November 21, 2009
http://www.java.com/download/help/cache_virus.xml

Virus found in the Java cache directory

This article applies to:
  • Platform(s): Windows 98 ,  Windows ME ,  Windows 2000 ,  Windows XP ,  Windows 2003
  • Browser(s): All Browsers
  • Java version(s): 1.4.2_xx ,  1.5.0
SYMPTOMS

Malicious applets have been discovered in the Java cache directory. Anti-virus programs have detected such malicious applets in the following directory:

C:\Documents and Settings\<username>\Application Data\Sun\Java\Deployment\cache\javapi\v1. 0\jar\ These malicious applets are designed to exploit vulnerabilities in the Microsoft VM (Microsoft Security Bulletin MS03-011). If you are using the Sun JVM as your default virtual machine, these malicious applets cannot cause any harm to your computer. Examples of the JAR files are:
  • javainstaller.jar
  • menu.jar
  • archive.jar
  • classload.jar
  • 285.jar
  • count4.jar
  • loaderdmitriy.jar
CAUSE

When the browser runs an applet, Java stores all the downloaded files into its cache directory for better performance. We have received reports of the following malicious applets in the cache directory:
  1. Trojan.ByteVerify
  2. VerifierBug.class
  3. Java.JJBlack worm
  4. Java.Shinwow trojan
However, in this instance, storing these applets in the cache directory can not cause any harm to your computer because they are designed to exploit a vulnerability in the Microsoft VM, not the Sun JVM.
SOLUTION

If you find one of these malicious applets on your computer, please use an anti-virus program to delete the applet, or you can clean the cache directory manually. Here are the instructions on how to manually remove these malicious applets from the Java cache directory:
  1. From the Start button, click Settings  > Control Panel
  2. In the Control Panel, open the "Java Plug-in Control Panel"
  3. Select the Cache Tab
  4. Click the Clear button inside the Cache Tab, which will clear your Java cache directory
To enable the Sun Java Virtual Machine as the default JVM, please refer to:

Switching between the Microsoft VM and the Sun JVM
MORE TECHNICAL INFORMATION

Norton / Symantec has posted information about the Trojan.ByteVerify virus on their Web site.
Symantec Virus help - Trojan.ByteVerify Microsoft provides information about the flaw in the Microsoft VM on their web site:
Microsoft Security Bulletin MS03-011

Sun provides third-party contact information to help you find technical support. This contact information may change without notice. Sun does not guarantee the accuracy of this third-party contact information.

The third-party products discussed in this article are manufactured by companies independent of Sun. Sun makes no warranty, implied or otherwise, regarding the performance or reliability of these products.