Welcome to SecurityForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

"Trojan Horse" Question

  
   Security Forums (Home) -> General Discussions RSS
Next:  "Trojan Horse" virus question  
Author Message
Jack Edmunds

External


Since: Sep 04, 2003
Posts: 6



(Msg. 1) Posted: Tue Sep 09, 2003 2:23 am
Post subject: "Trojan Horse" Question
Archived from groups: alt>comp>virus (more info?)
We have a computer in the family that is running Norton and whenever they
logon to the internet, Norton says it has detected a "Trojan Horse" and when
you log to Norton, it says it has no information. It points to a file in
the Temporary Internet folder and it says the following: Name: Blackbox,
Internet Address: spyass.com/nocheat/blackbox.com (I left off part of the
address so it would not become a link), Type: Class File, and Size: 21 KB.
You can erase the entry, but it just keeps coming back after logging on to
the internet.

Anyone have any clue as to what this is and where it comes from? We ran
AdAware and cleaned up that junk, but this thing remains.

Thanks,
Jack

--
Remove NoSpam for e-mail

 >> Stay informed about: ""Trojan Horse"" Question 
Back to top
Login to vote
Snowsquall

External


Since: Jul 28, 2003
Posts: 10



(Msg. 2) Posted: Wed Sep 10, 2003 3:39 am
Post subject: Re: "Trojan Horse" Question [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Jack Edmunds" wrote in message

> We have a computer in the family that is running Norton and whenever they
> logon to the internet, Norton says it has detected a "Trojan Horse" and
when
> you log to Norton, it says it has no information. It points to a file in
> the Temporary Internet folder and it says the following: Name: Blackbox,
> Internet Address: spyass.com/nocheat/blackbox.com (I left off part of the
> address so it would not become a link), Type: Class File, and Size: 21 KB.
> You can erase the entry, but it just keeps coming back after logging on to
> the internet.
>
> Anyone have any clue as to what this is and where it comes from? We ran
> AdAware and cleaned up that junk, but this thing remains.
>
> Thanks,
> Jack
>
> --
> Remove NoSpam for e-mail
>
>

 >> Stay informed about: ""Trojan Horse"" Question 
Back to top
Login to vote
Snowsquall

External


Since: Jul 28, 2003
Posts: 10



(Msg. 3) Posted: Wed Sep 10, 2003 3:39 am
Post subject: Re: "Trojan Horse" Question [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Jack Edmunds" wrote in message

> We have a computer in the family that is running Norton and whenever they
> logon to the internet, Norton says it has detected a "Trojan Horse" and
when
> you log to Norton, it says it has no information. It points to a file in
> the Temporary Internet folder and it says the following: Name: Blackbox,
> Internet Address: spyass.com/nocheat/blackbox.com (I left off part of the
> address so it would not become a link), Type: Class File, and Size: 21 KB.
> You can erase the entry, but it just keeps coming back after logging on to
> the internet.

About three weeks ago I came across those Class files. I had done an on
line scan with Ravonline and it said
c:\WINDOWS\Temporary Internet
Files\Content.IE5\8DYR8DMN\VerifierBug[1].class
Virus: Java/Bytverify
Status:Infected
However at that time Norton did not detect it. I saved it and some other
class files(with similar time stamp) to a floppy disk. The other files were
a Dummy.class and Blackbox.class. The latter two still don't detect as
being infected but the VerifierBug is now detected as "Trojan Horse" At the
time I recall being on a web page that said my browser did not accept
cookies. As it turned out it was because I either had a patch to prevent
such cookies or did not have a certain Java program that would have been
required. Also the VerifierBug is related to the javascript that activates
another virus called "FortnightC that works through a VM java vulnerability.
www.f-secure.com/v-descs/fortnight.shtml

>
> Anyone have any clue as to what this is and where it comes from? We ran
> AdAware and cleaned up that junk, but this thing remains.
>
> Thanks,
> Jack
>
> --
> Remove NoSpam for e-mail
>
>
 >> Stay informed about: ""Trojan Horse"" Question 
Back to top
Login to vote
Jack Edmunds

External


Since: Sep 04, 2003
Posts: 6



(Msg. 4) Posted: Wed Sep 10, 2003 2:21 pm
Post subject: Re: "Trojan Horse" Question [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
When you saved the "class" files to floppy did you try to delete them? We
have deleted them and they seem to keep coming back, especially when you log
on to the internet via Internet Explorer. Wonder if it is attached to the
..exe file of IE and would it be cleared up if we reloaded IE? Just a
thought.

