Hi all, I was doing a routine virus scan (with ClamXav) on my MacBook Pro which has Parallels Desktop and Windows XP as one of the virtual machines and it found a "ramen worm." The worm was located in the following directory: /Users/my name/Library/Parallels/winxp/winxp.hdd: Worm.Linux.Ramen.C From my searches on the internet, this is a worm that is supposed to attack RedHat, and is considered a low/medium risk threat. Still, I'd rather get rid of it... Any suggestions on how to remove it? When I go to the directory, I can see the winxp.hdd file, but I don't see the Worm.Linux.Ramen.C file. Anyone else run into this problem? I do not download unsafe attachments and rarely browse the net using the XP virtual machine.
Virus scanners search for specific byte patterns as a signature for any given virus, worm, etc. Somewhere in your hard drive image is something that matches the pattern for that specific worm. It's almost certainly a false positive. If you want to be certain, use a Windows anti-virus program to scan the Windows virtual hard drive.
I recommend using AVG it is free from http://www.grisoft.com/doc/1 for a nice small effective XP virus scanner. i went to the site for ClamXav (http://www.clamxav.com/) and at bottom left corner of main page is this link - ›10.4 (Tiger) Problems? you click on the page and the bottom sentence says "If you are running Mac OS X Server 10.4 Tiger, DO NOT attempt to install ClamXav or the ClamAV Engine." kinda confusing, ;-) Any pitfalls during install. Im interested in trying?
