Possible Virus On Bootcamp, how to remove?
Hi, I think I may have gotten a virus on my windows partition of my macbook pro. I windows XP professional with service pack 3 installed. Last weekend I was booted into windows when it suffered a "fatal error." The computer restarted and windows XP was fine. I did, however, get this email from my university network manager concerning my computer:
The computer in question appears to be infected with
a Trojan or worm that reports home to an IRC server.
Several examples include sdbot, spybot, gaobot, polybot,
and some variants of OptixPro. We notice these because
the computer is trying to connect to a known IRC bot
controller.
We often are unable to tell exactly which version of
which IRC bot an infected computer has, but the
detection method is rarely wrong. There are hundreds if
not thousands of known variants of each of the above
viruses, with new ones being released daily. Updated
AntiVirus software may or may not detect this threat.
Odds are good that the attacker obtained the
password database for this computer, containing all
of the passwords for all accounts on the computer.
It is IMPERATIVE that all passwords for all accounts
on this computer be changed before this computer
is placed back onto the network.
Computers infected with an IRC bot should have their
hard disk formatted and have the Operating System
reinstalled and patched before coming back onto the
network. All passwords on the rebuild system should
be different than they were on the infected system.
IRC bots not only often come bundled with
other malicious software, but once they connect to
the IRC controller, they often download and install
even more malicious software, without the knowledge
and/or consent of the computer user. Therefore,
even if AntiVirus software detects and removes the
IRC bot, typically more malicious software is left
behind, still running.
IRC bots are updated frequently. Even up-to-date
AntiVirus software often doesn't detect the latest
IRC bots. Once the AntiVirus companies start
detecting a particular IRC bot, the bot is typically
instructed to update itself to a variant that is
not detected by AntiVirus.
Because of the above activities, scanning for viruses
with an AntiVirus product is typically not an effective
remedy for an IRC bot infection.
I have symantec antivirus for mac, is there any way I can use it to scan the bootcamp partition? I think I know where the infected file is, but symantec says it's clean. I also have Symantec for Windows.
It would be a HUGE inconvenience to reinstall windows XP because my disc is at home and I will not be home for another 2 and a half months. Can you give me any tips on how to remove this virus without reinstalling windows XP?
Thanks,
Sam
If you delete it you are only getting rid of half the problem, and likely will be unable to do this.
Start up in Safe mode.. (If you're having trouble doing this press start and search for MSCONFIG go to boot.ini and start in safe mode).
This will only run basic stuff for windows and should potentially stop the Winlog running.
However as I said winlog will probably re-appear because the trojan will likely just retrieve it back from the internet.
I say the best solution is...
Restart your mac into OS X, download Avast free edition and Spybot S&D or similar, and ZoneAlarm Firewall.
Put them on your bootcamp drive. restart into windows in safe mode. Install those and restart back into safe mode if needed.
Set avast to run a boot time scan (Scans before you load into Windows. Run SpyBot S&D. And set Zonealarm to have atleast some sort of protection running all the time.
Similar Messages
-
Nutcracker-Fam Virus -- anybody know how to remove it?
Received the following from my anti-Virus software (Sophos): It detected a threat, Nutcracker-Fam, which it cannot remove. The threat cannot be cleaned up. I cannot find anything on how to manually remove that virus! What kind of virus is it, where did it come from and most importantly, how do I get rid of it? Thanks!
You should never, ever, ever delete a file identified by an anti-virus program without very careful investigation! As Kevin points out, you have probably just irrevocably destroyed an entire disk image of some kind, and all of its contents. Depending on what disk image that is and what's on it, and whether you have backups, this could be a disaster or it could be no big deal.
If a band file was identified as this old Windows malware, it was almost certainly a false positive. -
Does any one know how to remove pop up and malware. There is a lot of pop up on my mac book air OSX 10.10
Helpful Links Regarding Malware Problems
If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.
Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
Fix Some Browser Pop-ups That Take Over Safari.
Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
Quit Safari
Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
Relaunch Safari
If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
An excellent link to read is Tom Reed's Mac Malware Guide.
Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
See these Apple articles:
Mac OS X Snow Leopard and malware detection
OS X Lion- Protect your Mac from malware
OS X Mountain Lion- Protect your Mac from malware
OS X Mavericks- Protect your Mac from malware
About file quarantine in OS X
If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)
From user Joe Bailey comes this equally useful advice:
The facts are:
1. There is no anti-malware software that can detect 100% of the malware out there.
2. There is no anti-malware that can detect everything targeting the Mac.
3. The very best way to prevent the most attacks is for you as the user to be aware that
the most successful malware attacks rely on very sophisticated social engineering
techniques preying on human avarice, ****, and fear.
4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on
your computer is intended to entice you to install their malware thinking it is a
protection against malware.
5. Some of the anti-malware products on the market are worse than the malware
from which they purport to protect you.
6. Be cautious where you go on the internet.
7. Only download anything from sites you know are safe.
8. Avoid links you receive in email, always be suspicious even if you get something
you think is from a friend, but you were not expecting.
9. If there is any question in your mind, then assume it is malware. -
please could somebody help.i think my iphone4 has malware or a virus and would really appreciate suggestions on how to remove.wy safari browser is frozen and thought about a system backup to itunes and restoring factory settings.worried this would also infect my computer?
thanks in advance.If your iPhone is jailbroken then it doesn't have a virus.
Your problem is most likely something else and the chances of your computer catch it are nonexsistant.
Allan -
How to remove latest java virus?
How to remove latest java virus manually as reported in the media?
There is some incorrect information being presented in this thread.
Neither your system nor Java is updated daily. XProtect on 10.6 or above may get automatic updates as they are pushed out by Apple, but not necessariy daily. I have seen a week or more go by without any, and there have been none for the latest Flashback attack.
There are now Java updates for 10.6.8 and 10.7 to patch the vulnerability that is currently being exploited. This Trojan does not necessarily require your password or any user interaction for infection.
Use Software Update to see if there is a Java update for your OS.
The github Flashchecker is inaduate as it depends on outdated definitions.
Try using this one, which is most certainly more current.
http://www.f-secure.com/weblog/archives/00002346.html
Apple is currently developing a detection and removal tool. No idea when it will be ready.
http://support.apple.com/kb/HT5244 -
If the virus entered in iphone how to remove them
if the virus entered in iphone how to remove them
virus's are not cross platform and there are no known IOS virus's
-
Is there a virus remover for macs?
Not really needed, but see:
Helpful Links Regarding Flashback Trojan and Virus Protection
An excellent link to read is Tom Reed's Mac Malware Guide.
A link to a great User Tip about the trojan: Flashback Trojan User Tip.
To check for the trojan: Anti Flashback Trojan 2.0.4.
A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started. Or the preferred method is to use Apple's protection tool: Flashback Malware Removal Tool 1.0.
Or, open Software Update. If you do not have the Apple protection software installed it will download and install it via Software Update. If no update appears that means you either already have it installed or it isn't needed for your system. The software is only available for Leopard, Snow Leopard, and Lion versions of OS X.
Also see Apple's article About Flashback malware.
For general anti-virus protection I only recommend using ClamXav.
For the DNS Changer malware see the following:
Will your internet service cut off on July 9?
DCWG | DNS Changer Working Group
How to remove the DNS Changer malware -
It was informed that my ipad have some virus. How to remove?
While I am downloading from internet it was informed that some virus have been downloaded which is harmfull for my ipad. Kindly advice me how to remove.
It's a scam. They are trying to make you buy something you don't need.
Currently there's no known virus affecting iPad; that is if you do not Jailbreak iPad.
http://support.apple.com/kb/HT3743 -
How to remove Google Redirect Virus
How to remove Google Redirect Virus
ABA123 wrote:
Google Redirect Virus
Your question presupposes a conclusion that will only mislead you and others into pursuing solutions that are likely to exacerbate whatever problem exists.
Please describe the problem you are experiencing, and the equipment being affected by the problem. Your question was posted in the Power Mac Discussions area while your equipment profile indicates a Mac Pro, and a version of iOS inapplicable to either of them. All that information conflicts with itself, so please resolve those discrepancies.
Thanks! -
How to remove better rewards virus?
how to remove better rewards virus?
Try looking at thomas' Mac Virus guide for adware removal. I didn't see what you called it, but maybe it is related to one of the others he has posted: http://www.thesafemac.com/arg-identification/
-
How to remove MAC Defender Rogue Anti-Virus?
How to remove MAC Defender Rogue Anti-Virus?
Lois, there are other messages threads posted here with details on the removal of MACDefender and MACSecurity. Search on them for a listing of relevant threads.
Here’s a Macworld article on how to prevent after you have removed it:
http://www.macworld.com/article/159595/2011/05/macdefender_trojan_horse.html
To remove, launch Activity Monitor and look for MACDefender. Quit it and any connected processes. Using Spotlight, search for MACDefender and remove everything found. Take the preventative steps in the article above. -
I have an IMac and opened an email that may have been infected with a virus. How do I check my IMac for a possible virus? What does PPC mean?
You would be better posting this in the Lion forum.
https://discussions.apple.com/community/mac_os/mac_os_x_v10.7_lion?view=discussi ons
It's possible you email contained a virus, but unlikely. There haven't been any reports of email viruses effecting the mac.
My understanding is the Apple provides security updates for all malware including viruses.
There have been reports of a --
-- Phoney virus checking program
-- flash malware.
ppc -- Power PC. An older computer processor used by Apple. Last Mac shipped with PPC was in 2006.
I've read about two virus checking programs for the mac. One is clamav. The rest are either junk or malware.
http://www.clamav.net/lang/en/
Security update.
http://support.apple.com/kb/HT1222 -
How to remove viruses: savingsbullfilter and levelqualitywatcher32?
How to remove viruses: savingsbullfilterservice.exe and levelqualitywatcher32.exe? Microsoft Security
Essentials appears to remove these pop-up ad virus programs for one day, but the next day they are back. Any help is appreciated.
Thanks!Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
You can try these free programs to scan for malware, which work with your existing antivirus software:
* [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner]
* [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware]
* [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility]
* [http://www.surfright.nl/en/hitmanpro/ Hitman Pro]
* [http://www.eset.com/us/online-scanner/ ESET Online Scanner]
'''<h2>Make sure you scan with ALL programs listed above.</h2>'''
Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article.
Did this fix your problems? Please report back to us! -
I have two separate itune accounts under two different email accounts and would like to combine them under one account. Is this possible and if so, how do I do it?
If you go to Settings > iTunes & AppStore , you can sign out from your account, and sign in with the one you've used to purchase apps.This will not remove any apps you already have on it.
Then you can go to AppStore and download apps you've purchased (either via "Purchased" button in "Updates", or simply search for them and download them.
That way you can have multiple accounts' apps on your iPad. When updating, you will be prompted for the credentials for account you've purchased given App with. -
How to remove the '#'symbols for infoobject movement types in bex reporting
Hi All,
I have a problem in Bex reporting. The problem is when ever executing the report that time some of the characteristic values is shown in layout '#' Symbols. i want to remove the '#' valuse in report.
is it possible please give me step by step procedure for how to remove the '#' Symbols in reporing layout.
this is very urgent please help to me on this issue.
Thanks & Regards,
Guna.Hi Guna,
To achieve this issue, we need to replace the value of #, we need to change the description while retrieving the data from tables. So we need to write some ABAP code in SE38. Go to RSA1 transaction and go to Info objects tab. Then go to context menu for cProject Key Figures as shown below. Click on the Object Overview to get the overview of all the info objects. Here you can see the field names which are used to know the table names.
In SE11, type the table name in Database Table field. Now press F4, then you will get the next screen to select one of the P/Q/S/T tables.
Now click on the button rounded in the below screen to view the data in the table.
Now click the execute button or press F8 to view the records.
Now go to Tcode: SE38. Create a source code and give some program name for that source code. To write code, you need access key. Contact your BASIS for this.
Now write the below code for that particular table in which you want to change the value # to description Blank. In the below source code, we are updating particular table, setting the field as Blank where it is null or no value. Here the field will automatically get updated to # if there is no value or null.
update /BIC/PXXXXX set /BIC/ZXXXX = 'Blank' where /BIC/ZXXXXX is null or /BIC/ZXXXX = ''.
if sy-subrc eq 0.
write 'successful'.
commit work.
else.
write 'unsuccessful'.
endif.
OR
If this # is because of the missing master data than,
right click that IO -> maintain master
you will see first row as a blank.
whatever value you maintain in this row that will come in the report for all Not assigned # values of the master data in the report.
maintain it according to your requirement, save and activate the master data
Hope this helps u...
Regards,
KK.
Maybe you are looking for
-
XML generated Spry collapsible panel Group.
I have been trying to generate a set of collapsible panels from a XML file. I've managed to get only so far but have not quite fully suceeded. The panels are all open even though I've tried to set the default as closed. Additionally, none of
-
The context has expired and can no longer be used errors making farm unusable
There are a couple of other posts on this forum about the message "The context has expired and can no longer be used" but they all suggest something related to time and time zone differences. This is not the case in my farm and I have disabled the se
-
Hi i installed firefox 4 beta and cant uninstall 3.6 on windows 7 64 bit
i have firefox 4 beata installed but cant get rid of firefox 3.6 i have tried control panel uninstall program and nothing happens i am on windows 7 64 bit
-
Light fast blinking on cartridge. How long can I keep printing. Will it harm my printer?
I have a Canon MX882 using cartridges 226. Most times we have extra cartridges, but on occasion, an ink cartridge has started fast blinking before I can purchase new and what I am printing I need done. The print is still good, clear, dark. I have g
-
Trying to integrate with User Messaging Service adapter in SOA suite. Can it be possible through an JMS interface. I have an JMS backend integrated to Oracle B2B. Is it possible to send an email protocol message using JMS interface to B2B where User