Malware reappearing in apple.safari.com cache.db

Thomas is on the mark here. You would do well to heed his very informed and accurate information.

If you're going to go digging into the innards of Mac OS X without understaning or *beginning* with accepting that histrionics help no-one then you will continue to pursue alarmist approaches to misinterpeting the operation of the OS. You must being by learning what you do not know, and appreciating that OS X is *NOT* Windows - when you say "I feel with Mac OS you about to experience a storm of attacks that you are unprepared for" that is playing into the pile-one PC journalists and their "I told you so" attempts that are misguided at best.

OS X is part BSD-based Unix/Unices and pieces of the Next operating system, and anyone who asserts that OS X is "just waiting" to have all of the weaknesses of MS Window is being wilfully ignorant or sadly misguided.
This is not some "just different" GUI on top of the same underpinnings. Before Windows there was Unix, in fact before LINUX there was Unix.

It is foolhardy to maintain that Mac OS X is "invulnerable" but to maintain the above - that it is merely waiting for the same nature and volume of problems that Windows faces is not based on sound logic or fact.

The fact that you had multiple windows open up in your browser reflects how browser technology works. Follow Thomas' advice and use Firefox and the NoScript extension. For Safari, you might want to use the AdBlock extension, and the Web of Trust extension. https://extensions.apple.com/

There is malware for Mac OS X based on social engineering, but no matter what OS you are on, if you go to (or wind up) at a nefarious site, download an installer, decompress (.zip) or mount (.dmg) the item, and run the installer, and put in your credentials - well, all bets are off. Education is the best defense in such cases.

But that's NOT a virus. It is a lie when anyone asserts that there is software that can install without a user's consent - or direct action - and then propagate itself without user action from one Mac to another.

Oh yes, it's Mac not MAC :-)

MAC is commonly used as an abbreviated for Media Access Control, http://en.wikipedia.org/wiki/MAC_address

Sorry for all my typos there, a tired typist is not an accurate one ;-)

I did mean: "You" - as in *one* must being by learning (or, acknowledging) all that one does not know,

- to start out with/at the beginning of seeking to understand the security mechanisms and OS architecture of any new OS.

You're diving in deep with approaches such as exploring the content of sqlite databases,

but they're used extensively for purposes of efficient storage (vs. simple flat-files for some types of data, even though sqlite dbs are effectively self-contained and can be treated externally "like" flat files *when* the db is not in operation).

You can - very most probably - rest assured that your OS has not been compromised in any way.

Contents of browser caches in Mac OS are not executables and cannot impact your OS, in any way.

It's a worthy goal to keep your online activies as secure as possible, but that's a separate discussion for the most part, and will have (far) more to do with concerns of one's prrivacy (see the just-announced privacy policy change from Google as a good example) - and how flash content and other "perma" cookies pertain to that (and how they can be dealt with).

Unfortunately Lion indicated when erasing that certain files cannot be erased.

That shouldn't at all be possible. However, I should state that I'm not using Lion daily, so bear with me if I'm blundering around a bit. When I purchased Lion, I did it through the download method and didn't let it install over Snow Leopard. I then created my own bootable Lion flash drive from the downloaded installer and installed Lion on an erased drive.

May I presume you started up to the hidden emergency Lion partition to erase and reinstall on the main drive? If so, there shouldn't have been any way you couldn't erase that partition. Nothing on it is active since it's not the startup drive.

I have no investment in this. I'm just reporting my experience trying to get someone who knows about Mac's to help me get to the bottom of it.

Me neither. Just trying to understand your situation.

I agree. There is something somewhere that is reintroducing the files contained in the apple.safari.com/cache.db.

And that's the really weird part. If you did boot to the emergency partition to erase the main drive with Disk Utility, there shouldn't be anything preventing you from erasing the drive.

If you're restoring your Safari bookmarks from backup (eg: Time Machine), doube-check your RSS Feeds.

Bookmarks menu -> Show All Bookmarks

All RSS Feeds will be in the left-hand column.