1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PandaScan unable to fix viruses

Discussion in 'Virus & Other Malware Removal' started by andyh3, Oct 19, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. andyh3

    andyh3 Thread Starter

    Joined:
    Aug 18, 2003
    Messages:
    37
    I used the free online panda scan for viruses and it found 3, but it said that it was unable to disinfect them. How can I get rid of them? Thanks!

    Here is the ActiveScan Log:

    Incident Status Location

    Exploit/ByteVerify No disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\archive.jar-27ef2cd7-66a7cf0a.zip[Dummy.class]
    Exploit/ByteVerify No disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\archive.jar-9ccf676-2c99a1ee.zip[Dummy.class]
    Exploit/ByteVerify No disinfected C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\xp.jar-103bf2d-1064b60d.zip[Dummy.class]
     
  2. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi, Sounds like you took an antivirus program test once....these online testers, for antivirus program function, may have left these archived files....the dummy tag is what prompts me about the above....
    The tester creates a dummy file.

    I could be very wrong....it also may be that Panda scan does not check inside .zip, archived files, some dont/arent able to do that.
    Hang on, someone will have run into this one I am sure.
    Bt the way, you should scan with an online Trojan scanner for worms, they are way better for Trojans.
    There are many inexpensive or free anti-Trojan utilities available, too, matter of fact, Antitrojan is the name of one...
    Tauscan is another....and The Cleaner another.
    Here:
    http://www.anti-trojan-software-reviews.com/

    http://www.anti-trojan.net/en/onlinecheck.aspx

    http://www.computercops.biz/modules.php?name=TCP_Scanner
    (You have to register for free to use thisone)
     
  3. andyh3

    andyh3 Thread Starter

    Joined:
    Aug 18, 2003
    Messages:
    37
    Thanks - I'll give the trojan scan a try.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
    they are just java cache files , the jpi folder is where your javaVM stores it's downloaded java files so it can use them directly from your computer rather than downloading them from their websiite each time for speed

    THe folder is read only, that's why your Av can't remove them.

    navigate to the jpi folder, rightclick the entry and untick read only then delete the entire folder.

    When you next go to a site that uses java, it will download the needed files to that folder
     
  5. andyh3

    andyh3 Thread Starter

    Joined:
    Aug 18, 2003
    Messages:
    37
    Thanks! I did what you said, but will deleting this file affect any other operations?
     
  6. Byteman

    Byteman Gone but Never Forgotten

    Joined:
    Jan 24, 2002
    Messages:
    17,742
    Hi andyh- I've never heard of java cache files, and never seen them found by any scanners, but I think I would trust what dvk posted to you.... darn, now we don't get to uproot any nasty worms- aren't you depressed :p :D ? Perhaps a google search would give you some confirmation about the java files.
     
  7. andyh3

    andyh3 Thread Starter

    Joined:
    Aug 18, 2003
    Messages:
    37
    Yeah - I really wanted worms! Damnit!

    Thanks.
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
    No it will not affect anything else

    they are temporary files in the same way your browser uses the temporary internet files folder to store files from the internet so you can us them quickly without going to the site each time and downloading files that never change such as pictures and images on these forums
    when you surf a site regularly your computer normally just downloads what is changed for the sake of speed. THe java jpi cache does the same job for java applets from websites
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
    It's only recently that most scanners have started to look for the byte veryfy exploit

    this M$ update page explains it in detail http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-011.asp

    and this page about CWS explains it's results

    http://www.spywareinfo.com/~merijn/cwschronicles.html

    scroll down to the bottom of the page, epilogue and it shoulkd become clear
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
    this probably explains it clearer
    Java.ByteVerify.exploit
    Alias: Exploit-ByteVerify

    CHARACTERISTICS
    This is not a virus, but rather a method to exploit a security vulnerability in the Microsoft Virtual Machine. This vulnerability arises as the ByteCode verifier in the Microsoft Virtual machine does not correctly check for the presence of certain malformed code when a Java applet is loaded. Attackers could exploit this vulnerability by creating malicious Java applets and inserting them into web pages. These web pages could be hosted on a site by a malicious web master, or could be sent to users as an attachment. To read more about this issue, and to download the necessary patches, please visit:

    http://www.microsoft.com/technet/security/bulletin/MS03-011.asp.
     
  11. andyh3

    andyh3 Thread Starter

    Joined:
    Aug 18, 2003
    Messages:
    37
    Derek,

    that is a 'bad' link: "The page you're looking for has been moved or removed from the site."

    Is there another link?
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,187
    First Name:
    Derek
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/173212

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice