P0rn4Mac & 1032.dmg trojans (misspelled so it won't ****)

*4mac is something very bad. I just got it. very nasty. It won't let me use time machine to get rid of it. It won't let me delete it.
I got it on an imac running up to date 10.5 leopard.
I got it from a web page that appeared on a google search result page. It appeared to be an appropriate search result, the google synopsis had my search terms in it, etc. (I was searching for "precision 165 sailboat for sale" so this can hit you on any search term.) I clicked the link. It redirected me to a page that began a download of 1032.dmg automatically. I was not asked. I did not install the disk image. Forgot about ejecting the disk image. Somewhere along the way I saw the filename "****4mac." I've googled the 1032.dmg trojan and it seems like it's a different thing than ****4mac, which is confusing. Perhaps I got both at the same time.
I got the 1032.dmg file into the trash. It would not allow me to empty the trash. I restarted. Still could not empty trash. I noticed that my time machine backup disk was turning non-stop when I tried to empty the trash, so I shut that disk off. I was then able to empty the trash.
I turned the time machine disk back on and I tried to use time machine to restore to pre-attack condition. Time machine will not work. I can see the backups but the "restore" button is greyed out and does nothing. I turned the time machine disk back off.
I went back to google and googled "**4mac." I got several results that looked helpful. I decided to read one of those pages, but for safety I decided to read google's cache of that page in case it was the virus lurking as a help link. I was wrong, even google's cache redirected me again to some kind of download page. Same deal as before, only this time it actually took over my imac, INSTALLED WITHOUT ASKING FOR MY PASSWORD, it took over the entire screen, including the menus, and showed me the **4mac gui. I held down my power button to get out of it.
Upon restart it looked like my imac was normal, but after an overnight shut down the imac was completely bricked the next morning. I unplugged the imac for 4 hours, then it started up normally again.
I bought MacScan from SecureMac. I ran it earlier today without it finding anything (backup disk still turned off). Today I tried running MacScan again and it said that updates were available, so I updated MacScan and I am running it again now.
That's all I know at this time. As far as I know my imac is still infected. I plan to let MacScan run to completion. I'll then try turning the backup disk on and running it again.
I'll post again if I learn more.

1023.dmg is the DNS changer trojan. That's the one that was making the rounds a few months ago. Since it changed DNS settings, the user could be redirected to further malicious sites despite entering correct addresses in the browser, or clicking on legitimate links. To be installed, it did require user intervention, requiring a user to i) run the installer, and ii) provide an admin password.
However, since that trojan originally came out, a privilege escalation vulnerability came to light so that any trojan potentially wouldn't require a password. The installer still was required to be run, however. This vulnerability was patched with the latest security update (2008-005) but if the OP is still on 10.5.2, it is possible that they are still vulnerable, and that the trojan has been modified to take advantage of the privilege escalation.
So 1032.dmg could be a typo, or a new revision...
Edit: there are several DNS Changer removal tools on the internet. Since I haven't used any of them I don't want to endorse any, but it might be worth trying one out. Of course, search and download from a "clean" machine or else something worse might end up being installed...

Similar Messages

  • External drives and dmg files mount fine, but won't show on desktop

    Recently purchased a new Mac Mini 2.3 ghz i5 with OSX Lion. Everything is updated, repaired permissions from the check disk utility.
    Still my firewire drive, and any DMG files from software I'm looking to install are not showing up on the desktop. They mount fine, I can write to them, see them on the Finder left siderbar, share them on my intranet at home and use Back to Mac and Screen Sharing without any problems.
    Anyone have an idea why this peculiar flaw is occuring? Is it a "feature" of Lion?

    Much better: I was in the same shoes once as you
    Searching hi and lo for this easy solution.
    Have Fun
    Stefan

  • Copy file from mounted DMG to the Applications folder?

