Trojan Virus Detected
While using Safari a notice stating Trojan Virus detected keeps appearing! Safe Booted once but very apprehensive !?
HI and welcome to Apple Discussions...
Malware perhaps but not a virus. Get MacScan
You can use the demo for 30 days free and runs on Snow Leopard.
Carolyn
Similar Messages
-
My anti-virus detects jdeveloper.exe as a Trojan
Hello there
I am using free Avira-Antivir and now i just cant use my jdeveloper Studio because on every try to launch it the anti virus alerts me and shows that jdeveloper.exe is a Trojan (Virus: TR/Dropper.Gen ) I had jdev10133, i removed it and after i downloaded jdev10134 and the same result. How do i fix the problem, is my computer infected or should i remove the antivirus?
ThxI downloaded oracle data modeller (datamodeling-1.5.1-525-no-jre.zip) today and made a virus scan on the file and yes there is TR/Dropper.Gen virus inside.
Of course i think its false alarm but its still there.
Here you can go on oracle page and download it http://www.oracle.com/technology/products/database/sql_developer/files/Modeling.html
My virus tool is avira antivir premium. -
Confusion on trojan/virus download
I was going over to Hotmail and a pop up came up on my iMac stating that a possible trojan was detected. Having my guard down -- being on an iMac -- I hit "download," which when finished immediately prompted five more downloads to start. I immediately shut down the computer and am wondering what I can do now to "save" my iMac before turning it back on. (I have time machine/capsule, too, but would a backup also have the trojan downloaded on that, as well?)
You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Privacy, useful:
http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0
Regarding MacScan, First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected]
Security of OS X generally:
http://www.apple.com/macosx/security/
http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf
Security Configuration for Version 10.5 Leopard:
http://images.apple.com/server/macosx/docs/LeopardSecurity_Config_2ndEd.pdf
This Blog entry is also worth a read:
http://blog.damballa.com/?p=1055
Other sources of malware include sites like Facebook and Hotmail. -
Hello, Macbook users!
I use Macbook Pro and I recently received a warning from Kaspersky that my mac is infected with Trojan virus.
My school re-imaged my MacBook on Thursday 22 August 2013 and Kaspersky detected "Trojan.Win32.Hosts2.Gen" in File / Private / etc / hosts on Friday 23 August 2013. (It's so weired! I NEVER torrent!)
However, I saw a post on Kaspersky discussion forum and some of the users aruge that they might have received false warning. So, I'm just wondering if this was just a false warning or real one. But I guess my Mac is really infected with Trojan virus since I am running few anti virus programmes at the same time and all of them give me warnings about virus / infected files. I disinfected the detected files but I'm still concerend.
I did some research about Trojan virus and I am so worried now.
So what I know is:
1. Trojan programme is a very dangerous virus programme.
2. Hackers can hack through my computer if my computer is infected with Trojan virus.
3. Recent Trojan programmes are so smart they hide themselves and even Terminal cannot detect them.
I'm so concerned right now I can't do anything
So my questions are:
1. How do I completely get rid of Trojan virus? I'm scanning my Mac with Kaspersky, Magician, Sophos and Dr. Web Light now and they give me different results so I am kind of skeptical about using Anti-virus programme.
2. Is there any possibility that I got Trojan because of re-imaging? Would it be better if I ask the school to re-image my computer again?
3. Can re-imaging get rid of Trojan virus?
4. If the answer to question 2 is no, how did I get Trojan virus?
5. What do the Trojan remains do? Is there any possibility that remains do any harm to my computer?
6. How do I view hidden Trojan files?
7. Could it be a false warning?
I'm so confused and frustrated right now. I never had virus before and I thought Mac don't get virus. I'm really concerned that I might lose all my files and documents. I asked around a bit but I still don't know what to do. Please, please, please help me!
Thanks in advance!
*P.S: The photos might help!Here are the contents of the file of etc/hosts requested above.
