Re: TR/HackToolX.RK.1 and TR/Classloader.C viruses picked up by Virex

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 15 Dec 2003 09:47:07 -0500
fs <frank@xxxxxxxxxxxxxxxxxxx> wrote:

> Powerful Trojans are going around that brought down my kernel 2.4.22 
> last night.  I first noticed the system was very sluggish and I could 
> not longer use Nautilus.  Then my email inbox stopped working.  Then 
> cups.  One virus is java related.

Your problem quite likely didn't have anything to do with "powerful"
trojans at all.

> /usr/share/locale/fr/LC_MESSAGES/net-tools.mo 
>     <<< The Trojan horse TR/HackToolX.RK.1

This is a language file that contains french translations for application
strings.  It doesn't contain executable code so it's not a likely
candidate for an actual virus.   More likely a false report from your
virus scanner.

>  ALERT: [TR/Classloader.C virus] 
> /home/fs/.java/deployment/cache/javapi/v1.0/jar 
> /WebCounter.jar-53ebf3b-6321a0e0.zip <<< The Trojan horse
> TR/Classloader.C

The classloader virus apparently only affected java versions prior
to 1.2, so if you are running with a recent version you should 
have been protected from it.  All the google references i could find to
this virus are from 1998 and 1999.

> Vexira repaired none of these, just gave me alerts.
>
> Sending this email after system clean load.  

Hmmm... my guess is that your virus software will still complain about the
language file and will again complain about the classloader issue if
you revisit the offending website.  On the upside, rebuilding your system
probably fixed whatever the real problem was too!

Cheers,
Sean




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux