4 viruses found with ClamXAV

Hello Mike:

I post this frequently:

There are
b NO
viruses that affect a Mac running OS X.

IMHO it is a waste of resources to run AV software on a Mac.

Having said that (some would disagree) the things that ClamXAV are no doubt things that affect a Windows box. Note in the first one ".exe." Exe files cause execution on a windows box - .exe routines will not run on a Mac.

In answer to your question, I would ignore the message.

Barry

First of all your virus software found no viruses; none of those are viruses, nada, zip. They are trojans to infect windows, that OS with no security measures by design from first version to hit the market.

Not to get into your browsing habits but `above the board` websites do not install malware on their user's systems.

Every Mac comes equipped with a Java folder in Utilities. Since you are running Tiger you will have two Java Plugin apps. Both have a Cache tab where you can empty the cache. Windows Trojans gone. This is also a good method for Mac users who are afraid of using Terminal to delete their cache files. You can now go back to bed and get a good nights rest as you've stomped out the evil threat that gave you an adrenaline rush, raised your blood pressure and shaved a few minutes off your lifespan.

The new Java is getting smart as to it being a good delivery system for trojans on windows computers. You can disable the java cache on 1.42 now. Then again since ClamXAV's author didn't write the actual software you figured he'd actually learn to half program and ask you if you want to flush your java cache and just write a wrapper around the rm shell command, but alas if something isn't working he just says turn that option off and don't use it as his solution for his user base. Could be worse... could be one of the many shell command wrapper writers who actually charge money for doing it and then think they are programmers.

Alarming, hardly, but for your first time I am sure it is quite, but thats what you get running software that scans for Windows viruses and trojans on your Mac.

Jan J.

Here's my $.02.

Scanning your system for Viruses is a diligence thing and this post shows that the Mac community cannot ignore the 'other 80%'.

You are smart to scan your system. While there are no known viruses that can INFECT the Macintosh, as you found you can harbor viruses and other malware that can do damage to other operating systems out there. Being a good netizen can mean that you sometimes have to protect people from themselves, be it by encouraging a person to seek a better OS (Mac OS X et al) or just scanning the files that come onto and out of your system.

I run Mac OS X Server for my business and I run ClamAV and SpamSeive on my mail server. I do this NOT because I might get a Mac Virus or a Mac Trojan etc but I run it so that if something is sent to me that someone thinks I am a Windoze user, I want it caught before I forward it to a friend, co-worker, the DOJ etc. and unwittingly propagate a virus.
</soapbox>

OK so the first one is MalWare that infects PeeCee's.

To quoth a webpage: ( http://www.emsisoft.com/en/malware/?Adware.NewDotNet)
a² Malware-Info: Adware.NewDotNet

new.net is an ad supported software. The application is running silently in the background as a browser helper object (BHO). It pops up ad windows while you are surfing the web and periodically connects to the remote server to check for available updates.

new.net was originally designed to shorten web addresses. They created some new virtual top level domains like .mp3, .xxx, .travel which can only be visited on computers with the new.net addons installed.

The software is mostly bundled with other software products like file sharing tools or other ad supported freeware too
----
so that would be annoying to any PeeCee user to have their ability to surf be 'interrupted' by new popups and new 'fake' vTLDs (virtual Top Level Domains)

the Java infections (if they are actual infections) sound a little nasty. http://vil.nai.com/vil/content/v_100261.htm describes the first one (or its sibling) and describe it as affecting only windows machines... One poster mentioned that seeing as they are in your cache folder you could clear that folder and the virus should be gone. To clear your java cache, go to /Applications/Utilities/Java and launch the app called 'Java 1.4.2 Plugin Settings'. There you will see a Cache tab. Select it and click on CLEAR to clear that cache. If you would rescan at this point you should not find them any longer.

Hope this all helps!
Peter

Mike-n-Go

Just to add one point not yet mentioned, Av applications can only react to known viruses etc. and viruses with the same structure as known viruses. As there do not yet exist any OS X viruses these applications will be totally useless to any new threat to our systems. It will take the av application developers time to analyze such a new threat, to write new definitions and to distribute the new definitions. Perhaps they will need to make substantial updates to the actual application. The best protection against viruses is keep an eye on events (this is as good a place as you will find to do that), to not install applications from illegitimate sources and, for your Windows using acquaintances, to not pass on to them untrusted files you receive by e mail.

Matthew Whiting

Edit: Changed one line above which was unclear

I agree with Matthew 100% on this. In general, antivirus software is its smartest and most effective the day you download your virus definitions. The day after its less smart, the day after that even less smart, ...

My antivirus software consists of periodically checking these boards or other computer-enthusiast web sites. The first virus announcement will surely be quicker than the release of the definition to remove it.

The .exe file that ClamAV found is a Windows executable. Sure, it could be a self-extracting ZIP file that contains other malware, but it requires Windows to self-extract it.

The Java classes that ClamAV found probably got onto your computer from browsing the web, and were designed to exploit known vulnerabilities on a Windows computer. Those have probably already been patched. Considering they're in your Cache folder, they'll be gone after you clean your user Cache, which in my opinion should happen today. Quit all running apps, drag your Cache folder to the Trash, log out and back in, and you're good to go.

Note in the first one ".exe." Exe files cause execution on
a windows box - .exe routines will not run on a Mac.

Yet. I realize my next statement is against the spririt of TOS here, but one must speculate when Mac hardware switches to x86 processors, will we have (at least limited) ability to run said programs?

Currently, if the user has VirtualPC or similar, opening an exe file can startup VPC, then infect the VPC file.