Norton AntiVirus apparently has some trouble correctly identifying files that are defined under Intego's questionable "MW2004 Trojan" umbrella, mistakenly identifying components of a popular shareware maintenance utility as infected.
MacFixIt reader Chuck Edwards writes "Just thought you should be aware of the odd event in the last run of my Symantec Norton Anti-Virus program V8.0.4, running under OS 10.2.8. This was the first run under the new Definitions Date of 5/13/04.
The log shows:
- Cache Out X
- Sal/Applications/Utilities/System Maintenance/Cache Out X/
- A strain of AS.MW2004.Trojan was repaired
- The file was deleted.
"Odd that this new Mac Trojan virus seemed to be detected in CacheOut X, an old application from September 2002, especially since the trojan is only supposed to occur in the faked MS Word OSX Installer. Fortunately, I no longer was using the CacheOut program as its functionality has been incorporated into newer utilities I use. Nonetheless, the Anti-virus program did fully delete the program as shown in the log."
As noted before, this "trojan" is simply an AppleScript application with a custom installer icon. When the application is launched, it uses AppleScript's ability to execute Unix shell commands in order to run a command that deletes the user's home folder. Since the user is the owner of his/her home directory, no authentication is needed.