TR/HackToolX.RK.1 and TR/Classloader.C viruses picked up by Virex
Sean Estabrooks
seanlkml at rogers.com
Mon Dec 15 15:41:25 UTC 2003
On Mon, 15 Dec 2003 09:47:07 -0500
fs <frank at insightcomputer.com> wrote:
> Powerful Trojans are going around that brought down my kernel 2.4.22
> last night. I first noticed the system was very sluggish and I could
> not longer use Nautilus. Then my email inbox stopped working. Then
> cups. One virus is java related.
Your problem quite likely didn't have anything to do with "powerful"
trojans at all.
> /usr/share/locale/fr/LC_MESSAGES/net-tools.mo
> <<< The Trojan horse TR/HackToolX.RK.1
This is a language file that contains french translations for application
strings. It doesn't contain executable code so it's not a likely
candidate for an actual virus. More likely a false report from your
virus scanner.
> ALERT: [TR/Classloader.C virus]
> /home/fs/.java/deployment/cache/javapi/v1.0/jar
> /WebCounter.jar-53ebf3b-6321a0e0.zip <<< The Trojan horse
> TR/Classloader.C
The classloader virus apparently only affected java versions prior
to 1.2, so if you are running with a recent version you should
have been protected from it. All the google references i could find to
this virus are from 1998 and 1999.
> Vexira repaired none of these, just gave me alerts.
>
> Sending this email after system clean load.
Hmmm... my guess is that your virus software will still complain about the
language file and will again complain about the classloader issue if
you revisit the offending website. On the upside, rebuilding your system
probably fixed whatever the real problem was too!
Cheers,
Sean
More information about the fedora-list
mailing list