User profile for user: theunknown_
theunknown_ Author
User level: Level 1
0 points

jwgkvsq.vmx virus

Hi,

I have a very annoying worm virus jwgkvsq.vmx I have ClamEx with folder sentry, whenever I start up my computer file sentry goes nuts showing me multiple infected files.
jwgkvsq.vmx hides in my trash folder, I have used Terminal to show files (defaults write com.apple.finder AppleShowAllFiles -bool true) and used force empty on my trash (Option+empty Trash) yet the virus keeps on popping up.
I have run multiple scans via ClamEx, each time having to go to terminal, show hidden files and force empty trash, to no avail.

If you could help, it'd be very much appreciated.

Ari

Macbook 2.4Ghz 13", Mac OS X (10.5.8)

Posted on Jun 7, 2010 9:29 AM

Reply
4 replies
User profile for user: theunknown_
theunknown_ Author
User level: Level 1
0 points

Jun 8, 2010 10:03 AM in response to babowa

No, I'm running 10.5.8 on a macbook 13". jwgkvsq.vmx just keeps replicating itself, it's multiplied today 474 times.

I've once again gone to Terminal show hidden files then force emptied the trash. It's not doing any damage it's just very annoying when ClamEx File Sentry goes nuts, having to press the warning windows 474 times is not a fun enterprise.

I've searched my harddrive whilst show hidden files is activated via Terminal, but cannot find the worm virus anywhere.

ClamEx comes up with the warning

/user/.Trash/jwgkvsq.vmx. - followed by a steam of numbers (presumably the amount of copies) Worm .Kido-99 FOUND
Can't unlink `/user/.Trash/jwgkvsq.vmx. 001.001.001.011... Operation not permitted
then that warning is multiplied 474 times
Reply
User profile for user: babowa
babowa
User level: Level 9
78,562 points

Jun 8, 2010 10:53 AM in response to theunknown_

As I said, I'm not at all familiar with this type of thing; from the article I linked to it appears that it usually comes from a USB thumb drive or maybe someone with Windows had it and it was contained within an email they sent to you? Obviously it's more than annoying even though it can't do any harm. And, because of my lack of knowledge, my only suggestion would be a complete erase and install. I wouldn't use Migration Assistant either in case that file was backed up along with the regular backups, so I'd just copy over my most important files manually and only older emails (with a date before the worm showed up). Hopefully someone will be able to chime in with a less radical solution. If you're still under warranty, you could call Apple to see if they have a better idea.
Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
32,031 points

Jun 9, 2010 4:04 AM in response to theunknown_

/user/.Trash/jwgkvsq.vmx. - followed by a steam of numbers (presumably the amount of copies) Worm .Kido-99 FOUND


Kido, another name for Conficker, is a worm that affects Windows computers only. You cannot be infected unless you are running Windows, so the only reason to bother finding it is to ensure you don't accidentally pass it on to a Windows user.

Is ClamXav scanning any hard drives that are also used on Windows machines, Windows network shares or the like? Do you have any files copied from Windows machines? Isn't ClamXav telling you where the infected files are found?

Bottom line, you can probably remove ClamXav... see my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus> for information about the threats that you need to worry about on a Mac, then make your choice about whether you want to keep it or not.
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

jwgkvsq.vmx virus

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up