Thanks,
Jack

--
Remove NoSpam for e-mail
"Snowsquall" wrote in message

>
> "Jack Edmunds" wrote in message
>
> > We have a computer in the family that is running Norton and whenever
they
> > logon to the internet, Norton says it has detected a "Trojan Horse" and
> when
> > you log to Norton, it says it has no information. It points to a file
in
> > the Temporary Internet folder and it says the following: Name:
Blackbox,
> > Internet Address: spyass.com/nocheat/blackbox.com (I left off part of
the
> > address so it would not become a link), Type: Class File, and Size: 21
KB.
> > You can erase the entry, but it just keeps coming back after logging on
to
> > the internet.
>
> About three weeks ago I came across those Class files. I had done an on
> line scan with Ravonline and it said
> c:\WINDOWS\Temporary Internet
> Files\Content.IE5\8DYR8DMN\VerifierBug[1].class
> Virus: Java/Bytverify
> Status:Infected
> However at that time Norton did not detect it. I saved it and some other
> class files(with similar time stamp) to a floppy disk. The other files
were
> a Dummy.class and Blackbox.class. The latter two still don't detect as
> being infected but the VerifierBug is now detected as "Trojan Horse" At
the
> time I recall being on a web page that said my browser did not accept
> cookies. As it turned out it was because I either had a patch to prevent
> such cookies or did not have a certain Java program that would have been
> required. Also the VerifierBug is related to the javascript that
activates
> another virus called "FortnightC that works through a VM java
vulnerability.
> www.f-secure.com/v-descs/fortnight.shtml
>
> >
> > Anyone have any clue as to what this is and where it comes from? We ran
> > AdAware and cleaned up that junk, but this thing remains.
> >
> > Thanks,
> > Jack
> >
> > --
> > Remove NoSpam for e-mail
> >
> >
>
>
 >> Stay informed about: ""Trojan Horse"" Question 
Back to top
Login to vote
Snowsquall

External


Since: Sep 10, 2003
Posts: 3



(Msg. 5) Posted: Wed Sep 10, 2003 2:21 pm
Post subject: Re: "Trojan Horse" Question [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Jack Edmunds" wrote in message ...
> When you saved the "class" files to floppy did you try to delete them? We
> have deleted them and they seem to keep coming back, especially when you log
> on to the internet via Internet Explorer. Wonder if it is attached to the
> .exe file of IE and would it be cleared up if we reloaded IE? Just a
> thought.
>
> Thanks,
> Jack

I did not have to remove the class files from the harddrive. They
disappeared on their own within a day. Since Norton hadn't detected
them at that time I did not take them seriously.
>
> --
> Remove NoSpam for e-mail
> "Snowsquall" wrote in message
>
> >
> > "Jack Edmunds" wrote in message
> >
> > > We have a computer in the family that is running Norton and whenever
> they
> > > logon to the internet, Norton says it has detected a "Trojan Horse" and
> when
> > > you log to Norton, it says it has no information. It points to a file
> in
> > > the Temporary Internet folder and it says the following: Name:
> Blackbox,
> > > Internet Address: spyass.com/nocheat/blackbox.com (I left off part of
> the
> > > address so it would not become a link), Type: Class File, and Size: 21
> KB.
> > > You can erase the entry, but it just keeps coming back after logging on
> to
> > > the internet.
> >
> > About three weeks ago I came across those Class files. I had done an on
> > line scan with Ravonline and it said
> > c:\WINDOWS\Temporary Internet
> > Files\Content.IE5\8DYR8DMN\VerifierBug[1].class
> > Virus: Java/Bytverify
> > Status:Infected
> > However at that time Norton did not detect it. I saved it and some other
> > class files(with similar time stamp) to a floppy disk. The other files
> were
> > a Dummy.class and Blackbox.class. The latter two still don't detect as
> > being infected but the VerifierBug is now detected as "Trojan Horse" At
> the
> > time I recall being on a web page that said my browser did not accept
> > cookies. As it turned out it was because I either had a patch to prevent
> > such cookies or did not have a certain Java program that would have been
> > required. Also the VerifierBug is related to the javascript that
> activates
> > another virus called "FortnightC that works through a VM java
> vulnerability.
> > www.f-secure.com/v-descs/fortnight.shtml
> >
> > >
> > > Anyone have any clue as to what this is and where it comes from? We ran
> > > AdAware and cleaned up that junk, but this thing remains.
> > >
> > > Thanks,
> > > Jack
> > >
> > > --
> > > Remove NoSpam for e-mail
> > >
> > >
> >
> >
 >> Stay informed about: ""Trojan Horse"" Question 
Back to top
Login to vote
Display posts from previous:   
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]