Mac Virus
I'm fairly certain I've got a virus or a trojan on my mac. I've been surfing around for a few hours and suddenly my mac started thinking loads (hasnt really stopped). Then the keyboard started messing up - I type a letter and instead some random symbol would appear, and all the shortcuts are gone. I restarted the machine, and the keyboard can write again as normal, but the shortcuts are all wrong (I press the volume mute button and I go into spaces) and when I try and restore defaults nothing changes. The machine is constantly thinking as well. What has happened? Is it fixable? I know everyone says that there aren't virii on Macs but I reckon that may be a lie....
Any help much apprectiated!
Let's stop being paranoid about malware and start thinking about some file corruption...
Create a new User go to System Preferences >> Accounts >> "+" (make it an admin acct) and test the apps in this new account, if they work the problem is isolated to your User and not systemwide.
If the issue is limited to your user account try starting up Safe Mode (It will take more time to startup in Safe Mode because it runs a directory check.)
If your apps functions correctly that way, go to System Preferences >> Accounts >> Login Items, and remove them. Boot normally and test. If not go to ~(yourHome)/Library/Contextual Menu Items and move whatever is there to the desktop. Then do the same with /Library/Contextual Menu Items. Lastly, try moving ~(yourHome)/Library/Fonts to your desktop and restarting.
Log out/in or restart, if that sorts it start putting items back one at a time until you find the culprit.
If the issue is systemwide then, you may be able to repair this with the 10.5.6 Combo Update This is a fuller install, as opposed to an incremental "delta" update so it should overwrite any files that are damaged or missing. It does not matter if you have applied it before.
Remember to Verify Disk before update and repair permissions after update from /Applications/Utilities/Disk Utility.
-mj
Similar Messages
-
The 'New' Mac Virus...please explain
Good Afternoon all,
I too have read the google news. So here are my concerns/questions:
1-What is an ARDAgent and how/why would I 'run such an executable'?
2-How can someone have such unabandoned access to my system if I have minimal sharing turned on?
I have more but I guess those two questions are a good start.Tom IV wrote:
As far as the google story, it starts out as "Two Mac viruses were discovered over the weekend..."
Can you point me to this story and what weekend was this? It sounds like old news and the exploit involves you willfully giving administrative permission to some website to download a program. Not likely you would fall for it.
As far as security, while there are no known viruses that attack Mac OS X at the present time, it is possible for spyware to get onto your Mac.
So I go to lenghts to protect my user. A hosed system can be replaced but a compromised user folder is compromised forever. Along with all your important data like bank records, credit cards, ... I.e. your "identity" stolen.
The best way to avoid that is by using your built-in firewall which is industrial strength and/or a hard wired router, downloading only from "trusted" sites, installing all security updates and being careful about what you give administrative power to. It is also recommended to run day to day tasks from a non-admin account.
Don't use Limewire or any other P2P service to download your software, get it from reputable sources. In addition, always keep at least your users backed up, preferably a clone of your entire system on a separate disk. And put your sensitive passwords, bank accounts, credit card numbers in a "secure note" in a new keychain or in an encrypted folder.
If and when a Mac virus does appear it will be headline news and you can download the AV software then. If you feel you have to run an AV program I'd suggest ClamXav a mac friendly freeware app that is very stable with Tiger. It will check for known virus signatures at any rate.
Hope this helps.
-mj -
Heard 2 days ago first mac virus
PC friends tell me first mac virus discovered last week
True?I didn't believe him so googled. Found this:
The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.
Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shellshocked.
comments? -
Do you recommend a certain Anti-virus or Anti-spyware for Mac, or you don't believe that my Wireless going out frequently has anything to do with that? Something else possibly like a software issue?
Your wireless issues don't have anything to do with malware. There's no known Mac malware that behaves that way. See my Mac Malware Guide for more info about that topic.
Are you having problems will all wireless networks, or just one? (If you haven't tried it on more than your home network, try taking it to a local coffee shop or library that offers free wifi and test it there.) When it "goes out," what exactly happens? -
Hello good people,
I bought my MacBook 16 months ago and have loved every minute of it. I brag to all my PC friends about how my MacBook never has had any problems. Well that all ended 2 days ago.
I use a couple USB external hard drives to store music and video projects and I plugged one in the other night and it fired up but didn't mount. I plugged it into the other port and the same thing happened. I tried 3 other drives and the same thing happens. I then tried plugging in my Ipod and it receives power but won't mount. My firewire hard drive works fine...
The ISight camera also quit working at the same time. Photo Booth cannot open it and neither will my webcam programs. I checked the System Profiler and ISight doesn't show up in the applications.
So the first thing I tried to do was shut down but it only went to a grey screen and wouldn't shut off so I held the power button down until it did. I have never troubleshooted a mac before so I came here and searched through the discussions.
Here are the things I've tried:
*PRAM
*SMC/Power Manager Reset
Neither fixed my problems.
So I've come here for help. One of my Coworkers laughed and told me I had a virus. They were all working fine a few days ago. I haven't installed anything new or changed any settings. What do I do now?Thank you everyone for your help.
I believe I have a hardware problem. The reason I say this is sometimes my USB ports will work if I move the male end around a bit but most times they don't work at all. I just had my iPod plugged in and it didn't mount until I moved the plug around. Once it did mount my computer crashed. Maybe a short in the bus?
The power surge theory makes sense. My house has 'dirty power'. That's the kind that has 2 prongs in the outlets with no ground. Sometimes when I plug things in a spark shoots out. The other thing that might have caused my dilemma could have been from over use. I bring my MacBook everywhere. I record live music with it and maybe it got shook up from the bass or drums. I am also constantly plugging in USB cables. Between my iPod, camera, video camera, external hard drives, ect the ports have seen a lot of action.
I'm going to backup my files on my firewire drive and reinstall. If that doesn't work it looks like I'll be sending it in for repairs. I will let you all know the outcome...
Thanks again!!! -
Is it possible to get a mac virus?
Hey,
I was using a pc and I decided to get a mac, because you can do lots of creative work with it and I was sick of viruses. I was able to clean my pc up after I had a virus and I know how to reprogram it. And I still don't know why I always had a computer virus, because I had a fire wall/anti virus programs and surfed on safe intenet sites.
Now, after buying a mac book I never feel safe, because I was used to have computer viruses
Is it possible to get one on my mac?
(I never download any suspicious stuff from the internet ex.:songs, videos etc I only use my mac for my writing at university, editing pictures and making music)
Thank you1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
For more information about Gatekeeper, see this Apple Support article.
4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it only on well-known, password-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Follow these guidelines, and you’ll be practically as safe from malware as you can be.
6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default. -
How can you tell if you have a virus? I am having trouble with my email and can not get any mail from work.
This has been going on for a couple of weeks. My phone is now having issues too!
I also have also had a lot of Adobe requests to update.Helpful Links Regarding Flashback Trojan
Visit Thomas Reed's site for insight and help: Mac Malware Guide
A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started. However, be careful about what you do as new variants of the malware circumvent the efforts of earlier tools.
Also see Apple's article About Flashback malware.
Apple has released Java updates for Snow Leopard and Lion users:
Java for OS X Lion 2012-003; available only for users of Lion with Java installed.
Java for Mac OS X 10.6 Update 8; available only for users of Snow Leopard.
Flashback malware removal tool; available only for users of Lion without Java installed.
Install whichever shows up in Software Update. It removes the malware (if present), updates Java (if present) and tightens up Java settings for the future. You may download from Apple's web site instead of using Software Update, but it's important to know which one to get, because the other two won't work for you.
For the truly paranoid see 10 Simple Tips for Boosting The Security Of Your Mac.
There is no evidence of any impact on iPhones or other iDevices. -
We've had a very weird problem in our office which is all-Mac. We received a jpeg image from a client and when we attempted to open it, the Finder appeared to reset, (all windows re-drew) and the dock disappeared. We couldn't easily Trash the file without the dock, so I tried installing the delete button in the window (Customize Toolbar) but as soon as I hit the button it disappeared! We tried resetting the Dock Preferences, but nothing would "stick." The same with Expose and Spaces Preferences. We then went through the sad drama of installing latest OS (was 10.5.2, now 10.5.4) and finally restoring the entire OS from disk.
Yikes! This had no effect!
Similar threads suggested removing the dock.plist file and/or running a freeware program called RestartDock. All had no effect, but I did at his time notice that relevant plist files were constantly disappearing and reappearing, as was the dock itself.
It was here that I realized that we had never successfully nuked the offending file. We got it into trash, but that had no effect. We emptied the trash. No effect... and file still in the trash.
At this point I went all medieval and opened Terminal and did a %/bin/rm -r on the file. It vanished... and so did the problem. Automatic dock refresh rewrote the .plist files and function returned to normal.
Sooo... what in creation was THAT?
The original file was a jpeg allegedly written from Photoshop.
p.s. [Opt]Empty Trash succeeded in deleting the offending file on other systems, so you don't need to use Terminal.So, we have had this problem again, again from the same source. This time I have grabbed a copy of the file before it was exterminated by over-eager cleaners. I was told the Google virus checker did flag this file, but Norton Utilities missed it on my machine. What is the best way for me to dissect this file without suffering the effects of the corruption/virus?
This last event occured on a G5 running 10.5.4 -
Is the Mac running Leopard as virus free as some say? My understanding is that once a good password is set for the root account, one can download without fear. I've just gotten DSL and I'm worried about being connected 24/7.
Well, I don't have any precise list of viruses, but there are a lot of discussions about it in the net.
Of which almost every bit of it is speculation or users who think they have a virus simply because their Macs aren't running well.
Put this simple search phrase in Google:
"os x"+virus
It returns almost nothing of substance. There's a couple of links loudly proclaiming the first real OS X virus. It's nothing but a gag video showing the desktop items falling all over the place as someone turns the Mac. Very clever, but not a real piece of malware at all.
The only other one that receives any mention at all is the Leap.A virus (and its various names). That one starts out as a Trojan you have to download and install. Once you do that, it acts as a virus and tries to infect buddies in your iChat list. Unless of course someone else you know was the one to download and install it. Then as it tries to infect you from their Mac, to you, it's strictly acting as a virus. It was a poorly written piece of malware and infected a very small percentage of users.
Other than that, there's nothing.
You can never be too careful, imo.
True enough, and applies to any OS. There's no such thing as a bulletproof OS. Read/watch the news, sites like this and other trustworthy, verifiable venues. -
there seems to be some problems with mail and safari (slow, not closing down).
A virus should be the absolute last thing to consider when facing such problems on a Mac. See my Mac Malware Guide:
http://www.thesafemac.com/mmg
As for what the problem is, that's difficult to say without more information. Start with the steps in my Mac Performance Guide and see if that gets you anywhere:
http://www.thesafemac.com/mpg -
Crashes at Launch, after Mac Virus
I got a virus on a mac and apple tech support had me erase many folders and files from my hard drive in order to remove all races of the virus. Ever since that, AI crashes without fail every time I launch and try to open a file or start a new document.
There were no third party plug-ins to remove. I have uninstalled and reinstalled 3 times. I have the latest version and am on Yosemite.
Please help!
Alexairkaze,
Did you reinstall using the full three step way, which may be needed here?
Uninstall, run the Cleaner Tool, and reinstall.
http://www.adobe.com/support/contact/cscleanertool.html -
If parallels or boot camp is used to have windows on a mac computer, can I still get viruses? And if I do get a Windows virus will it affect the files on the mac?
Windows viruses will only run within the Windows operating system. They cannot run in Mac OS.
That being said, a Mac user can still spread Windows virus code, they will just not be affected by it themselves.
You should note though that while Mac OS can't tun a Windows virus, if you give Windows, either on Bootcamp or Parallels, access to your Mac's files, the files could be effected anyway. Mac OS can't run the virus code, but if you are running Windows and asking Windows to interact with your Mac files, then it can run the code on those files.
It should also be noted that even if you only used Mac OS, you can still get viruses. There are viruses for Mac OS, they just aren't very common.
If you are going to run Windows, no matter what machine you run it on, you should have an anti-virus program installed.
...and after all of that, I will tell you that I run Windows 7 on both Parallels and Bootcamp, and Windows XP in Parallels. I just use free anti-virus software and have never had a problem. -
What is everyone doing about the new Mac virus?
Just read about the new Trojan virus that is aimed at Macs. Is there a solution for this?
There's an update from Apple that's been pushed out. On mine, System Update pushed this when I opened Safari. If not same for you, try running Software Update.
-
I am REALLY p...d ! Seven months after i installed "clean your mac" this virus/malware (wich i bought from APPLE!!) my computer is STILL infected with this virus! After installing this MACKEEPER/ZEOBIT .... firm, it my mac went so slow that i couldnt work with it anymore.
I got in touch with this east european based virus sellers helpdesk. I wanted to get rid of this virus program. The help i got consisted out of them trying to selling me more software.
After that i visited all the forums from Apple. Found i am one of the thousands victems they made. Tried some of the solutions i found here.
So i decided to reformat my hard disks and install all my programs again.
But STILL, whereever i go i get pop-up for this malware program. Some SO bad that the only choice you have is eigther click on oke to install this rubish again OR you have to close safari to get rid of this virus attach!!
I have been writing to Apple, who peddle this virus without any answer!! Safari, same thing
And now i am fat up !!
If Apple is in need of a couple of million more, no problem, they deserve it. But if, after EVERYTHING i have been reading here, still sell this malware/virus and dont CARE about their customers enough to so something about it, then it stops for me!!
I am shure that the Apple delete police will take this edit away again, and i will get another B....T email that "according to our rules......." but then we will take this a couple of steps further! We are now, just started, 1290 victims of this zeobit, and we are building a website about their policy how to push this virus thrue everybodys troath, and the lack of reaction to this from Apple.
And we will make SHURE that whenever someone in this world types in zeobit, mackeeper, clean your mac, we WILL be the number one hit in Google!!
Because now they REALLY p...d us off !!
PS...just to show how Apple thinks about their precious zeobit, i found out that any comnination of the words zeobit-mackeeper with words we use everyday, or in connection with organised crime is enough to refuse your edit.Consider that people here have been helping and telling people and some wrote up their own User Tips and that Apple has a tech note, a link at the top of this and other forums, on how to avoid, not installl, and remove this type of ransomware malware.
https://discussions.apple.com/docs/DOC-3034
https://discussions.apple.com/docs/DOC-3201 -
What is the best recommended virus protection for MacBook Pro and iMac?
None.
Helpful Links Regarding Flashback Trojan and Virus Protection
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read the FAQ on malware.
A link to a great User Tip about the trojan: Flashback Trojan User Tip.
To check for the trojan: Anti Flashback Trojan 2.0.4.
A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started. Or the preferred method is to use Apple's protection tool: Flashback Malware Removal Tool 1.0.
Or, open Software Update. If you do not have the Apple protection software installed it will download and install it via Software Update. If no update appears that means you either already have it installed or it isn't needed for your system. The software is only available for Leopard, Snow Leopard, and Lion versions of OS X.
Also see Apple's article About Flashback malware.
For general anti-virus protection I only recommend using ClamXav.
Maybe you are looking for
-
My speaker no longer works in Ipad 2 after 7.1.1 update
I recently updated my ipad 2 to ios 7.1.1 and my speaker stopped working,one day everything worked fine, the next no speaker, I am not a happy camper. The volume control no longer controls the volume only sound effects and the mute button only contro
-
No BOM Explosion in Planning Order
Hello Folks, i have a problem with the BOM explosion at creating a planning order. Our BOMs are created without plant number and are enterprise wide available. If we create new BOM's with direct plant association via CS01, the BOM explosion in creati
-
Username and password default for BAM database
Hi everyone, I have installed in my machine a virtual machine wich have the Oracle BAM 10 installed. We are trying to connect to the BAM database but the problem is I dont know the user default to do it. I also have in my machine(real machine) the BA
-
Excel Add-In - retrieve does not function
following upgrade to v 9.3.1 many users are experiencing the following: Following connection to database the "Retrieve" does absolutely nothing. No error message, no feedback at all. Task manager reveals another unexplainable EXCEL execution is also
-
I got a new mac.. Want to tranfer from my old one.. I'm at the part where it says tranfer info to this mac... It just keeps looking for source! Getting irritated!