VIRUS

**em99010pepe** · 04-07-2004, 09:41 AM

Hi guys,

NORTON found this virus in SUN JAVA directory:

Source: Parser.class
Description: The compressed file Parser.class within C:\WINDOWS\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\noc heat.jar-2718a0ba-41d3694f.zip is infected with the Trojan.ByteVerify virus.

You all should make a full scan in this directory.

**em99010pepe** · 04-07-2004, 09:49 AM

Just for the recorder, I found in this directory the MD5crk java applet.

**Anonymous** · 04-07-2004, 08:53 PM

My Avast also found this same identical thing, about a hundred files in there. I just thought it was my regular JAVA, but now I don't think so.
Could it be that when you visit the MD5 site that it DL's this onto your computer silently? I have been to the site a few times to see what the "magic button" uproar was all about, but have never actually DL'd the MD5 program.
If this has something to do with MD5, it definitely doesn't sound like good news for them---just my opinion. I was planning on starting it up on a couple tonight, but may not now.
I noticed a similiar post was made at USD also pertaining to this.

**em99010pepe** · 04-07-2004, 09:10 PM

Originally Posted by offamychain

Could it be that when you visit the MD5 site that it DL's this onto your computer silently?
I noticed a similiar post was made at USD also pertaining to this.

I think so. I quiet using that project because I noticed speed decrease on my computer. I found that MD5 java applet was running in loop every time I started OPERA and discovered some files in SUN directory. I deleted them and since then those problems simply disappeared.

**Anonymous** · 04-07-2004, 10:22 PM

I deleted mine too. Out of extreme curiosity, I'm gonna play with the "magic button" a while tonight to see if I can't get the "virus-part" back.
That sound sorta stupid, don't it? :roll: :roll:
Maybe it won't blow up.
But I agree with you, after investigating my surfing & stuff, this is the ONLY logical site where I coulda picked this crap up at.

**Anonymous** · 04-08-2004, 01:59 AM

EM99, just went to the MD5 site & let the Magic-Button do it's magic for a couple minutes, & to answer your question, YES. It will follow you home. It will recreate the ENTIRE "Sun/Java" directory on your computer, with about 20 folders inside it.

However, immediately, there's only 3 files inside it. Whether it makes the hundreds more that we wound up with in the future, I don't know...'cause "WapAKaZaam", they're all gone...again. :D :D :D

The 2 files you asked about were there:

C:\D.& S.\..\A.D.\Sun\Java\Deploy\cache\javapi\jar\md5crk .jar-......IDX

and another by the same name, but in a ZIP format.

There is also another file elsewhere:

C:\D.& S.\...\A.D.\Sun\Java\Deployment\log\plugin142_03.t race

It also leaves a crap-load of cookies in your Cookie & Temp. files for your enjoyment.

(I also posted this at USD, 'case you find it there 1st)

Thread: VIRUS

Thread Tools

Display

VIRUS

Posting Permissions