Trojan Programme Detected?

Similar Messages

• Trojan Virus Detected

  While using Safari a notice stating Trojan Virus detected keeps appearing! Safe Booted once but very apprehensive !?

  HI and welcome to Apple Discussions...
  Malware perhaps but not a virus. Get MacScan
  You can use the demo for 30 days free and runs on Snow Leopard.
  Carolyn

• Trojan threat detected when installing Rescue & Recovery

  I am performing a fresh install of Win7 on a T61p.  I downloaded the 'Thinkpad Rescue and Recovery' installer (tvtvrnr43_1027fi.exe) from Lenovo's download site and ran it to began installing it.  After some unpacking and working through the setup wizard a bit AVG detected the following as a threat:
  File:   C:\preboot\utils\rnrdbgtool.exe
  Threat: Trojan horse Agent_r.BKV
  Since I know this package came direct from Lenovo and since R&R is likely doing things that LOOK like a trojan, I have to believe AVG is throwing a false positive here.  But before I proceed I wanted to ask anyone else if they have encountered this before? Is it possible that the R&R installer is actually infected with a virus??
  Thanks,
  Rob

  rbell wrote: Is it possible that the R&R installer is actually infected with a virus??
  Thanks,
  Rob
  The answer to this is No...   not even your AVG suspects that. A trojan is much different then a Virus. An example of a trojan would be a computer program that claims to do one thing, but really does something different. A virus is a generic definition of a type of malware that infects and reproduces and spreads.
  Any program that can make major changes to a computer could easily be detected as a false positive by anti-virus software, and AVG is one of the worse when it comes to false detections.
  My advice is to look it up on AVG's database and see what it is they claim to have found. Odds are it's a generic classification or a heuristic definition, meaning their software is basically making a wild guess that it might not be what it claims to be. 
  If you're overly concerned about this you can update your AVG definitions each day until it's removed from the database. I'd also report it to AVG, they can't rule it out until someone reports it. Odds are it's been reported already, but it's best to check and do your part and improving a freeware product.
  I doubt lenovo can do anything about it anyway. If the file was infected with a virus, that may be a different story, but most servers will detect a change in the file and anything infected will be removed very quickly. With a trojan definiton, it would be like trying to prove a negative. For example, if you say you're a doctor, but I say you're a plumber, you can easily prove you are a doctor, but you can't so easily prove you're NOT a plumber, and in this case AVG probably isn't even saying what type of program it thinks this really is, so that makes it infintiely harder to prove...      so the ball is in AVG's court, then need to fix it, or provide something specific for lenovo to contest or fix.
  ThinkPad W-510 i7-820QM(1.73-3.06GHz) Quad Core... ThinkPad T500, T9900, 8gb SSD...FrankNpad T-60p/61p (X9000 2.8ghz) 8gb SSD ips FlexView...ThinkPad T-61p (T9300 2.5ghz) 8gb ram...Thinkpad X-61 Tablet 4gb ram...ThinkPad A-31 (1.9ghz P4 1.5gb ram)

• Trojan Horse detected

  My BitDefender antivirus software detected the following:
  File c:\program files\quicktime\qttask.exe
  infected with Trojan.Generic.72005
  Program has been installed for some time. Occurred on last boot. Anybody else have this happen? Any info would be appreciated.

  Heres my reply from bulguard
  Dear BullGuard User,
  Thank you for submitting your scan report.
  The log shows that BullGuard has found several infected files on your computer (Trojan.Generic.72005). At the moment, we are still analyzing these files, as it seems this detection may be a false positive (a legitimate component that is mistakenly identified as being infected). Thus far, all information indicates that these files are legitimate, but testing them has not been completed yet. Either way, you need not worry, as BullGuard keeps them blocked.
  Given the above, I will kindly ask you to ignore these detections for the moment and, as soon as testing is complete, we will release an update that will instruct the Antivirus on how to handle these files (as infections or as legitimate files).
  Thank you for your understanding.
  Seems that it isnt something to worry about, they'll send an update to ensure bullguard doesnt see it as a threat.Its probably just something new that it didnt like. But they're looking into it at least
  Hope that helps

• Rootkit and Trojan Prevent - Detect- and/or Destroy-ware

  Howdy You All.
  Any of my compatriots heard tell of an effective Mac Rootkit- and/or Trojan -tasked Utility?
  Thanks for Considering the Growing Concern.
  CLowSheen.

  Knowledge is the key! http://www.thesafemac.com/

• Trojan detected/removed ... now what?

  Hi,
  I really do not understand what happened, but then I'm not the only user of this computer.
  Just "for fun" I've tried iService Trojan removal tool, and I was astonished when the trojan was detected and removed.
  What are now next steps?
  Is it present in the time machine backup?
  Do I have to change all my mail, bank, what ever, passwords?
  Do I have to format my disk and start from scratch?
  Could some other programs have been installed without me knowing this?
  Any kind of help will be appreciated.
  Btw. I though Snow Leopard had some kind of protection against those trojans.
  Thanks in advance,
  Sharlo

  I really don't get it.
  If I understand well there are only two ways you can get them, installing codecs or when an iWork/PS4 illegal install is performed (password given). I haven't done neither of this ... the only plugin I've taken is Perian to watch avi files on QuickTime. No iWork has ever been installed (I have MS Office but use OpenOffice 95% of the time) and I have PS3.
  To be honest I have removed the Trojan without looking what version it was (I was so astonished I've just automatically press remove button) and now I cannot find info what was removed (I've tried with Console).
  When I looked for more info about the removal soft I've got this king of info.
  "Once the trojan is installed, it will attempt to connect to a remote server and provide the server with the infected computer's network location. It then listens for further instructions from the remote server, which may include instructions to download additional components. iWorkServices Trojan removal tool will remove this malware."
  Thanks again for your help,
  Sharlo

• Trojan Detected

  My Netprotectplus McAfee scan says "0 viruses ans spyware detected in your last scan".   Fair eough.  But when I view the scan report it says that  1 trojan was detected.
  Whuch is correct?   How do I know whethert the trojan has been deleted?  Is it possible to see a file that shows where the trojan was/is in my system?
  It does not say trojan removed, unless, maybe,  there is a more detailed log file that I can look at?

  Hi JayZS and welcome
  It appears to be reporting that it has found a trojan, but doesn't mean it was found during the last scan.
  From the home page click Navigation (top right), then click on Quarantined and Trusted Items, then check Quarantined Items and/or Quarantined Potentially Unwanted Programs.
  From there, you should be able to Select the trojan, then remove/delete it...
  (You could also dump the 207Cookie that's bound to be there!!).
  -+-No longer a forum member-+-

• Confusion on trojan/virus download

  I was going over to Hotmail and a pop up came up on my iMac stating that a possible trojan was detected. Having my guard down -- being on an iMac -- I hit "download," which when finished immediately prompted five more downloads to start. I immediately shut down the computer and am wondering what I can do now to "save" my iMac before turning it back on. (I have time machine/capsule, too, but would a backup also have the trojan downloaded on that, as well?)

  You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Privacy, useful:
  http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0
  Regarding MacScan, First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected]
  Security of OS X generally:
  http://www.apple.com/macosx/security/
  http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf
  Security Configuration for Version 10.5 Leopard:
  http://images.apple.com/server/macosx/docs/LeopardSecurity_Config_2ndEd.pdf
  This Blog entry is also worth a read:
  http://blog.damballa.com/?p=1055
  Other sources of malware include sites like Facebook and Hotmail.

• Can I disable/delete CarbonCore, Perl, Python and Ruby...

  without causing any issues to my mbp (early 2011)? I'm not a developer so I'm not sure why I'd need them but if they're vital to running SL 10.6.8 then I won't disable them. Reason I'm asking is that MacScan is picking up multiple issues in my /usr/share/emacs/22.1/etc location. I just learned what an emac was today and I'm not sure why this is on my mbp. All of my sharing is turned off in system preferences but when I click on xgrid a drop down message appears that say "unable to locate xgrid agent. Screen sharing is turned on." One file in particular is labeled condom.1 and was created back in 2006. The file is written as follows:
  CONDOM(1)                EUNUCH Programmer's Manual                    CONDOM(1)
  NAME
            condom - Protection against viruses and prevention of child
                       processes
  SYNOPSIS
            condom [options] [processid]
  DESCRIPTION
            _condom_ provides protection against System Transmitted
  Viruses (STVs) that may invade your system.  Although the spread of
  such viruses across a network can only be abated by aware and cautious
  users, _condom_ is the only highly-effective means of preventing
  viruses from entering your system (see celibacy(1)).  Any data passed
  to _condom_ by the protected process will be blocked, as specified by
  the value of the -s option (see OPTIONS below).  _condom_ is known to
  defend against the following viruses and other malicious
  afflictions...
            o AIDS
            o Herpes Simplex (genital varieties)
            o Syphilis
            o Crabs
            o Genital warts
            o Gonorrhea
            o Chlamydia
            o Michelangelo
            o Jerusalem
            When used alone or in conjunction with pill(1), sponge(1),
  foam(1), and/or setiud(3), _condom_ also prevents the conception of a
  child process.  If invoked from within a synchronous process, _condom_
  has, by default, an 80% chance of preventing the external processes
  from becoming parent processes (see the -s option below).  When other
  process contraceptives are used, the chance of preventing a child
  process from being forked becomes much greater.  See pill(1),
  sponge(1), foam(1), and setiud(3) for more information.
            If no options are given, the current user's login process (as
  determined by the environment variable USER) is protected with a
  Trojan rough-cut latex condom without a reservoir tip.  The optional
  'processid' argument is an integer specifying the process to protect.
            NOTE: _condom_ may only be used with a hard disk.  _condom_
  will terminate abnormally with exit code -1 if used with a floppy
  disk (see DIAGNOSTICS below).
  OPTIONS
       The following options may be given to _condom_...
            -b BRAND          BRANDs are as follows...
                                trojan (default)
                                ramses
                                sheik
                                goldcoin
                                fourex
            -m MATERIAL          The valid MATERIALs are...
                                latex (default)
                                saranwrap
                                membrane -- WARNING!  The membrane option is _not_
                                endorsed by the System Administrator General as an
                                effective barrier against certain viruses.  It is
                                supported only for the sake of tradition.
            -f FLAVOR          The following FLAVORs are currently supported...
                                plain (default)
                                apple
                                banana
                                cherry
                                cinnamon
                                licorice
                                orange
                                peppermint
                                raspberry
                                spearmint
                                strawberry
            -r                    Toggle reservoir tip (default is no reservoir tip)
            -s STRENGTH          STRENGTH is an integer between 20 and 100 specifying
                                the resilience of _condom_ against data passed to
                                _condom_ by the protected process.  Using a larger
                                value of STRENGTH increases _condom_'s protective
                                abilities, but also reduces interprocess communication.
                                A smaller value of STRENGTH increases interprocess
                                communication, but also increases the likelihood of a
                                security breach.  An extremely vigorous process or
                                one passing an enormous amount of data to _condom_
                                will increase the chance of _condom_'s failure.  The
                                default STRENGTH is 80%.
            -t TEXTURE          Valid TEXTUREs are...
                                rough (default)
                                ribbed
                                bumps
                                lubricated (provides smoother interaction between
                                            processes)
            WARNING: The use of an external application to _condom_ in
  order to reduce friction between processes has been proven in
  benchmark tests to decrease _condom_'s strength factor!  If execution
  speed is important to your process, use the '-t lubricated' option.
  DIAGNOSTICS
            _condom_ terminates with one of the following exit codes...
            -1          An attempt was made to use _condom_ on a floppy disk.
             0          _condom_ exited successfully (no data was passed to
                      the synchronous process).
             1          _condom_ failed and data was allowed through.  The
                      danger of transmission of an STV or the forking of a child
                      process is inversely proportional to the number of other
                      protections employed and is directly proportional to
                      the ages of the processes involved.
  BUGS
            _condom_ is NOT 100% effective at preventing a child process
  from being forked or at deterring the invasion of a virus (although
  the System Administrator General has deemed that _condom_ is the most
  effective means of preventing the spread of system transmitted
  viruses).  See celibacy(1) for information on a 100% effective program
  for preventing these problems.
            Remember... the use of sex(1) and other related routines
  should only occur between mature, consenting processes.  If you must
  use sex(1), please employ _condom_ to protect your process and your
  synchronous process.  If we are all responsible, we can stop the
  spread of STVs.
  AUTHORS and HISTORY
            The original version of _condom_ was released in Roman times
  and was only marginally effective.  With the advent of modern
  technology, _condom_ now supports many more options and is much more
  effective.
            The current release of _condom_ was written by Ken Maupin at
  the University of Washington ([email protected]) and was last
  updated on 10/7/92.
  SEE ALSO
            celibacy(1), sex(1), pill(1), sponge(1), foam(1), and
  setiud(3)
  Is this some sort of opensource coding joke? Thanks in advance for any help!

