Ticket Options
Question Profile
| DATE | Mar 21, 2008 |
| TICKET | #336746 |
| STATUS | Closed |
| SUBJECT | Trojan Working, Filling Disk Full, Zero |
| CAT | Computers, Operating Systems, Applications or Connected Devices |
| TYPE | Operating System Features, Bugs and Problems |
| DESC | Apple |
| DESC | 10.4.X (Tiger) |
| PLATFORM | Apple Macintosh (PowerPC) |
| MODEL | Power Mac G5 |
| PROC | Dual 2.7 |
| RAM | 2.5 Gig |
| DRIVE | 250 Gig; 750 Gig |
| NAME | Shaun |
| USERNAME | Edmond4 |
| TECHNICAL | Lots of Experience |
| ISSUE | Just Started Looking |
Question Details
TICKET ARCHIVE -> Trojan Working, Filling Disk Full, Zero
Edmond4 - Mar 21, 2008 - 7:24 pm
Some years ago I used "Techguy.org" forums for two weeks to find one of the worse trojan's of which they had ever seen (PC not MAC.) Once we finally discovered the thing, which was "network aware" and moved itself around into different folders, I had to download different free programs and finally "kill the process" so as to be able to delete the thing. Once deleted, we found there were "keylogger" text files that had recorded two weeks worth of everything I did on-line and on my computer. I could see it had recorded ebay passwords (I had two cars on there listed at that time) and even showed my homework projects being opened and unopened. The Trojan was submitted to Symantic corporation by some of the guys at TechGuy.org and were told they didn't even have such a trojan in beta testing yet, and at the time I had Nortan Anti-Virus installed on that computer anyhow, which did not pick up on the trojan. So how did I know the trojan was there? Some small signs gave an indication.
I've now owned a G5 Powermac for over 2 years, and find that something is going on with this machine. Something is eating up my disk space. I cleared out 10 gigs this afternoon, to then return an hour later and find there was "zero kb" available. What is doing this? I also note when pulling up Terminal that something is going on with my network, something keeps sending some information out, and info in every 10 seconds or so. I've shut down all my applications to check if any of them were eating up space, or communicating somehow to the internet. I don't know why I would have that "network" feedback and back and forth data going on, nor do I understand what keeps eating up my free disk space---not only on the main startup disk, but another hard drive too in one day had 20 gigs eaten up by something, I had 40 gigs free in the morning, then noticed 20 gigs were all that was free that afternoon. I had not used up that space with anything I've been doing. I sense the computer at times has the processor working pretty good, and it should not be doing so. Any thoughts?
One thing I should point out is that the FBI as reported (but obscurely) by even main stream sources such as MSNBC, can now inject private computers with 'keylogger' programs in our post Patriot Act world. Perhaps they were responsible for my first virus that Norton didn't pick up on? Perhaps something going on with this too? I don't know.
I've now owned a G5 Powermac for over 2 years, and find that something is going on with this machine. Something is eating up my disk space. I cleared out 10 gigs this afternoon, to then return an hour later and find there was "zero kb" available. What is doing this? I also note when pulling up Terminal that something is going on with my network, something keeps sending some information out, and info in every 10 seconds or so. I've shut down all my applications to check if any of them were eating up space, or communicating somehow to the internet. I don't know why I would have that "network" feedback and back and forth data going on, nor do I understand what keeps eating up my free disk space---not only on the main startup disk, but another hard drive too in one day had 20 gigs eaten up by something, I had 40 gigs free in the morning, then noticed 20 gigs were all that was free that afternoon. I had not used up that space with anything I've been doing. I sense the computer at times has the processor working pretty good, and it should not be doing so. Any thoughts?
One thing I should point out is that the FBI as reported (but obscurely) by even main stream sources such as MSNBC, can now inject private computers with 'keylogger' programs in our post Patriot Act world. Perhaps they were responsible for my first virus that Norton didn't pick up on? Perhaps something going on with this too? I don't know.
DeltaMac - Mar 21, 2008 - 8:01 pm
This is something that is occasionally mentioned in these, and other forums.
I suspect that your drive activity is purely internal, either a stuck process, or perhaps Spotlight has gone crazy....
If you check in your Console (Applications/Utilities/Console), you will likely see that some error is being posted to your system log. That type of process will eat up gigs of space on your hard drive in a hurry. It's probably some process that is stuck.
Also, open your Activity Monitor to show the list of All Processes (under the Show drop-down), and you might see that one or more processes may have stopped responding, and the system log is accumulating error reports as that process attempts to recover/restart.
Although it's highly unlikely that a keylogger could install itself on an OS X system without asking for your permission, a keylogger does no good if it can't communicate _out_ from your computer, so there's Little Snitch, which is very good at informing you about outgoing network traffic.
http://www.versiontracker.com/dyn/moreinfo/macosx/17642
It will tell you specifically which apps would send traffic out, and allow to to stop that traffic. Keep in mind that some apps do that as a normal part of use, and not with any ulterior design, in spite of what some of the 'dark' web sites might say.
Let me know what you find out...
- Dale
I suspect that your drive activity is purely internal, either a stuck process, or perhaps Spotlight has gone crazy....
If you check in your Console (Applications/Utilities/Console), you will likely see that some error is being posted to your system log. That type of process will eat up gigs of space on your hard drive in a hurry. It's probably some process that is stuck.
Also, open your Activity Monitor to show the list of All Processes (under the Show drop-down), and you might see that one or more processes may have stopped responding, and the system log is accumulating error reports as that process attempts to recover/restart.
Although it's highly unlikely that a keylogger could install itself on an OS X system without asking for your permission, a keylogger does no good if it can't communicate _out_ from your computer, so there's Little Snitch, which is very good at informing you about outgoing network traffic.
http://www.versiontracker.com/dyn/moreinfo/macosx/17642
It will tell you specifically which apps would send traffic out, and allow to to stop that traffic. Keep in mind that some apps do that as a normal part of use, and not with any ulterior design, in spite of what some of the 'dark' web sites might say.
Let me know what you find out...
- Dale
Edmond4 - Mar 21, 2008 - 10:24 pm
I thank you Dale for your response to me, quite fast.
Two things, my Hard Drive has an error on it and it appears cannot be fixed with Disk Utility because of an unknown error. (I booted of CD so as to run Disk Utility on the startup volume)
This is what Disk Utility said:
Volume Bit Map needs minor repair.
Repairing volume
The volume Macintosh HD could not be repaired
1 HFS volume checked
1 volume could not be repaired because of an error.
Then secondly
I mistakenly in my original post stated I had opened up Terminal, but I meant to say Activity Monitor in the Utilities, just as you have suggested. It was there that I could see the use of the internet and the spiking in network activity at frequent intervals. I've installed (for the next 3 hours) the demo of Little Snitch. It is picking up that spiking of internet or network activity. First, it is listing:
cupsd
/usr/sbin/cupsd
192.168.0.255
Another thing listed is that has made network contact is:
lookupd
/usr/sbin/lookupd
ff02::fb
224.0.0.251
mDNSResponder
/usr/sbin/mDNSSResponder
224.0.0.251
Perhaps these here mentioned above are legitimate aspects of the OS? I don't think however I've had such things running in the past, and something that for most of my time owning this mac is the fact that the computer does not put itself to sleep as it once did. Is that normal? Perhaps a trojan keeps it up and awake when left unattended? Listed too by Little Snitch is Mail, Safari, and Directory Service.
My hard drive at least gives me after the intended repair using Disk Utility the correct info on how much space I have.
Anyway, any idea how I might repair my disk? And what of these three things that spike the network activity in the Activity Monitor? I'd like to kill those processes if I could, unless they be something necessary of which I'm not aware.
Two things, my Hard Drive has an error on it and it appears cannot be fixed with Disk Utility because of an unknown error. (I booted of CD so as to run Disk Utility on the startup volume)
This is what Disk Utility said:
Volume Bit Map needs minor repair.
Repairing volume
The volume Macintosh HD could not be repaired
1 HFS volume checked
1 volume could not be repaired because of an error.
Then secondly
I mistakenly in my original post stated I had opened up Terminal, but I meant to say Activity Monitor in the Utilities, just as you have suggested. It was there that I could see the use of the internet and the spiking in network activity at frequent intervals. I've installed (for the next 3 hours) the demo of Little Snitch. It is picking up that spiking of internet or network activity. First, it is listing:
cupsd
/usr/sbin/cupsd
192.168.0.255
Another thing listed is that has made network contact is:
lookupd
/usr/sbin/lookupd
ff02::fb
224.0.0.251
mDNSResponder
/usr/sbin/mDNSSResponder
224.0.0.251
Perhaps these here mentioned above are legitimate aspects of the OS? I don't think however I've had such things running in the past, and something that for most of my time owning this mac is the fact that the computer does not put itself to sleep as it once did. Is that normal? Perhaps a trojan keeps it up and awake when left unattended? Listed too by Little Snitch is Mail, Safari, and Directory Service.
My hard drive at least gives me after the intended repair using Disk Utility the correct info on how much space I have.
Anyway, any idea how I might repair my disk? And what of these three things that spike the network activity in the Activity Monitor? I'd like to kill those processes if I could, unless they be something necessary of which I'm not aware.
DeltaMac - Mar 22, 2008 - 7:13 am
Those processes are normal system processes, don't mess with them!
cupsd is part of the system printing software.
mDNSResponder is an essential for internet use, and
OS X uses lookupd for just about anything.
If Disk Utility will not repair your disk, even when booted to your install disk (your 10.4 installer should be the only one you should use for that repair attempt), then you need to use a third-party repair utility. DiskWarrior is my favorite, and is quite good at getting your hard drive back into good working order.
If a process is busy enough to keep your Mac from sleeping, then it will be noticeable in your Activity Monitor....
The only recent trojan-like activity is one that can be found on some internet porn sites. It re-directs your internet browsing back to those porn sites. It would not even be active when you are not browsing the internet. Even that is relatively harmless, and easy to remove.
http://www.macosxhints.com/article.p...71031114140862
- Dale
cupsd is part of the system printing software.
mDNSResponder is an essential for internet use, and
OS X uses lookupd for just about anything.
If Disk Utility will not repair your disk, even when booted to your install disk (your 10.4 installer should be the only one you should use for that repair attempt), then you need to use a third-party repair utility. DiskWarrior is my favorite, and is quite good at getting your hard drive back into good working order.
If a process is busy enough to keep your Mac from sleeping, then it will be noticeable in your Activity Monitor....
The only recent trojan-like activity is one that can be found on some internet porn sites. It re-directs your internet browsing back to those porn sites. It would not even be active when you are not browsing the internet. Even that is relatively harmless, and easy to remove.
http://www.macosxhints.com/article.p...71031114140862
- Dale
IF THIS IS YOUR QUESTION AND YOU WISH TO RESPOND, LOGIN HERE FIRST.