216.239.32.20 www.google.ac # __CE_WATERMARK__
216.239.32.20 www.google.ad # __CE_WATERMARK__
216.239.32.20 www.google.ae # __CE_WATERMARK__
216.239.32.20 www.google.al # __CE_WATERMARK__
216.239.32.20 www.google.am # __CE_WATERMARK__
216.239.32.20 www.google.as # __CE_WATERMARK__
216.239.32.20 www.google.at # __CE_WATERMARK__
216.239.32.20 www.google.az # __CE_WATERMARK__
216.239.32.20 www.google.ba # __CE_WATERMARK__
216.239.32.20 www.google.be # __CE_WATERMARK__
216.239.32.20 www.google.bf # __CE_WATERMARK__
216.239.32.20 www.google.bg # __CE_WATERMARK__
216.239.32.20 www.google.bi # __CE_WATERMARK__
216.239.32.20 www.google.bj # __CE_WATERMARK__
216.239.32.20 www.google.bs # __CE_WATERMARK__
216.239.32.20 www.google.bt # __CE_WATERMARK__
216.239.32.20 www.google.by # __CE_WATERMARK__
216.239.32.20 www.google.ca # __CE_WATERMARK__
216.239.32.20 www.google.cat # __CE_WATERMARK__
216.239.32.20 www.google.cc # __CE_WATERMARK__
216.239.32.20 www.google.cd # __CE_WATERMARK__
216.239.32.20 www.google.cf # __CE_WATERMARK__
216.239.32.20 www.google.cg # __CE_WATERMARK__
216.239.32.20 www.google.ch # __CE_WATERMARK__
216.239.32.20 www.google.ci # __CE_WATERMARK__
216.239.32.20 www.google.cl # __CE_WATERMARK__
216.239.32.20 www.google.cm # __CE_WATERMARK__
216.239.32.20 www.google.cn # __CE_WATERMARK__
216.239.32.20 www.google.co.ao # __CE_WATERMARK__
216.239.32.20 www.google.co.bw # __CE_WATERMARK__
216.239.32.20 www.google.co.ck # __CE_WATERMARK__
216.239.32.20 www.google.co.cr # __CE_WATERMARK__
216.239.32.20 www.google.co.id # __CE_WATERMARK__
216.239.32.20 www.google.co.il # __CE_WATERMARK__
216.239.32.20 www.google.co.in # __CE_WATERMARK__
216.239.32.20 www.google.co.jp # __CE_WATERMARK__
216.239.32.20 www.google.co.ke # __CE_WATERMARK__
216.239.32.20 www.google.co.kr # __CE_WATERMARK__
216.239.32.20 www.google.co.ls # __CE_WATERMARK__
216.239.32.20 www.google.co.ma # __CE_WATERMARK__
216.239.32.20 www.google.co.mz # __CE_WATERMARK__
216.239.32.20 www.google.co.nz # __CE_WATERMARK__
216.239.32.20 www.google.co.th # __CE_WATERMARK__
216.239.32.20 www.google.co.tz # __CE_WATERMARK__
216.239.32.20 www.google.co.ug # __CE_WATERMARK__
216.239.32.20 www.google.co.uk # __CE_WATERMARK__
216.239.32.20 www.google.co.uz # __CE_WATERMARK__
216.239.32.20 www.google.co.ve # __CE_WATERMARK__
216.239.32.20 www.google.co.vi # __CE_WATERMARK__
216.239.32.20 www.google.co.za # __CE_WATERMARK__
216.239.32.20 www.google.co.zm # __CE_WATERMARK__
216.239.32.20 www.google.co.zw # __CE_WATERMARK__
216.239.32.20 www.google.com # __CE_WATERMARK__
216.239.32.20 www.google.com.af # __CE_WATERMARK__
216.239.32.20 www.google.com.ag # __CE_WATERMARK__
216.239.32.20 www.google.com.ai # __CE_WATERMARK__
216.239.32.20 www.google.com.ar # __CE_WATERMARK__
216.239.32.20 www.google.com.au # __CE_WATERMARK__
216.239.32.20 www.google.com.bd # __CE_WATERMARK__
216.239.32.20 www.google.com.bh # __CE_WATERMARK__
216.239.32.20 www.google.com.bn # __CE_WATERMARK__
216.239.32.20 www.google.com.bo # __CE_WATERMARK__
216.239.32.20 www.google.com.br # __CE_WATERMARK__
216.239.32.20 www.google.com.bz # __CE_WATERMARK__
216.239.32.20 www.google.com.co # __CE_WATERMARK__
216.239.32.20 www.google.com.cu # __CE_WATERMARK__
216.239.32.20 www.google.com.cy # __CE_WATERMARK__
216.239.32.20 www.google.com.do # __CE_WATERMARK__
