"Trojan Horse" Question

"Jack Edmunds" <jedmunds RemoveThis @NoSpamprodigy.net> wrote in message
news:tQa7b.73$s_1.37@newssvr33.news.prodigy.com...
> We have a computer in the family that is running Norton and whenever they
> logon to the internet, Norton says it has detected a "Trojan Horse" and
when
> you log to Norton, it says it has no information. It points to a file in
> the Temporary Internet folder and it says the following: Name: Blackbox,
> Internet Address: spyass.com/nocheat/blackbox.com (I left off part of the
> address so it would not become a link), Type: Class File, and Size: 21 KB.
> You can erase the entry, but it just keeps coming back after logging on to
> the internet.

About three weeks ago I came across those Class files. I had done an on
line scan with Ravonline and it said
c:\WINDOWS\Temporary Internet
Files\Content.IE5\8DYR8DMN\VerifierBug[1].class
Virus: Java/Bytverify
Status:Infected
However at that time Norton did not detect it. I saved it and some other
class files(with similar time stamp) to a floppy disk. The other files were
a Dummy.class and Blackbox.class. The latter two still don't detect as
being infected but the VerifierBug is now detected as "Trojan Horse" At the
time I recall being on a web page that said my browser did not accept
cookies. As it turned out it was because I either had a patch to prevent
such cookies or did not have a certain Java program that would have been
required. Also the VerifierBug is related to the javascript that activates
another virus called "FortnightC that works through a VM java vulnerability.
www.f-secure.com/v-descs/fortnight.shtml

>
> Anyone have any clue as to what this is and where it comes from? We ran
> AdAware and cleaned up that junk, but this thing remains.
>
> Thanks,
> Jack
>
> --
> Remove NoSpam for e-mail
>
>
 >> Stay informed about: "Trojan Horse" Question 

When you saved the "class" files to floppy did you try to delete them? We
have deleted them and they seem to keep coming back, especially when you log
on to the internet via Internet Explorer. Wonder if it is attached to the
..exe file of IE and would it be cleared up if we reloaded IE? Just a
thought.

Thanks,
Jack

--
Remove NoSpam for e-mail
"Snowsquall" <eerring DeleteThis @wightman.ca> wrote in message
news:E1x7b.1540$qJ6.1208651@monger.newsread.com...
>
> "Jack Edmunds" <jedmunds DeleteThis @NoSpamprodigy.net> wrote in message
> news:tQa7b.73$s_1.37@newssvr33.news.prodigy.com...
> > We have a computer in the family that is running Norton and whenever
they
> > logon to the internet, Norton says it has detected a "Trojan Horse" and
> when
> > you log to Norton, it says it has no information. It points to a file
in
> > the Temporary Internet folder and it says the following: Name:
Blackbox,
> > Internet Address: spyass.com/nocheat/blackbox.com (I left off part of
the
> > address so it would not become a link), Type: Class File, and Size: 21
KB.
> > You can erase the entry, but it just keeps coming back after logging on
to
> > the internet.
>
> About three weeks ago I came across those Class files. I had done an on
> line scan with Ravonline and it said
> c:\WINDOWS\Temporary Internet
> Files\Content.IE5\8DYR8DMN\VerifierBug[1].class
> Virus: Java/Bytverify
> Status:Infected
> However at that time Norton did not detect it. I saved it and some other
> class files(with similar time stamp) to a floppy disk. The other files
were
> a Dummy.class and Blackbox.class. The latter two still don't detect as
> being infected but the VerifierBug is now detected as "Trojan Horse" At
the
> time I recall being on a web page that said my browser did not accept
> cookies. As it turned out it was because I either had a patch to prevent
> such cookies or did not have a certain Java program that would have been
> required. Also the VerifierBug is related to the javascript that
activates
> another virus called "FortnightC that works through a VM java
vulnerability.
> www.f-secure.com/v-descs/fortnight.shtml
>
> >
> > Anyone have any clue as to what this is and where it comes from? We ran
> > AdAware and cleaned up that junk, but this thing remains.
> >
> > Thanks,
> > Jack
> >
> > --
> > Remove NoSpam for e-mail
> >
> >
>
>
 >> Stay informed about: "Trojan Horse" Question 

"Jack Edmunds" <jedmunds.RemoveThis@NoSpamprodigy.net> wrote in message news:<jrG7b.5587$WX1.1734@newssvr16.news.prodigy.com>...
> When you saved the "class" files to floppy did you try to delete them? We
> have deleted them and they seem to keep coming back, especially when you log
> on to the internet via Internet Explorer. Wonder if it is attached to the
> .exe file of IE and would it be cleared up if we reloaded IE? Just a
> thought.
>
> Thanks,
> Jack

I did not have to remove the class files from the harddrive. They
disappeared on their own within a day. Since Norton hadn't detected
them at that time I did not take them seriously.
>
> --
> Remove NoSpam for e-mail
> "Snowsquall" <eerring.RemoveThis@wightman.ca> wrote in message
> news:E1x7b.1540$qJ6.1208651@monger.newsread.com...
> >
> > "Jack Edmunds" <jedmunds.RemoveThis@NoSpamprodigy.net> wrote in message
> > news:tQa7b.73$s_1.37@newssvr33.news.prodigy.com...
> > > We have a computer in the family that is running Norton and whenever
> they
> > > logon to the internet, Norton says it has detected a "Trojan Horse" and
> when
> > > you log to Norton, it says it has no information. It points to a file
> in
> > > the Temporary Internet folder and it says the following: Name:
> Blackbox,
> > > Internet Address: spyass.com/nocheat/blackbox.com (I left off part of
> the
> > > address so it would not become a link), Type: Class File, and Size: 21
> KB.
> > > You can erase the entry, but it just keeps coming back after logging on
> to
> > > the internet.
> >
> > About three weeks ago I came across those Class files. I had done an on
> > line scan with Ravonline and it said
> > c:\WINDOWS\Temporary Internet
> > Files\Content.IE5\8DYR8DMN\VerifierBug[1].class
> > Virus: Java/Bytverify
> > Status:Infected
> > However at that time Norton did not detect it. I saved it and some other
> > class files(with similar time stamp) to a floppy disk. The other files
> were
> > a Dummy.class and Blackbox.class. The latter two still don't detect as
> > being infected but the VerifierBug is now detected as "Trojan Horse" At
> the
> > time I recall being on a web page that said my browser did not accept
> > cookies. As it turned out it was because I either had a patch to prevent
> > such cookies or did not have a certain Java program that would have been
> > required. Also the VerifierBug is related to the javascript that
> activates
> > another virus called "FortnightC that works through a VM java
> vulnerability.
> > www.f-secure.com/v-descs/fortnight.shtml
> >
> > >
> > > Anyone have any clue as to what this is and where it comes from? We ran
> > > AdAware and cleaned up that junk, but this thing remains.
> > >
> > > Thanks,
> > > Jack
> > >
> > > --
> > > Remove NoSpam for e-mail
> > >
> > >
> >
> >
 >> Stay informed about: "Trojan Horse" Question