|
Posted by karl levinson, mvp on September 1, 2006, 11:29 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
>
> |
> | Viruses very rarely make changes to the MBR and boot sector any more. I
> | don't know what is causing those read errors, but suspect it is not a
> virus
> | and is probably a question for a support forum regarding your AV
> product.
> | The same is probably true for the two changed files, but again I'd defer
> to
> | a support forum for your AV product.
> |
> | FYI, you will probably continue to get notices about "java Bytverify."
> It
> | is extremely old and only affects Microsoft JVM, not the Sun JVM. If
> you
> | have removed the MS JVM, you are safe from it. But your web browser
> will
> | still download the infected but harmless bytverify file. Existence of
> this
> | file does not prove infection.
> |
>
> Karl:
>
> Are you SURE about JS/ByteVerify is NOT exploiting Sun Java ?
> There have been some questions about that fact.
Well, I suppose it is possible, but I'd want some validation from an av web
site. As far as I know, for the first few years of its existence, bytverify
was an exploit against an old MS JVM vuln. This site doesn't mention Sun
java in the description, and it seems like bytverify hasn't been updated
since 2003:
www.symantec.com/security_response/writeup.jsp?docid=2003-090514-4048-99&tabid=1
It could probably end up in the Sun Java cache, I would expect.
| 
XML site map