    I'm wanting to copy file (application) from a mounted DMG to the Applications folder. Something like:
    tell application "Finder"
    try
    copy "Volumes:Dropbox Installer:Dropbox.app" to folder "Volumes:Macintosh HD:Applications"
    end try
    end tell
    (But that doesn't work).
    Preferably overwriting the existing application in that folder. Any help would be greatly appreciated.

    tell application "Finder"
        duplicate file "Volumes:S001TEST:S001-S001c-TEST.zip" to folder "Volumes:Macintosh HD:Applications" with replacing
    end tell
    I tried this principle in Applescript (Mavericks) and received error...
    Finder got an error: Can’t set folder "Volumes:Macintosh HD:Applications" to file "Volumes:S001TEST:S001-S001c-TEST.zip".
    "001TEST" is a disk image with filename of "S001TEST.dmg"
    Any ideas why this won't work?

  • Mounted .dmg search unsuccessful

    Have tried to use spotlight to search a mounted .dmg volume for a particular word in files that might contain it. It doesn't work. Have tried Easyfind (alternative app) which wasn't successful either. Anything else out there that works?

    Spotlight does not index .dmg mounted volumes, so it won't find anything. Easy Find should work if you've configured it correctly and the word you're searching for actually exists in the files on the mounted image. Remember you must set Easy Find's drop down menu to the proper volume you wish to search.

  • How can I only allow my Apple TVs access to my LAN?

    In my set-up, I have three Apple TVs in separate rooms all connected to a LAN via their ethernet ports. They are connected via a switch to my Airport Extreme and my Mac Mini is also connected to Airport as an iTunes server. The Airport runs a WiFi network for internet access but I don't want people to be able to plug their computers into my LAN and have access to the whole set-up.
    What can I do to achieve this?
    I don't want the Apple TV's to rely on the WiFi so I can use MAC Address Filtering, since it is patchy and streaming HD videos is more stable via ethernet. I have looked into setting-up an 802.1x network but when investigating the Configurator app to set-up the Apple TVs to access an 802.1x network it refers only to WiFi set-ups again. Also, I don't know much about RAIDUS servers and authentication, such as whether I'd need any additional hardware etc.
    Any help would be gratefully received.
    JB

    ...any app launched from /Applications holds only the permissions of the user launching the app, regardless of the owner (presumably because anyone, including "root" can install applications into /Applications).
    It has nothing to do with where the application is installed. Any executable runs with the permissions of the user who runs it. The only exception is a binary executable with the SUID or SGID bit set, and then only if it's on the root device, and only if it's not an Aqua application. The SG/UID bits are ignored otherwise.
    So, anyone who has installed Wireshark from the "native .dmg" by drag-and-dropping won't be able to use the suid trick because the OS will ignore the suid permissions.
    Sorry, I don't understand this at all. Wireshark invokes dumpcap as a child process to capture packets. If dumpcap is installed anywhere on the root device as SUID root, then it will run as root regardless of who invokes it.
    The suid method will only work for Macports and Fink installations...
    That's not correct. There are many SUID or SGID executables in a default installation of the Mac OS, and none of them comes from MacPorts or Fink.

  • I'm having a problem opening my files -..

    I'm having a problem opening my files …..for example if i want to download something off the internet and run it after it always opens in Textedit which is annoying…..other programs open fine which are dmg but the exe files won't run….i need help

    If you are in fact running Mac OS 9 or earlier, which is from 2001 or earlier, .dmg files are disk image files like the .smi files used under Mac OS 9, but they are only Mac OS X compatible.   They are frequently used to store Mac OS X only installer disk image files.  .exe files are are Windows and MS-DOS executable files which can only run with Windows or DOS virtualization:
    https://discussions.apple.com/docs/DOC-2741
    Most Mac OS 9 programs you'll be able to download either have a .sea, .sit, or .hqx suffix in their file name and are able to be opened with the old Mac OS 9 copy of Stuffit Expander.
    If you are using another operating system, please go to Apple menu -> About this Mac and tell us what you are running.  You posted to the Mac OS 9 forum, hence my response.    If there is an X in the name, you posted to the wrong forum, and I'll have this post redirected and try to answer if I have time.

  • How can i get on my iMAC read access to BPF devices in /dev/bpf*

    Ls.
    How can i get/change on my iMAC read access to BPF devices in /dev/bpf*
    I want to use Wireshark.
    Thanks in advance.
    Loekie.

