1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: jpi_cache; what is it?

Discussion in 'Virus & Other Malware Removal' started by rainforest123, Feb 5, 2005.

Thread Status:
Not open for further replies.
  1. rainforest123

    rainforest123 Thread Starter

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    1. What is jpi_cache ?
    Today, 04 Feb 2005, my NAV 2004 detected 3 files, infected by Trojan.byteVerify.

    The compressed file VB.class within C:\Documents and Settings\user_name\.jpi_cache\jar\1.0\archive.jar-2178ee9f-58587eb5.zip is infected with the Trojan.ByteVerify virus.

    Windows 2000 Pro SP4
    I obtained the ms03-011 , 816093 update during 2004.
    ZA Pro 5.5

    Recently, I downloaded some music from emusic.com . I suspect that the infection came from one of those downloads.

    I have read: http://securityresponse.symantec.com/avcenter/venc/data/trojan.byteverify.html

    2. Did the Microsoft update protect me from the problems noted at symantec's site?

    I refer to:

    technical details

    When Trojan.ByteVerify is executed, it performs the following actions:


    Escapes the sandbox restrictions, using Blackbox.class, by doing the following:

    Declares a new PermissionDataSet with setFullyTrusted set to TRUE.
    Creates a trusted PermissionSet.
    Sets permission to PermissionSet by creating its own URLClassLoader class, derived from the VerifierBug.class.

    Loads Beyond.class using the URLClassLoader from Blackbox.class.

    Gains unrestricted rights on the local machine by invoking the .assertPermission method of the PolicyEngine class in Beyond.class.

    Opens the Web page, http://www.clavus.net/lst.backs, and parses the text that this site displays.

    For example, SP|www.ewebsearch.net/sp.htm means that the Internet Explorer Start Page will be set up to www.ewebsearch.net/sp.htm

    Several pornographic links are added into the favorites.

    May attempt to retrieve dialer programs and install them on the infected computer. The dialer programs may attempt to connect the infected computer to pornographic Web sites.

    B123
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    # Click Start | Settings | Control Panel
    # Click the Java Plugin Icon
    # Click the Cache tab
    # Click the Clear button and click OK to confirm
    # Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326969

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice