Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Infected Files - Virex 7.2 - How Identify/Inoculate?

F

Frank (Atlanta)

macrumors regular
Original poster
Oct 29, 2004
145
0
I have an iMac G5 20" (1.8 Ghz model running 10.3.9).

I received Virex 7.2 with my iMac and have been using it since Nov 2004. I've been keeping my virus list updated.

No problems until today - scan found "4 possibly infected files" (I haven't had "potentially infected files" previously):

Long-story-short: Virex couldn't identify the "potentially infected" files; however, via trial-and-error, I've determined that Virex has flagged the following:

Library\Caches\Java Applets\caches\javapi\v1.0\jar\count.jar-655c56ee-31b979b1.zip

The 4 offending files in this zip file are:
Beyond.class
BlackBox.class
Dummy.class
Verifier.class

NOTE: This is not a "panic" msg re: Mac viruses...rather, Virex may have simply identified a virus transferred to me from a Windows user, etc. In all honesty, I have absolutely no idea what these files do...should I simply opt to "automatically delete" the potentially infected files? I'd prefer to at least know what it is I might be deleting...(note I haven't had "potentially infected" files, previously).

Thx,
Frank
 
alex_ant

alex_ant

macrumors 68020
Feb 5, 2002
2,473
0
All up in your bidness
Wow, that is really stupid software design on the part of the Virex people. I've never used Virex but does it let you scan only a specified folder? If so you could start in your Librar folder and scan your way down the levels of the folder hierarchy until you can pinpoint the "possibly infected files." Or maybe try to isolate the files by alternately moving certain subfolders in and out of your Library folder to someplace where Virex can't see them.
 
F

Frank (Atlanta)

macrumors regular
Original poster
Oct 29, 2004
145
0
Alex,

I'm probably doing something stupid, but every other anti-virus app I've used at least alerts you as to what file(s) might be infected. For some reason, I can't determine while files are "potentially infected".

By trial-and-error, I've isolated to the Library\Caches\java applets\cache\jvapi\v1.0\jar folder (determined after your response); however, I can't figure-out which files might be infected in this particular folder.

I'm still new to Macs & the Mac OS - if I were to delete files in my this folder, would the OS rebuild them?

Thx,
Frank
 
highres

highres

macrumors 6502a
Jul 1, 2005
519
4
Near the Singularity
In 15 years of using Macs I have never had a virus, bug, system intrusion or hostile IP attack of any kind. Unlike people who use any of the Windows OS's especially XP the "swiss cheese" of operating systems, which has so many holes that script kiddies' only problem is which way they want to exploit it...I never load Norton, Virex or any of the other security programs, they never seem to work right and always cause conflicts. However since Linux is the underlying structure of OSX now there is a higher probability of security problems that we didn't get with previous Mac OS versions...In short I still don't think that security concerns are warranted enough to load Virex, Norton, etc...Just my opinion...
 
mkrishnan

mkrishnan

Moderator emeritus
Jan 9, 2004
29,776
15
Grand Rapids, MI, USA
Frank, the files in that folder are ok to delete. Also, incidentally, since it's a *PC* virus, almost certainly, that's possibly in them, it's harmless, because the PC virus cannot propagate to other files on your computer (cuz its code can't execute) and you wouldn't be purposely sharing those files either. So they'll never get from your computer to a PC. But you can delete them.

EDIT: General safe principle. What you should do, if you're unsure, is to drag the folder in question to the desktop and then run the app. Like drag this folder to the desktop (or the trash) and then go to a website with a java applet. It should work fine. If it does, then you can empty trash. :)
 
F

Frank (Atlanta)

macrumors regular
Original poster
Oct 29, 2004
145
0
Updated my initial post as, via trial-and-error, I determined what Virex was flagging.

Library\Caches\Java Applets\cache\javapi\v1.0\jar\count.jar-655c56ee-31b979b1.zip --- the flagged files in this zip are:
Beyond.class
BlackBox.class
Dummy.class
Verifier.class

Strangely enough, I haven't had this problem before - Virex hasn't flagged these items previously; however, the above were created on my machine 6/22/05 and the most recent virus update is from 6/8/05...maybe it's something as simple as a need for the DAT to update?

Newbie question, but can somebody tell me what the above do?

Thx!
Frank
 
mkrishnan

mkrishnan

Moderator emeritus
Jan 9, 2004
29,776
15
Grand Rapids, MI, USA
Yes. Delete the files. They're just classes from some applet on a web page you visited. Java will get them again if it needs them. Classes are like...hmm... they're like building blocks for a computer program. In many languages, you save them as separate files so that they can be used by many programs. Sort of like .dll files in Windows. .class files are files that contain executable code in Java.
 
F

Frank (Atlanta)

macrumors regular
Original poster
Oct 29, 2004
145
0
First, thank you all much for the answer & education!

Second, what a pain Virex is - seems like they'd make it easier to determine what the offending file(s) are for remediation...

Thx,
Frank
 
D

dotdotdot

macrumors 68020
Jan 23, 2005
2,391
44
Plymouthbreezer said:
Yeah, it's pointless to have anti-virus software on a Mac...
Click to expand...

Unless he has a Windows computer - then its actually smart as the virus could infect the Windows PC.
 
D

dotdotdot

macrumors 68020
Jan 23, 2005
2,391
44
Plymouthbreezer said:
Sure. But he never said anything about having a Windows machine? :confused:
Click to expand...

But "New To Mac," like he said.

Therefore, chances are he has one/uses one often/daily.
 
F

Frank (Atlanta)

macrumors regular
Original poster
Oct 29, 2004
145
0
I use a PC for work...and I exchange files with PC users so I try to at least do my part to minimize damage to my friends/colleagues (much less my own work laptop!).

What surprises me, however, is how hard it was for me to determine which files were causing problems - seems like Virex could flag them. Maybe I'm just missing something, but that was way too difficult - purely a trial & error approach to find what was wrong.

Thx,
Frank
 
D

dotdotdot

macrumors 68020
Jan 23, 2005
2,391
44
Frank (Atlanta) said:
I use a PC for work...and I exchange files with PC users so I try to at least do my part to minimize damage to my friends/colleagues (much less my own work laptop!).

What surprises me, however, is how hard it was for me to determine which files were causing problems - seems like Virex could flag them. Maybe I'm just missing something, but that was way too difficult - purely a trial & error approach to find what was wrong.

Thx,
Frank
Click to expand...

Is it like McAfee VirusScan 9 for Windows? At all? If so, it should say the actual file that is infected.

But, you can put the Java files in the Trash, use your Mac for about two days, and if nothing bad happens, empty the trash.

I get small viruses in my Windows java files from time to time, deleting them does not effect you at ALL.
 
DaftUnion

DaftUnion

macrumors 6502a
Feb 22, 2005
689
0
Wisconsin
highres said:
However since Linux is the underlying structure of OSX now there is a higher probability of security problems that we didn't get with previous Mac OS versionsQUOTE]

Um, actually Unix is the underlying structure of OS X :rolleyes:

Just so you know for future reference
Click to expand...
 
jeremy.king

jeremy.king

macrumors 603
Jul 23, 2002
5,479
1
Holly Springs, NC
FYI, Although its most likely not a virus (or the first one that I have heard of written in java), those .class files CAN execute on your Mac. Of course, to execute they would need to be embedded in a web page OR opened in Applet Viewer (does that exist anymore?).

With that said, applets really can't do much of anything damaging unless its a signed applet, and even in that case, it still can't do much to the file system.

Feel free to delete them, and pay attention to any signed applets that you may be using on websites. You will tell if its signed because usually you will get a prompt asking you to accept the certificate.

If you really feel adventoruous, download a decompiler for Java and open those .class files. You could post the source in the Programming forum and someone (including me) could tell you if there is any malicious code.

Good Night.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom