Ticket Options
Question Profile
| DATE | Dec 12, 2007 |
| TICKET | #335311 |
| STATUS | Closed |
| SUBJECT | Virus ? |
| CAT | Computers, Operating Systems, Applications or Connected Devices |
| TYPE | Operating System Features, Bugs and Problems |
| DESC | Apple |
| DESC | 10.0.X |
| PLATFORM | Apple Macintosh (Intel) |
| MODEL | MacBook 13 inch |
| PROC | I don't know |
| RAM | I don't know |
| DRIVE | I don't know |
| NAME | Niki |
| USERNAME | Nikil |
| TECHNICAL | Beginner |
| ISSUE | Just Started Looking |
Question Details
TICKET ARCHIVE -> Virus ?
Nikil - Dec 12, 2007 - 5:27 pm
I occasionally try and download things on to my Mac Book and get asked the question 'this contains an application - do you want to download it anyway?'. I have no idea what this means....sometimes I click 'yes' and then I have no idea how to open it !
...Anyway, a few days ago I tried to download an Abode Flash Player so I could do this silly 'elf yourself' xmas thing. It's come up on my desktop but I can't access it. Every time I click on the 'elf yourself' web link , my Internet closes and I get a 'Mac OS x' has quit unexpectedly' (or something similar) warning.
I don't know if this is related to the above - but my Mac has been acting a little strangely ever since. For example all my Bookmarks don't show. The main thing is that today, I had my screen saver on as usual - which is my photos on rotate. Every once in a while - something really freaky would appear over a photo, like a strange cartoon face, or a round disk shape or a photo of an apple - all really big, round and creepy!
Does this sound like a virus? Could this be a result of trying to download an application? (and what does this 'application' thing mean anyway?). Am a bit baffled...
...Anyway, a few days ago I tried to download an Abode Flash Player so I could do this silly 'elf yourself' xmas thing. It's come up on my desktop but I can't access it. Every time I click on the 'elf yourself' web link , my Internet closes and I get a 'Mac OS x' has quit unexpectedly' (or something similar) warning.
I don't know if this is related to the above - but my Mac has been acting a little strangely ever since. For example all my Bookmarks don't show. The main thing is that today, I had my screen saver on as usual - which is my photos on rotate. Every once in a while - something really freaky would appear over a photo, like a strange cartoon face, or a round disk shape or a photo of an apple - all really big, round and creepy!
Does this sound like a virus? Could this be a result of trying to download an application? (and what does this 'application' thing mean anyway?). Am a bit baffled...
Serenak - Dec 12, 2007 - 7:04 pm
Niki
Thanks for choosing macosx.com and I will try to advise you.
OK Niki let's start at the start. You have an Intel MacBook - so you will have at the least Mac OS 10.4.something. Go to the Apple Menu and select "About This Mac" and it will tell you what OS version you have, what processor you have and what RAM you have.
When you download something it normally goes onto the desktop. If you download and Application (which is a program like Safari or iTunes or TextEdit, that is something that "does something" when you double click on it) you will get a warning telling you it is an application - this is so that you are aware of what you are getting, that is an application and not a picture or some other "inert" file.
There are not really any real Mac viruses... there is however a nasty "trojan" (which is something that says it does something useful but actually installs very nasty things on your Mac) which is why you should only get items like "QuickTime Updates" or Flash Player upgrades from the originator's websites... that is Apple via the Software Update tool or from Adobe (for the two I mentioned)
Now this Trojan thing is pretty rare at the minute but your description of "strangeness" is a bit concerning.
I would recommend that at the very least you get ClamXav (which is a very highly regarded if limited virus checker) from here... http://www.clamxav.com/ then install it and follow its instructions, Once it is installed you should allow it to check the whole Hard Drive... this will take a fair time... Also set the "Folder Sentry" to watch your downloads for you.
If you are in the least bit unsure that your Mac has been "compromised" you should consider salvaging any valuable files (your music, photos, etc.) and wiping the Mac using the Installer disk that came with it and starting again.
However before doing anything so radical do check in your pictures folder to make sure the "odd" pictures you are seeing aren't just something that you have unwittingly put in there.
If you are still uncertain about what to do next come back and I will try to advise you in more depth
Thanks for choosing macosx.com and I will try to advise you.
OK Niki let's start at the start. You have an Intel MacBook - so you will have at the least Mac OS 10.4.something. Go to the Apple Menu and select "About This Mac" and it will tell you what OS version you have, what processor you have and what RAM you have.
When you download something it normally goes onto the desktop. If you download and Application (which is a program like Safari or iTunes or TextEdit, that is something that "does something" when you double click on it) you will get a warning telling you it is an application - this is so that you are aware of what you are getting, that is an application and not a picture or some other "inert" file.
There are not really any real Mac viruses... there is however a nasty "trojan" (which is something that says it does something useful but actually installs very nasty things on your Mac) which is why you should only get items like "QuickTime Updates" or Flash Player upgrades from the originator's websites... that is Apple via the Software Update tool or from Adobe (for the two I mentioned)
Now this Trojan thing is pretty rare at the minute but your description of "strangeness" is a bit concerning.
I would recommend that at the very least you get ClamXav (which is a very highly regarded if limited virus checker) from here... http://www.clamxav.com/ then install it and follow its instructions, Once it is installed you should allow it to check the whole Hard Drive... this will take a fair time... Also set the "Folder Sentry" to watch your downloads for you.
If you are in the least bit unsure that your Mac has been "compromised" you should consider salvaging any valuable files (your music, photos, etc.) and wiping the Mac using the Installer disk that came with it and starting again.
However before doing anything so radical do check in your pictures folder to make sure the "odd" pictures you are seeing aren't just something that you have unwittingly put in there.
If you are still uncertain about what to do next come back and I will try to advise you in more depth
Nikil - Dec 14, 2007 - 9:25 am
Firstly - thank you so much for your help.
I've downloaded Clamxav....but it wouldn't let me check the whole hard drive (is there an easy way to do this or do I have to go through everything seperately?)...I've scanned all my photos and I've got no infected files. I've set folder sentry to scan all inserted disks and launch clamxav whenever I log in (do I need to actually log in as opposed to just turning my computer on?).
Is there anything else I should be doing? My computer seems to be behaving normally and the wierd pics that popped up don't seem to be affecting any other screen savers (however am quite apprehensive about re-setting my photos as a screensaver...)
I've downloaded Clamxav....but it wouldn't let me check the whole hard drive (is there an easy way to do this or do I have to go through everything seperately?)...I've scanned all my photos and I've got no infected files. I've set folder sentry to scan all inserted disks and launch clamxav whenever I log in (do I need to actually log in as opposed to just turning my computer on?).
Is there anything else I should be doing? My computer seems to be behaving normally and the wierd pics that popped up don't seem to be affecting any other screen savers (however am quite apprehensive about re-setting my photos as a screensaver...)
Serenak - Dec 14, 2007 - 9:48 am
Niki
Open ClamXav and click "choose what to scan" select the Hard Drive, then select everything in the first window... i.e. Applications, Library, System, Users, etc. etc. then you can scan all of them...
Once you have done this you do not need to keep doing it all the time... if it says it found nothing then you are basically in the clear simply use the Folder Sentry to watch downloaded files and possibly inserted disks... and you will be guarded.
You do not need to have ClamXav launch at login - no reason you can't but you don't need to. The Folder Sentry is sufficient unless you are in the habit of trawling particularly dodgy Porn and Piracy sites... (which I am sure you are not)
As to logging in as opposed to turning on... I assume you mean you only have one account on the Mac and it comes up automatically... personally I would discourage that behaviour... Go into the Accounts Preference Pane and turn off automatic login... and give your account a password. One you can remember obviously... if nothing else if someone stole your MacBook they wouldn't be straight into your passwords, bank details, paypal account etc.
I would also encourage you to create another Account and make that Admin - (personally I always create an admin account called I am Admin) and then consider demoting your normal user account to standard... you will get used to the occasional "You need the name and password of an Administrator" prompt and they are not that annoying, plus if you get them you have the chance to think twice about what is being asked... if you are not in an Admin Account most of the time the amount of damage anything nasty you could possibly download is severely restricted.
I suggest you take a look through your picture folder by hand and see if you can find these "nasty pics" - screen savers can't run things that are not there somewhere... find them and then delete them.
Hope that is some help
Open ClamXav and click "choose what to scan" select the Hard Drive, then select everything in the first window... i.e. Applications, Library, System, Users, etc. etc. then you can scan all of them...
Once you have done this you do not need to keep doing it all the time... if it says it found nothing then you are basically in the clear simply use the Folder Sentry to watch downloaded files and possibly inserted disks... and you will be guarded.
You do not need to have ClamXav launch at login - no reason you can't but you don't need to. The Folder Sentry is sufficient unless you are in the habit of trawling particularly dodgy Porn and Piracy sites... (which I am sure you are not)
As to logging in as opposed to turning on... I assume you mean you only have one account on the Mac and it comes up automatically... personally I would discourage that behaviour... Go into the Accounts Preference Pane and turn off automatic login... and give your account a password. One you can remember obviously... if nothing else if someone stole your MacBook they wouldn't be straight into your passwords, bank details, paypal account etc.
I would also encourage you to create another Account and make that Admin - (personally I always create an admin account called I am Admin) and then consider demoting your normal user account to standard... you will get used to the occasional "You need the name and password of an Administrator" prompt and they are not that annoying, plus if you get them you have the chance to think twice about what is being asked... if you are not in an Admin Account most of the time the amount of damage anything nasty you could possibly download is severely restricted.
I suggest you take a look through your picture folder by hand and see if you can find these "nasty pics" - screen savers can't run things that are not there somewhere... find them and then delete them.
Hope that is some help
Nikil - Dec 14, 2007 - 7:29 pm
Thanks so much- that's really helpfull
The Clamxav has found 8 Trojans on some dowloaded video files from Limewire!
It's telling me I can either deal with them myself, or scan again with the preferences set to move them into a different folder...
I have no idea what to do and what these options mean. Also...do I still need to wipe my hard drive?
The Clamxav has found 8 Trojans on some dowloaded video files from Limewire!
It's telling me I can either deal with them myself, or scan again with the preferences set to move them into a different folder...
I have no idea what to do and what these options mean. Also...do I still need to wipe my hard drive?
Serenak - Dec 14, 2007 - 8:28 pm
OK Niki
ClamXav has found files with nasties in them... most of these will actually be Windows based Trojans that cannot harm your Mac but even so - welcome to the truth of P2P naughtiness... it didn't come from a "real kosher" provider and you can't trust it not to be laced with nasty stuff...
This is what is also called "social engineering" i.e. offer someone something they want cheap or free and they won't check too hard to make sure it is not actually stealing their credit card numbers, pay pal details, etc...
Personally I would run Clam again with the options set to delete them or move infected files to another folder and then KILL THEM... put them in the trash and use Alt-Delete to make sure they are removed...
I don't think you are at the point of needing to wipe the HDD and start again but if you are uncertain of what these files have done/infested/infected then if you are paranoid you may wish to take that route.
Me, I would clean up using Clam then carry on as usual for a day or so... if any weirdness persists consider wiping and starting again - there is basically currently only one "real exploit" for Mac and to be honest you have to download it, install it, give it Admin access and let it run riot
Be careful what you download - not everyone out there is as nice as we might like... my wife has recently had her WoW account hacked and robbed blind... Quite probably through no fault of her own...
ClamXav has found files with nasties in them... most of these will actually be Windows based Trojans that cannot harm your Mac but even so - welcome to the truth of P2P naughtiness... it didn't come from a "real kosher" provider and you can't trust it not to be laced with nasty stuff...
This is what is also called "social engineering" i.e. offer someone something they want cheap or free and they won't check too hard to make sure it is not actually stealing their credit card numbers, pay pal details, etc...
Personally I would run Clam again with the options set to delete them or move infected files to another folder and then KILL THEM... put them in the trash and use Alt-Delete to make sure they are removed...
I don't think you are at the point of needing to wipe the HDD and start again but if you are uncertain of what these files have done/infested/infected then if you are paranoid you may wish to take that route.
Me, I would clean up using Clam then carry on as usual for a day or so... if any weirdness persists consider wiping and starting again - there is basically currently only one "real exploit" for Mac and to be honest you have to download it, install it, give it Admin access and let it run riot
Be careful what you download - not everyone out there is as nice as we might like... my wife has recently had her WoW account hacked and robbed blind... Quite probably through no fault of her own...
Nikil - Dec 16, 2007 - 3:36 pm
Hi..
I put theTrojans and all of Limewire in to Trash and secure emptied it. Then I scanned my whole hard drive again and more Trojans popped up so I did the same with those. I scanned again and nothing came up.
Should I scan the hard drive on a regular basis, or is the folder sentry activity enough?
Thanks!
I put theTrojans and all of Limewire in to Trash and secure emptied it. Then I scanned my whole hard drive again and more Trojans popped up so I did the same with those. I scanned again and nothing came up.
Should I scan the hard drive on a regular basis, or is the folder sentry activity enough?
Thanks!
Serenak - Dec 16, 2007 - 4:06 pm
Hi again Niki,
in my experience the Folder sentry set to scan wherever you send downloads should be sufficient, if you want to be sure, set the full Clam scan to run once a week or something...
There is nothing inherently "bad" in Limewire itself, or Bittorrent or any of the others... but you have to understand that P2P has become a popular way to share pirated music/films/software and nasty people take advantage of this by seeding things that have been modified and contain nasty spyware/viruses/trojans and the like. As I say most of this is Windows malware (as that is a BIG barn door... i.e. an easy target) that can't harm your Mac but if you are sharing it on you are sending people infected files... If you want to go back to P2P there is nothing to stop you - but just be careful what you download and make sure Clam or something else suitable is scanning it as it comes in.
Hope that helps
in my experience the Folder sentry set to scan wherever you send downloads should be sufficient, if you want to be sure, set the full Clam scan to run once a week or something...
There is nothing inherently "bad" in Limewire itself, or Bittorrent or any of the others... but you have to understand that P2P has become a popular way to share pirated music/films/software and nasty people take advantage of this by seeding things that have been modified and contain nasty spyware/viruses/trojans and the like. As I say most of this is Windows malware (as that is a BIG barn door... i.e. an easy target) that can't harm your Mac but if you are sharing it on you are sending people infected files... If you want to go back to P2P there is nothing to stop you - but just be careful what you download and make sure Clam or something else suitable is scanning it as it comes in.
Hope that helps
Nikil - Dec 18, 2007 - 5:12 pm
Everythings fine. Thank you SO much for all your help!
IF THIS IS YOUR QUESTION AND YOU WISH TO RESPOND, LOGIN HERE FIRST.
