[Removed]

I have Norton Internet Security 2010 installed on my system and yesterday the anti-virus software detected that my system was infected with Trojan.ByteVerify and it said that it was unable to remove the file. I checked the anti-virus software and it was updated 3 minutes ago when this happened. I clicked the details to find the file source and got the below information:

1. getclass.class

[contained in] c:\documents and settings\sheen int'l exchange\application data\sun\java\deployment\cache\6.0\38\5e1889e6-61dce912

2. getclass.class

[contained in] c:\documents and settings\sheen int'l exchange\application data\sun\java\deployment\cache\javapi\v1.0\jar\java.jar-494e0098-78ae05d1.zip

I immediately checked their website for information on removal and got the below  link:

http://www.symantec.com/security_response/detected_writeup.jsp?name=Trojan.ByteVerify

I could not delete the files in Safemode as mentioned. So,I had to turn to symantec again. To find their Technical support number is another issue. While I did get their number, I could not get to a technician as I had to wait for almost 30mins as the recorded voice message kept reminding me not to hang up as it would take even longer if I hang up and re-dial again. Finally, I managed to get a technician who called herself - "sweety singhal".  After knowing my problem,  she told that she wanted to do a remote connect to resolve the issue. She then took over and downloaded Power Eraser which almost all symantec tech agents are trained to do. The power eraser spotted a file and said it was removing it. Then the tech rep did a quickscan and told me that everything was fine. When I went to the Java Cache folder mentioned above, I still found about 30-40 folders,but empty. The tech rep told me that the Power Eraser had removed the virus and there is no problem. But, I insisted in doing a Full System Scan and started it. I let her go as she said that the scan would take about an hours time. To my surprise, the antivirus showed that Trojan.ByteVerify was still there and could not be removed.

Then I tried dialing again to Symantec Tech Support. Again, I waited for another 30minutes before I spoke to a tech named "Nikki Blobelle". After hearing my story, she told me that she would want to do a Power Eraser scan again. Then we went through the whole process together. The Power Eraser did not find any virus.  At this point, she told me since their s/w Power Eraser was unable to detect the virus, I had to be transferred to another department where they would charge me additionaly for removing the virus.  I was surprised that both the technicians who tried to help me did not even have any knowledge about the infection and they kept telling me that it could be due to some downloads.Further they were more intended in pushing me to the other department. I told them that when I googled the internet, I found that this virus was first noticed in 2003 and the malicious applets downloaded in the Java Cache directory were the reason behind it.

http://www.java.com/en/download/help/cache_virus.xml

http://www.bitdefender.com/VIRUS-117110-en--Java.Trojan.Exploit.Bytverify.Gen.html

I also wanted to know why I should pay for something that Symantec should have fixed it in their software (Syantec antivirus definitions should have been updated with this trojan information as this trojan was first spotted in 2003). I asked them I had payed for the antivirus to protect my system and wanted to know why their s/w did not do its job. For this they did not have any answer and kept repeating that they could not help and I had to pay. I was really getting agitated at this point as Symantec did not want to accept its mistake and was focussed only  in making money out of innocent victims! At this point, I told Nikki that I wanted to speak to someone who would assist me. She replied that she would transfer my call to her manager and i would have to wait for another 15-20minutes. I got really pissed off at this point as I was getting no where,I informed Nikki to immediately get me a floor supervisor. Then I spoke to someone whose name I could not recollect. He kept repeating me the same message that I had to pay for the virus removal - Perfectly Trained to push off customers. I wanted an explanation as to why I had to pay additionally when the S/W did not do its primary job of spotting a trojan which was released way back in 2003.For this he had no answer and bluntly told me that if I need to have it removed then i had to pay. Then I asked if there was a customer escalation department where I could explain my story as I was not in a position to let SYMANTEC escape!!!!!!! Then, the supervisor transferred my call stating that I'll be answered by the Customer Relations department. I was on hold music for almost 15minutes and I hung up!!!

I've made up my mind that this is the last product that I'm buying from SYMANTEC.

I'm an IT Consultant with a client base of nearly 80-90 companies in Singapore and I'll ensure th
at your Post Sales Support Quality is known to every single of my clients.

- You maintain your online knowledgebase poorly inorder to get more customers calling your phones. Then you charge them saying that the issue does not come under the support boundaries.!! Kudos!!

I'm complaining here as Symantec- as a company does not want to hear from Customers and hence does not have its customer service email address mentioned anywhere.

I'm also writing an email to their SINGAPORE office asking for an explanation.

-Arshad

SHEEN INTERNATIONAL EXCHANGE

SINGAPORE

[edit: Please do not post identifying information per the Participation Guidelines and Terms of Service.]

[Removed]

I have Norton Internet Security 2010 installed on my system and yesterday the anti-virus software detected that my system was infected with Trojan.ByteVerify and it said that it was unable to remove the file. I checked the anti-virus software and it was updated 3 minutes ago when this happened. I clicked the details to find the file source and got the below information:

1. getclass.class

[contained in] c:\documents and settings\sheen int'l exchange\application data\sun\java\deployment\cache\6.0\38\5e1889e6-61dce912

2. getclass.class

[contained in] c:\documents and settings\sheen int'l exchange\application data\sun\java\deployment\cache\javapi\v1.0\jar\java.jar-494e0098-78ae05d1.zip

I immediately checked their website for information on removal and got the below  link:

http://www.symantec.com/security_response/detected_writeup.jsp?name=Trojan.ByteVerify

I could not delete the files in Safemode as mentioned. So,I had to turn to symantec again. To find their Technical support number is another issue. While I did get their number, I could not get to a technician as I had to wait for almost 30mins as the recorded voice message kept reminding me not to hang up as it would take even longer if I hang up and re-dial again. Finally, I managed to get a technician who called herself - "sweety singhal".  After knowing my problem,  she told that she wanted to do a remote connect to resolve the issue. She then took over and downloaded Power Eraser which almost all symantec tech agents are trained to do. The power eraser spotted a file and said it was removing it. Then the tech rep did a quickscan and told me that everything was fine. When I went to the Java Cache folder mentioned above, I still found about 30-40 folders,but empty. The tech rep told me that the Power Eraser had removed the virus and there is no problem. But, I insisted in doing a Full System Scan and started it. I let her go as she said that the scan would take about an hours time. To my surprise, the antivirus showed that Trojan.ByteVerify was still there and could not be removed.

Then I tried dialing again to Symantec Tech Support. Again, I waited for another 30minutes before I spoke to a tech named "Nikki Blobelle". After hearing my story, she told me that she would want to do a Power Eraser scan again. Then we went through the whole process together. The Power Eraser did not find any virus.  At this point, she told me since their s/w Power Eraser was unable to detect the virus, I had to be transferred to another department where they would charge me additionaly for removing the virus.  I was surprised that both the technicians who tried to help me did not even have any knowledge about the infection and they kept telling me that it could be due to some downloads.Further they were more intended in pushing me to the other department. I told them that when I googled the internet, I found that this virus was first noticed in 2003 and the malicious applets downloaded in the Java Cache directory were the reason behind it.

http://www.java.com/en/download/help/cache_virus.xml

http://www.bitdefender.com/VIRUS-117110-en--Java.Trojan.Exploit.Bytverify.Gen.html

I also wanted to know why I should pay for something that Symantec should have fixed it in their software (Syantec antivirus definitions should have been updated with this trojan information as this trojan was first spotted in 2003). I asked them I had payed for the antivirus to protect my system and wanted to know why their s/w did not do its job. For this they did not have any answer and kept repeating that they could not help and I had to pay. I was really getting agitated at this point as Symantec did not want to accept its mistake and was focussed only  in making money out of innocent victims! At this point, I told Nikki that I wanted to speak to someone who would assist me. She replied that she would transfer my call to her manager and i would have to wait for another 15-20minutes. I got really pissed off at this point as I was getting no where,I informed Nikki to immediately get me a floor supervisor. Then I spoke to someone whose name I could not recollect. He kept repeating me the same message that I had to pay for the virus removal - Perfectly Trained to push off customers. I wanted an explanation as to why I had to pay additionally when the S/W did not do its primary job of spotting a trojan which was released way back in 2003.For this he had no answer and bluntly told me that if I need to have it removed then i had to pay. Then I asked if there was a customer escalation department where I could explain my story as I was not in a position to let SYMANTEC escape!!!!!!! Then, the supervisor transferred my call stating that I'll be answered by the Customer Relations department. I was on hold music for almost 15minutes and I hung up!!!

I've made up my mind that this is the last product that I'm buying from SYMANTEC.

I'm an IT Consultant with a client base of nearly 80-90 companies in Singapore and I'll ensure th
at your Post Sales Support Quality is known to every single of my clients.

- You maintain your online knowledgebase poorly inorder to get more customers calling your phones. Then you charge them saying that the issue does not come under the support boundaries.!! Kudos!!

I'm complaining here as Symantec- as a company does not want to hear from Customers and hence does not have its customer service email address mentioned anywhere.

I'm also writing an email to their SINGAPORE office asking for an explanation.

-Arshad

SHEEN INTERNATIONAL EXCHANGE

SINGAPORE

[edit: Please do not post identifying information per the Participation Guidelines and Terms of Service.]

Hello heavengod

Please read the post. The user has already mentioned that the power eraser was used twice by tech support and it could not clean up the malware. Now you are suggesting to use it once again???

Oops.the user type a very long message.edited :)

Please check in your unresolved threats under History.  Sometimes when a threat has been removed using a different tool, Norton does not know that it is gone.  In 2011 you can just clear the entry.  I'm not sure if 2010 also has that capability.

Hello arshad

Welcome to the Norton Community Forum

I am sorry to hear about your poor experience with tech support. For future contact with them, the quickest way is to use the chat method which is free when you have a Symantec product installed or are having problems with the installation.  Here is the link for the Singapore program

http://sg.norton.com/support/dtree.jsp?pvid=

To help you get your computer cleaned up for free and have it done properly, please sign up with one of thse free malware removal sites. I am suggesting these sites because they have the proper tools and they work with you on a 1 to 1 basis. They do the work so that you don't lose your important files and will tell you exactly what to do. Bleepingcomputer will have the longest wait.

Please go to one of these free Forums for help in removing your bad malware or rootkits.


http://www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

(Thanks to Delph for providing the list of sites)

One of the reasons that Symantec may not protect you from this malware is because the malware is constantly changing. It may have the same name as Malware from years ago, but I am sure that it has mutated since it was first discovered. You can look at the flu virus for a comparison. The flu has been around for many years, but it also is constantly changing. Yes there is a flu shot offered once a year for those who want it, but that flu shot is made by guessing what will be the prevalent strain of flu for the next year. Some people who get the flu shot stil end up with the flu because it is a different strain of the flu. The same thing happens with malware.

Please try siging up at one of these sites and put the name of the malware in the subject of the thread you post there. Please keep us up to date with your progress, but once they start helping you, we can't help until you get a clean bill of health from them. We suggest another site because there you can get help on a 1 to 1 basis which is impossible in this type of Forum we have here.  I'm sorry about the poor support that you got over the phone. Thanks.

Hi arshad,

I'm not sure why Norton could not remove the files, but if you follow the instructions for clearing the Java Cache in the link you posted, that should remove them, I would think.

http://www.java.com/en/download/help/cache_virus.xml

"When I went to the Java Cache folder mentioned above, I still found about 30-40 folders,but empty."

I'm not sure why Norton is still reporting files when the folders are empty, unless it is stuck in unresolved.  It would explain why Norton can't remove them.

Hey guys!

You all seem to get out of the real topic . The OP arshad doesn't want assistance here on removing the Java virus . The OP is complaing from the terrible support he got . 

True enough, ThreeGuser, but there is nothing we can do to improve customer support.       I don't see where the OP is actually satisfied that his machine is clean, which may be contributing to his annoyance.  At least he will know we care.