Recently my antivirus program(McAfee) is picking up some java files as viruses. The file name is "archive.jar-27b6d963-534a760c.zip" and it is located in "C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar"
The zip file contains: "Beyond.class, BlackBox.class, Dummy.class, VerifierBug.class"
Have any ideas to as what this is? Is these files needed for java and what are they for?

 

 

I ran a Panda virus scan & had the same results. The dates of the 4 files are 9/12/2003 and 4/24/2003.
The archive zip file itself has a date of 7/14/2003.

 

 

It's strange. Does anyone have some insite on this?

 

 

I just had a full virus scan on an XP Machine this morning and my NAV 2004 picked alerted and Quarantined saying the similar files are infected with a Trojan.


C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-27b6d965-1971f6d1.zip


C:\Documents and Settings\User\.jpi_cache\jar\1.0\archive.jar-27b6d963-53d3d998.zip

The zip files contains: "Beyond.class, BlackBox.class, Dummy.class, VerifierBug.class"

sounds like the same thing.

Is it ok to delete all the cache files in this 1.0 folder ?


Thanks.

 

 

Same thing here on my XP system. Norton was updated with the newest virusdefinitions this morning and found a suspect infected file verifierbug.class which was Quarantained. Downloaded a free trojantool from a UK little firm (evaluation copy). This found nothing else. I read here these .class files are JAVA files. Are they needed by anthing? Please does someone know about this and shed some light?

 

 

Hey guys, I also had the same trojan horse found. At the symantec's site there's no data for it. But some others sites do. What I did was quarantined it and then deleted it from there. Rescanned my machine and it didn't find it so I suppose it's gone. On the lavasoft forums there's more people with the same problem. I'm rebooting and rescanning again.

 

 

I got the same thing last night, with my NAV 2003 catching the BlackBox.class and Dummy.class etc. I looked it up in Windows Explorer and deleted it once Symantec gave me an automated response to my query. There was no information about the applet other than Symantec saying that their beta definitions picked up the VerifierBug.class archive on its latest scan. I've searched to find out what it does but so far all I have found is questions. Prior problems with the Microsoft Virtual Machine may have spawned this Trojan, but Microsoft has patched this since and appears no longer vulnerable . Why Symantec has just discovered this is still a mystery, and so is, why they think its a trojan if they offer no information on it.

 

 

I had same problem in my windows xp and NAV 2004 deleted the file. I recieved the following report:

Source: VerifierBug.class
Description: The compressed file VerifierBug.class within C:\Documents and Settings\Hamid Shadmand\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-5dde5271-27d21281.zip is infected with the Hacktool virus.
Click for more information about this threat : Hacktool= http://securityresponse.symantec.com/avcenter/venc/dyn/20685.html

 

 

I ran a NAV 2003 full system scan today
and found this same item. Here's the NAV
message:

====
Source: VerifierBug.class
Description: The compressed file VerifierBug.class within C:\temp\java cache\jar\archive.jar-27b6d963-54f04a76.zip is infected with the Trojan Horse virus.
Click for more information about this virus : Trojan Horse
====

What's interesting to me is how the little
sucker got onto my machine. I run NAV and
Zone Alarm Pro, and this thing slipped in
silently.

Hmmm ....

I think I know how it slipped in:
Norton's AutoProtect has a setting for
"Comprehensive file scanning." Norton's Manual
Scan has that setting, PLUS a setting to
"Scan within compressed files". I'm guessing
that AutoProtect does NOT scan within compressed files.

Next question I've got: how did that particular
.zip file get onto my machine ?

The only app I've installed in the past few
days is X1, a file/email/web search utility.
It was buggy and crashy, so I uninstalled it.
Perhaps it was the carrier ??

More research is warranted ....

Stan

 

 

I ran NAV2002 on WinXP today after receiving the new definitions also, and it found BB.class and VerifierBug.class and identified both of them as viruses of type Trojan Horse. I chose to let NAV quarantine them until I found out more information. After a bit of crafty Googling I found this site: http://www.kgs.ukans.edu/Gemini/gemini-help.html. Article number 5 recommends purging the x:\documents and settings\<user_name>\jpi_cache\jar\1.0 folder every so often. I purged the suggested folders, and then went back to NAV and had it delete the files. After two successive reboots and some surfing at java enabled site, I've had no problems. Hope this helps!

 

 

RELAX!

Most AntiVirus programs (Norton, Symantec, etc.) often trip up over innocuous files and think they contain "viruses". Unfortunately, they have to be aggressive, because jar files are really zip files underneath, and many viruses wrap themselves in zip files to defeat mailer restrictions on file types.

Since this is a JavaWebStart cache file you're tripping over, you can just delete it, but it'll simply reappear the next time. It SHOULD be safe to omit "jar" files from the antivirus check (add ".jar" to the exclusion suffix list), if you feel so bold. I do without any qualms.

 

 

See this site for clarity on this from Sun

http://www.java.com/en/download/help/cache_virus.jsp

 

 

Hi

I had the same problem last night when I ran a Virus Check on my machine. I genereally do not schedule a Virus check, but last night I had something really wierd happen, I had a new Dial up Networking to some XXX site and my home page was diff etc, so I decided to run a check on my machine and it came up with to infected file

VerifierBug.class

and here is what Norton AV has to say about it

http://www.symantec.com/avcenter/venc/data/trojan.byteverify.html

Since my AV has allready deleted those files I do not have a copy of those files with me, but if anyone still has those files, I will like to decompile it and have a look it. I am interested in what makes it tick

vivek

 

 

I have them right here. Some web site infected my system with it yesterday. It also ran a file called nctl.exe which started a dialer and connected me to a very expensive phone number before i knew it.
I can give you the URL, too, if you feel like getting infected :(

 

 

It appears that ur system may be affected with virus of type trojan horse. U should first run live update and then perform a full system scan , delete all files (.claas files) shown as virus infected.
check for system registry as some of these may have affacted ur system registry