Malware - Trojan ?

Similar Messages

• When clicking websites my Avast 5.0 antivirus notifies me that a malicious URL is trying to access my system or that a Trojan has been prevented from access. The attempted Malware/Trojan is always from the same address:[Ticon.in/nte/kuz/.exe/xhdoe515bvo3

  suspicious Maleware / Trojan.
  == This happened ==
  Every time Firefox opened
  == I tried to access a website

  Hello "Morbus",
  Thank you for your quick and informative reply. First I would like to provide more information on this attempted Malware/Trojan. I have copied the full addresses for you and/or anyone who may have interest. It follows below.
  28.06.2010 07:38:00 Network Shield: blocked access to malicious site 楴祣湯椮⽮瑮⽥畫⹺硥e [ C:\program files\Mozilla Firefox\Firefox.exe ( 5436 ) ]
  28.06.2010 08:14:44 Network Shield: blocked access to malicious site 楴祣湯椮⽮瑮⽥畫⹺硥e [ C:\Program Files\Mozilla Firefox\Firefox.exe ( 4476 ) ]
  28.06.2010 13:32:53 Network Shield: blocked access to malicious site 楴祣湯椮⽮瑮⽥畫⹺硥e [ C:\Program Files\Mozilla Firefox\Firefox.exe ( 1988 ) ]
  28.06.2010 17:51:53 Network Shield: blocked access to malicious site 楴祣湯椮⽮瑮⽥畫⹺硥e [ C:\Program Files\Mozilla Firefox\Firefox.exe ( 5400 ) ]
  29.06.2010 13:31:03 Network Shield: blocked access to malicious site ticyon.in/nte/kuz.exe [ C:\Program Files\Mozilla Firefox\Firefox.exe ( 2444 ) ]
  29.06.2010 23:15:14 Network Shield: blocked access to malicious site ticyon.in/nte/kuz.exe [ C:\Program Files\Mozilla Firefox\Firefox.exe ( 480 ) ]
  30.06.2010 09:36:22 Network Shield: blocked access to malicious site ticyon.in/nte/kuz.exe/wHd0e51a5bV03006f36002Ra38dbe4f108T9ccfa9f8Q000002fe901801F0035010aJ14000601L656e2d55530000000000 [ C:\Program Files\Mozilla Firefox\Firefox.exe ( 5164 ) ]
  30.06.2010 22:31:52 Network Shield: blocked access to malicious site ticyon.in/nte/kuz.exe/wHd0e51a5bV03006f36002Ra38dbe4f108T9ccfa9f8Q000002fe901801F0035010aJ14000601L656e2d55530000000000 [ C:\Program Files\Mozilla Firefox\Firefox.exe ( 3600 ) ]
  I had failed to mention in my previous comments that each time the attempted attacks took place, a blank Adobe PDF page appeared. As you suggested, I disabled the Adobe add-on and have had no further attacks. I am extremely dilligent in keeping my SuperAntiSpyware Pro, AvastAntiVirus 5.0, ThreatFire, Vista Firewall Control, Malewarebytes and Windows Defender up to date. However, after any attack I always run these in safe mode just as a precaution. I had suspected the Adobe drop-in may have been the culprit because of the page that appeared and your suggested fix has in fact fixed it!
  Thank you again for your unselfish time in coming to my rescue. "Deaf Dave"
  From: [email protected]
  Date: 7/1/2010 12:53:40 PM
  To: [email protected]
  Subject: Reply notification: when clicking websites my Avast 5.0 antivirus notifies me that a malicious URL is trying to access my system or that a Trojan has been prevented from access. The attempted Malware/Trojan is always from the same address:[ticon.in/nte/kuz/.exe/xhdoe515bvo38d
  "Morbus" has posted a reply to a thread you're watching.
  You can view the thread and reply at the following URL:
  https://support.mozilla.com/en-US/forum/1/714170#threadId714337
  Message:
  Hello Deaf Dave.
  It's possible that you are having a problem with some Firefox add-on that is hindering your Firefox's normal behavior. Have you tried disabling all add-ons (just to check), to see if Firefox goes back to normal?
  Whenever you have a problem with Firefox, whatever it is, you should make sure it's not caused by one (or more than one) of your installed add-ons, be it an extension, a theme or a plugin. To do that easily and cleanly, run Firefox in [http://support.mozilla.com/en-US/kb/Safe+Mode safe mode] (don't forget to select ''Disable all add-ons'' when you start safe mode). If the problem disappears, you know it's from an add-on. Disable them all in normal mode, and enable them one at a time until you find the source of the problem. See [http://support.mozilla.com/en-US/kb/Troubleshooting+extensions+and+themes this article] for information about troubleshooting extensions and theme and [https://support.mozilla.com/en-US/kb/Troubleshooting+plugins this one] for plugins.
  If you need support for one of your add-ons, you'll have to contact its author.
  Also, it's possible that your system is infected with malware. To scan for malware, install, update and run these programs ''in this order''. They are all free for personal use, but some have limited functionality in their "free mode", but the features you'll miss are not really needed to find and remove the problem you have. Remember that ''not all programs detect the same malware''!
  Malwarebytes' Anti-Malware - [http://www.malwarebytes.org/mbam.php malwarebytes.org/mbam.php]
  SuperAntispyware - [http://www.superantispyware.com/ superantispyware.com]
  AdAware - [http://www.lavasoftusa.com/software/adaware/ lavasoftusa.com/software/adaware]
  Spybot Search & Destroy - [http://www.safer-networking.org/en/index.html safer-networking.org/en/index.html]
  Windows Defender - [http://www.microsoft.com/windows/products/winfamily/defender/default.mspx microsoft.com/windows/products/winfamily/defender/default.mspx]
  Dr. Web Cureit - [http://www.freedrweb.com/cureit/ freedrweb.com/cureit]
  If these don't find it or can't clear it, please tell me and I'll provide you with further assistance.
  Did this response solve your problem with Firefox?
  Yes, this solved my problem (click here):
  https://support.mozilla.com/tiki-feedback.php?id=714170&hash=6d5f163b3092b464aa15d04188b5cca2&type=forum_topic&feedback=Firefox%20Support%20Forum&commentId=714337
  No, this did not solve my problem (click here):
  https://support.mozilla.com/en-US/forum/1/714170?hash=6d5f163b3092b464aa15d04188b5cca2#form
  If you no longer wish to receive notifications for this thread,
  visit the following URL to cancel your subscription:
  https://support.mozilla.com/tiki-cancel_watch.php?section=forum&hash=6d5f163b3092b464aa15d04188b5cca2

• Email phishing, malware, trojan horses, key stroke

  I have a iMac with the new Yosemite 10.10.1 SW installed. I received an email and clicked on a web link that was characterised as Phishing and I enterred private information. I have since truned off all online contacts that may be compromised. What is the likelyhood that when I went to this scam website and enterred information that Malware, Trojan Horse, Key stroke counting type SW was installed?  Would the new Yosemite OS prevented this from happening?

  Those sites are mostly designed for Windows PCs, so OS X should not be affected. Furthermore, OS X Yosemite uses Gatekeeper, which only allows to install apps from the Mac App Store and identified developers by default.
  If you want to be sure there is nothing bad in your Mac, you can use ClamXav and scan the hard disk.

• Malware/Trojans on a new MacBook Pro

  My MBP is only 2 weeks old. The day after I got it I began to notice suspicious behavior when surfing the net (Yahoo Mail, Yahoo News, Facebook) when the screen I was on would be hijacked to an another site or ad of some kind. I screen-capped the examples and headed for the genius bar. They advised it was not the machine but probably pop ups from the sites I was visiting, in other words it was my keystroking habit and the sites I visited. Never knew Yahoo Mail and News were "problems"!
  They loaded Sophos and said it won't find anything but would give me peace of mind. Well when I ran a full scan I've got a trojan and 2 malware (all java related). I assume this may be the root cause of my hijacking issue. I know the prevailing wisdom is that MACs don't get viruses and only get malware/trojans if the user/admin accepts them. I've not accepted anything or given permission for any downloads...ever. Which leads me to question if somehow these problems were transferred from my XP during the data transfer process? Is that possible? Does anyone have any suggestions about the best course of action? The malware can't be cleaned in Sophos...it must be manually removed. Which I've yet to figure out how to do. The primary reason I switched to a MAC was the security. And I love the machine but I'm disheartened to say the least. Any advice is appreciated.

  You undoubtedly imported the malware from your PC running Windows. If the malware came from there, it can't do anything on a Mac unless the Mac is running Windows, and is therefore completely harmless. Antivirus software may detect Windows-based malware on your computer, but that doesn't mean any of it can run in the Mac OS.
  The day after I got it I began to notice suspicious behavior when surfing the net (Yahoo Mail, Yahoo News, Facebook) when the screen I was on would be hijacked to an another site or ad of some kind.
  This happens all the time and has nothing to do with malware, unless sneaky and devious website design is classified as malware.
  ...in other words it was my keystroking habit and the sites I visited.
  I don't know what "keystroking habit" means, but the sites you're visiting are responsible for the popups and diversions that annoy you.

• I think I've installed malware/trojan...

  I think ive installed malware/trojan by downloading and installing software from gimpshop.com - is there a way i can tell? Total lapse of concentration on my behalf but now panicking.....

  I just checked that site with Sucuri SiteCheck. It comes up clean, except with a notice that it's using an oudated version of wordpress.
  http://sitecheck.sucuri.net/results/gimpshop.com
  Then I checked with Quterra, which reports one potentially suspicious file. Note potentially. But that site, which is based on heuristics, not the presence of any actual malware, is only making a guess.
  http://quttera.com/detailed_report/gimpshop.com
  Could be it's installing adware. Obnoxious but less vicious than a trojan. See
  http://www.thesafemac.com/arg/
  If Virus Barrier Express doesn't come up with anything, though not  foolproof, I'd probably relax. Besides that, since you are only allowing code signed or MAS apps in, and this guy, though maybe disreputable, isn't fly by night using code signing for a quick hit, that's another sign you can relax, especially if your browser and OS are up to date.
  EDIT: Well, actually, there's a caveat with what I said about an updated OS. Both 10.8 and 10.7 haven't received security updates in quite a while. And neither has XProect (the built in anti malware program) since Oct 9. Apple is dragging its feet there. Only 10.9 got patched. But I wouldn't let that make me crazy.

• Can't load Facebook on Firefox . Suspect malware/trojan. Downloaded 3 free scan/remove programs, all end in .exe and my Mac wants to know which "Application" to use to run them. Help?!

  Firefox 3.6.19
  Mac OS 10.4.11
  attempted the''' 3 free options''' listed here
  http://support.mozilla.com/en-US/kb/Firefox%20never%20finishes%20loading%20certain%20websites?s=cannot+load+page&as=s
  when I click on any of them, they don't just open/run. they want to know what application to use to open them. do these work for my Mac, or is there another free alternative?
  Here's what the Mozilla page above said
  Firefox never finishes loading certain websites
  If specific websites (not all) start to load, but never finish (i.e. The Firefox activity indicator may spin for several minutes, or the status bar may show "Done" on a blank page), it is either because of a software trojan called Vundo, or a file being in the wrong format.
  Table of Contents
  * Vundo trojan variant
  o Search for malware
  o More help
  * JavaScript file format
  Vundo trojan variant
  A variant of the Vundo trojan is known to cause Firefox to have problems loading certain high-traffic sites, including Google, Yahoo, MySpace, Facebook, and more.
  Search for malware
  Not all variants of the Vundo trojan can be detected or removed by malware scanners. However, you should scan your computer for infections first:
  * Run the Microsoft Malicious Software Removal Tool.
  * Run a full system virus scan with something other than your normal program:
  o A '''free solution online is Kaspersky's online scanner'''.
  * Run a full system spyware scan with something other than your normal program:
  o MalwareBytes' Anti-Malware
  o '''SUPERAntiSpyware''' is known to detect many variants of Vundo, and has a free version.
  o '''Spybot S&D''' is a well-known free solution.
  More help
  If you're having a problem loading sites other than the one described above, see the Error loading websites article to see if it addresses your problem. You can also check your Internet security software - resetting permissions for Firefox can often fix similar problems.
  There can be other causes of the symptoms described above. Before attempting these instructions, try the methods described in the Basic Troubleshooting article to see if they will address your problem.
  If you still have problems after scanning, you may ask a support question.

  It sounds like you may have multiple problems, but none of them are likely to be caused by malware.
  First, the internet-related issues may be related to adware or a network compromise. I tend to lean more towards the latter, based on your description of the problem. See:
  http://www.adwaremedic.com/kb/baddns.php
  http://www.adwaremedic.com/kb/hackedrouter.php
  If investigation shows that this is not a network-specific issue, then it's probably adware. See my Adware Removal Guide for help finding and removing it. Note that you mention AdBlock as if it should have prevented this, but it's important to understand that ad blockers do not protect you against adware in any way. Neither would any kind of anti-virus software, which often doesn't detect adware.
  As for the other issues, it sounds like you've got some serious corruption. I would be inclined to say it sounds like a failing drive, except it sounds like you just got it replaced. How did you get all your files back after the new drive was installed?
  (Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.)

• I think I have  some Malware/Trojan Horse on MacBook Pro. How to get rid of it?

  My MacBook Pro has worked perfect for the last 2 years, but over the last 2 days when I am on Chrome it has started clicking onto random websites when I click other links, and showing certain words as underlined and as hotlinks. I think I recognise that from having a PC as Malware or Trojan Horse? What is the best way to remove this as I have read through a few threads on here and they advise not downloading any anti virus software as it slows down your Mac instead of helping.
  <Post Edited By Host>

  You installed the "VSearch" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• Viruses, malware, trojans, etc.

  I have an MPB, OSX 10.5.8 and a 16.5 year old son. I was able to resolve the kernel panic problem, but only because I had access to an external drive version of an install disc with which I could fire up Disk Utility, which then made repairs. I had been able to reboot from neither an onboard install disc nor an internal TechTool eDrive.
  Suspicious, I installed and ran ClamXav anti-virus tool and found two items:
  hottiestar_installer.exe decsribed as Trojan.Inject-3034, and
  useGoingBook.class-73a68686-5131a64d.class described as Trojan.Downloader.Java.ClassLoader-1 .
  ClamXav placed the two in a folder and then I trashed them both. Am I done? Is it safe? I know so little about how these things operate and what they do. It seems like I've killed the messengers, but have I destroyed the messages?
  Is it more likely that these were picked up from friends with infected Windows machines than from direct downloading to the MPB?
  Thank you.

  Raven Icefire wrote:
  I am looking at buying a MBP. My brother goes to ITT and he said that they are talking about the rise of mac viruses. Is this something I should consider when buying, like should I pay for the anti-virus or are the types of viruses that they were talking about not something to worry about?
  Welcome to Apple's discussion groups.
  There really are no Mac viruses in the traditional sense. There are Mac trojans, which can be avoided by actions such as declining offers to install "codecs" that claim to allow viewing of questionable content.
  Safari and OS X have a certain amount of malware protection already built in. If you really want to install anti-virus software on a Mac, consider ClamXav: http://www.clamxav.com/
  One more piece of advice: If you're looking for advice, start your own thread instead of attaching your question to a thread already marked as "answered", as those threads receive a lot less attention than unanswered threads.

• Mac web browsing problem - potentially malware/trojan/adware

  Hi All,
  I am new to the mac OS but i downloaded a torrent on the recommendation of a friend for MS Office for Mac last night onto my macbook air. It all appeared okay until i tried to browse the internet today.
  However, every time i now open a session in Safari or Chrome, i get a number of additional windows popping open with ads for gambling, ****, etc. I have no idea how to remove whatever it is that I have on my machine. Any help would be appreciated as i am totally new to the Mac world. Even when i do a google search, the first 4 or 5 results are for ads and then i get additional pop ups opening. I have tried disabling pop ups, cookies, extensions etc in Safari preferences but this does not make a difference.
  Some guidance would be great from you more knowledgeable members.
  Thanks.

