Ticket Options
Question Profile
| DATE | Oct 9, 2007 |
| TICKET | #334736 |
| STATUS | Closed |
| SUBJECT | Virus found in Parallels |
| CAT | Computers, Operating Systems, Applications or Connected Devices |
| TYPE | Operating System Features, Bugs and Problems |
| DESC | Apple |
| DESC | 10.4.X (Tiger) |
| PLATFORM | Apple Macintosh (Intel) |
| MODEL | Apple MacBook Pro |
| PROC | 2.33 |
| RAM | 2GB |
| DRIVE | 120GB |
| NAME | Seb |
| USERNAME | sebcarroll |
| TECHNICAL | Lots of Experience |
| ISSUE | Lots of Troubleshooting |
Question Details
TICKET ARCHIVE -> Virus found in Parallels
sebcarroll - Oct 9, 2007 - 6:42 am
ClamAV consistently finds a virus called Worm.Rays.A in my Parallels folder. When running Windows though, none of the virus checkers has found anything.
It also found one called Trojan.Killer or something similar.
I'm a bit worried about this. Is there any advice you can offer please?
Many thanks
Seb
It also found one called Trojan.Killer or something similar.
I'm a bit worried about this. Is there any advice you can offer please?
Many thanks
Seb
GrantG - Oct 10, 2007 - 7:33 am
The viruses won't show up in windows because they exist outside the virtual drive that it uses for the windows sessions. I'd suggest letting ClamAV take of them. Worm.Rays.A is an email virus.
cheers
Grant
cheers
Grant
sebcarroll - Oct 10, 2007 - 8:09 am
Grant,
Thanks for your advice with this. Clam AV only seems able to quarantine the affected file, and since that file is the entire HDD, it disables Parallels if it quarantines it.
Because of past problems with Parallels, I'm loath to reinstall it if I can possibly avoid this.
Is there anything else you can suggest?
Thanks
Seb
Thanks for your advice with this. Clam AV only seems able to quarantine the affected file, and since that file is the entire HDD, it disables Parallels if it quarantines it.
Because of past problems with Parallels, I'm loath to reinstall it if I can possibly avoid this.
Is there anything else you can suggest?
Thanks
Seb
GrantG - Oct 10, 2007 - 3:37 pm
What virus scanner are you using in windows? I've always found Symantec/Norton's products pretty reliable.
sebcarroll - Oct 10, 2007 - 7:33 pm
I've used quite a few actually! I've tried Clam AV for Windows, SpyBot, Norton, Windows OneCare, AVG...
But only Clam AV running in Mac OS has found the virus. I'm worried that it may start to replicate itself and damage my Mac. Is this possible?
But only Clam AV running in Mac OS has found the virus. I'm worried that it may start to replicate itself and damage my Mac. Is this possible?
GrantG - Oct 12, 2007 - 6:24 am
so just to get this right. The infected files exist within the disk image that you've created in Parallels for Windows. I didn't think that it would be possible for Clam AV to find them there. If it is only in your Parallels folder however then that would be why your windows virus checkers folder can't find them as they exist outside the virtual environment. In this case it would be safe to move this file to the trash and then check that all is well with Parallels. If so then delete the file altogether by emptying the trash.
As for the Windows file duplicating itself and damaging your Mac, that won't happen. At least it won't damage your Mac while in OS X, but viruses can damage your machine while you are in Windows, just like it would on a PC.
As for the Windows file duplicating itself and damaging your Mac, that won't happen. At least it won't damage your Mac while in OS X, but viruses can damage your machine while you are in Windows, just like it would on a PC.
sebcarroll - Oct 14, 2007 - 8:59 am
yes that's right. the problem with removing this file to the trash is that it then disables my copy of parallels, and as i've said earlier i'm loath to reinstall parallels because of the problems i've had in the past!
is there any other route you could recommend?
thanks
seb
is there any other route you could recommend?
thanks
seb
GrantG - Oct 14, 2007 - 4:24 pm
I'm going to reopen this question for other Techs to look at as I am unsure of where to head next. It may just be a case of Clam AV incorrectly identifying a file in your windows image.
sebcarroll - Oct 14, 2007 - 6:15 pm
that sounds like a good idea - many thanks for your help.
sebcarroll - Oct 15, 2007 - 4:33 pm
i look forward to one of your colleagues contacting me about the problem. thanks once again in advance.
Natobasso - Oct 18, 2007 - 11:39 am
AVG works the best I've found and you might also try SpyBot Search and Destroy and see if it can handle the viruses; could have been put there in the guise of popup adware.
The trouble with some viruses is they stick around for the very fact that they hide themselves. These two viruses show up on SpyWare registries which leads me to believe they can be removed by anti-SpyWare apps.
SpyWareDetector has instructions on how to remove Worm.Rays.A:
http://spywaredetector.net/spyware_e.../Worm.Rays.htm
Spyware Guide lists Trojan.Killer as well:
http://www.spywareguide.com/product_show.php?id=1929
You could probably use SpyBot S&D; it's a free app. Should take care of these spyware issues. Use it to clean your system regularly, and try to stay away from untrusted websites.
The trouble with some viruses is they stick around for the very fact that they hide themselves. These two viruses show up on SpyWare registries which leads me to believe they can be removed by anti-SpyWare apps.
SpyWareDetector has instructions on how to remove Worm.Rays.A:
http://spywaredetector.net/spyware_e.../Worm.Rays.htm
Spyware Guide lists Trojan.Killer as well:
http://www.spywareguide.com/product_show.php?id=1929
You could probably use SpyBot S&D; it's a free app. Should take care of these spyware issues. Use it to clean your system regularly, and try to stay away from untrusted websites.
IF THIS IS YOUR QUESTION AND YOU WISH TO RESPOND, LOGIN HERE FIRST.
