Saturday, February 06, 2010
The Troj/ByteVer-G trojan is found by Webroot Spysweeper
Today Webroot spysweeper turned up a “Virus found” on Troj/ByteVer-G. So far, there is little information on this Trojan, outside Sophos (the virus engine for Spysweeper) which says it was entered into the database Feb. 5, with this entry. Webroot placed the Trojan into quarantine without incident.
Sophos offers much more detailed instructions for removing Trojans than merely deleting files, here. Trojans may resume execution at startup if they affected the registry. I presume that the Webroot quarantine prevents this from happening.
Curiously, after the sweep, Webroot told me it had just updated the security definition file. I restarted, then cold booted and reran the sweep and found no items.
Earlier, I had gotten a message on my Facebook page regarding a marketing company. I did click on the website, and it kept trying to get me to look at an offer before going away until I clicked out completely and closed Facebook. I don’t know if that was the source. I generally am not interested in “get rich” marketing schemes, as few work.
I could not find any mention of this Trojan at McAfee.
The Trojan may resemble Troj/FakeAvJs-A, already discussed.
About.com offers a discussion of “clean, quarantine, or delete?” here.
Note that the Sophos Trojan removal link doesn't address Vista or XP. I don't know why.