216.239.32.20 www.google.com.ec # __CE_WATERMARK__
216.239.32.20 www.google.com.eg # __CE_WATERMARK__
216.239.32.20 www.google.com.et # __CE_WATERMARK__
216.239.32.20 www.google.com.fj # __CE_WATERMARK__
216.239.32.20 www.google.com.gh # __CE_WATERMARK__
216.239.32.20 www.google.com.gi # __CE_WATERMARK__
216.239.32.20 www.google.com.gt # __CE_WATERMARK__
216.239.32.20 www.google.com.hk # __CE_WATERMARK__
216.239.32.20 www.google.com.jm # __CE_WATERMARK__
216.239.32.20 www.google.com.kh # __CE_WATERMARK__
216.239.32.20 www.google.com.kw # __CE_WATERMARK__
216.239.32.20 www.google.com.lb # __CE_WATERMARK__
216.239.32.20 www.google.com.lc # __CE_WATERMARK__
216.239.32.20 www.google.com.ly # __CE_WATERMARK__
216.239.32.20 www.google.com.mm # __CE_WATERMARK__
216.239.32.20 www.google.com.mt # __CE_WATERMARK__
216.239.32.20 www.google.com.mx # __CE_WATERMARK__
216.239.32.20 www.google.com.my # __CE_WATERMARK__
216.239.32.20 www.google.com.na # __CE_WATERMARK__
216.239.32.20 www.google.com.nf # __CE_WATERMARK__
216.239.32.20 www.google.com.ng # __CE_WATERMARK__
216.239.32.20 www.google.com.ni # __CE_WATERMARK__
216.239.32.20 www.google.com.np # __CE_WATERMARK__
216.239.32.20 www.google.com.om # __CE_WATERMARK__
216.239.32.20 www.google.com.pa # __CE_WATERMARK__
216.239.32.20 www.google.com.pe # __CE_WATERMARK__
216.239.32.20 www.google.com.pg # __CE_WATERMARK__
216.239.32.20 www.google.com.ph # __CE_WATERMARK__
216.239.32.20 www.google.com.pk # __CE_WATERMARK__
216.239.32.20 www.google.com.pr # __CE_WATERMARK__
216.239.32.20 www.google.com.py # __CE_WATERMARK__
216.239.32.20 www.google.com.qa # __CE_WATERMARK__
216.239.32.20 www.google.com.sa # __CE_WATERMARK__
216.239.32.20 www.google.com.sb # __CE_WATERMARK__
216.239.32.20 www.google.com.sg # __CE_WATERMARK__
216.239.32.20 www.google.com.sl # __CE_WATERMARK__
216.239.32.20 www.google.com.sv # __CE_WATERMARK__
216.239.32.20 www.google.com.tj # __CE_WATERMARK__
216.239.32.20 www.google.com.tn # __CE_WATERMARK__
216.239.32.20 www.google.com.tr # __CE_WATERMARK__
216.239.32.20 www.google.com.tw # __CE_WATERMARK__
216.239.32.20 www.google.com.ua # __CE_WATERMARK__
216.239.32.20 www.google.com.uy # __CE_WATERMARK__
216.239.32.20 www.google.com.vc # __CE_WATERMARK__
216.239.32.20 www.google.com.vn # __CE_WATERMARK__
216.239.32.20 www.google.cv # __CE_WATERMARK__
216.239.32.20 www.google.cz # __CE_WATERMARK__
216.239.32.20 www.google.de # __CE_WATERMARK__
216.239.32.20 www.google.dj # __CE_WATERMARK__
216.239.32.20 www.google.dk # __CE_WATERMARK__
216.239.32.20 www.google.dm # __CE_WATERMARK__
216.239.32.20 www.google.dz # __CE_WATERMARK__
216.239.32.20 www.google.ee # __CE_WATERMARK__
216.239.32.20 www.google.es # __CE_WATERMARK__
216.239.32.20 www.google.fi # __CE_WATERMARK__
216.239.32.20 www.google.fm # __CE_WATERMARK__
216.239.32.20 www.google.fr # __CE_WATERMARK__
216.239.32.20 www.google.ga # __CE_WATERMARK__
216.239.32.20 www.google.ge # __CE_WATERMARK__
216.239.32.20 www.google.gf # __CE_WATERMARK__
216.239.32.20 www.google.gg # __CE_WATERMARK__
216.239.32.20 www.google.gl # __CE_WATERMARK__
216.239.32.20 www.google.gm # __CE_WATERMARK__
216.239.32.20 www.google.gp # __CE_WATERMARK__
216.239.32.20 www.google.gr # __CE_WATERMARK__
216.239.32.20 www.google.gy # __CE_WATERMARK__
216.239.32.20 www.google.hn # __CE_WATERMARK__
216.239.32.20 www.google.hr # __CE_WATERMARK__
216.239.32.20 www.google.ht # __CE_WATERMARK__
216.239.32.20 www.google.hu # __CE_WATERMARK__
216.239.32.20 www.google.ie # __CE_WATERMARK__
216.239.32.20 www.google.im # __CE_WATERMARK__
216.239.32.20 www.google.io # __CE_WATERMARK__
216.239.32.20 www.google.iq # __CE_WATERMARK__
216.239.32.20 www.google.ir # __CE_WATERMARK__
216.239.32.20 www.google.is # __CE_WATERMARK__
216.239.32.20 www.google.it # __CE_WATERMARK__
216.239.32.20 www.google.je # __CE_WATERMARK__
216.239.32.20 www.google.jo # __CE_WATERMARK__
216.239.32.20 www.google.kg # __CE_WATERMARK__
216.239.32.20 www.google.ki # __CE_WATERMARK__
216.239.32.20 www.google.kz # __CE_WATERMARK__
216.239.32.20 www.google.la # __CE_WATERMARK__
216.239.32.20 www.google.li # __CE_WATERMARK__
216.239.32.20 www.google.lk # __CE_WATERMARK__
216.239.32.20 www.google.lt # __CE_WATERMARK__
216.239.32.20 www.google.lu # __CE_WATERMARK__
216.239.32.20 www.google.lv # __CE_WATERMARK__
216.239.32.20 www.google.md # __CE_WATERMARK__
216.239.32.20 www.google.me # __CE_WATERMARK__
216.239.32.20 www.google.mg # __CE_WATERMARK__
216.239.32.20 www.google.mk # __CE_WATERMARK__
216.239.32.20 www.google.ml # __CE_WATERMARK__
216.239.32.20 www.google.mn # __CE_WATERMARK__
216.239.32.20 www.google.ms # __CE_WATERMARK__
216.239.32.20 www.google.mu # __CE_WATERMARK__
216.239.32.20 www.google.mv # __CE_WATERMARK__
216.239.32.20 www.google.mw # __CE_WATERMARK__
216.239.32.20 www.google.ne # __CE_WATERMARK__
216.239.32.20 www.google.nl # __CE_WATERMARK__
216.239.32.20 www.google.no # __CE_WATERMARK__
216.239.32.20 www.google.nr # __CE_WATERMARK__
216.239.32.20 www.google.nu # __CE_WATERMARK__
216.239.32.20 www.google.pl # __CE_WATERMARK__
216.239.32.20 www.google.pn # __CE_WATERMARK__
216.239.32.20 www.google.ps # __CE_WATERMARK__
216.239.32.20 www.google.pt # __CE_WATERMARK__
216.239.32.20 www.google.ro # __CE_WATERMARK__
216.239.32.20 www.google.rs # __CE_WATERMARK__
216.239.32.20 www.google.ru # __CE_WATERMARK__
216.239.32.20 www.google.rw # __CE_WATERMARK__
216.239.32.20 www.google.sc # __CE_WATERMARK__
216.239.32.20 www.google.se # __CE_WATERMARK__
216.239.32.20 www.google.sh # __CE_WATERMARK__
216.239.32.20 www.google.si # __CE_WATERMARK__
216.239.32.20 www.google.sk # __CE_WATERMARK__
216.239.32.20 www.google.sm # __CE_WATERMARK__
216.239.32.20 www.google.sn # __CE_WATERMARK__
216.239.32.20 www.google.so # __CE_WATERMARK__
216.239.32.20 www.google.st # __CE_WATERMARK__
216.239.32.20 www.google.td # __CE_WATERMARK__
216.239.32.20 www.google.tg # __CE_WATERMARK__
216.239.32.20 www.google.tk # __CE_WATERMARK__
216.239.32.20 www.google.tl # __CE_WATERMARK__
216.239.32.20 www.google.tm # __CE_WATERMARK__
216.239.32.20 www.google.tn # __CE_WATERMARK__
216.239.32.20 www.google.to # __CE_WATERMARK__
216.239.32.20 www.google.tt # __CE_WATERMARK__
216.239.32.20 www.google.us # __CE_WATERMARK__
216.239.32.20 www.google.vg # __CE_WATERMARK__
216.239.32.20 www.google.vu # __CE_WATERMARK__
216.239.32.20 www.google.ws # __CE_WATERMARK__
#This file has been replaced with its default version by Kaspersky Lab because of possible infection
127.0.0.1 localhost
::1 localhost -
Can the rescue and recovery function be infect with a trojan virus?
I had some trouble with trojan viruses. My scan software detected malware on my system which I deleted with the help of the antivirus software antivir (free version) and with the software malwarebytes.
My thinkpad r51 is still running and virus scans do not show any problems any more. But I am not quite sure if I can trust the scans. So I am thinking about to format the harddisk and setup a new system. Or to use the rescue and recovery function which says that the system will be put back to its initial state. Is it really possible to bring the system back to its original state with help of rescue and recovery? ? I am a little bit afraid that the rescue and recovery function might be infected too? How does the function work? Can the system really be put back to its original state?
Any help appreciated, thanks!
Tom
Solved!
Go to Solution.Hi,
if you have a virus on your system, then there is a realy small chance, that the virus got also into the Service Partition.
So in this situation if you want to restore the system , then after the restore finish, the virus should surely be gone.
Service partition is a protected partition, which content can not be accessed just like that .
Rgrds -
AIM virus? "Virus-detection" popups in Safari?
Could it be, some sort of virus on my beloved macbook pro? Here is the story..
Last night when I logged into Adium, I received a message from "aim" claiming that I had some sort of friend request waiting for my approval, and someone wanted to list me in their profile. I hovered over the link and it went to the aim website, and curiosity always kills the cat.. I clicked. (Dumb, right?) Well, it did take me to the aim website and it was asking for my log in, so I closed.
Since then the same IM pops up every time I log on. I'm not sure if that has any affiliation with my next problem, but it could be useful information. I went to myspace.com, and I received a pop up saying something along the lines of "Malware/Spyware has been detected on your computer and you should resolve it by going to this website and downloading our anti-virus software." There was a URL at the top, not sure where it went to because it didn't matter. I canceled out because I had no other option, and it came up again. I canceled once more, and it came up again with only OK as the option. I tried force quitting Safari, and it didn't work at first. I received yet another pop up talking about slow script, asking if I wanted to continue to run it, and I said no, then hit apple alt esc and managed to close Safari.
Everything seems to be working fine in Firefox. Any suggestions as to how to rid of whatever might be happening, or any information on what it is at all would be greatly appreciated, I am not sure where to start. I'll be the first to admit that I an a novice when it comes to this sort of thing. Thank you for your help. I will be happy to give anymore information if needed.Yes, sites like that (Adium, FaceBook, YouTube) are notorious for being the prime sources of 'scareware' and malware, most of which is aimed at Windows users and extracting unnecessary money from them with pointless, worthless software. No malware can affect your Mac unless you allow it to install, which in most cases would require your root password.
In your case you may have acquired a 'tracker cookie' sending you to other sites than you intended.
To get rid of them you ned MacScan:
The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
http://macscan.securemac.com/
The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
(Note that a 30 day trial version of MacScan can be downloaded free of charge from:
http://macscan.securemac.com/buy/
and this can perform a complete scan of your entire hard disk. After 30 days the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:
http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174
Also, beware of MacSweeper:
MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
http://en.wikipedia.org/wiki/MacSweeper
On June 23, 2008 this news reached Mac users:
http://www.theregister.co.uk/2008/06/23/mac_trojan/
More information on Mac security can be found here:
http://macscan.securemac.com/
The MacScan application can be downloaded from here:
http://macscan.securemac.com/buy/
You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.
More on Trojans on the Mac here:
http://www.technewsworld.com/story/63574.html?welcome=1214487119
The latest news on the subject, from July 25, 2008, is:
Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.
Net security groups say there is anecdotal evidence that small scale attacks are already happening.
Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm
A further recent development is the Koobface malware that can be picked up from Facebook (already a notorious site for malware), as reported here on December 9, 2008:
http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm
There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download! -
I have iPad2 and iMac. What is recommended virus detection/protection software to download?
What is the best recommended virus detection/protection software for iMac???
You don't need any anti-virus software. See:
Helpful Links Regarding Flashback Trojan and Virus Protection
An excellent link to read is Tom Reed's Mac Malware Guide.
A link to a great User Tip about the trojan: Flashback Trojan User Tip.
To check for the trojan: Anti Flashback Trojan 2.0.4.
A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started. Or the preferred method is to use Apple's protection tool: Flashback Malware Removal Tool 1.0.
Or, open Software Update. If you do not have the Apple protection software installed it will download and install it via Software Update. If no update appears that means you either already have it installed or it isn't needed for your system. The software is only available for Leopard, Snow Leopard, and Lion versions of OS X.
Also see Apple's article About Flashback malware.
For general anti-virus protection I only recommend using ClamXav. -
Does Trojan Virus Works on Mac?
Hey guys, i've downloaded a file from safari, and i've tried to open it up but all of a sudden my shophos anti-virus just pops and say there's a trojan virus with a 1/5 danger.
If i'm right, i remember macs are "virus-free", and trojans are PC virus which shouldn't work on Mac.
Please help!!1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
For more information about Gatekeeper, see this Apple Support article.
4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” "player," "archive extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
5. Java on the Internet (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page. Its developers have had a lot of trouble getting it to do this without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" in OS X. Merely loading a page with malicious Java content could be harmful.
Java is not included in OS X 10.7 and later. A separate Java installer is distributed by Apple, and another one by Oracle (the developer of Java.) Don't use either one unless you need it. At the moment, the Oracle version is blocked by Apple because of known security flaws that make it unsafe to use on the Internet. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog. Few websites have Java content nowadays, so you probably won’t be missing much.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Eliminate Java from your online workflow whenever possible. If a web page prompts you to use Java to do something that can be done without it, such as streaming video or downloading files, don't.
Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default. -
Anyone benefiting from anti-spyware or virus detection?
Anyone with experience or opinions on anti-spyware/virus detection software for our Macs?
I'd like to know if anyone has one worth while to recommend.
Concerned with more and more apps., and blogging sites and websites visited.
Thanks....Adding my two cents worth:
At this time there have been no confirmed Mac OS X viruses (subject to the semantic debate about whether the iChat exploit from a couple of years ago is properly classified as a virus or a trojan horse and not counting the Word macro virus that can affect Office v.X or non-updated copies of Office 2004), very few trojans and no adware or spyware. I therefore do not feel that antivirus or antispyware software is necessary at this time as long as users are careful about what they download from the Internet or accept as attachments via email.
It's never wise to become complacent, though, so security precautions are not wasted. Such security precautions mostly are common sense: don't download and run files from sites you don't know, don't double-click on attachments in emails you aren't expecting and/or from people you don't know, and make sure you password your system and keep that password secure, In addition, don't leave your your system available in a public place and unattended where someone unauthorized could use it and potentially install malware (such a policy is also a precaution against theft).
It is possible for a Mac user to inadvertently forward a Windows virus to a PC user though you'd have to do it manually so the above precautions would probably prevent such virus-spreading, and said Windows virus cannot infect the Mac.
If you do decide you wish to run antivirus software, I think that the donationware clamXav should be more than enough provided you remember to scan your system from time to time. iAntivirus has also been recommended by others, though I have no personal experience with it.
If you are running Windows on your system, either via BootCamp, Parallels Workstation or another solution, then that copy of Windows is subject to all the myriad exploits common to the Windows world, so you need to take full precautions, including running both antivirus and antispyware software.
Regards.
Message was edited by: Dave Sawyer -
Java 8u45 x86 Image build produces virus detection
Hi
Since Java 8u40 and 8u45 every native build in 32bit as Image with netbeans(32bit) or Intellij produces an as virus detected .exe.
I did some tests on a fesh Windows 7/8.1 Pro 64bit with a JavaFX sample project from netbeans.
| Netbeans + Project = Virus detection
Java bit | 64 + 64 = NO
| 64 + 32 = NO
| 32 + 32 = YES
| 32 + 64 = YES
The result shows, that if Netbeans is started in 32bit, every build (.exe) is detected as a virus by some popular virus scanners! The same result with Intellij.
Here a summary from virustotal.com:
AVware Trojan.Win32.Generic!BT
Agnitum Trojan.Kazy!jVWQz3HkaN0
Avira TR/Kazy.15872.8
Ikarus Win32.SuspectCrc
McAfee Artemis!D4746025B56B
Qihoo-360 Win32/Trojan.19a
Symantec WS.Reputation.1
Tencent Win32.Trojan.Kazy.Wqmm
TrendMicro-HouseCall TROJ_GEN.R047H09DM15
VIPRE Trojan.Win32.Generic!BT
Going back to an older Java version (8u25) would cause a lot of work, because of the new JavaFX Windows and security risks.
Can somebody give me hint for resolving this problem?
Greets, philHi
Since Java 8u40 and 8u45 every native build in 32bit as Image with netbeans(32bit) or Intellij produces an as virus detected .exe.
