Trojan removal?

I am a new Mac user ( <6 months) . A fellow Mac user reccommended that I install Sophos Anti Virus, which I did and have had a few threats which have been easily removed.
     However this morning as I was reading my e-mails Sophos informed me that a threat had been detected,  "Troj/Zbot-ATN". This could not be removed by Sophos , it  told me to get instructions by going to the Sophos site to remove it manually. But they did not work.
      I then googled the said Trojan and found instructions which seemed too complicated for me to follow, but there was a link to VirusBarrierX6 which would remove it .
    It was reccommended on the Mac user site so I installed it and then did a full scan. VirusBarrier did not find the Trojan.
A couple of hours later Sophos informed me that another threat had been detected, "Mal/BredoZp-B". This was removed by Sophos , but then returned within
less than a minute.
       These threats are usually as a result of visiting dodgy websites or installing malicious software, not guilty of either.All I was doing this morning was checking e-mails and last nights football results on a site that I have benn using for the last few years.
        I went from a PC to a Mac to avoid these problems, any help much appreciated,
                                                                         thanks Paul.

VIRUSES
No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download for Tiger and Leopard (check with them about Lion) from:
http://www.clamxav.com/
The new version for Snow Leopard is available here:
http://www.clamxav.com/index.php?page=v2beta
Note: ClamAV adds a new user group to your Mac. That makes it a little more difficult to remove than some apps. You’ll find an uninstaller link in ClamXav’s FAQ page online.
If you are already using ClamXav: please ensure that you have installed all recent  Apple Security Updates  and that your version of ClamXav is the latest available.
Do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.
FAKE ANTI-VIRUS SOFTWARE and associated MALWARE
Do not be tricked by 'scareware' that tempts computer users to download fake anti-virus software that may itself be malware.
Fake anti-virus software that infect PCs with malicious code are a growing threat, according to a study by Google. Its analysis of 240m web pages over 13 months showed that fake anti-virus programs accounted for 15% of all malicious software.
Scammers trick people into downloading programs by convincing them that their PC is infected with a virus.
Once installed, the software may steal data or force people to make a payment to register the fake product.
Beware of PDF files from unknown sources. A security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009.:
http://www.computerworld.com/s/article/9157438/in whichRogue_PDFs_account_for_80_of_all_exploits_says_researcher
TROJANS and RE-DIRECTION TO FAKE WEBSITES
The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's  (that's you!)  DNS records stay modified on a minute-by-minute basis.
You can read more about how, for example, the OSX/DNSChanger Trojan works (by falsely suggesting extra codecs are required for Quicktime) here:
http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml
SecureMac has introduced a free Trojan Detection Tool for Mac OS X.  It's available here:
http://macscan.securemac.com/
First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected] [/b]
The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
(Note that a 30 day trial version of MacScan can be downloaded free of charge from:
http://macscan.securemac.com/buy/
and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.
A white paper was published on the subject of Trojans by SubRosaSoft, available here:
http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=document_ general_info&cPath=11&products_id=174
Also, beware of MacSweeper:
MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
http://en.wikipedia.org/wiki/MacSweeper
On June 23, 2008 this news reached Mac users:
http://www.theregister.co.uk/2008/06/23/mac_trojan/
More on Trojans on the Mac here:
http://www.technewsworld.com/story/63574.html?welcome=1214487119
This was published on July 25, 2008:
Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
Net security groups say there is anecdotal evidence that small scale attacks are already happening.
Further details here:  http://news.bbc.co.uk/2/hi/technology/7525206.stm
A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites like Twitter and MySpace etc), as reported here on December 9, 2008:
http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm
As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:
http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613
You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:
http://www.securemac.com/
HOW TO AVOID RE-DIRECTION
Adding Open DNS codes to your Network Preferences, should give good results in terms of added security as well as speed-up:
If you are using a single computer: Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:
208.67.222.222
208.67.220.220
(You can also enter them if you click on Advanced and then DNS)
Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:
http://support.apple.com/kb/TS2296
If your computer is part of a network: please refer to this page: http://www.opendns.com/start/best_practices/#your_network and follow the advice given.
There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!
WHAT TO DO IF YOU THINK YOUR MAC HAS BECOME 'INFECTED':
If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:
http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/
Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.
2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program. A recent example is of malware distributed through innocent looking free screensavers:  http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bund led-with-spyware/6560?tag=nl.e589
3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through this AV application.
4. Use Mac OS X's built-in Firewalls and other security features.
5. LimeWire (now defunct) and other peer-to-peer sharing applications and download torrents supplying pirated software, movies etc are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking:  http://news.bbc.co.uk/1/hi/technology/8420233.stm
6. Resist the temptation to download pirated software. After the release of iWork '09, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan were downloaded.  SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:
http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg
YOUR PRIVACY ON THE INTERNET and the latest risks to look out for:
There is the potential for having your entire email contact list stolen for use for spamming:
http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1
NOTE: Snow Leopard, OS 10.6.x, offers additional security to that of previous versions of OS X, but not to the extent that you should ignore the foregoing:
http://www.apple.com/macosx/security/
Apple's 10.6.4 operating system upgrade silently updated the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook.
http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates
And if you are using iPhone Apps you are also at risk of losing all privacy:
http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-tra nsmit-udid-pose-se/
The advent of HTML5  may also be a future threat to internet privacy:
http://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1&hp
Security of OS X generally:
http://www.apple.com/macosx/security/
http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf
Security Configuration for OS Version 10.5 Leopard:
http://images.apple.com/server/macosx/docs/Leopard_Security_Config_2nd_Ed.pdf

Similar Messages

  • When I start firefox, i get this message ( The instruction at "0x7b9c77a9" referenced memory at "0x7b9c77a9". The memory could not be "read" ) hs anyone any idea why? I have scanned with AVG and something simply called 'Trojan Remover' and they both fin

    when I start firefox, i get this message ( The instruction at "0x7b9c77a9" referenced memory at "0x7b9c77a9". The memory could not be "read" ) hs anyone any idea why? I have scanned with AVG and something simply called 'Trojan Remover' and they both find nothing.... any advice would be greatly welcomed.. thanks
    == This happened ==
    Every time Firefox opened
    == this morning 22/07/10

    Lyall,
    I have seen this before, a long time ago (several years), and I cannot
    remember how/if we resolved it.
    If this is an impotant issue to you, I suggest that you open a case with
    BEA support.
    Regards,
    Peter.
    Got a Question? Ask BEA at http://askbea.bea.com
    The views expressed in this posting are solely those of the author, and BEA
    Systems, Inc. does not endorse any of these views.
    BEA Systems, Inc. is not responsible for the accuracy or completeness of
    the
    information provided
    and assumes no duty to correct, expand upon, delete or update any of the
    information contained in this posting.
    Lyall Pearce wrote:
    The title says it all really.
    I see other posts getting replies.
    This is a rather important issue, I have seen another post with a similar problem.
    While not being a show-stopper it certainly raises concerns.
    The application works ok until the application exits (in both development and
    executable form)
    Apparently this did not happen with Tux 7.1
    It does with 8, I do not have 7.1 so I have no workaround.
    ..Lyall

  • What is the best mac trojan removal software

    Can anyone recomend the best of these to use:- or another good mac trojan removal software. Thanks
    Apple flashback
    Mc scan 2.9.4
    Pandas anti virus
    Magican anti trojen
    virus barrier
    I works services trojen removal tool Loaris trojen removal

    thanks for getting back---
    Hi there, I have  mac running osx 105 with kaspersky internet security. All  up to date. I have not downloaded anything not approved by apple and do not visit sites not approved or certificate. · days my computer was acting strange, files stops uploading on hightail. Then problems really started. I could not do a full scan, after about 3% it said scan complete, that was after 5 minutes, a full scan normally takes 1.7 hours. I opened in safe mode but kaspersky would not open message always said opening. I could not scan. I could however download files in safe so I re installed kaspersky. I then opened mac in normal mode and was able to install new virus. THEN I RAN A SCAN AND IT FOUND  2x trojen-downloader Js.ifr active threats. It removed/ quaranteend them, but sai there was still active trojans and could not remove but all is not OK. I cannot access apple sites, my emails freaking out , I now cannot do full scan-I am wrting this from a PC as I don’t dare play with my Mac until the right help arrives……
    Everyone says wipe disk and reinstall. the problem is this trojan does not allow kaspersky do finish scan and find other trojans. So this advice is not good if i cannot find the sourse of the trojan. This trojan blocks me trying to access apple downloads it only gives me access to sites not registered or registered unsafe. Every time i try to access safe sites it switches off my interenet. I have screen shots of all this. People say this is not a mac virus but i have information that claims this trojan can morph into mac. If it is not this then the other trojans still in my system but unknown are th cause.
    I really need as i am lost waht to do

  • Trojan detected/removed ... now what?

    Hi,
    I really do not understand what happened, but then I'm not the only user of this computer.
    Just "for fun" I've tried iService Trojan removal tool, and I was astonished when the trojan was detected and removed.
    What are now next steps?
    Is it present in the time machine backup?
    Do I have to change all my mail, bank, what ever, passwords?
    Do I have to format my disk and start from scratch?
    Could some other programs have been installed without me knowing this?
    Any kind of help will be appreciated.
    Btw. I though Snow Leopard had some kind of protection against those trojans.
    Thanks in advance,
    Sharlo

    I really don't get it.
    If I understand well there are only two ways you can get them, installing codecs or when an iWork/PS4 illegal install is performed (password given). I haven't done neither of this ... the only plugin I've taken is Perian to watch avi files on QuickTime. No iWork has ever been installed (I have MS Office but use OpenOffice 95% of the time) and I have PS3.
    To be honest I have removed the Trojan without looking what version it was (I was so astonished I've just automatically press remove button) and now I cannot find info what was removed (I've tried with Console).
    When I looked for more info about the removal soft I've got this king of info.
    "Once the trojan is installed, it will attempt to connect to a remote server and provide the server with the infected computer's network location. It then listens for further instructions from the remote server, which may include instructions to download additional components. iWorkServices Trojan removal tool will remove this malware."
    Thanks again for your help,
    Sharlo

  • Is Mac OS 10.7.3 vulnerable to DNSchanger Trojan malware?

    As a newbie in this forum I asked this question in the wrong spot...the Snow Leopard forum.  WZZZ  said: 
    You are running Lion; this is the Snow Leopard (10.6) forum. This is pretty old stuff, so that's why I'm wondering if there's some new development. This is the trojan removal tool from securemac (macscan) for infections that were cirulating in 2008.
    http://macscan.securemac.com/dnschanger-trojan-removal-tool-for-mac-os-x/
    XProtect/Quarantine, which is a limited malware screening tool in 10.6, and I'd assume present also in 10.7 Lion, is showing a definition for the OSX.RSPlug.A Trojan Horse. But that definition, if something new is happening, may not be up to date. That's all I know right now.
    So the question remains....is there a concern and if so, is the url WZZZ provided the right tool?
    thanks.

    All computers are suspectible to trojans if the user intalls it, 10.7.3 is no different, so if you've installed something with your admin password and your having issues, it could be a trojan. But likely did not get on your machine without your assistance.
    The site you linked too shows a all green light, so it's not malicious.
    I've found the IP's used by the malicious DNS changer network, however it is old news.
    DNS stands for Domain Name Server, what this does is when you search for say google.com, or apple.com, it translates the Domain name of apple.com into a IP address (number) that then allows your computer to connect to that site.
    Because servers (computers) are moved around to different hosting services with different IP address, sort of alike a business that changes location if the lease for the location is expired, the name of the domain (like a name of a business) doesn't change so people can still find the site.
    The Domain Name Server handles all the IP changes, proving your computer with the latest IP address to connect too.
    Now in your System Preferences > Network > DNS will be the iP addresses of the Domain Name Server your using, usually it's your ISP's but people often change it to something faster or offers more security or "filtering" of malicious site or even content!
    So what you need to do is check two things, your Mac's and your router's DNS setting to make sure the IP address (two of them usually) are set to IP addressed that you KNOW belong to your ISP or a alternate DNS provider you have selected.
    The only way to find out is to contact your ISP and give them your account/location present DNS IP numbers  and they will tell you the IP address of the closest DNS to your location which is likely what they use.
    If your DNS settings on either the Mac or the router is NOT kosher, then you've got a problem.

  • Trojan Detected

    My Netprotectplus McAfee scan says "0 viruses ans spyware detected in your last scan".   Fair eough.  But when I view the scan report it says that  1 trojan was detected.
    Whuch is correct?   How do I know whethert the trojan has been deleted?  Is it possible to see a file that shows where the trojan was/is in my system?
    It does not say trojan removed, unless, maybe,  there is a more detailed log file that I can look at?

    Hi JayZS and welcome
    It appears to be reporting that it has found a trojan, but doesn't mean it was found during the last scan.
    From the home page click Navigation (top right), then click on Quarantined and Trusted Items, then check Quarantined Items and/or Quarantined Potentially Unwanted Programs.
    From there, you should be able to Select the trojan, then remove/delete it...
    (You could also dump the 207Cookie that's bound to be there!!).
    -+-No longer a forum member-+-

  • Trojan loves Firefox?

    I bought this computer from a 'professional' refurbisher. None of my other computers show a Trojan infection, and MS Security Essentials shows a Trojan in the 6/6D cache of Firefox. I've tried MSSE, Malwarebytes, SuperAntiSpyware, & Trojan Remover. Only MSSE sees the Trojan, and after I delete it it pops back up. Manually deleted file, then even uninstalled Firefox & re-installed it. After a day, the Trojan was back.
    Thoughts, please?
    Thanks.
    Chuck

    Hi,
    It could be a cache entry from a visited website. You can upload the particular file to [https://www.virustotal.com/ VirusTotal] for a comprehensive analysis with many different scan engines. If MS Security Essentials has an option to send results you could send it and if it was a false positive the warning would likely disappear at the next signature update. You can also do a scan with another online/standalone AV scanner:
    [http://www.nortonfreetools.com/freebies.php Norton]
    [http://www.trendmicro.co.uk/products/free-tools-and-services/ Trend]
    [http://www.kaspersky.com/virusscanner Kaspersky]
    [https://www.f-secure.com/en/web/labs_global/removal/online-scanner F-Secure]
    [http://quickscan.bitdefender.com/ Bitdefender]

  • Links going to wrong sites

    When I search for something and click on the links, it takes me to wrong sites.

    Linc Davis wrote:
    The other is that you're using a rogue DNS server that redirects traffic away from Google. Your operating system is so old that I'm not sure how to proceed.
    Please launch the System Preferences application. There should be a preference pane called Network, or maybe Internet. Open that, and look through the settings for the addresses of your DNS servers. Also check to see whether a web proxy is configured. I can't be more specific because I don't remember how those settings were laid out in 10.4.
    Also look at your router's settings to see what DNS servers it uses.
    This is the best information I've been able to locate on DNS Trojans First Look: Trojan Horse warning: What you need to know. It's very old and has been updated, but it may not apply to later versions.
    MacScan has a free DNSChanger Trojan Removal Tool for Mac OS X which hasn't been updated since 2008 and the site may be blocked by the Trojan.

  • Blue Screen of Death - Smax4pnp.exe app error

    When I boot my T61 I get the "Smax4pnp.exe app error"  and then later get the BSOD with Invalid_work_Queue_Item or no character string like the previous.
    I ran MS Security Essentials and it found two or three Trojans & removed them.
    Any idea what is causing this?  Is my sound card dead?

    A couple of  things to try:
    Run some other malware detector.  Malwarebytes (frree) has done a good job for me.  There are others.
    Go to device manager and uninstall your sound "card". Reboot and let the driver reinstall.  If it doesn't (or if the problem persists) download and install the latest driver and sound app.
    Z.
    The large print: please read the Community Participation Rules before posting. Include as much information as possible: model, machine type, operating system, and a descriptive subject line. Do not include personal information: serial number, telephone number, email address, etc.  The fine print: I do not work for, nor do I speak for Lenovo. Unsolicited private messages will be ignored. ... GeezBlog
    English Community   Deutsche Community   Comunidad en Español   Русскоязычное Сообщество

  • Safari can't open the page https

    Frustrating to say the least. About a week ago whilst in Google mail, Safari failed to open an email instead it opened a page displaying the message Safari can’t open the page “https"//mail.google.com" etc
    A page refresh also failed to open the page as did a my attempt to "Sign out".
    Later that day the same problem occurred when I was using my bank's website. Oddly, when I turned to Camino and it too failed to open Googlemail and the bank's site. On my MacBook both sites worked from both applications. Add if I use a different user account on my Mac Pro, I don't have the problem.
    My account is a “Standard” user. A logout and back in and it works again, a reboot and it works again but after a couple of hours the problem returns:
    Any help welcomed as the following steps have failed to resolve the issue:
    Empty Safari cache
    Reset Safari
    Uninstall Safari 4.0 beta and re-install Safari 3
    Re-install Safari 4.0 beta
    Swaped ethernet connection on my Mac Pro
    Verify Disk Permissions
    Repair Disk Permissions
    Delete website history with "Adobe, Website Storage Settings panel"
    Reset router
    Rebooted Smoothwall
    ClamXav found nothing
    DNSChanger Removal Tool found nothing
    iServices Trojan Removal Tool found nothing
    removed .GlobalPreferences.plist
    Thx
    John

    Hi John
    Google Mail has been problematic on Safari 4. There are a number of threads in the Safari 4 Beta forum addressing the issue.
    Thanks for posting the steps you have taken so far.
    In a broader sense, security certificates are at the root of secured sites functioning. Those certificates are part of the Keychain file in HD>System>Library>Keychains. Perhaps, the keychain file needs repair. Open Keychain Access in your Applications>Utilities folder. In the Keychains Menu, select "Keychain First Aid">repair. If any errors appear, rerun until you get a clean pass.
    If no errors appear, you may have to reestablish the keychain entries in your Standard account. Do you have administrative privileges assigned to that account?
    Also, I'm not familiar with Smoothwall's operation/setup, however, some tweaking of its settings may be necessary. Here's some dated technospeak about Smoothwall and Safari.

  • Java.Openconnection FOUND by ClamXav

    Hi,
    I have been having trouble with my credit card information being stolen. It was suggested that it might be because my computer is infected with a virus. So I downloaded ClamXav to see if I could find any viruses that might be making my information vulnerable. I scanned my whole hard drive, and apart from a bunch of phishing emails, the only thing that it found was the following.
    /Users/erpilgrim/Library/Caches/Java/cache/javapi/v1.0/jar/ms03011.jar-3847f8dc- 39f62109.zip: Java.Openconnection FOUND
    Does anyone know what Java.Openconnection is? Could it cause a problem with the security of my information such as my credit card numbers? What would be the proper way to deal with it? Would it be okay to remove it from the java cache? Or is it needed there?
    Any help with this would be greatly appreciated. Any suggestions about security precautions with Tiger would also be appreciated.
    Thanks,
    erpilgrim

    You could remove that file, since it appears to not be a standard one for Java in Tiger 10.4.11.
    And I checked into my most active Tiger system, via the path you found yours (in User/ acct)
    and did not see any jar file with ms- {though did a search and found the java.Openconnection
    item to be a Windows-targeted malware often sent via infected email to other computers.)
    While I have no experience in finding or removing malware (have ClamXAV, but it found nothing)
    I did see a reference from a few years ago, as well as some newer ones, just by google search
    of the name java.Openconnection to see what if anything came up. Reference to a Trojan item
    did come up, under varying names; mostly related to Windows and spread by email.
    An old virus report from about two years ago, came up; it has more than one named item with
    variant java.Openconnection listed, along with other names, etc. +This may not be helpful+ but
    usually with ClamXAV, you can find and remove possibly infected files from found locations.
    And you could remove that item from the cache, probably. Perhaps someone else with more
    experience in using the anti-virus/malware tool ClamXAV (or contact the developer via email
    or a form on the site support, if one is available) could be more helpful in the overall situation.
    +The following report on the virus that Symantec.com dubbed+ Trojan.ByteVerify
    File ms03011.jar-3847f8dc-50961bb6.zip
    • re: Hacked Nation: VirusTotal Report: Trojan.ByteVerify:
    http://hackednation.blogspot.com/2008/09/virustotal-report-trojanbyteverify.html
    This has been said to only affect computers running a Windows operating system; so in
    the case of a dual-boot computer capable of running a Windows partition or with a virtual
    system running a layered virtual machine in another system, such malware could be in
    a Mac and if that computer runs (or connects, sends, shares) files that can get into a
    non-Mac OS X system, that other computer or OS version (windows via BootCamp, etc)
    could be infected.
    You can see if any outside connections are attempted by something running in your computer
    by getting Little Snitch (licensed shareware with fee) and it will keep track of such effects.
    If you have visited web sites posing as authentic other places (fake banks, fake vendors where
    you entered a credit card number to buy something; etc) someone other than an intended site
    may have gotten that personal information. Also, if you have been using old compromised web
    browsers and have not updated or upgraded them, and also updated Adobe Flash & Shockwave
    plugins, you'd have to get the newest applicable player plugins and use their Uninstaller to delete
    the old installed Flash player and Shockwave player, and quit all browsers, to install replacement
    players. Each has their own uninstaller for these Adobe items. They are security risks, btw.
    There may also be a DNS hijack situation going on in your computer, too; where it would be
    re-directed to fake sites by having substituted the correct web DNS numbers with corrupted
    ones, and you may be taken to places where they'd be harvesting your personal data from
    their own on-site keystroke and other spyware logger software. This would not have to be
    installed into your computer for them to get your information.
    You can change the DNS numbers (and not pay a fee) if those in your Networks settings;
    and that may help stop any redirects that way; but there is another way to search for a
    common redirect using a free scan feature to find and help remove DNS Changer redirects.
    • Open DNS for Mac (cnet downloads)
    http://download.cnet.com/OpenDNS/3000-2381_4-169629.html
    These kinds of topics have been discussed, so in Apple Discussions, there are referenced
    questions and some replies that seemed to work in general topics; not specific to this one
    item you noticed in the java folder/files. But that one item is known, per the link above.
    The DNS Changer/DNS hijacker (redirect trojan) is another direction to look into; this also
    has been spelled out in the Apple Discussions a few times; details about this item read:
    +*Trojan DNSChanger* also known as rootrkit TDSS and redirect virus is name of a group of trojans+
    +(zlob dns changer, Troj/Rustok-N, W32/Tidserv. gaopdxserv.sys trojan, UACd.sys trojan, …) that+
    +once installed, redirects you to malicious websites and stealing personal identities.+
    You should not have to buy anything to find and get rid of this; and the same, when deciding
    to use the checked and tested Open DNS alternative numbers in your network settings.
    • DNS Changer Trojan removal tool, free:
    http://macscan.securemac.com/files/DNSChangerRemovalTool.dmg
    +{I've had at least 10 interruptions in the course of attempting to write a coherent reply to this issue+
    +and I have a situation in real time that does not compute to anything, for me anywhere!. Sorry for a+
    +long, broken yet partial reply. Part of the job of parent-sitting: when they get old & flaky.}+
    Good luck in this matter!

  • Which anti-virus program do you recommend?

    My school requires that I install an anti-virus on my iBook G4. Which anti-virus program works better with Mac?

    Look at these links.
    The Mac Malware Myth
    http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/
    Should Mac Users Run Antivirus Software?
    http://db.tidbits.com/article/9511
    Reviews of Antivirus products for Apple Mac OS X
    http://netsecurity.about.com/od/macav/Reviewsof_Antivirus_products_for_Apple_Mac_OSX.htm
    Antivirus software is not really necessary on a Mac, however if you receive many emails and forward them to PC users it may help them. I don't use any AV SW on my Macs. If you want to use one to detect a virus on emails, get the freeware antivirus application for Macs - ClamXav @ http://www.clamxav.com/ .
    SecureMac has a lot of info about Mac security. SecureMac has provided several freeware Trojan removal tools. Download them here:
    iServices Trojan Removal Tool (OS 10.4 or later) Download at http://www.macupdate.com/info.php/id/30265/iservices-trojan-removal-tool
    DNSChanger Removal Tool (OS 10.3 or later) Download at http://www.macupdate.com/info.php/id/26652/dnschanger-removal-tool
     Cheers, Tom

  • I cannot print return label because I don't register. Please help me.

    I order iphone5 from Apple online store .
    When I buy, I don't log-in Apple ID
    (I bought in the name of the "Guests.")
    Now I want to print return label.
    It cannot print, Because The website asks for Apple ID
    If I use my Apple ID Website call me "The signed in account does not have access to this order."
    I cannot use my Apple ID to print it.
    Now I have only order code.
    How can I print?

    Hi Leopallo,
    Are the trojan remover and the farbar service scanner
    3rd-party tools?
    We may first take a try with the SFC tool and see if it could fix the errors:
    Open CMD in admin rights, then type:
    SFC /scannow
    Then press enter.
    If we have backup available, please try take a system restore.
    http://windows.microsoft.com/en-hk/windows7/products/features/system-restore
    If we don’t have any backup available, we may consider to do a repair install (upgrade install) with the installation Disk.
    Start your computer from a Windows 7 installation disc or USB flash drive
    http://windows.microsoft.com/en-hk/windows7/start-your-computer-from-a-windows-7-installation-disc-or-usb-flash-drive
    Best regards,
    Fangzhou CHEN
    Fangzhou CHEN
    TechNet Community Support

  • Possible email virus ???

    My wife received an email from a friend titled "this is a painting not a picture"
    There was no text in the email and she opened the attachment.
    A few minutes later she said her mouse was gone from the screen and could do nothing. Even trying to power off using the button behind the screen had no effect..The only thing I could do was to disconnect the power cord from the wall.
    We then seemed to be able to operate normally, but since then {about a week ago} the same thing happened, no mouse and unplugging from the wall was the only fix.
    Also last night she attempted to send an email and it would not send so she quit the computer by putting it to sleep I think.
    This morning I attempted to wake up the computer and it would not respond, so unplugging was the only fix .
    When I got into her email there was no email in here "sent" folder but in her "in box" she had many many copies sent to herself that said they were "from" auto.response..
    Then she received a message from the person whom she had tried to send the email to indicating that they had received her email and 20+ copies of it.
    I updated all the latest apple software this morning and installed "mac scan" trojan remover plus I Installed "iAntiVirus" and found nothing with either scanner
    I wonder if any one else had a similar problem.
    Also I asked my wife what the "PICTURE" looked like when she opened it.She said it had a black background and some sort of necklace and maybe flowers....
    It sure sounds to me like she opened a nasty virus.
    Snowed one...

    Welcome to Apple Discussions!
    This is what is known as a trojan horse, not a virus. Viruses are self-replicating without any user interaction. The fact she had to open the e-mail to make it do what it did, says it was strictly an e-mail virus. It is possible that what happened, is that by clicking on some link within the e-mail, it ended up confirming her e-mail address, and then the e-mail program, which already might have been set to instantly replicate the contents of the inbox got overwhelmed with the spam that was sent.
    Do not, under any circumstance open e-mail from an unknown source.
    She should also make sure her friends do not do the same. Because it is also possible, that your wife was not the originator of this virus, but rather her friend, and more likely. Your wife's e-mail address in the friend's digital addressbook might have been compromised and sent to a spammer, and then self replicated on the friend's machine to send to your wife.
    Do not allow e-mail to replicate its contents automatically more than once every 5 minutes. Tell your friends to use BCC when mass e-mailing, as well as your wife, and not CC, to avoid showing the addressbook to everyone in the list. Otherwise other spam viruses might be spread.

  • Anti Virus program..?

    Hi all,
    Strange subject for a Mac user, I know. But yesterday I received word that a virus had broken out in some Mac computers (http://macenstein.com/default/archives/2200), thought to be disguising itself as part of iWork 'O9.
    I wondered if anybody knew of some good Mac antivirus software compatible with OS X 10.4? I had Norton Antivirus before, but this wasn't compatible with 10.4.
    best,
    Desirée

    the iwork trojan only applies to pirated copies downloaded from torrents, not the retail version.
    for removal of the badness, try this: http://www.macupdate.com/info.php/id/30265/iservices-trojan-removal-tool
    otherwise, clamx av does a decent job on the client side. it does have limitations in a managed environment, though (no management console, need to manage each instance separately; quarantines files but doesn't clean them; etc.), so choose carefully.

Maybe you are looking for