    ...any app launched from /Applications holds only the permissions of the user launching the app, regardless of the owner (presumably because anyone, including "root" can install applications into /Applications).
    It has nothing to do with where the application is installed. Any executable runs with the permissions of the user who runs it. The only exception is a binary executable with the SUID or SGID bit set, and then only if it's on the root device, and only if it's not an Aqua application. The SG/UID bits are ignored otherwise.
    So, anyone who has installed Wireshark from the "native .dmg" by drag-and-dropping won't be able to use the suid trick because the OS will ignore the suid permissions.
    Sorry, I don't understand this at all. Wireshark invokes dumpcap as a child process to capture packets. If dumpcap is installed anywhere on the root device as SUID root, then it will run as root regardless of who invokes it.
    The suid method will only work for Macports and Fink installations...
    That's not correct. There are many SUID or SGID executables in a default installation of the Mac OS, and none of them comes from MacPorts or Fink.

  • Expanding Dowloaded files from Safari

    When I download a dmg file using Safari, it won't mount? Am I doing something wrong?

    Back up all data.
    If Adobe Reader or Acrobat is installed, there should be a setting in its preferences such as Display PDF in Browser. I don't use those applications myself, so I can't be more precise. Deselect that setting, if it's selected. Otherwise do as follows.
    Triple-click anywhere in the line of text below on this page to select it, the copy the selected text to the Clipboard by pressing the key combination command-C:
    /Library/Internet Plug-ins
    In the Finder, select
    Go ▹ Go to Folder
    from the menu bar, or press the key combination shift-command-G. Paste into the text box that opens (command-V), then press return.
    From the folder that opens, move to the Trash any items that have "Adobe" or “PDF” in the name. You may be prompted for your login password. Then quit and relaunch Safari, and test.
    The "Silverlight" web plugin distributed by Microsoft can also interfere with PDF display in Safari, so you may need to remove it as well, if it's present. The same goes for a plugin called "iGetter," and perhaps others — I don't have a complete list.
    If you still have the issue, repeat with this line:
    ~/Library/Internet Plug-ins
    If you don’t like the results of this procedure, restore the items from the backup you made before you started. Relaunch Safari again.

  • AIR(Desktop) -Upload in MAC app store

    Please help me to upload air(desktop) application into MAC- App store.
    I can create .app file and .dmg with native instalers (with won created .p12 with flashbuilder).
    And i have apple developer .p12 certificate. (I have apple developer ID)
    I got this error while packing when using created .p12 certificate with my Apple Developer account.
    Please help me.! I need to upload my (.air application for MAC) upload in MAC App store.
    Please give me as step by step method as if u can.
    Thank you all..!
    Note: I can upload iPhone, iPod and iPad Applications in appstore.
             But, I need to upload MAC app store.
    I tried:
    http://pigsels.com/2012/04/air-app-store-publishing-guide/
    http://forums.adobe.com/message/1975832#1975832

    I tried this
    http://forums.adobe.com/message/1975832#1975832

  • Installation Issue (Upgrade)

    I'm currently trying to install the audio content for STP - whenever it asks for audio content disc 1 (after the main install disc) and I insert the disc, it spins up and then rejects the disc (still asking for the same disc).
    I checked to see if the disc was damaged but there are no signs of scratches...
    I never installed this content for FCS2 - and I am trying to just use the audio content discs that came with the update (is that correct or do I need to use the ones from FCS2?)
    Also - I am trying to install them to an external drive.

    Try this as a possible workaround:
    With that disc mounted on the desktop, open Disk Utility and create a disc image of that disc. No encryption, no compression, read only.
    If DU does that successfully (double-click on the resultant dmg and let it run verification), then do the same thing for all the install discs. Create a folder and place all of the disc images into that folder. This whole process will take you several hours, but it could mean you don't have to wait for AppleCare to send you a replacement disc.
    Now double-click each dmg to mount them all on the desktop. Then double-click on the Final Cut Studio install package and the installation of the entire Studio will proceed relatively quickly once you enter the SN and your personal information.
    But if the dmg for the problem disc won't pass verification, then you must call AppleCare for a replacement.

  • My question actually has to do with mac mail. someone has corrupted it, and is using it to send out emails, which keep getting rejected. some of the strangest address's and so forth. anyone else had this problem? where and what can I do about it.

    my mac mail is corrupted or being infiltrated. emails are being sent to whomever and where ever. the recipients are not from my known contacts list, and these emails are also being rejected.  where can I report this problem to, specifically what can I do about it.

    Thinking about it, ClamX will find Windows as well as Mac malware. This might not have been a Mac trojan. Here's a list of recent Mac malware in the ClamX catalog.
        •    Backdoor.OSX.BlackHole                     
        •    Trojan.OSX.MacDefender                     
        •    Trojan.OSX.MacDefender.B                   
        •    Trojan.OSX.MacDefender.C                   
        •    OSX.Defma-1                                
        •    OSX.Defma-2                                
        •    Trojan.OSX.MacBack                         
        •    Trojan-Downloader.OSX.Fav.A                
        •    Trojan-Downloader.OSX.Fav.B                
        •    OSX.RSPlug                                 
        •    Trojan.OSX.iservices.A                     
        •    Trojan.OSX.iservices.B                     
        •    OSX.DNSChanger.dmg                         
        •    OSX.DNSChanger.dmg-1                       
        •    Trojan.OSX.RSPlug.F.dmg                    
        •    Trojan.OSX.RSPlug.F.dmg-1                  
        •    Trojan.OSX.RSPlug.F.dmg-2                  
        •    Trojan.OSX.RSPlug.F.dmg-3                  
        •    Trojan.OSX.RSPlug.F.dmg-4                  
        •    Trojan.OSX.RSPlug.F.dmg-5                  
        •    Trojan.OSX.RSPlug.G.dmg                    
        •    Trojan.OSX.RSPlug.G                        
        •    Exploit.OSX.Safari                         
        •    Trojan.OSX.Cowhand                         
        •    OSX.DNSChanger                             
        •    OSX.Trojan-2                               
        •    Trojan.OSX.Opener                          
        •    Trojan.OSX.RSPlug.C                        
        •    Trojan.OSX.RSPlug.D                        
        •    OSX.Tored                                  
        •    OSX.RSPlug-2                               
        •    Trojan.OSX.OpinionSpy.B                    
        •    Trojan.OSX.OpinionSpy.A                    

  • Max OS X Snow Leopard on x86 hardware

    I always wanted to use a Macintosh, so I went and got some software. However, I'm afraid I don't know what to do, it's a .dmg, and that file type won't work on Windows x86 hardware, or atleast I don't think it will. I want to dual boot it with my Windows XP. So, like would it install to a separate partition and even run the installer if I tried to boot using it, and then installed Mac OS X Snow Leopard, even though it is a .dmg?

    Hi Lyoko92;
    In addition to what Baltwo said it is illegal to install OS X on non-Apple hardware.
    Allan

  • How to make a backup Snow Leopard StartUp DVD?

    I thought I was all set on Hard Drive Repair since I could boot from an external La Cie Hard Drive (FW800). But that didn't work - Disk Utility couldn't "UNMOUNT" my internal 500 gb HD in my MBP-13" (April 2010 model) when I started-up on an external HD.
    So I used the original StartUp DVD and all worked fine. NOW I WANT a copy of that StartUp DVD to carry with me - don't want to risk taking the original DVD. OK so I burn a disk image - 7.34 gb in size - and try to burn a DVD - well of course, not enough space… I used a 4.7 gb DVD…
    What to do? Can my MBP-13" burn a single-sided DVD with 7.34 gb capacity? If so, where do I find such a DVD? If not- what to do? How to duplicate this disk for emergency startups and HD repairs?
    Thanks very much.
    Best regards,
    Steve Schulte
    Wednesday 23 March 2011

    Thanks for the fast reply! OK but how do I do that? I need to make a bootable "SD" card, right? If I just copy the Mac OS X Install DVD.dmg to the card, it won't be bootable, will it? And if I open it, and copy all the contents, it is only 950 mb or so - don't think that is the answer either…
    Thanks for any further comments on how to take this disk image that I created and get it to an 8 gb SD card (which I have) so that it becomes the bootable drive and so that I can repair my HD if needed when traveling etc.
    Best,
    Steve
    Wednesday 23 March 2011 10:30

  • MAC 10.7.5 will not boot

    Initil problems with MS Office.  Reloaded Office DMG.  Rebooted system. 

