Java exploits in Mac - how do I get rid of it all?
January 15, 2013 4:06 PM   Subscribe

I'm hardly an expert, but I have had various Java exploits & Trojans show up on my Mac in the past. I'm not familiar with Avast, I use the free version of Sophos, on an ancient iMac running 10.4 (Tiger). Here's some stuff I think I've learned or figured out, and maybe at the least it will help you refine your Google searches to get better answers.

Sophos actually has a searchable database if you want more info on the specific infected files.

Exactly how you deal with infected files may depend on which version of OSX you're using, so it's often been very helpful to me to have the search terms include the name & number of my version of the Mac OS. I've also found the Apple support area of the website useful when it comes to general "can I delete or empty this folder?" kind of questions.

they appear to be Windows viruses.

I haven't had any actual issues on my computer (or in Real Life) caused by any viruses, and everything I've ever found has been a Windows virus. All info I've ever found says that Windows viruses, including the Java ones, simply don't work in the Mac OS. They might have loaded onto your hard drive, but they can't actually do anything without having the Windows OS environment to work in. If you're actually booting up in Windows using BootCamp or whatever, you might have some problems, but if you've stayed totally OSX, you're probably fine - no need to panic and immediately change all your passwords.

all in library/cache/Java.

You should definitely do some searching for how this specifically works in your version of OSX, but to the best of my knowledge the point of the "Library/cache" folders in OSX is to help make things open quicker if you return to a document or application or whatever by basically saving a "bookmark" of where you left off in these folders. They're for convenience, rather than a crucial part of the system. You can safely empty these folders at any time, the Mac will rebuild these caches as you revisit applications etc. There are lots of notes out there that suggest that emptying various Library/cache folders is a way to gain more disk space and/or improve speed, as these folders can fill up over time.

You may be able to empty them simply by dragging them to the Trash, but again check to see how this works with your OS. You may also be able to clear the cache through your Java interface (probably in Applications/Utilities or System Preferences) - I've found fairly clear and specific info searching the Support section of Java's website.

I used the delete function in Avast, and they're now marked as deleted, but do I need to do anything else to make sure they are gone? Should I just run Avast again?

Yeah, I think running your anti-virus again after clean-up is the way to check to make sure your drive is clean.

Are these bad files on my Time Machine back up (my machine backs up daily), and if so, how do I get rid of them there?

My OS is too old for Time Machine/Time Capsule, so I can't speak from experience, but it's possible they're in there, yes.

From what I can tell, your Time Capsule is simply a very Mac-friendly external hard drive that uses the Time Machine application to do very regular back-ups. On my own external back-up hard drive (created using Carbon Copy Cloner), everything is duplicated, including "Library/cache" folders, so you should be able to locate the Java cache folder on your Time Capsule drive and empty it the same way you did on the hard drive in your Mac.

You should also check to see if Avast checked your Time Capsule as part of its' search, and if not, see if there's a way to tell it to run a check on that drive.

Hope this helps.
posted by soundguy99 at 7:27 AM on January 16 [1 favorite]