  You probably installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot" or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• Malware - trojan on mac

  hi all.
  I just had an experience where my emai account running through mac mail was spamming thousands of emails to the world. I was getting over 2000 replied emails  with address unknown, can't find server and all of those kinds of errors. my hosting company thinks that my computer was infected with a trojan or malware, but I was under the impression that mac's don't get viruses.
  They have changed my password and my cpanel log in for security and have asked me to check me system
  can you guys lend me more information on what I can use or what I shoudl look for that may have caused this issue?
  thanks
  bret

  thanks for the reply guys.
  Here is a full email message. I don't know if they are being sent from my computer or not. I am not seeing anything in the outbox that is being sent, but I am receiving the following or have been receiving the following in the thousands.... I am using imap services and not pop.
  This is the mail system at host gateway07.websitewelcome.com.
  I'm sorry to have to inform you that your message could not
  be delivered to one or more recipients. It's attached below.
  For further assistance, please send mail to postmaster.
  If you do so, please include this problem report. You can
  delete your own text from the attached returned message.
                    The mail system
  <****>: host ****[204.127.217.21] said: 551
     not our customer (in reply to RCPT TO command)
  Reporting-MTA: dns; gateway07.websitewelcome.com
  X-Postfix-Queue-ID: D9CF85FB9A267
  X-Postfix-Sender: rfc822; ****
  Arrival-Date: Fri, 10 Jan 2014 18:04:25 -0600 (CST)
  Final-Recipient: rfc822; ****
  Action: failed
  Status: 5.0.0
  Remote-MTA: dns; ****
  Diagnostic-Code: smtp; 551 not our customer
  From: "Richelle Wayne" <****>
  Subject: ṼĭẳǴṙẳ
  Date: 11 January 2014 11:04:21 am AEDT
  To: ****
  <Email Edited By Host>

• Viruses/Spyware/Malware/Trojans etc. Protection

  I am new to Macs but am pretty tech savvy. Do I really need a virus scanner? Do I need spyware protection? I use ClamXav for virus scanning. But it seems pretty unsecure and not reliable. Are there any other free virus scanners/anti-spyware software? Also is the OS X firewall secure enough, I know that it doesn't stop outgoing connections? How do you deal with these problems? Do you use any protection? Thanks.
  iMac Core Duo/iPod Photo 30 gig/Windows Knowledge   Mac OS X (10.4.8)   17 inch

  Hi.
  I'm surprised that you find ClamXav "…pretty unsecure and not reliable". It is the usual recommendation for free virus scanning on these boards. In what way do you find it so? Has it failed to pick up a Mac virus that you know is on your system? Unlikely as there are no true Mac viruses 'in the wild'.
  The OS X firewall is generally considered to be 'industry strength' but can be fine tuned with tools such as Snort in conjunction with Henwen, or Flying Buttress.
  As regards outgoing connections, Little Snitch is a lovely little shareware application. The usual comment on Little Snitch is that it does one thing and does it well.
  You might like to take a look at Dr Smoke's Detecting and avoiding malware and spyware, &/or, if you've got half a day to spare, put 'virus' into the search box over there------->>>>
  Reams of comments have been posted and I'm not going to reopen the argument now as it's all been said before, but just so you know which side of the camp I'm on, I use no AV software. I have the Mac and router FWs on, I use Little Snitch and common sense.
  Have fun,
  Adrian

• Scanning for virus/malware/trojans, etc?

  My online security has been seriously compromised in the past two weeks. It started out with my email account being hacked, and a spam message sent to everyone in my contact list. Now all of my domain names were hacked (most likely via my FTP software) and something installed malicious code into all of my websites that install a trojan on any unsuspecting visitor.
  I believe a computer in this house is (or was) acting as the router for all internet traffic and is sniffing passwords. At least, that's the only logical thing I can think of.
  I'm afraid to find out what's next, but I need to find the root of this problem and GET RID OF IT. We have a PC in the house, which I was hoping was the culprit, I completely wiped that hard drive clean and re-installed the OS, so that checks out now. And the problems are still occurring. The email hack happened before i wiped the PC, and the attack on my websites happened after. Or, at least, I NOTICED it after. It could have happened at the same time for all I know. But I want to be ABSOLUTELY sure that there's NOTHING on Macs that can be doing any damage.
  I ran ClamXav and MacScan on all 3 of my macs. All scans come up clean. Are there any other things I can do to check my system? I want to be completely sure. I don't want to have to format and re-install Leopard on these computers if possible.
  Thank you.