  The first Apple Care rep didn't seem incompetent but not exactly up to speed on lower level system issues. The second AppleCare rep suggested ESET CyberSecurity for Mac and I purchased it while on the phone with this AppleCare rep. That didn't solve the issue either. I also used ClamXav which is Apple endorsed since it's available and free in the App Store. No dice on the results though. I then also purchased Intego Virus Barrier, also in the App Store but to no avail since, as I later discovered, I don't actually have a virus, since Mac viruses don't exist. I then was instructed by another AppleCare rep to reset the PRAM as well as doing an SMC reset but still the issue remains.
  MacScan doesn't detect viruses. Only malware and trojans and it didn't even detect this trojan but alerted me to some odd messages alerts in the Console utility specifically in regards to the usr/share section . That's how I discovered something must be wrong and I contacted Apple once again and they asked me to ship my mbp to them in California and they shipped me a new replacement direct from Shanghai. And once again after 10+ Express Lane cases and one emailed system shot from a data gatherer application sent to me by a Senior Technical Advisor from Worldwide AppleCare and returned to him, I'm still having the same issue and no, I'm not the only one to have experienced this issue so thanks for the congratulations but I'll share the congrats with the other unfortunate users who are experiencing the same frustrating issue but not all carried out in the same manner as mine. I thought instead of trying to only work with AppleCare, who've been stellar btw in terms of customer service, I'd go ahead and give the community a shot at possible solving the problem in hopes of answering my question. Unfortnately the previous hostile responses from the community act as though I'm being sarcastic or something. I assure you I'm not.
  No, apparently not all trojans are detected by the built in malware protection in SL. I'm not trying to make this some outdated Mac vs. PC battle, which is juvenile in my opinion and accomplishes nothing. I'm a big fan of all things Apple and always have been. 
  There are quite a few trojans written everyday and so far I haven't noticed daily security updates from Apple b/c there's no realistic way to keep up with an ultra fast response to new ones until they're actually discovered however, I get the security updates every few weeks or so for SL and I'm grateful for that. Maybe now all active trojans are detected by Lion but I haven't upgraded yet so I wouldn't know but I hope to upgrade soon. Seems like a kewl OS and hopefully impregnable.
  No, I didn't read an article an Ars Techinca but I did read an article on the battery firmware password exploit on slashdot which was linked to a threatpost.com article. If I recall correctly it didn't mention much other than the default password issue for the battery firmware but I believe it had to do with some guy trying to kill the battery or blow up the machine which apparenty didn't work.  Nothing about the way the exploit can be carried out to alter your OS.
  Anyway, thanks for your answer to my question. Much appreciated and best regards.