    "Won't boot" takes in a Hundred different hardware and software issues.
    If you expect Readers to help. you will need to provide a detailed description of what you do to reboot and what exactly happens (and does not happen).
    Many problems are solved by booting to an alternate drive such as Recovery_HD, launching Disk Utility, selecting your Volume (default is Macintosh HD) and running (Repair Disk).

  • Last night I downloaded ClamXav and found 6 infections

    12159.elmx - Heuristics.Phishing.Email.SpoofedDomain
    12603.elmx - Heuristics.Phishing.Email.SpoofedDomain
    16970.elmx - Heuristics.Phishing.Email.SpoofedDomain
    17164.elmx - Heuristics.Phishing.Email.SpoofedDomain
    24184.elmx - Heuristics.Phishing.Email.SpoofedDomain and
    25077.elmx - Heuristics.Phishing.Email.SpoofedDomain
    I'd just like to know: will deleting the infected files take care of the issue, or is there anything else I need to do?  I know with PCs you have to uninstall applications (not just delete them) to remove them completely, and I want to make sure I don't leave anything out.  Thank you.

    WZZZ wrote:
    Mad: A bit off topic, but is there a list somewhere of all the OS X exploits in the ClamXav catalog?
    Go to this site http://clamav-du.securesites.net/cgi-bin/clamgrok and search for "OSX" for a list of all the signature names.  Currently they are:
    Backdoor.OSX.BlackHole                      
    Trojan.OSX.MacDefender                      
    Trojan.OSX.MacDefender.B                    
    Trojan.OSX.MacDefender.C                    
    OSX.Defma-1                                 
    OSX.Defma-2                                 
    Trojan.OSX.MacBack                          
    Trojan-Downloader.OSX.Fav.A                 
    Trojan-Downloader.OSX.Fav.B                 
    OSX.RSPlug                                  
    Trojan.OSX.iservices.A                      
    Trojan.OSX.iservices.B                      
    OSX.DNSChanger.dmg                          
    OSX.DNSChanger.dmg-1                        
    Trojan.OSX.RSPlug.F.dmg                     
    Trojan.OSX.RSPlug.F.dmg-1                   
    Trojan.OSX.RSPlug.F.dmg-2                   
    Trojan.OSX.RSPlug.F.dmg-3                   
    Trojan.OSX.RSPlug.F.dmg-4                   
    Trojan.OSX.RSPlug.F.dmg-5                   
    Trojan.OSX.RSPlug.G.dmg                     
    Trojan.OSX.RSPlug.G                         
    Exploit.OSX.Safari                          
    Trojan.OSX.Cowhand                          
    OSX.DNSChanger                              
    OSX.Trojan-2                                
    Trojan.OSX.Opener                           
    Trojan.OSX.RSPlug.C                         
    Trojan.OSX.RSPlug.D                         
    OSX.Tored                                   
    OSX.RSPlug-2                                
    Trojan.OSX.OpinionSpy.B                     
    Trojan.OSX.OpinionSpy.A                     

Maybe you are looking for

  • Letter of Credit charges

    Dear colleagues: We are about to implement the u201CRisk Management u2013 Letter of Credit Processingu201D functionality (from the importeru2019s view). As an importer we need to assign some other charges to the LC (e.g. custom expenses), with variou

  • How to use GET_FIELDNAME_FOR_CHANGEDOC in CUSTOMER_ADD_DATA_CS

    Hello all, I'm using the BADI CUSTOMER_ADD_DATA_CS for some additional fields in the customer master data. These fields are included in an append of table KNB1. Their data elements have checked the "change documents" field. This is enough to mark the

  • What is the best method for backing up movies?

    I've been using Handbrake to rip out movies that I OWN so I can watch them on my apple tv. Everything works great, I'm just wondering what the best way to back up these files is. Any ideas? I own about 400 DVD's and would like to have them all in my

  • Replication like third party tool.

    Does anyone know of any third party tool that can all you to duplicate data, may be with some time unit apart, over on to another database server. So, that you can offload reporting on to that second DB server. This almost like oracle's standby datab

  • How to update values for qty n batch in mska table

    Hi experts, i would lke to know is it possible that we can update value of availabity of stock which is existing batch wise in MSKA table field 'kalab' (qty) n charg (batch). i mean we have devided material per document number into batch a b c. supos