HI
My Avg antivirus has detected java/byteverify an trojan horse java/loader and i am not able to remove it I have tried a-squared but it is not working either i an posting my hijack this log
just in case i have windows 2000 and have got this virus for 4 day

Logfile of HijackThis v1.98.2
Scan saved at 7:29:41 PM, on 7/6/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\my document\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_ 7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_ 7_0.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

please reply if any body can help me

Welcome to the forum shayankhalid
If you follow the advice in the link below you should be fine

http://www.cbttechs.com/forums/showt...A%2FBYTEVERIFY

Let us know if it doesn't work

hi its me again i have done the online scan on panda active scan but they say Your PC contains spyware that ActiveScan cannot disinfect. In order to disinfect it, use one of the Panda solutions capable of disinfecting the spyware on your PC. i have also tried to empty the java cache but it doesnot have any files so nothing is able to be deleted so plz advise me wht sholud i do next

Howdy again!,

Could you please post ActiveScan's full log after it is done? :mrgreen:

they did not show any log it just did scan there was a number that there are 18 infected files but it did not show the files
but i can give u log from teojan antivirus

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\8HUNER0B\classload[1].jar:\GetAccess.class

Virus identified Java/ByteVerify

Infected, Embedded object

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\8HUNER0B\classload[1].jar:\InsecureClassLoader.class

Virus identified Java/ByteVerify

Infected, Embedded object

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\8HUNER0B\classload[1].jar:\Installer.class

Virus identified Java/ByteVerify

Infected, Embedded object

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\8HUNER0B\classload[1].jar

Virus identified Java/ByteVerify

Infected, Archive

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\PFG6ET6L\arr3[1].jar:\Counter.class

Virus identified Java/ByteVerify

Infected, Embedded object

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\PFG6ET6L\arr3[1].jar:\VerifierBug.class

Trojan horse Java/ClassLoader

Infected, Embedded object

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\PFG6ET6L\arr3[1].jar

Virus identified Java/ByteVerify

Infected, Archive

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\PFG6ET6L\jar[1].jar:\Counter.class

Virus identified Java/ByteVerify

Infected, Embedded object

C:\Documents and Settings\shayan\Local Settings\Temporary Internet Files\Content.IE5\PFG6ET6L\jar[1].jar

Virus identified Java/ByteVerify

Infected, Archive

hi i have done tried to delete fimes in temporary folder but there is a folder named temp internet files which i am unable to delete and the virus is in tht i think

Hiya shayankhalid
Try these steps for removing your temporary internet files:
Open Internet Explorer. At the top of the screen, select 'tools' and then select 'internet options'. In the middle of this window it says 'Temporary Internet Files', click on 'delete files'. When the box pops up, place a check in the box that says 'delete all offline content' and click on 'ok'.
This should delete your temporary internet files.
Run the scan again to make sure your clean

hi its me again i tried to delete my internet temporay files in safe mode 2 but of no use.
the basic prob is that i have 2 folder of internet temporary files 1 in temporary files folder and the othe in local setting.
As my i know of computer we are not suppose to have a sepperate internet temporary files folder in temporary files

i am able to delete the comtents of internet temporary files in lacal stting and by doing the tools option of internet explorer but i am not able to delete the internet temporary files which is in temporary files
i think it is looking little complicated plz if u understand wht i have written plz reply
thanx for all ur ur help till now

Try searching for any files called verifierbug.class
Right click on any you find and delete. I'll be back with more info soon

hi Vidster thanx for ur help but i was not able to find any of verifierbug.class in my sys