • 4. Re: Exploit.ByteVerify

                Ex_Brit,

                 

                   I have a few follow-up questions, now that I've tried some of the things you wrote about. Below is a list of the steps I took, and the remaining follow-up questions I now have:

                 

                1. I only had two version of Java installed on my PC, which were exactly as you said: one was the most up-to-date 32-bit engine, and then there was also a 64-bit engine. I uninstalled the 64-bit Java engine, since I can always re-install it and I'm not even sure I was using it.

                2. I ran the anti-malware application you linked to, and made sure it was updated. I performed a full scan and it found nothing. So, again, no problems here.

                3. The last step leads me to a question I have had... yesterday, I ran a full Ad-Aware scan on my PC (to make sure everything was OK after McAfee quarantined the trojan). However, I do not use Ad-Aware's real-time protection, because I was told it will conflict with McAfee's real-time scanning.  Is it OK that I have Ad-Aware on my PC and only run occasional scans?  So long as I do not run Ad-Aware's real-time protection, am I OK?  I do not want to interfere with McAfee's capabilities.

                4. You wrote, "Set Windows Update to search using Microsoft Updates which then searches  for all possible updates for everything on your machine."  On a Windows 7 PC, how exactly would I do that?  I checked the Windows Update settings in Control Panel, and the clicked "Change Settings."  But I don't see anything that quite matches what you're writing about. The current settings on my PC are set so that Windows automatically installs "important" and "recommended" updates. Also, there is a checked box next to the "Microsoft Update" field, which it says looks for updates to Microsoft products and seeks for optional, new Microsoft software.  Is there more I need to do here?

                5. Regarding System Restore, I checked my Windows 7 settings by right-clicking "Properties" on "Computer," and then clicking "System Protection." According to this tab, the Protection Settings are set to "off" for both my drives.  So, am I OK here?  Do I need to do anything further to ensure I'm scanning everywhere I need to, especially as regards the Windows System Restore issue?  I noticed that I have a separate drive letter that is an HP recovery drive (it appears it may just be a drive partition, but I can't tell for sure). Do I need to do anything special to scan this HP recovery drive/partition?

                 

                 

                Thanks for your extra help -- you are the best!

                 

                 

                Message was edited by: JoshWorks on 1/14/11 12:37:09 PM CST
                • 5. Re: Exploit.ByteVerify

                  Addendum:

                   

                       Also, regarding the information you wrote (above) with the link to your article about sending virus/malware/etc. samples to McAfee...  I simply sent the quarantined item directly to McAfee, from within my McAfee Total Protection software (Navigation/Quarantined and Trusted Items/Send to McAfee).

                   

                       Is this the same as you were suggesting (above) that I do to determine the threat of this particlar trojan?

                   

                     Thank you greatly!

                  • 6. Re: Exploit.ByteVerify
                    Peter M
                       1. I only had two version of Java installed on my PC, which were exactly as you said: one was the most up-to-date 32-bit engine, and then there was also a 64-bit engine. I uninstalled the 64-bit Java engine, since I can always re-install it and I'm not even sure I was using it.

                     

                    Sounds good.

                     

                       2. I ran the anti-malware application you linked to, and made sure it was updated. I performed a full scan and it found nothing. So, again, no problems here.

                     

                    Also sounds good.

                     

                       3. The last step leads me to a question I have had... yesterday, I ran a full Ad-Aware scan on my PC (to make sure everything was OK after McAfee quarantined the trojan). However, I do not use Ad-Aware's real-time protection, because I was told it will conflict with McAfee's real-time scanning.  Is it OK that I have Ad-Aware on my PC and only run occasional scans?  So long as I do not run Ad-Aware's real-time protection, am I OK?  I do not want to interfere with McAfee's capabilities.

                     

                    Ad-Aware is fine as long as real-time protection isn't enabled as you stated.

                     

                       4. You wrote, "Set Windows Update to search using Microsoft Updates which then searches  for all possible updates for everything on your machine."  On a Windows 7 PC, how exactly would I do that?  I checked the Windows Update settings in Control Panel, and the clicked "Change Settings."  But I don't see anything that quite matches what you're writing about. The current settings on my PC are set so that Windows automatically installs "important" and "recommended" updates. Also, there is a checked box next to the "Microsoft Update" field, which it says looks for updates to Microsoft products and seeks for optional, new Microsoft software.  Is there more I need to do here?

                     

                    No it looks like you already chose that option.

                     

                       5. Regarding System Restore, I checked my Windows 7 settings by right-clicking "Properties" on "Computer," and then clicking "System Protection." According to this tab, the Protection Settings are set to "off" for both my drives.  So, am I OK here?  Do I need to do anything further to ensure I'm scanning everywhere I need to, especially as regards the Windows System Restore issue?  I noticed that I have a separate drive letter that is an HP recovery drive (it appears it may just be a drive partition, but I can't tell for sure). Do I need to do anything special to scan this HP recovery drive/partition?

                     

                    Sorry I was going from memory and wasn't sure what system you were using when I said that.

                     

                    That sounds OK.  Once satisfied that things are OK you could re-enable System Restore.  Don't worry about that recovery partition.  That's there for restoring to factory settings and shouldn't need scanning.

                     

                    Lastly.....

                    JoshWorks wrote:

                     

                    Addendum:

                     

                         Also, regarding the information you wrote (above) with the link to your article about sending virus/malware/etc. samples to McAfee...  I simply sent the quarantined item directly to McAfee, from within my McAfee Total Protection software (Navigation/Quarantined and Trusted Items/Send to McAfee).

                     

                         Is this the same as you were suggesting (above) that I do to determine the threat of this particlar trojan?

                     

                       Thank you greatly!

                    That's fine.  It doesn't always work for everyone, depending on the internet service provider, sometimes they restict that kind of traffic, as mine does, as it uses a different SMTP protocol from regular emails and many ISP's only alloq one - their own.

                    1 of 1 people found this helpful
                    • 7. Re: Exploit.ByteVerify

                      Wonderful follow-up.  Many, many thanks.

                       

                      It looks like I'm OK!

                      • 8. Re: Exploit.ByteVerify

                        That's fine.  It doesn't always work for everyone, depending on the internet service provider, sometimes they restict that kind of traffic, as mine does, as it uses a different SMTP protocol from regular emails and many ISP's only alloq one - their own.

                         

                           Well, I didn't have an error occur or any sort of pop-up box.  So, I assume the file was sent?  On the other hand, I didn't receive any sort of email or follow-up from McAfee, so I don't know how I'd get any feedback about the quarantined trojan I sent them...

                         

                           Any input?

                        • 9. Re: Exploit.ByteVerify
                          Peter M

                          When it works it just sends the file and that's all - there will not be a response.

                           

                          If you got no error then it went OK.

                           

                           

                          Message was edited by: Ex_Brit on 14/01/11 5:49:41 EST PM
                          1 of 1 people found this helpful
                          1 2 Previous Next