VerifierBug.class Trojan!!

Discussion in 'Windows Desktop Systems' started by Static 99, Sep 6, 2003.

  1. Static 99

    Static 99 Guest

    A few day's ago I scanned my computer with NAV 2003 and it found a VerifierBug.class Trojan, did a google search but (almost) nothing came up, so I thought it was just a false alarm. But today I did another search and I guess it was NOT a false alarm.

    WTF is going on here?

    See for details: http://www.dslreports.com/forum/remark,7864755~root=security,1~mode=flat
     
  2. Enyo

    Enyo Moderator

    Messages:
    1,338
    Protection for this was added to NAV on the 3rd.

    Just remove the infected file and your done. If you happy to have the actual "infected" file, please forward to me so that i may conduct my own analysis. E-mail link is below.
     
  3. Static 99

    Static 99 Guest

    I allready removed it, and I also have send a copy to Symantec (and to you). But I have no idea how I got infected. I've got NIS 2003, all the latest patches and updates. Thought my pc was secure.
     
  4. Enyo

    Enyo Moderator

    Messages:
    1,338
    Thanks for sending it to me.

    You would have been infected by visiting a webpage that contains the malicious applet. Nothing you could have done. NAV had not been updated to detect this thread until after your inital infection.

    They should publish a full write up on this threat soon and when they do ill post a link.

    Now that NAV detects it your safe :) If you keep your eye on the thread above that you posted im sure the DSLR experts will have full details on it soon so you can know exactly what it does. Ill have a look at it this weekend if i get the time and let you know if i notice anything interesting.
     
  5. Static 99

    Static 99 Guest

    Thanks for the info.....
    I'll keep my eye on this thread, I'm quite curious what kind of Trojan it is, and what it does.
     
  6. Enyo

    Enyo Moderator

    Messages:
    1,338
    From what ive read the VerifierBug.class is not a trojan itself, its a "dropper" meaning it will fectch another trojan and plant it on the system. Thats just some conjecture however dont know anything for sure.
     
  7. Enyo

    Enyo Moderator

    Messages:
    1,338
    http://vil.nai.com/vil/content/v_100261.htm

    Ensure MS03-11 has been applied. If you are using Sun Java you should up date that to, by the looks of the Sun forums that is also vulnerable.

    Use MSBA to ensure the patch applied sucessfully.

    http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/mbsawp.asp
     
  8. Static 99

    Static 99 Guest

    Thanx, I'll get the latest Java and use MSBA to see if the patch is applied sucessfully.
     
  9. Tiesto

    Tiesto OSNN Addict

    Messages:
    112
    I just removed this from my friends computer yesterday. I have never heard of it but assumed it was some javascript virii code. Thanks for the info.
     
  10. Winter

    Winter OSNN Addict

    Messages:
    72
    Norton just found this virus on my computer... it wasn't able to repair it, so I quarantined it... what should I do? Just delete the file?

    Edit: Ok I went into my Norton history and deleted the file from there... hopefully I didn't need it...
     
  11. Enyo

    Enyo Moderator

    Messages:
    1,338
    Deleting it was the right thing to do ;)