I did some tests on a fesh Windows 7/8.1 Pro 64bit with a JavaFX sample project from netbeans.
| Netbeans + Project = Virus detection
Java bit | 64 + 64 = NO
| 64 + 32 = NO
| 32 + 32 = YES
| 32 + 64 = YES
The result shows, that if Netbeans is started in 32bit, every build (.exe) is detected as a virus by some popular virus scanners! The same result with Intellij.
Here a summary from virustotal.com:
AVware Trojan.Win32.Generic!BT
Agnitum Trojan.Kazy!jVWQz3HkaN0
Avira TR/Kazy.15872.8
Ikarus Win32.SuspectCrc
McAfee Artemis!D4746025B56B
Qihoo-360 Win32/Trojan.19a
Symantec WS.Reputation.1
Tencent Win32.Trojan.Kazy.Wqmm
TrendMicro-HouseCall TROJ_GEN.R047H09DM15
VIPRE Trojan.Win32.Generic!BT
Going back to an older Java version (8u25) would cause a lot of work, because of the new JavaFX Windows and security risks.
Can somebody give me hint for resolving this problem?
Greets, phil -
Directory Damage, what can be used for Disk Repair and Virus Detection?
Hi,
My eMac is acting up. Yesterday I started getting these messages that I needed to restart my computer (message was in a brown box window with an icon of a start up button in background).
I did the disk repair using Start up CD and it came back with "invalid key......." or something like that, and when I tried to repair it, it tried to repair the B-Tree's but then said it could not repair the problem.
I have Diskwarrior 3.03 Build 39, on a CD and on my FW Ext HD, which has a clone of my Mac HD.
Diskwarrior could not produce a graph of Mac HD because the directory was damaged. When I did a rebuild it hung on step 9 comparing directories, said there was 7 million + tests. ( I let it hang on step 9 for 15 hrs. to see if maybe it was just taking a long time due to corrupt directory). I finally clicked on Skip and got to the report page. I could do a preview, but the replace button is greyed out. When I was comparing the sizes of each folder, in both preview and original, I got a can not calculate error message on a few of them. The size of Mac HD in preview compared to the one in Original was different by 4 gbs. A week ago I repaired the Mac HD and did a Diskwarrior directory repair on all my HD's.
Before I do any reformatting of HD or other drastic measures, I was wondering what is safe to use for disk repair and virus detection. I know there is Norton System Works 3.0, Norton AntiVirus and TechTool, are these the only ones? Are these safe to use? Are there any other programs that can repair directory damage?
Thank you in advance,
Deb
eMac 2005 1.42GHz Combo Drive 256MB Tiger 10.4 75GB Mac OS X (10.4) Western Digital (WD) 160GB FW Ext & WD 320gb Media FW Ext, Creative SpeakersThe long-standing rule of thimb has been that if Disk Warrior can't repair a mungled disk directory, then you're looking at reformatting or replacing the hard drive. Since this is a week-old hard drive, I'd suspect the replacement hard drive is itself bad. It might save you grief in the long run to contact the vendor who sold you the drive and inquire about their warrenty. You might want to first run the file system check utility fsck as described in Using Disk Utility and fsck
Directory repair and antivirus protection are different critters. Norton AV is mostly safe (if you don't mind it's track record of false positives) and is used by the IT department at the lab where I work. Norton SystemWorks, AKA Disk Doctor Kervorkian, is most assuredly NOT safe. For every poster reporting something nice about it, you'll find at least 2 dozen cursing it. It has a known track record of detecting problems no other utility finds and of "repairing" drives such that nothing can then read or repair the drive short of low-level reformatting (and occasionally even that fails).
Tech Tool Pro 4 has a good reputation, as does Drive Genius. Tiger OS X 10.4.2 and later include a version of Disk Utility that can for the first time also make effective B-tree and keys out of order and overlapped extent repairs. Still, my personal gut feeling is that if Disk Warrior is choking on the hard drive, you're looking at reformatring while zeros the drive (zeroing should detect and map out bad physical secotrs).
You can also refer to Disk First Aid: What to do when it finds an error and to Handling "overlapped extent allocation" errors reported by Disk Utility or fsck -
Virus Detected (403), Your file could not be uploaded because it contains a virus.
From a Windows 7 Ultimate PC I tried to upload a PDF portfolio containing 35 PDFs. The upload failed with the message "Virus Detected (403), Your file could not be uploaded because it contains a virus."
It is highly unlikely that this PDF portfolio or its 35 PDFs contain a virus. It passed a scan by Microsoft Security Essentials. Any suggestions?
