How do I clean out viruses?

[Nifty Hat Mitch]

On Thu, May 19, 2005 at 12:51:02AM +0200, Oded Maimon wrote:
> Truls Gulbrandsen wrote:
> 
> >Hi there,
> >my ClamAV reports several viruses in the following diretory:
> >
> >/home/truls/.java/deployment/cache/javapi/v1.0/jar/
> >
> >is it safe to delete all files in this directory or should carefully 
> >delete only the ones infected?
....
> 
> if i understand right, then this is the java cache, when you will access 
> the application that need those jars, you will get them again..
> so i think it is safe to remove all files there..
> but they will come again when you will access the application..
> 
> the best way is just zip them (just in case) and then remove the files..

This is nasty.  For sure ISOLATE them!

Do some research on the individual files by name etc.  For the most part
Java has a well thought out sand box and security model and I am curious
if  ClamAV is generating a false positive.

Do shut off Java and company in ALL browsers and such  until you
know more.

What version of java?

You might compare and contrast yours with these....

$ ls -l .java/deployment/cache/javapi/v1.0/jar/
total 988
-rw-rw-r--  1 bob bob     90 Jan 29  2004 fscr1.jar-7e5a2944-2e6412b6.idx
-rw-rw-r--  1 bob bob 440031 Jan 29  2004 fscr1.jar-7e5a2944-2e6412b6.zip
-rw-rw-r--  1 bob bob    159 May 20  2004 Graph1.jar-1302317d-4fe64bef.idx
-rw-rw-r--  1 bob bob  17519 Mar 27  2004 Graph1.jar-1302317d-4fe64bef.zip
-rw-rw-r--  1 bob bob    160 Apr  4  2004 MaxSpeed.jar-489ef690-78ab35c1.idx
-rw-rw-r--  1 bob bob  23778 Apr  4  2004 MaxSpeed.jar-489ef690-78ab35c1.zip
-rw-rw-r--  1 bob bob  11129 Feb 18  2004 Olympus.jar-163145ff-72fb995d.idx
-rw-rw-r--  1 bob bob 393987 Feb 18  2004 Olympus.jar-163145ff-72fb995d.zip
-rw-rw-r--  1 bob bob    150 Jan 19  2004 TextScroller.jar-656db3e-67d3f3f8.idx
-rw-rw-r--  1 bob bob  16593 Jan 19  2004 TextScroller.jar-656db3e-67d3f3f8.zip
-rw-rw-r--  1 bob bob    162 Feb  2  2004 ZeBanner.jar-6a04fddb-125deef0.idx
-rw-rw-r--  1 bob bob  12736 Feb  2  2004 ZeBanner.jar-6a04fddb-125deef0.zip

$ md5sum  .java/deployment/cache/javapi/v1.0/jar/*
b4a0e6056567e164bc4b32a7b58e3513  .java/deployment/cache/javapi/v1.0/jar/fscr1.jar-7e5a2944-2e6412b6.idx
953e14ab3e334e9af63be788cbe71b8b  .java/deployment/cache/javapi/v1.0/jar/fscr1.jar-7e5a2944-2e6412b6.zip
87287018b1113e6e1a7f6f7a7dfb8837  .java/deployment/cache/javapi/v1.0/jar/Graph1.jar-1302317d-4fe64bef.idx
4e20896da2169bc33f9947d548bf8c6a  .java/deployment/cache/javapi/v1.0/jar/Graph1.jar-1302317d-4fe64bef.zip
1d182e37debf79aa7f2705e85f300457  .java/deployment/cache/javapi/v1.0/jar/MaxSpeed.jar-489ef690-78ab35c1.idx
15b8925df6f6c2c8f18e03ce89692e10  .java/deployment/cache/javapi/v1.0/jar/MaxSpeed.jar-489ef690-78ab35c1.zip
11def19ed5fdcf1d2a07e9e0ff41f101  .java/deployment/cache/javapi/v1.0/jar/Olympus.jar-163145ff-72fb995d.idx
01473f62ec90785a824d368694741690  .java/deployment/cache/javapi/v1.0/jar/Olympus.jar-163145ff-72fb995d.zip
04e4ec80fd13193bf44fd7bf50bb578b  .java/deployment/cache/javapi/v1.0/jar/TextScroller.jar-656db3e-67d3f3f8.idx
64e46e04f2d52ce729183912451c18eb  .java/deployment/cache/javapi/v1.0/jar/TextScroller.jar-656db3e-67d3f3f8.zip
7e5cc1653d3f62a1c0bb07b73dbef52f  .java/deployment/cache/javapi/v1.0/jar/ZeBanner.jar-6a04fddb-125deef0.idx
c8f6cfa6770bc5409892925afb9ffd2c  .java/deployment/cache/javapi/v1.0/jar/ZeBanner.jar-6a04fddb-125deef0.zip


-- 
	T o m  M i t c h e l l 
	Found me a new place to hang my hat :-)