Possible virus or malware threat?

Similar Messages

• Possible virus/malware...?

  Hello,
  Kind of an odd question here, looking for advice from folks who know something about viruses and malware.
  So today I had to go onto a website for work that required IE to run correctly. I pulled out my old PC laptop that I haven't used since I got a Mac a year ago. Said PC was already starting to fall apart, and was itself probably full of malware. In any event, it hadn't been updated, or turned on, for ages.
  Once it boots up, I turn on the wifi, connect to my home network... and suddenly the internet in the house stops working. I try to go online with my Mac and it won't connect. I turned off the old PC, but the wifi still wasn't working for a good five minutes or so. It finally came back on.
  This could just be placebo from fear that my old PC screwed everything up in the house, but I'm suddenly aware of the sound of my Mac's hard drive running even when my computer is at relative rest.
  Anyways, the past fifteen minutes were a little weird tech-wise. I guess my question is, should I be worried that my crappy old PC jacked up my wifi network with malware when I booted it up, and that somehow may have affected my Mac? As of right now the computer appears to be running fine.
  Kind of a far-fetched question I know, but I know virtually nothing about this sort of thing. The internet in my house randomly ceasing to work right when I turned on the old PC could be just a weird coincidence, but figured I'd ask anyways.
  Thanks in advance for any responses.

  I'd think that it was a 'weird coincidence' as you say.
  If it happens again, you may want to reset your router to factory settings. I don't know what type of router you have but there should be a method for resetting to factory settings somewhere in your manual.
  Good luck,
  Clinton

• Do I need to have any type of anti-virus or malware, spyware protection for my Macbook Pro?

  My Macbook is a year old. When I bought it, I was told by several people that I would not need any type of anti-virus software or anything to protect my computer because Mac did not get infected that often. However, I have had people today tell me that I do need protection for my computer. My Mac runs about as good as the day I got it, but I really don't want anything to happen to it. If I need to get an anti-virus, or malware/spyware software, what programs would y'all recomend? I am just looking for information. Thanks!

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  If you find this comment too long or too technical, read only sections 5, 6, and 10.
  OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
  An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
  For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
  4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
  5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
  6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
  Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
  7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use the free software  ClamXav— nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
  10. As a Mac user you don't have to live in fear that your computer is going to be infected every time you install an application, read email, or visit a web page. But neither should you have the false idea that you will always be safe, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

• What kind of virus or malware protection is recommended?

  I just got a new IMAC (home computor).  I called Apple support and they said Apple doesn't endorse or recomend any specific virus or malware for my Apple...  Any other users out there have any malware, spyware or anti virus app's they recomend to keep your PC virus free and running good?

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  If you find this comment too long or too technical, read only sections 5, 6, and 10.
  OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
  An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
  For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
  4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
  5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
  6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
  Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
  7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use the free software  ClamXav— nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
  10. As a Mac user you don't have to live in fear that your computer is going to be infected every time you install an application, read email, or visit a web page. But neither should you have the false idea that you will always be safe, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

• Does Apple give you a toll free number to call about possible viruses?

  Does Apple send toll free numbers to call about possible virus or is it a scam

  There are no known viruses for Macs.  There is adware and malware.  For adware, those things that keep poping up in your browser you can use AdwareMedic from thesafemac.com to quickly and easily remove all know adware. 
  That site also have this Adware Removal Guide if you prefer to do it manually thru the Finder.

• Will re-installing OSX and enabling Save Settings kill virus' and malwares?

  Hello
  My web pages are slow to load sometimes and I'm wondering if I have a virus or malware that is doing it.
  I don't want to use virus checkers or malware checkers because I've heard they are themselves used by the virus writers to plant virus' and malwares.
  So my question is; If I re-install OSX while enabling Save Existing Settings, will that remove any virus' and malwares if they are on my Mac?
  Thanks for your help.

  As there are no viruses for Mac OS X it is extremely unlikely that this is your problem, so let's concentrate on your slow page loading.
  Firstly, you need a minimum of 10.5.7 (10.5.8 is better) to run Safari 4.0.3. You show you are using an earlier version of leopard.
  Post back if you are not using Safari.
  But to answer your direct question: just possibly, so read the following first:
  No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
  It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download from:
  http://www.clamxav.com/
  However, the appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
  If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
  You can read more about how, for example, the OSX/DNSChanger Trojan works here:
  http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml
  SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
  http://macscan.securemac.com/
  The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
  (Note that a 30 day trial version of MacScan can be downloaded free of charge from:
  http://macscan.securemac.com/buy/
  and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
  A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:
  http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174
  Also, beware of MacSweeper:
  MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
  http://en.wikipedia.org/wiki/MacSweeper
  On June 23, 2008 this news reached Mac users:
  http://www.theregister.co.uk/2008/06/23/mac_trojan/
  More information on Mac security can be found here:
  http://macscan.securemac.com/
  The MacScan application can be downloaded from here:
  http://macscan.securemac.com/buy/
  You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.
  More on Trojans on the Mac here:
  http://www.technewsworld.com/story/63574.html?welcome=1214487119
  This was published on July 25, 2008:
  Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
  The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
  In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.
  Net security groups say there is anecdotal evidence that small scale attacks are already happening.
  Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm
  A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites), as reported here on December 9, 2008:
  http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm
  You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:
  http://www.securemac.com/
  There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!
  If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:
  http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/
  As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:
  http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613
  Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
  1. Avoid going to suspect and untrusted Web sites, especially *********** sites.
  2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program.
  3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through an AV application.
  4. Use Mac OS X's built-in Firewalls and other security features.
  5. Stop using LimeWire. LimeWire (and other peer-to-peer sharing applications) are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications.
  6. Resist the temptation to download pirated software. After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded. SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:
  http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg

• Do I have a virus or malware, spyware ?

  Hi,
  Bit worried right now..two things that i observed today.
  1. when i opened apple.com, I had a advertisement banner on top of it. First I thought, apple website was hacked, then realized..apple is find...darn, its my system that has been compromised...
  Opened safari and still the same. Then I downloaded macscan and it said all clear. restarted and it went.
  2. My mac just blinked..as if I a screenshot was taken..much like the way we take screenshot on iphone by pressing the home and sleep button.
  Do i have virus or malware, key logger screenshot logger..i dunno what else it could be? how do i find out my system is secure ??
  Thanks, Pj

  See the following as relevant:
  *First Mac-based botnet becomes active*
  The first known botnet to exploit Mac OS X has been activated, security researchers claim. The network is believed to have been put in place by iServices, a Trojan infection accompanying some pirated versions of iWork '09 and Photoshop CS4. Although downloaded at least 20,000 times by the end of January, the Trojan's payload has remained dormant for some time, in the same manner as many Windows botnets.
  Symptoms of the active iServices botnet may begin with excessive CPU usage on a Mac, the result of a PHP script instigating denial-of-service attacks on websites. Many anti-virus programs have been updated to block iServices however, and it may also be possible to halt the Trojan's operations by deleting "System/Library/StartupItems/DivX" and/or "System/Library/StartupItems/iWorkServices" folders. Some security companies, such as SecureMac, are offering removal tools specifically targeted at iServices.
  In spite of the potential number of infected computers, the danger from the current botnet is expected to be minimal, both as a result of security measures and the limited vectors of infection. Symantec researchers warn, though, that the code in iServices is designed to be extremely flexible, and as such modified versions may appear in upcoming months.

• Norton Internet Security cannot scan emails the use SSL. How do I insure that I do not get a virus or malware by opening an email in Thunderbird?

  Norton Internet Security cannot scan emails the use SSL. How do I insure that I do not get a virus or malware by opening an email in Thunderbird? I have read that you don't have to click on a link to get malware but that some email can trigger malware just by opening and reading. Any suggestions to keep my emails from triggering malware? AOL Desktop software has it's own built-in email scanner but I'm trying to get away from using their software and rely just on TB.
  Thanks

  There are many aspects to this question.
  First, using SSL or TLS to send and receive email is important because it prevents others from sniffing your email login. Particularly if you are using a device over wi-fi or on untrusted networks, this is critical because if others obtain your email login, bad things can happen.
  Of course, using SSL or TLS with your mail server also protects the content of your email from being captured by others, so that's good too.
  Second, you are correct that there can be security threats in email other than the attachments, although the attachments generally are the most dangerous. Your antivirus should protect you from bad attachments because in order to open them, they need to be written to disk in a temporary folder, and your AV software leaps into action whenever a new file is added to disk. You also can hedge your bets by using a two-step approach: first save the attachment to disk and only after it survives the real-time AV scan then launch it in the appropriate application.
  Sometimes content in the message body can trigger a vulnerability in your email software or a plugin. As these vulnerabilities become known, Mozilla updates its software, but there seem to always be new issues discovered and there will never be perfect security. I'm not sure how helpful email scanning is for this problem.

• I have an IMac and opened an email that may have been infected with a virus. How do I check my IMac for a possible virus?

  I have an IMac and opened an email that may have been infected with a virus. How do I check my IMac for a possible virus? What does PPC mean?

  You would be better posting this in the Lion forum.
  https://discussions.apple.com/community/mac_os/mac_os_x_v10.7_lion?view=discussi ons
  It's possible you email contained a virus, but unlikely.  There haven't been any reports of email viruses effecting the mac. 
  My understanding is the Apple provides security updates for all malware including viruses.
  There have been reports of a --
  -- Phoney virus checking program
  -- flash malware.
  ppc -- Power PC.   An older computer processor used by Apple.  Last Mac shipped with PPC was in 2006.
  I've read about two virus checking programs for the mac. One is clamav.  The rest are either junk or malware.
  http://www.clamav.net/lang/en/
  Security update.
  http://support.apple.com/kb/HT1222

• What is a safe add-on to download youtube video and audio, something virus and malware free?

  What is a safe add-on to download youtube video and audio, something virus and malware free?

  We do not really discuss add-on comparisons here, but note all officially hosted add-on extensions hosted on addons.mozilla.org and available from the Firefox User Interface will have been reviewed and be safe, secure and virus free.
  * Use Menu Button -> Add-ons -> [Search all Add-ons] <br />(Or key in to the Addressbar ''about:addons'')
  * Example [https://addons.mozilla.org/en-US/firefox/search/?q=video+download&sort=users&appver=34.0 search] (You may be able to do a better targeted search from your own machine)
  ** With >5M users top of the list is [https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/ Video DownloadHelper]
  N.B. There may be possible legal &/or copyright issues with downloading some material, but that is out of scope of this support forum discussion.

• Possible virus? MPX player?

  I need help with a possible virus. I was trying to watch a NBA and stream it online. I think it was a mpx player? HELP

  You may have installed the "VSearch" trojan. Remove it as follows.
  Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Step 1
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  Step 2
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
  This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the Internet criminal behind VSearch has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• I think I might have a virus or malware

  I know that the likelihood is very slim that I have a virus but I have been having some problems lately. Earlier I had my laptop on and then I closed it and when I opened it back up and typed my password in it kept saying it was wrong. I even checked to see if caps lock was on and it was not. I had to restart my laptop for it to work. I also opened firefox today and it said that it was the first time I used it when it was not. The "you have never used this application before." message popped up. My Internet has also been slow. Graphics/images have not been loading on the Internet or they're pixilated and take a long time to become the resolution the image is at. I also have been having trouble with charging. I will leave it unplugged and then I'll charge it but it will say "battery not charging" but it is plugged in and it shows that it is plugged in it is just not charging but it is still not decreasing in battery power. If it is not a virus what is it and how could I stop these glitches from happening? Thank you.

  Hi...
  Doubtfull it's a virus or malware.
  "battery not charging" but it is plugged in and it shows that it is plugged in it is just not charging but it is still not decreasing in battery power
  Try troubleshooting the MagSafe adapter
  If that didn't help, try Resetting the System Management Controller (SMC)
  And since there are numerous issues, the startup disk may need repairing.
  If you have Lion v10.7 insatlled, use Lion Recovery to repair the startup disk or reinstall the Mac OS X.
  If you have a prior Mac OS X installed, help here > Using Disk Utility to verify or repair disks
  And make sure there's enough free space on the startup disk.  Right or control click the MacintoshHD icon on your Desktop.
  Click Get Info. In the Get Info window you will see Capacity and Available. Make sure there's a minimum of 15% free disk space.

• Cannot uninstall AVG appears to be a virus or malware

  am not sure how or when AVG somehow managed to "get permission" to install and corrupt my firefox browser, but it cannot be deleted now.
  going into the add ons and tools, disabling AVG has no effect. in add/remove programs there is no AVG to be found.
  since nothing within firefox can disable or block or remove it, it appears to be a virus or malware. have removed or disabled and restarted the browser, again and again and again. rebooted the pc 2 times after making SURE it was disabled. still there.
  it does STUPID searches, type in something and it gives worthless answers. now each time I have to manually type in www.google.com to get to that site to be able to enter the search info. if I need to uninstall this worthless AVG thing by opening up the hard drive and taking sandpaper to those shiny disk things inside to scrape away AVG, Im going to do it.
  if anyone knows how to get a version of firefox that DOES NOT HAVE AVG? then I want to download it. if there is a driver or something that will be able to block AVG from attaching like a parasite to firefox? then I want to download that as well

  I can sense your frustration, but one important detail that would be useful to know is which of the many ways of searching and default pages has AVG Secure Search taken over?
  * Search box on the built-in Firefox home page
  * Search bar (where you can select the preferred search engine from the drop-down on the left side)
  * Address or URL bar
  * Replaced home page (Ctrl+n)
  * Replaced new tab page (Ctrl+t)
  The global Firefox Reset will clear all of those changes, but if only one or two are affected, there might be a shortcut to fixing it.

• How can I check for viruses and malware on my MacBook Pro?

  I have a MacBook Pro running OS X (10.7.5).  I don't have any anti-virus or malware software installed.  My yahoo email account was hacked last night, after I had added the account to Mail on my mac (which obviously involved typing in my email account password).  I'm now worried that I might have a virus or malwre on my computer as I've had that email account for years with the same password (foolish I know) and never had a problem.
  Is there a way to check if my mac has any viruses or malware?  Which anti-virus/malware software should I install to protect my mac?
  Thanks.

  Ever hear of this?  I was using Mozilla, and now I'm scared, so on Safari.  Even so, I'm worried about doing online banking until I know what's up.  Despite that, I did online banking on Safari today, and the pages wouldn't load, or weren't clickable.  Also, I'm getting blank screens on Safari.  It all started after this happened a number of days ago, so I want to do a scan…. but newish to the Apple world, so don't want to screw things up even more (potentially) - by installing some incompatible malware scanner. From the other day:
  has anyone's Macbook Pro ever been hacked? I was using Mozilla, just opened a twitter acct, was trying to cross link with G+, and all of a sudden all this weird stuff was happening: url bars erasing on its own (and fast), pages jumping from window to window, 2 unread msgs in Gmail later marked as read. I shut down and restarted. I don't know if it's a key stroke I did or if I may've been hacked. worried.

• ITunes 10.6.3 Mac running 10.7.3 not responding I have deleted iTunes and reinstall iTunes and it keeps happening I also scanned the computer for any trojans and any other possible viruses but the pc is running perfect waft do I do ? Please help me ?

  I need help iTunes 10.6.3 Mac running 10.7.3 not responding I have deleted iTunes and reinstall iTunes and it keeps happening I also scanned the computer for any trojans and any other possible viruses but the pc is running perfect waft do I do ? Please help me ?

  Hey thanks for replying.
  Here's what I did:
  First I tried the Winsock reset in the Command prompt. Nothing changed.
  Next, I tried the instructions on http://http://support.apple.com/kb/TS4123. The only other program that came up on the 'Winsock Providers' tab on the program was 2 Windows Live applications, which I can do without. So I deleted all Windows Live Applications.
  I did the Winsock reset in the Command Prompt again and rebooted my comp.
  Unfortunately, nothing has changed. iTunes keeps freezing at various stages of the sync, then shows the candy cane-striped bar with either the words 'Finishing sync' or 'Cancelling sync', before showing the Apple logo.
  Sometimes, iTunes gets to the syncing stage - "Copying # of ####" - where it will trudge through the first, second and third tracks before flashing "Copying 4 of ####" for a split second and I catch "Cancelling sync" briefly before the Apple logo appears.
  Again, I've repeated the steps I mentioned in my previous post. Does ANYONE know when the new version of iTunes is set to be released?! This one is driving me INSANE, to say the least!!