Trojan detected/removed ... now what?

Similar Messages

• Malware detected. Now what?

  I have found malware on my MacBook Pro, using ClamXav to scan the drive.  It has found 7 infected files so far (still scanning).  What do I do next?

  For fastest, most efficient answers to questions such as this, please visit the ClamXav Forum in the future.
  Kathyfromwestlinn wrote:
  Filename    Infection Name    Status
  Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/8194B5D8-4D8C-4127-B0FF-1E576089A3E5/Data/1/2/Messages/21859.emlx    Heuristics.Phishing.Email.SpoofedDomain 
  Library/Mail/V2/[email protected]/[Gmail].mbox/All Mail.mbox/8194B5D8-4D8C-4127-B0FF-1E576089A3E5/Data/8/4/Messages/48320.emlx    Heuristics.Phishing.Email.SpoofedDomain
  /Library/Mail/V2/[email protected]/[Gmail].mbox/Important.mbox/8194B5D8-4D8C-4127-B0FF-1E576089A3E5/Data/8/4/Messa ges/48261.emlx    Heuristics.Phishing.Email.SpoofedDomain
  /Library/Mail/V2/[email protected]/[Gmail].mbox/Sent Mail.mbox/8194B5D8-4D8C-4127-B0FF-1E576089A3E5/Data/8/2/Messages/28935.emlx    Heuristics.Phishing.Email.SpoofedDomain
  Library/Mail/V2/[email protected]/[Gmail].mbox/Spam.mbox/8194B5D8-4D8C-4127-B0FF-1E576089A3E5/Data/7/5/Messages/5 7825.emlx    HTML.Phishing.Bank-593
  /Library/Mail/V2/[email protected]/Jobs.mbox/8194B5D8-4D8C-4127-B0FF-1E576089A3E5/Data/9/6/1/Messages/169138.emlx     Heuristics.Phishing.Email.SpoofedDomain
  Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail.
  So, if you choose to "Scan e-mail content for malware and phishing" in the General Preferences, make sure you do not elect to either Quarantine or Delete infected files.
  When possibly infected e-mail files are found:
  Highlight the entry in the ClamXav window's top pane that needs to be dealt with.
  Right-click/<Control>-click on the entry.
  Select "Reveal In Finder" from the pop-up menu.
  When the window opens, double-click on the file to open the message in your e-mail client application.
  Read the message and if you agree that it is junk/spam/phishing then note the date and subject of the message and close the e-mail window.  Now, using your e-mail client, locate that message in whatever mailbox folder it was found in and delete the message using the delete button.  Reading it is especially important when the word "Heuristics" appears in the infection name.If you disagree and choose to retain the message, return to ClamXav and choose "Exclude From Future Scans" from the pop-up menu.
  Since this is a g-mail account if those messages continue to show up after you have deleted them in the above manner, you may need to log in to webmail using your browser, go to the "All Mail" folder, find the message(s) and use the delete button there to permanently delete them from the server. Then check the "Trash" folder and delete them there.
  To fix the corrupted mailbox index(es), highlight each one that was corrupted and choose Rebuild from the appropriate menu.
  "Heuristics" means that they are from or mention a financial institution and "SpoofedDomain" means it contains hyperlink(s) that are not known to be associated with that organization and may be a phishing attempt which is attempting to obtain privacy information (e.g. UserID and Password credentials). It has not been positively identified as such, just that something about the format of one or more links is suspicious. You can see exactly where a link will take you by hovering the cursor over the underlined words or image in the e-mail. Don't click the link unless you are certain that it will take you to a legitimate site. There is a significant probability that these are legitimate e-mail messages from a financial institution that you need, so trashing them could very well be a mistake. The only way to know is to read them. There is also a distinct possibility that you or your e-mail system have already decided that they are spam / junk / phishing and they came from your Spam / Junk / Deleted Items / Trash folders, so you should always check to make certain they are not needed and then delete them before running an e-mail scan.

• Hated RAID card removed, now what?

  Finally, after three years of pain and suffering, the RAID card is de-installed.
  It was easier than expected. Backed up my three old drives (that were converted into "enhanced JBOD" long ago), installed an extra drive (formatted with DU) and cloned the startup drive on it.
  Pulled the card, generally reversing the procedure described in www.caldigit.com/Support/CalDigitRAIDCardGettingStarted(2.2.0).pdf. Messing with the lower of the two screws holding the fan module was a *****.
  Surprisingly, the "enhanced JBOD" drives (that I thought would be unreadable without the card) are perfectly readable. I was expecting that I'd have to reformat them. But the system booted up right away from one of them, and everything seems to be working.
  The question is: do I still need to reformat those drives? Should I expect any troubles from them - since they were formatted with RAID utility and through the card that is no longer there?

  Thanks!
  Then I believe I'm done.
  (Had I known it's that easy I'd get rid of it two years ago. The notion of a RAID controller that fails more often than any of the disks it manages with is ridiculous. But someone somewhere wrote that the disks that this card had touched would not work without it, even if they were JBOD.)

• I am new to this forum. Just installed adobe iplayer for the numerous time. Then decided to have a software update immediately on my mac computer. Then a a small screen appeared afterwards stating the maleware virus was removed. What do I do now?

  Just installed adobe iplayer for the umpteeth time.
  Then decided to have a software update immediately on my mac.
  Then a small screen appeared afterwards stating maleware virus removed.
  What do I do now? Was not aware that I had a virus in the first place.

  That latest update is a removal tool for the Flashback trojan.
  One of the ways the earlier versions of that trojan were distributed was through fake Adobe Flash downloaders.
  Why are you repeatedly installing Adobe Flash Player? (not iPlayer - that's a BBC thing.)
  The only place from which to get the Flash Player plug-in is directly from Adobe themselves - Never Trust a Pop Up that says you have a missing plugin!
  Also be aware that the Flash Player is not a standalone player; it's a plug-in which installs in the Library and is available for all the browsers to use.
  As for what you do now?
  Nothing for the moment - you should be clear.
  But to be on the safe side, go to the Prefences for each of your browsers and disable Java (not JavaScript - that's a whole different animal). As Java is the vector used by the most recent versions, that should ensure you don't get reinfected.

• I have selected the Erase all contents and settings option in my ipod touch 4. till then i was not able to turn it on and even it was not detectable on itunes. what should i do now?

  i have selected the Erase all contents and settings option in my ipod touch 4. till then i was not able to turn it on and even it was not detectable on itunes. what should i do now?

  I am confused. You said till you Erases all contents and setting yu could not turn it and iTunes did not see it.  How could you Erase all Contents and Setting if you could not turn it on?

• Blackmagic removed desktop audio functionality from Declink cards on Windows.... now what?

  So, Blackmagic removed desktop audio functionality from Declink cards on Windows.... now what? After Effects is not programmed to talk to Decklink cards directly on the audio part, there is no ASIO, or mercury playback for the audio part, Blackmagic says it was never intended to be used as an audio card, yet up to last version of version 9 provided an audio driver for it, as a result, now any application not written to talk to the Decklink card directly, can't use the card for audio playback. I'm wondering if they think that the people that uses After Effects don't need audio at all....   rewiring all the rooms in  the post productions facilities that had all the audio of all the system going out via the decklink cards it is not an option.
  I'm wondering if Adobe is aware of this and if it have plans to support direct connection to the Decklink cards on the audio side of After Effects. This is a huge problem for all the people that uses AE and Decklink on windows and wants a profesiona quality audio monitoring.  Audition, Premiere, all of those can work now, but not AE. I remember some time ago AE used to support ASIO, but I do not see that option anymore.

  Adobe talks with Blackmagic regularly and we were recently made aware of this change. It is, clearly, not something under our control but we can provide feedback to them about your responses to the change.
  You are correct, After Effects does not play back audio through Mercury Transmit like Premiere Pro does. This was something we considered for After Effects CC 2014 (CC), but at the time we were developing this release there was no urgent need to do so, and this would require significant work to re-wire how After Effects plays back audio. We will continue to talk with Blackmagic and evaluate what the best plan is going forward.
  Please don't hesitate to file feature requests for us about these issues: http://adobe.ly/feature_request

• I tried installing an update to QuickTime. An error occurred and it wouldn't install. I tried removing the QuickTime program, but a window appeared telling me that a fatal error  ccurred during installation and I could not remove the program.  Now what?

  I tried installing an update to QuickTime. An error occurred and it wouldn't install. I tried removing the QuickTime program, but a window appeared telling me that a fatal error  ccurred during installation and I could not remove the program.  Now what?

  I tried removing the QuickTime program, but a window appeared telling me that a fatal error  ccurred during installation and I could not remove the program.
  I think we'd better see if some other application (other than QuickTime itself) has dropped old QuickTime componentry in the system files on the PC. (If there's a version mismatch between the old componentry and the "QuickTime proper" componentry, that can create those symptoms.)
  So we'll go looking for the older QuickTime componentry in the most common locations for it to be stashed.
  First we'll need to change some view options on the PC.
  1. Open My Computer from the desktop or Start menu.
  2. In the Tools menu, click Folder Options.
  3. Click the View tab.
  4. In the "Advanced settings" pane under "Hidden files and folders" make sure that the "Show hidden files and folders" option is selected, and the "Hide extensions for known file types" option is unchecked.
  5. Click OK.
  Now in My Computer, open your C drive.
  Open the "Windows" folder.
  Open the "system32" folder.
  What files and/or folders can you see in there with QuickTime in the file/folder name? (In a standard installation of QuickTime, you should see precisely two files ... QuickTime.qts and QuickTimeVR.qtx ... and no QuickTime folders whatsoever.)

• Trojan Virus Still a Threat! Now What Do I Do?

  I was feeling a bit of relief yesterday after reinstalling Snow Leopard and the Java update. BUT then this morning I read this:
  http://www.pcworld.com/article/253388/new_trojan_variant_can_install_without_pas sword.html#tk.hp_new
  Now what should I do?

  Turn it off in the browser or uncheck the boxes in Java Preferences in Applications>Utilities, or both.

• I keep getting the message You need a newer version of Pages to open this document. but I don't have an update available in app world. Now what?

  I keep getting the message You need a newer version of Pages to open this document. but I don't have an update available in app world. I did the update but it doesn't seem to be registering on my macbook pro. Now I can't open any of my documents as I keep getting this message. Now what???

  You have 2 versions of Pages on your Mac.
  Pages 5 is in your Applications folder.
  Pages '09/'08 is in your Applications/iWork folder.
  You are alternately opening the wrong versions.
  Pages '09/'08 can not open Pages 5 files and you will get the warning that you need a newer version.
  Pages 5 can open Pages '09 files but may damage/alter them. It can not open Pages '08 files at all.
  Once opened and saved in Pages 5 the Pages '09 files can not be opened in Pages '09.
  Anything that is saved to iCloud is also converted to Pages 5 files.
  All Pages files no matter what version and incompatibility have the same extension .pages.
  Pages 5 files are now only compatible with themselves on a very restricted set of hardware, software and Operating Systems and will not transfer correctly on any other server software than iCloud.
  Note: Apple has removed over 100 features from Pages 5 and added many bugs:
  http://www.freeforum101.com/iworktipsntrick/viewforum.php?f=22&sid=3527487677f0c 6fa05b6297cd00f8eb9&mforum=iworktipsntrick
  Archive/trash Pages 5, after exporting all Pages 5 files to Pages '09 or Word .docx, and rate/review it in the App Store, then get back to work.
  Peter

• I have a new computer and I want to make it my home device for I tunes. I have home sharing, and all of the music and files are on the new computer. Now what do I do to make the new computer the home computer for Itunes?

  I have a new computer and I want to make it my home device for I tunes. I have home sharing, and all of the music and files are on the new computer. Now what do I do to make the new computer the home computer for Itunes?

  The computer (windows platform) where I initially began using Itunes has four other computers/devices that are shared with it. All four of the other computers show up in my account, and can be managed. Or I can remove them. But on the new computer that I want to be my base computer (home if you will). The computer I want it to replace, when ITunes is open, has a tool bar, with various functions. All of the other devices are linked to that computer in ITunes, under Home SHaring. The new computer, shows the downloads via Home Sharing, but it does not show/have any tool bar.
  I want to activate the new computer to be the computer via ITunes where all of the devices are linked to it as the base for ITunes. And, I don't know how to make that happen.
  I hope that makes sense.

• I have an iMac running OS 10.4.11. How can I check to see if I have the Flashback Trojan (and remove it, if I have it)? IMy Safari is also crashing frequently. Any suggestions?

  I have an iMac running OS 10.4.11. How can I check to see if I have the Flashback Trojan (and remove it, if I have it)? IMy Safari is also crashing frequently. Any suggestions?

  Hi Barry, is this an Intel iMac, or a PPC iMac?
  Disable Java in your Browser settings, not JavaScript.
  http://support.apple.com/kb/HT5241?viewlocale=en_US
  http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
  http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
  Flashback - Detect and remove the uprising Mac OS X Trojan...
  http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
  In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
  /Library/Little Snitch
  /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  /Applications/VirusBarrier X6.app
  /Applications/iAntiVirus/iAntiVirus.app
  /Applications/avast!.app
  /Applications/ClamXav.app
  /Applications/HTTPScoop.app
  /Applications/Packet Peeper.app
  If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
  http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
  http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
  The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
  https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
  More bad news...
  https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link
  Removal for 10.5...
  http://support.apple.com/kb/DL1534

• Stuck in recovery ... can't erase ... now what?

  Okay, I've tried it all! Now what? Is it worth taking to a Mac fixer or should I pitch it and buy new. My son has had his Nano 2nd generation for 3 years with no problems. BTW: I've updated to 7.7, I've set the ipod to disk mode, I've left it charging for at least 30 minutes. I opened disk utility and clicked delete (and it won't! disk utility just quits). I get one of three messages in iTunes when I connect and reconnect: iTunes has detected an ipod that may be corrupt. You should restore" (but I can't because then iTunes promptly quits) OR "You have plugged in a device that Mac OS cannot read." OR iTunes detects an iPod in recovery mode."
  So break it to me. Would it be worth getting fixed or do I tell my son, well, you got 3 good years out of it ... at $230! Arghhhh!

  Did you try forcing the iPod into disk mode first?
  Ensure the HOLD switch is OFF so that there is NO orange color showing beneath the switch. Then, press and hold the MENU and the SELECT (center) buttons together for about 10 seconds, until you see an Apple logo. When you see the Apple, IMMEDIATELY press and hold the SELECT (center) and the PLAY/PAUSE buttons together until you see a check mark, and the iPod says "Disk Mode, OK to Disconnect."
  If not, try that and then see if you can either restore through iTunes (I'd try that first) or reformat through Disk Utility. If you can reformat it with Disk Utility, try to restore in iTunes after that.
  If it is absolutely dead, you might want to consider replacement options. Sounds like the nano is probably a 4 GB.
  Apple can replace it out of warranty for $99 USD
  (from: http://www.apple.com/support/ipod/service/prices/#us )
  and the replacement will carry 90 days of hardware coverage.
  You can also purchase a refurbished 4GB new nano for $99, which gives you your full year warranty. (I recommend refurbished products from Apple without hesitation... several iPods and this MacBook, no problems).
  http://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/wa/RSLID?sf=wHF2 F2PHCCCX72KDY&nclm=Certified
  I believe you can also trade it in at an Apple retail store for 10% off of a new iPod.
  CG

• I tunes won't open because MSVCR80.dll error - and can't re-install itunes either - now what?

  Today I went to open iTunes and received the MSVCR80.dll error - unable to open iTunes.
  After Googling for a solution, I found the Apple walkthrough on how to copy your .DLL files to your desktop, uninstall iTunes and reinstall.
  When I tried to reinstall iTunes, I got an error in the "starting services" part of the installation process and was not able to complete the install.
  Now what?
  I am getting incredibly ****** off with iTunes - a horrible user interface and no support available even though I've spent hundreds (if not thousands!) of £££ over the years through the store.

  Click here and follow the instructions. You may need to completely remove and reinstall iTunes and all related components, or run the process multiple times; this won't normally affect its library, but that should be backed up anyway.
  (99626)

• Trojan Detected

  My Netprotectplus McAfee scan says "0 viruses ans spyware detected in your last scan".   Fair eough.  But when I view the scan report it says that  1 trojan was detected.
  Whuch is correct?   How do I know whethert the trojan has been deleted?  Is it possible to see a file that shows where the trojan was/is in my system?
  It does not say trojan removed, unless, maybe,  there is a more detailed log file that I can look at?

  Hi JayZS and welcome
  It appears to be reporting that it has found a trojan, but doesn't mean it was found during the last scan.
  From the home page click Navigation (top right), then click on Quarantined and Trusted Items, then check Quarantined Items and/or Quarantined Potentially Unwanted Programs.
  From there, you should be able to Select the trojan, then remove/delete it...
  (You could also dump the 207Cookie that's bound to be there!!).
  -+-No longer a forum member-+-

• My ipad had passcode.wrong code was fed. the ipad is disabled now. what to do?

  my ipad had passcode.wrong code was fed. the ipad is disabled now. what to do?

  If the iPad is showing the red disabled screen due to too many incorrect passcode attempts then you will need to connect it to the computer that you normally sync to and you should then be able to reset the iPad and re-sync your content to it (http://support.apple.com/kb/HT1212) - you may need to put the iPad into recovery mode : http://support.apple.com/kb/ht1808
  If you do it via a different computer then :
  If you restore on a different computer that was never synced with the device, you will be able to unlock the device for use and remove the passcode, but your data will not be present.