  markhimself wrote:
  My online security has been seriously compromised in the past two weeks. It started out with my email account being hacked, and a spam message sent to everyone in my contact list.
  You said you only used gmail from the web interface. Is your contact list online as well?
  Now all of my domain names were hacked (most likely via my FTP software) and something installed malicious code into all of my websites that install a trojan on any unsuspecting visitor.
  Why would your FTP software be to blame? It is possible that some 3rd party could have sniffed your password if you were using an unsecure protocol, which standard FTP certainly is.
  I believe a computer in this house is (or was) acting as the router for all internet traffic and is sniffing passwords. At least, that's the only logical thing I can think of.
  That's not very logical. I doubt that the PC could "take over" routing. It could have been completely compromised and that would compromise any password used on that machine or shared with any other account anywhere else. Your actual broadband router could have been hacked. That isn't likely or common, but it is possible.
  I'm afraid to find out what's next, but I need to find the root of this problem and GET RID OF IT. We have a PC in the house
  OK - there you go - get rid of it.
  And the problems are still occurring.
  Have you changed all of your passwords via secure connections?
  The email hack happened before i wiped the PC, and the attack on my websites happened after.
  Websites are a different issue. If your passwords were compromised, all bets are off. Still, you have to be careful with websites. If you use things like WordPress and don't keep them constantly updated with security patches, your website can easily be hacked.
  But I want to be ABSOLUTELY sure that there's NOTHING on Macs that can be doing any damage.
  I ran ClamXav and MacScan on all 3 of my macs.
  The Macs are fine. That is the only part you don't have to worry about. There are no viruses to infect them, but you still need to change their passwords. Once they have passwords, there is no need to hack. Just log in.

• Firefox.exe suddenly only 2 KB (and IE 1 KB) & flagged up as malware

  On January 13 (2015), I was surprised to find my Kaspersky anti-virus software (Pure 3.0 at the time) flagging up the following as malware (trojan):
  firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe HEUR:Trojan.WinLNK.StartPage.gena
  iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe HEUR:Trojan.WinLNK.StartPage.gena
  eBay Sidebar for Firefox.lnk C:\Users\David\Desktop\eBay Sidebar for Firefox.lnk HEUR:Trojan.WinLNK.StartPage.gena
  I followed the instructions to quarantine and re-boot. No problem. After re-boot, I could not access Firefox and discovered that it had indeed been quarantined - along with IE (which I rarely use) and eBay Sidebar for Firefox (which I haven't used in a long time). On restoring these, they are again identified as malware. Further investigation revealed that firefox.exe was only 2 KB in size - and IE was only 1KB.
  Kaspersky advised to upgrade to Total Security, which I did and this stopped identifying the files as malware. Full virus checks, including from safe mode, revealed nothing. Running a suite of recommended anti-malware programs did pick up a limited number of bits and pieces (and which I deleted) that Kaspersky didn't, although my research on the net points to them all being the kind of things that produce unwanted adverts on browsers .... not anything that would wipe or rename programs (I didn't see any unwanted ads, though, possibly because of my settings in Firefox, Kaspersky and NoScript).
  Kaspersky feels firefox.exe was corrupted (well at 2 KB, it's certainly not right) - although what corrupted it is another question. All other files in \Mozilla Firefox seem to be there, and I have no issues with any other software or files on my PC (just these three). Yet the same thing happened to IE at the same time. That makes a failing hard drive very unlikely indeed - but it does make me suspicious that there was *something* that deliberately did this, which Kaspersky did not pick up. However it would be unusual for decent anti-virus software like Kaspersky to miss something. Further, the same issue should have been occurring widely around the same time, because if everyone around the world were losing their browsers it would have made the news - not to mention advertising malware that corrupts both browsers being rather self-defeating!!
  Incidentally, the desktop shortcuts have been replaced by the default Windows icon for programs that don't have a custom-made shortcut. And clicking on what was the Firefox shortcut opens a DOS box, that closes immediately; IE does the same but a "16 bit MS DOS Subsystem" error box appears (those were the days!) with:
  C:\Users\Public\Desktop\Internet Explorer.lnk
  The NTVDM CPU has encountered an illegal instruction.
  CS: 123f IP:012d OP: 8f af 9f 6e ba Choose 'Close' to terminate this application.
  [Clicking 'close' or 'ignore' both close the DOS box - and that's it. No virus or anything similar is picked up and four anti-malware programs I'm using now show my system to be clean]
  So my questions are:
  (1) Any thoughts as to what happened?
  (2) I need to get Firefox working again. Can I simply copy firefox.exe from another machine and replace the existing 2 KB firefox.exe, and everything should be fine, as it was before .... or is it not as simple as that?? (I understand Firefox keeps preferences, etc., in separate files).
  Thanks in advance for any comments.
  Dave

