Hi All WAMUGgers
I've just run ClamXav Virus Checker http://www.clamxav.com/ on my
PowerBook and it tells me I have 8 files with viruses, all in my
User/Library.
I'm running OS X 10.4.5.
Four are in Apple Mail mailboxes, and ClamXav suggests I sort through
the mail messages and delete any suspicious ones. I've done that now
- a timely purge indeed and surely needed anyway. I've also rebuilt
the mailboxes. Running ClamXav a second time it tells me I still have
the infected files. That is weird because two of the mailboxes -
Deleted Messages and Junk have nothing in them. Could the boxes
themselves be carrying the virus? Is it safe to leave them there as
presumably they won't affect the Mac anyway? Should I delete the
boxes? If I do that, can I successfully create new ones to take their
places? That seems a bit drastic, like cutting off a leg then sewing
a new one on again.
Here are the mailbox details from ClamXav log:
/Users/rwhitely/Library/Mail/[EMAIL PROTECTED]/Deleted
Messages.mbox/mbox: Worm.Mydoom.M FOUND
/Users/rwhitely/Library/Mail/[EMAIL PROTECTED]/
INBOX.mbox/mbox: Worm.Mydoom.M FOUND
/Users/rwhitely/Library/Mail/[EMAIL PROTECTED]/Junk.mbox/
mbox: Worm.Mydoom.M FOUND
/Users/rwhitely/Library/Mail/[EMAIL PROTECTED]/Sent
Messages.mbox/mbox: Worm.Mydoom.M FOUND
The other four were in .zip files in User/Library/Caches/Java Applets/
cache/javapi/v1.0/jar
I have absolutely no idea what they are except to say that there are
a lot more .zip and similar .idx files (eg:
ar.jar-25da0aca-4df682f8.idx)
I've taken the four offending files out and put in a folder on the
desktop. Is it safe to delete them? what do they do anyway?
Here are the offending files as listed in the log:
/Users/rwhitely/Library/Caches/Java Applets/cache/javapi/v1.0/jar/
ar.jar-25da0aca-4df682f8.zip: Java.ClassLoader.24564 FOUND
/Users/rwhitely/Library/Caches/Java Applets/cache/javapi/v1.0/jar/
arc.jar-de5e35e-32180aa1.zip: Java.ClassLoader.24564 FOUND
/Users/rwhitely/Library/Caches/Java Applets/cache/javapi/v1.0/jar/
classload.jar-7958a4de-5b57002b.zip: Java.ClassLoader.24564 FOUND
/Users/rwhitely/Library/Caches/Java Applets/cache/javapi/v1.0/jar/
javainstaller.jar-3cc46f89-53d178a7.zip: Java.Downloader.OpenStream.A
FOUND
A Google search of "24564" (http://www.cyber.com/alerts.php?
order=start_j)
reveals that it was discovered on "2004-07-06", is "Java/ClassLoader.
24564" and is "Virus/Infected File" with Blue Status:
Blue – Low
This is the most common threat type. Essentially the virus has been
identified in the wild and does very little damage or is not capable
of spreading by itself. Many threats that fall into this category are
Trojans, Macro Viruses, or Spyware. They are easily contained and
removed from an infected system. It is always a good idea to keep
your definitions up to date to prevent these minor inconveniences
from happening to you. Threats of this type may also extract personal
information so they should still be taken seriously.
Another (http://www.sophos.com/virusinfo/analyses/trojclsldrd.html)
says :
Name: Troj/Clsldr-D
Type: Trojan
How it spreads: Web browsing
Affected operating systems: Windows
Side effects: Downloads code from the internet
Aliases: Exploit-ByteVerify Java.ClassLoader.24564
Protection available since 22 June 2005 20:17:42 (GMT)
Included in our products from August 2005 (3.96)
I think I should delete those little ones!
Any advice welcome please.
Regards
Reg