• Action recorded using RAW open step will not work with layered PSDs

  Hello,
  The title says it all.
  I have an action for resizing photos (and some other things), that I want to make general enough to work on NEF's, JPG's and PSD's. When I recorded the action I used a NEF file and the action works great also for JPEGs and also PSDs that don't have layers. When running the action on a layered PSD, the step immediately after the "open" step fails, no matter what it is. For example, if it's "hue/saturation", I get the error "hue/saturation not available".
  So I was thinking that the image should be first flattened so I added 2 additional steps just after the open: one to add a dummy 0-opacity layer and another step to flatten the image. But no matter what, I keep getting an error at the step after the open: "new adjustment layer not available" or the like.
  I'm thinking that the problem is with the open step actually. For some reason, the o CameraRaw open step is unable to produce a suitable image out of a layered PSD.
  Is there a workaround for this? Thanks!

  Thanks for the explanation.
  However, I am still puzzled as to how the programme can detect lack of time code when the tape was not even rewound or played. I belive the time code is written on the tape.
  Anyway, I tried iMovie and found that the programme detects the camera and controls it. However, it does not recognise the downconverted DV signal. When I turned the DV conversion off, the video was detected and imported using MagicMovie in HD. I still have not gone round to burning on a DVD. ( I only read the article mentioned by Sue after having tried the iMovie programme - somehow the link that was so clearly stated in the reply missed my notice earlier on).
  I have actually recorded the downconverted DV video on a standalone Phillips DVD recorder but the DVD only plays in that recorder and my Mac DVD Player even tho I have finalised the +R disk. The same problem occurs with a +RW disk.
  I appreciate the replies and the explanations. Thanks.
  m_elan
  Power Mac G5   Mac OS X (10.4.9)   2.5 Gb ram

• Undo/Step Backward will not work?

  I've repeatedly tried to change the settings for Undo and Step Backwards to Command + Z and Command + Opt + Z respectively, though neither work. The setting changes don't save, either. What's wrong? Undo and Step Backward both haven't worked since the start.
  What's with the not equals sign? I've followed all that I can with no results and it's driving me up the wall. I just want to be able to use these without having to erase every line as I go! Haha.

  Thanks for the explanation.
  However, I am still puzzled as to how the programme can detect lack of time code when the tape was not even rewound or played. I belive the time code is written on the tape.
  Anyway, I tried iMovie and found that the programme detects the camera and controls it. However, it does not recognise the downconverted DV signal. When I turned the DV conversion off, the video was detected and imported using MagicMovie in HD. I still have not gone round to burning on a DVD. ( I only read the article mentioned by Sue after having tried the iMovie programme - somehow the link that was so clearly stated in the reply missed my notice earlier on).
  I have actually recorded the downconverted DV video on a standalone Phillips DVD recorder but the DVD only plays in that recorder and my Mac DVD Player even tho I have finalised the +R disk. The same problem occurs with a +RW disk.
  I appreciate the replies and the explanations. Thanks.
  m_elan
  Power Mac G5   Mac OS X (10.4.9)   2.5 Gb ram

• What to do about Phishing emails

  As like most people I am getting fed up with Phishing emails pretending to come from BT etc etc and have no real idea if anyone is trying to do anything about it i have started to do something myself.
  On some of them particularly those with "Buttons" you can see the routing to where the Trojan programme etc is located.
  I now email the owner of the site either by any contact information given or by looking it up on "Whois" if it is shown as a numeric.
  I then send them a polite message saying that it looks as though there site has been hacked and they are hosting a programme that is used for Phishing.
  So far i have sent 10 and got 8 replies 4 said they have removed the link and the associated account 4 said that they have left the link but advised the local police regarding the fraud.
  So far i have had replies from the Phillapines, China and Malaya.
  I have no illusions that this will stop it but it might dent it more than seems to be dane by anyone else.