BillHello,
I've got the same 403 error when I want to upload a ebook (purchased on peachpit, see this url for ebook), but when I scan it (windows 8 / avast) no virus found.
Olivier -
Can't close Firefox after eradicating Fake.Trojan virus
Got infected with Fake.Trojan virus today while surfing email via Firefox. Successfully used Malwarebytes to clean up the mess but some carnage remains. On a WIn7 platform.
During infection and since eradication I keep getting this message, "Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
Tried the following to no avail --
1. Task Manager - The Firefox process doesn't show up.
2. Restarting the PC - Same problem;
3. Uninstalling & Reinstalling - Same problem; says it need to close first.
4. Finding/fixing the Profile - %APPDATA%\Mozilla\Firefox\Profiles\ not found.
5. Call to tech support at AVG - They've never seen this. They recommend a full reinstall of Windows (Ugh - don't even know where the disks are!).
Any help welcome. Thanks. -j phillyThank you for the tip. I had already tried your suggestion but based on it decided to take a closer look. I also did a YouTube lookup using IE.
But my first stop was to run that lengthy ChkDsk program to make sure all was structurally sound after the virus. I also bought the Pro version of Malwarebytes to take security even higher.
I went to YouTube because I was having a hard time finding that profile folder the solution you gave me referenced. Answer that worked for me: Don't use the Start button to find your Profile, use your desktop explorer starting with your Users directory and drill down from there. Learned that here: http://www.youtube.com/watch?v=zRUgxlo4U4w&feature=related (Note: The speaker and video quality isn't great but his intent is good and his message had enough helpful content to get me started. Ohers may feel the same way.)
Within the comments section replying to the above-referenced YouTube video, I then found one person who wrote this --
"If your Firefox locks up with this error as the result of a "virus" which also happened to hide all your files and desktop icons, then none of these crap Windows XP 'fixes'on YOUTUBE will work.
In 2012, you will need to install Google Chrome, make it your default browser/import bookmarks etc. Then run Firefox while Chrome is open, and Firefox will suddenly be unlocked! 8-) Amazing!!! Then just disarm Google Chrome and uninstall it, and you will have your Firefox back."
His message wasn't so kind, but I did try his solution and it worked! All appears better.
Thank you again to the community for assistance today and to jscher2000 in particular for taking the time. - j philly -
I am getting a message 403 that the file that I am trying to convert has a virus. I use Kaspersky virus detection and I ran it on just that file. I have converted another file with on problems. What do I need to do?
What is your Windows version? 32-bit or 64-bit?
Internet Explorer: you must use the 32-bit version, regardless of your OS version.
What is the exact error you get, and what are you doing when you get that error? -
Comodo anti-virus detected the file hi.bat
Comodo anti-virus detected the file C:\Toshiba\Drivers\hi.bat as unclassified Malware-risk High.
I don't no what to do. Delete?
I need some help please.Hi
The antivirus scanner has detected this file which is classified as Malware-risk high.
Either you would delete this file or would add it to the quarantine.
But these options are provided by Antivirus as well
Maybe you are looking for
-
ADF EBS Integration - How to open the ADF page in new tab or window
Hi, We are building ADF custom applications and want to integrate them with EBS R12 (12.1.3) through Responsibilities and Menus. We have achieved session sharing and launching the Custom ADF app from EBS menu. The problem is, the Custom ADF page
-
iPod Touch 2nd Gen can stream Youtube but cannot stream Apps that supports Online Video Streaming , it just kicks itself out of the app. It used to be able to stream apps that supports Online Video Streaming , tried Restore a couple of times and it d
-
Splitting - But still some characters exist to remove them - Help
I am using the following code to split the text into words but the words containing "trees," still exist in the words that are obtained as output. Is there a way by which I could get rid of ,,;,:, &, !, in the text using the same line of code as give
-
Selecting rows with null values in an sql 3 table
Hi everyone I use oracle database 11g and have the following SQL statement: SELECT Oprema.Opr_Id, Oprema.Datum_Nabavke, Oprema.Datum_Zaduzenja, Oprema.Dobavljac, Oprema.Jedinica_Mjere, coalesce ((Oprema.Zaduzio), 0), Oprema.Vrijednost, Oprema.Ko
-
Post Author: RPatel11 CA Forum: Publishing I'm new to BO and I am experiencing some significant problems with file size issues: I'm not sure how this has been addressed but any assistance would be very appreciated. First we are using flat files and