Infected Files - Virex 7.2 - How Identify/Inoculate?

Discussion in 'Mac Basics and Help' started by Frank (Atlanta), Jul 1, 2005.

  1. Frank (Atlanta) macrumors regular

    Joined:
    Oct 29, 2004
    #1
    I have an iMac G5 20" (1.8 Ghz model running 10.3.9).

    I received Virex 7.2 with my iMac and have been using it since Nov 2004. I've been keeping my virus list updated.

    No problems until today - scan found "4 possibly infected files" (I haven't had "potentially infected files" previously):

    Long-story-short: Virex couldn't identify the "potentially infected" files; however, via trial-and-error, I've determined that Virex has flagged the following:

    Library\Caches\Java Applets\caches\javapi\v1.0\jar\count.jar-655c56ee-31b979b1.zip

    The 4 offending files in this zip file are:
    Beyond.class
    BlackBox.class
    Dummy.class
    Verifier.class

    NOTE: This is not a "panic" msg re: Mac viruses...rather, Virex may have simply identified a virus transferred to me from a Windows user, etc. In all honesty, I have absolutely no idea what these files do...should I simply opt to "automatically delete" the potentially infected files? I'd prefer to at least know what it is I might be deleting...(note I haven't had "potentially infected" files, previously).

    Thx,
    Frank
     
  2. alex_ant macrumors 68020

    alex_ant

    Joined:
    Feb 5, 2002
    Location:
    All up in your bidness
    #2
    Wow, that is really stupid software design on the part of the Virex people. I've never used Virex but does it let you scan only a specified folder? If so you could start in your Librar folder and scan your way down the levels of the folder hierarchy until you can pinpoint the "possibly infected files." Or maybe try to isolate the files by alternately moving certain subfolders in and out of your Library folder to someplace where Virex can't see them.
     
  3. Frank (Atlanta) thread starter macrumors regular

    Joined:
    Oct 29, 2004
    #3
    Alex,

    I'm probably doing something stupid, but every other anti-virus app I've used at least alerts you as to what file(s) might be infected. For some reason, I can't determine while files are "potentially infected".

    By trial-and-error, I've isolated to the Library\Caches\java applets\cache\jvapi\v1.0\jar folder (determined after your response); however, I can't figure-out which files might be infected in this particular folder.

    I'm still new to Macs & the Mac OS - if I were to delete files in my this folder, would the OS rebuild them?

    Thx,
    Frank
     
  4. highres macrumors 6502a

    highres

    Joined:
    Jul 1, 2005
    Location:
    Near the Singularity
    #4
    In 15 years of using Macs I have never had a virus, bug, system intrusion or hostile IP attack of any kind. Unlike people who use any of the Windows OS's especially XP the "swiss cheese" of operating systems, which has so many holes that script kiddies' only problem is which way they want to exploit it...I never load Norton, Virex or any of the other security programs, they never seem to work right and always cause conflicts. However since Linux is the underlying structure of OSX now there is a higher probability of security problems that we didn't get with previous Mac OS versions...In short I still don't think that security concerns are warranted enough to load Virex, Norton, etc...Just my opinion...
     
  5. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #5
    Frank, the files in that folder are ok to delete. Also, incidentally, since it's a *PC* virus, almost certainly, that's possibly in them, it's harmless, because the PC virus cannot propagate to other files on your computer (cuz its code can't execute) and you wouldn't be purposely sharing those files either. So they'll never get from your computer to a PC. But you can delete them.

    EDIT: General safe principle. What you should do, if you're unsure, is to drag the folder in question to the desktop and then run the app. Like drag this folder to the desktop (or the trash) and then go to a website with a java applet. It should work fine. If it does, then you can empty trash. :)
     
  6. Frank (Atlanta) thread starter macrumors regular

    Joined:
    Oct 29, 2004
    #6
    Updated my initial post as, via trial-and-error, I determined what Virex was flagging.

    Library\Caches\Java Applets\cache\javapi\v1.0\jar\count.jar-655c56ee-31b979b1.zip --- the flagged files in this zip are:
    Beyond.class
    BlackBox.class
    Dummy.class
    Verifier.class

    Strangely enough, I haven't had this problem before - Virex hasn't flagged these items previously; however, the above were created on my machine 6/22/05 and the most recent virus update is from 6/8/05...maybe it's something as simple as a need for the DAT to update?

    Newbie question, but can somebody tell me what the above do?

    Thx!
    Frank
     
  7. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #7
    Yes. Delete the files. They're just classes from some applet on a web page you visited. Java will get them again if it needs them. Classes are like...hmm... they're like building blocks for a computer program. In many languages, you save them as separate files so that they can be used by many programs. Sort of like .dll files in Windows. .class files are files that contain executable code in Java.
     
  8. Frank (Atlanta) thread starter macrumors regular

    Joined:
    Oct 29, 2004
    #9
    First, thank you all much for the answer & education!

    Second, what a pain Virex is - seems like they'd make it easier to determine what the offending file(s) are for remediation...

    Thx,
    Frank
     
  9. Plymouthbreezer macrumors 601

    Plymouthbreezer

    Joined:
    Feb 27, 2005
    Location:
    Massachusetts
  10. Frank (Atlanta) thread starter macrumors regular

    Joined:
    Oct 29, 2004
    #11
    Think I've got to agree w/you there, Plymouthbreezer...I'm learning...
     
  11. Plymouthbreezer macrumors 601

    Plymouthbreezer

    Joined:
    Feb 27, 2005
    Location:
    Massachusetts
    #12
    Yeah, it's pointless to have anti-virus software on a Mac...
     
  12. dotdotdot macrumors 68020

    Joined:
    Jan 23, 2005
    #13
    Unless he has a Windows computer - then its actually smart as the virus could infect the Windows PC.
     
  13. Plymouthbreezer macrumors 601

    Plymouthbreezer

    Joined:
    Feb 27, 2005
    Location:
    Massachusetts
    #14
    Sure. But he never said anything about having a Windows machine? :confused:
     
  14. dotdotdot macrumors 68020

    Joined:
    Jan 23, 2005
    #15
    But "New To Mac," like he said.

    Therefore, chances are he has one/uses one often/daily.
     
  15. Frank (Atlanta) thread starter macrumors regular

    Joined:
    Oct 29, 2004
    #16
    I use a PC for work...and I exchange files with PC users so I try to at least do my part to minimize damage to my friends/colleagues (much less my own work laptop!).

    What surprises me, however, is how hard it was for me to determine which files were causing problems - seems like Virex could flag them. Maybe I'm just missing something, but that was way too difficult - purely a trial & error approach to find what was wrong.

    Thx,
    Frank
     
  16. dotdotdot macrumors 68020

    Joined:
    Jan 23, 2005
    #17
    Is it like McAfee VirusScan 9 for Windows? At all? If so, it should say the actual file that is infected.

    But, you can put the Java files in the Trash, use your Mac for about two days, and if nothing bad happens, empty the trash.

    I get small viruses in my Windows java files from time to time, deleting them does not effect you at ALL.
     
  17. Frank (Atlanta) thread starter macrumors regular

    Joined:
    Oct 29, 2004
    #18
    <deleted> - questions answered in prior posts
     
  18. DaftUnion macrumors 6502a

    DaftUnion

    Joined:
    Feb 22, 2005
    Location:
    Wisconsin
    #19
     
  19. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #20
    FYI, Although its most likely not a virus (or the first one that I have heard of written in java), those .class files CAN execute on your Mac. Of course, to execute they would need to be embedded in a web page OR opened in Applet Viewer (does that exist anymore?).

    With that said, applets really can't do much of anything damaging unless its a signed applet, and even in that case, it still can't do much to the file system.

    Feel free to delete them, and pay attention to any signed applets that you may be using on websites. You will tell if its signed because usually you will get a prompt asking you to accept the certificate.

    If you really feel adventoruous, download a decompiler for Java and open those .class files. You could post the source in the Programming forum and someone (including me) could tell you if there is any malicious code.

    Good Night.
     
  20. Frank (Atlanta) thread starter macrumors regular

    Joined:
    Oct 29, 2004
  21. runninmac macrumors 65816

    runninmac

    Joined:
    Jan 20, 2005
    Location:
    Rockford MI
    #22
    edit stupid post already coverd... move along :eek:
     

Share This Page