Yep, confirmed here as well. McAffee keeps deleting the infected file, and gives the following info:
Exploit-ByteVerify
Virus Profile: Exploit-ByteVerify
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 4/9/2003
Date Added: 4/22/2003
Origin: Unknown
Length: Varies
Type: Trojan
SubType: Exploit
DAT Required: 4258
Virus Characteristics
This detection covers Java applets that attempt to exploit the Microsoft Security Bulletin MS03-011 vulnerability. This severity of this vulnerability is considered to be critical. It allows an attacker to execute malicious code, simply by visiting an infectious website. Detections of this exploit do not necessarily mean that any malicious code was executed. It simply means that a Java applet was found to contain the exploit code. Conversely malicious code may have been run, which could result in any number of modifications to the system.
All vulnerable systems should apply the patch from Microsoft. Patched systems are immune from the effects of the exploit code. However, detection will still occur on files attempting to make use of this exploit.
Indications of Infection
There are no obvious signs of infection. AVERT has received field samples that use this exploit to create a registry script file, and merge it into the system registry. This script simply altered the default start page of Internet Explorer.
Method of Infection
This exploit makes use of a security vulnerability affecting Internet Explorer and certain email clients, such as Outlook and Outlook Express.