Join 3,552 readers in helping fund MetaFilter (Hide)


Java exploits in Mac - how do I get rid of it all?
January 15, 2013 4:06 PM   Subscribe

After running Avast, I discovered some infected Java files on my macbook (10.5.8). I deleted them in Avast, but how do I know if I've gotten rid of it all? Is it on my Time Machine back up? Do I need to change my passwords? Do I need to take this to a Genius Bar, or can I fix it myself?

I have Citrix on my macbook so I can work remotely. This weekend it launched itself and then crashed with a weird gibberish error message. Shortly afterwards, I heard about the new Java exploit. I've since turned off Java. I downloaded and ran Avast, and discovered 10 infected files, all in library/cache/Java. Most of them seem to be connected to gmail, gmerrews, and greader, according to the file names. The infected files were either titled Djewers or marked as a trojan by Avast. I can't seem to find much on google but they appear to be Windows viruses. Here are my questions:
-I used the delete function in Avast, and they're now marked as deleted, but do I need to do anything else to make sure they are gone? Should I just run Avast again? (It crashed the first three times I ran it.)
-Are these bad files on my Time Machine back up (my machine backs up daily), and if so, how do I get rid of them there?
-Do I need to change all my passwords (email, bank, credit card, etc)?
-Is my husband's computer at risk? We share the network and the Time Machine; so far his laptop appears clean.

Java is still turned off, and I already run NoScript, block pop-ups, and have turned off JavaScript as well. (This is in my main browser, FireFox, and I use Safari for sites that I just can't use with this stuff blocked.) Is there anything else I should do?

I am not super computer savvy, but can do simple fixes if they are explained plainly. I googled a lot, but didn't find anything helpful, and I also trust AskMe much more than some random forum. Thank you!
posted by min to Computers & Internet (3 answers total) 4 users marked this as a favorite
 
ack, sorry, for all instances of Time Machine above please replace with Time Capsule.
posted by min at 4:12 PM on January 15, 2013


I'm hardly an expert, but I have had various Java exploits & Trojans show up on my Mac in the past. I'm not familiar with Avast, I use the free version of Sophos, on an ancient iMac running 10.4 (Tiger). Here's some stuff I think I've learned or figured out, and maybe at the least it will help you refine your Google searches to get better answers.

Sophos actually has a searchable database if you want more info on the specific infected files.

Exactly how you deal with infected files may depend on which version of OSX you're using, so it's often been very helpful to me to have the search terms include the name & number of my version of the Mac OS. I've also found the Apple support area of the website useful when it comes to general "can I delete or empty this folder?" kind of questions.

they appear to be Windows viruses.

I haven't had any actual issues on my computer (or in Real Life) caused by any viruses, and everything I've ever found has been a Windows virus. All info I've ever found says that Windows viruses, including the Java ones, simply don't work in the Mac OS. They might have loaded onto your hard drive, but they can't actually do anything without having the Windows OS environment to work in. If you're actually booting up in Windows using BootCamp or whatever, you might have some problems, but if you've stayed totally OSX, you're probably fine - no need to panic and immediately change all your passwords.

all in library/cache/Java.

You should definitely do some searching for how this specifically works in your version of OSX, but to the best of my knowledge the point of the "Library/cache" folders in OSX is to help make things open quicker if you return to a document or application or whatever by basically saving a "bookmark" of where you left off in these folders. They're for convenience, rather than a crucial part of the system. You can safely empty these folders at any time, the Mac will rebuild these caches as you revisit applications etc. There are lots of notes out there that suggest that emptying various Library/cache folders is a way to gain more disk space and/or improve speed, as these folders can fill up over time.

You may be able to empty them simply by dragging them to the Trash, but again check to see how this works with your OS. You may also be able to clear the cache through your Java interface (probably in Applications/Utilities or System Preferences) - I've found fairly clear and specific info searching the Support section of Java's website.

I used the delete function in Avast, and they're now marked as deleted, but do I need to do anything else to make sure they are gone? Should I just run Avast again?

Yeah, I think running your anti-virus again after clean-up is the way to check to make sure your drive is clean.

Are these bad files on my Time Machine back up (my machine backs up daily), and if so, how do I get rid of them there?

My OS is too old for Time Machine/Time Capsule, so I can't speak from experience, but it's possible they're in there, yes.

From what I can tell, your Time Capsule is simply a very Mac-friendly external hard drive that uses the Time Machine application to do very regular back-ups. On my own external back-up hard drive (created using Carbon Copy Cloner), everything is duplicated, including "Library/cache" folders, so you should be able to locate the Java cache folder on your Time Capsule drive and empty it the same way you did on the hard drive in your Mac.

You should also check to see if Avast checked your Time Capsule as part of its' search, and if not, see if there's a way to tell it to run a check on that drive.

Hope this helps.
posted by soundguy99 at 7:27 AM on January 16, 2013 [1 favorite]


Thanks, Soundguy. I ran Sophos and nothing showed up so I think I am okay now. I'll run Avast again too, but I'm still working on running a check on my Time Capsule (there is a lot of data there.....).

I'm marking you as best answer, but if anyone has any additional information I would appreciate it!
posted by min at 9:32 AM on January 18, 2013


« Older Nearly 12 years ago I underwen...   |  A friend's friend announced su... Newer »
This thread is closed to new comments.