Thanks for the info. Looks like a false alarm by Virex. ----- Original Message ----- From: "Sean Estabrooks" <seanlkml@xxxxxxxxxx> To: <fedora-list@xxxxxxxxxx> Sent: Monday, December 15, 2003 10:41 AM Subject: Re: TR/HackToolX.RK.1 and TR/Classloader.C viruses picked up by Virex > On Mon, 15 Dec 2003 09:47:07 -0500 > fs <frank@xxxxxxxxxxxxxxxxxxx> wrote: > > > Powerful Trojans are going around that brought down my kernel 2.4.22 > > last night. I first noticed the system was very sluggish and I could > > not longer use Nautilus. Then my email inbox stopped working. Then > > cups. One virus is java related. > > Your problem quite likely didn't have anything to do with "powerful" > trojans at all. > > > /usr/share/locale/fr/LC_MESSAGES/net-tools.mo > > <<< The Trojan horse TR/HackToolX.RK.1 > > This is a language file that contains french translations for application > strings. It doesn't contain executable code so it's not a likely > candidate for an actual virus. More likely a false report from your > virus scanner. > > > ALERT: [TR/Classloader.C virus] > > /home/fs/.java/deployment/cache/javapi/v1.0/jar > > /WebCounter.jar-53ebf3b-6321a0e0.zip <<< The Trojan horse > > TR/Classloader.C > > The classloader virus apparently only affected java versions prior > to 1.2, so if you are running with a recent version you should > have been protected from it. All the google references i could find to > this virus are from 1998 and 1999. > > > Vexira repaired none of these, just gave me alerts. > > > > Sending this email after system clean load. > > Hmmm... my guess is that your virus software will still complain about the > language file and will again complain about the classloader issue if > you revisit the offending website. On the upside, rebuilding your system > probably fixed whatever the real problem was too! > > Cheers, > Sean > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