  Sorry you have had this problem
  It my be possible and work if you overwrite the problem ''firefox.exe''
  However that could cause problems and the usual solution would be to download and install Firefox again from an official site, and using a clean install involving deleting the existing program files. (CARE leave the Firefox profile folders and files alone. In fact it would be worthwhile, as a ''belts braces'' precaution; locating and backing them up first )
  * See [[Firefox keeps crashing at startup#w_try-a-clean-install]]'''_try-a-clean-install'''
  * [[Back up and restore information in Firefox profiles]]
  ** [[Profiles - Where Firefox stores your bookmarks, passwords and other user data#w_finding-your-profile-without-opening-firefox]]'''_finding-your-profile-without-opening-firefox'''
  As for what happened, you have given a well reasoned and intelligent summary but after the event it is going to be almost impossible to pin it down. Sometimes AV does flag false positives especially temporarily &/Or if not fully updated.
  ===Clean Reinstall ===
  Certain Firefox problems can be solved by performing a ''Clean reinstall''. This means you remove Firefox program files and then reinstall Firefox. Please follow these steps:
  '''Note:''' You might want to print these steps or view them in another browser.
  #Download the latest Desktop version of Firefox from [https://www.mozilla.org mozilla.org] (or choose the download for your operating system and language from [https://www.mozilla.org/firefox/all/ this page]) and save the setup file to your computer.
  #After the download finishes, close all Firefox windows (or open the Firefox menu [[Image:New Fx Menu]] and click the close button [[Image:Close 29]]).
  #Delete the Firefox installation folder, which is located in one of these locations, by default:
  #*'''Windows:'''
  #**C:\Program Files\Mozilla Firefox
  #**C:\Program Files (x86)\Mozilla Firefox
  #*'''Mac:''' Delete Firefox from the Applications folder.
  #*'''Linux:''' If you installed Firefox with the distro-based package manager, you should use the same way to uninstall it - see [[Installing Firefox on Linux]]. If you downloaded and installed the binary package from the [http://www.mozilla.org/firefox#desktop Firefox download page], simply remove the folder ''firefox'' in your home directory.
  #Now, go ahead and reinstall Firefox:
  ##Double-click the downloaded installation file and go through the steps of the installation wizard.
  ##Once the wizard is finished, choose to directly open Firefox after clicking the Finish button.
  More information about reinstalling Firefox can be found [[Troubleshoot and diagnose Firefox problems#w_5-reinstall-firefox|here]].
  <b>WARNING:</b> Do not use a third party uninstaller as part of this process. Doing so could permanently delete your [[Profiles|Firefox profile]] data, including but not limited to, extensions, cache, cookies, bookmarks, personal settings and saved passwords. <u>These cannot be easily recovered unless they have been backed up to an external device!</u>

• Malware/Virus

  I just picked up a 2nd user ipod nano 2nd Gen from Cash Converters.. its fine but i took a look at what was on the ipod by exploring drive and found a file called gifodybul.exe which my avast anti virus checker tells me is malware/trojan horse.... i cant find any reference anywhere... any ideas?

  Hey there,
  Your antivirus program looks for anything suspicious whether it be a known virus or not, which it may be the case. I am not positive as to whether or not it is, but all that really matters is getting rid of it. You can do this, by restoring the iPod using iTunes, which will wipe everything off it and start it from scratch. Hope this helps.
  B-rock

• What are trojan horses

  What are Trojan horses

  http://en.wikipedia.org/wiki/Malware
  Trojan
  In computer world Trojan is a kind of Malware.
  Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems. While it is sometimes software, it can also appear in the form of script or code. Malware is a general term used to describe any kind of software or code specifically designed to exploit a computer, or the data it contains, without consent.[1] The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software.[2]