  Like you, I'm more than cheesed off with daily, false, "BT" emails but there is another issue, which so far I can't see anybody has raised i.e....... probably like everyone else I've sent countless copies of fakes to "Phishing" and to "Abuse" at BT only to receive the same pointless standard answers, with no action, from BT.
  It is just not good enough for BT to fob off these complaints from many, many people, by saying that they (BT) can only do something if fake emails come from BT source / customer ..... these fake emails are leading unsuspecting people to believe that they are genuine and in any other (business) circumstance, this could be treated as fraud or misrepresentation, and could be actioned on by law enforcement / Trading Standards.
  Does BT not care that their Logos / Headings / personnel are all clearly being massively misrepresented, day after day to countless numbers of their clients, all with an end view to illegal activity being carried out by the sender ??????
  How much longer before senior personnel get off their rear ends and do something, instead of cowering behind their standard replies and paying lip service only to this problem, a problem which has existed for years, and is now increasing due to BT changes, and to get their vast resources to take action on this criminal activity, which we, as high cost paying customers, are expected to endure ???

• Cannot access TCP/IPv4 Properties button

  Hi,
  In my company, We're facing the same problem.
  After selecting TCP/IP v4, the properties button is grayed out.
  So far We tried the following solutions without success:
  netsh winsock reset
  netsh interface ipv4 reset
  netsh interface ipv6 reset
  SFC /scannow
  Replace the "tcpip.sys" file from computer that is working fine.
  We also ran "Microsfot Safety Scanner" and no malware, virus or trojan was detected.
  We are using Win7 SP1
  The computer is on a Domain environment
  Hope someone can help with this issue.
  Thank you.

  Hi,
  Try this and check the result
  1. Reset TCP/IP -> netsh int ip reset <log> (log is needed, ex.
  “C:\ResetIP.txt”) don't reboot2,
  uninstall-“Client for Microsoft Networks”- reboot
  3. Reinstall “Internet Protocol (TCP/IP)” -> Add protocol, click on “Have
  disk…” and browse to “C:\%WinDir%\inf\nettcpip.inf” *
  4. Reinstall  -> “Client for Microsoft Networks”
  Yolanda Zhu
  TechNet Community Support

• Keyloggers

  i use mac osx 10.4.4 with an imac. i use intego netbarrier and virusbarrier programs for computer security, in addition to the mac os firewall.
  my concern is that some future keylogger or trojan may be able to detect my login password. i am not aware of any keyloggers for mac osx. i have heard that numberous trojans and keyloggers exist for wintel (even one which can provide a screenshot). however, i would like to protect my passwords from any potential keylogger trojan. my question is: does the potential exist for a future keylogger to detect my log-in password? or is it technically impossible for a trojan to detect a password during log-in because the internet connection is not online?
  imac   Mac OS X (10.4.4)   use intego netbarrier and virusbarrier

  sure it's possible to get a trojan with a keylogger, but it's far more likely that if it's a trojan it'll just use your password within the system rather than sending it back to anyone, here is a good program for scanning for keyloggers, spyware and other such gunk http://macscan.securemac.com/
  1.3ghz iBook G4 80G HD 512MB RAM   Mac OS X (10.4.3)  

• Very interesting find

  Maybe this is not the best place for this, but I found an oddity today.
  The latest AVG update file, (01/16/2004) cliamed there was a trojan horse imbedded into 2 Files I had downloaded a while back. Whats interesting is, these files were MSI mobo manuals downloaded from the MSI website!
  The trojan was detected in both the 6738 (KM2M) and 6764 (KT2 Combo) self-extracting files.
  I had downloaded these files late last year, sometime around September, as I was comparing the 2 boards prior to purchasing the one I now have.
  Anyone else ever find a similar problem with files from the MSI website?

  That was the entire reason I posted it, to have others try and verify, so that IF it really is true, it can be reported.
  Funny thing is, I had those 2 files laying here on my system for over 4 months, and it was just the most recent AVG update that caught it.
  BTW, it was detected in both the english manuals for KM2M Combo, and KT2 Combo, BUT it could affect MANY others I have not tried.