Trojan Warning  "latestpics.tgz"

Similar Messages

• TENCENT QQ Trojan on Mac

  Hi,
  After researching on Google, my friend and I have determined that I have the Tencent QQ trojan. I'm not surprised that its a QQ trojan because I use QQ (an instant messenger service in China). Apparently, the company openly recognizes that they put malware on your computer, but I never investigated it, never knew it, and assumed it could never happen on a Mac. My situation now is that I have this trojan (which exists on a Mac, according to several pages I found on Google) and I don't know what to do. Right now, I'm running ClamXAv to see what it finds. MacScan found nothing. Any help would be appreciated. Thanks.

  Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have announced the discovery of the first virus for the Apple Mac OS X platform. The virus, named OSX/Leap-A (also known as OSX/Oompa-A) spreads via instant messaging systems.
  The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.
  Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shellshocked.
  The worm uses the text "oompa" as an infection marker in the resource forks of infected programs to prevent it from reinfecting the same files.
  "Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shellshocked, as it shows that the malware threat on Mac OS X is real," said Graham Cluley, senior technology consultant for Sophos. "Mac users shouldn't think it's okay to lie back and not worry about viruses."
  Sophos customers have been automatically protected against the worm since 12:25 GMT, 16 February 2006.
  "This is the first real virus for the Mac OS X platform," continued Cluley. "Apple Mac users need to be just as careful running unknown or unsolicited code on their computers as their friends and colleagues running Windows."
  Sophos advises all computer users, whether running PCs or Macs, to practise safe computing and keep their anti-virus software updated.
  Is Leap-A a virus or a Trojan?
  Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).
  However, this is not the definition of a Trojan horse.
  A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.
  Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.
  OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.
  Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.
  This is one of many. All the users out their that assume they will remain safe are in denial. More harmful material is being aimed at Mac daily.
  I use no AV ware, and I consider myself safe, I just thought I'd offer good reading.
  Ray

• Firefox 3.6.6, avast 4.8.0 shows trojan in the firefox exe upx. When I go to move it to the vault a dialog box says the file an not be found

  I am running firefox 3.6.6, Avast 4.8.0 shows a trojan in the firefox exe upx. When I go to move it to the vault a dialog box says the file an not be found. I uninstalled firefox and got rid of all firefox traces using Revo. but I still get the trojan warning.
  == This happened ==
  A few times a week
  == I upgraded my firefox ==
  == User Agent ==
  Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4

  Firefox works fine on Windows 2000 SP4 for me.
  Any chance you have a dial-up connection that uses a web accelerator to speed the loading of content?

• Trojan horse when try to update flash player !?

  this trojan warning( trojan horse crupt.tbj  and trojan horse Pakes_c.BVTU
  ), from AVG ,occurs when try to update flash player,
  the AVG antivirus deletes.
  Problem  started when cannot access IE, Firefox, or chrome....get same error.....”flash player out of date”,
  then  opens download,
  but then when try to download,AVG blocks it
  Not only on Desktop,but also on my iPad, off the same network router.
  Any solutions ,advice?

  joejazz wrote:
  ”flash player out of date”
  Can you post a screenshot of what you see: https://forums.adobe.com/thread/1070933
  Where does that "error" lead you to download?  Anywhere else than an adobe.com or macromedia.com website is not an Adobe update.

• Attachment on iCloud VS Mail 7

  Why does iCloud online mail shows attachments file (with name, size etc) on top of the email (clicking "More" or clicking the "paper clip" icon) and Mail 7 instead, still, showing you just a paper clip icon and the attachment files all the way down... scrolling and scrolling to find them.
  Or that "hover" function that shows that micro-icon that clicking it, finally shows a list of attachments... is that all the new achievemnt?
  Why is there not a "More" option that set once for good, all the attachments visible, as in iCloud online?

  Hi
  you may check SAP note 1035644. It says
  Symptom
  If you display an HTML attachment of a document in the non-control-based display (for example in transaction SO01x), the system issues the error message "The document does not exist" and the process terminates.
  Other terms
  HTM, HTML, attachment, SO01x
  Reason and Prerequisites
  This problem is caused by a program error.
  Solution
  The Outlook replacement with Trojan warning may be a result of your OUTLOOK security and virus scan settings and/or the HTML contents. Try to send the attachment manually to one of your outlook receipients and see what happens.
  Regards,
  Clemens

• Virus for Macs

  Hi everyone
  Should we be worried about this?
  Mario
  PS:I found this on CNN
  Apple users may find worm
  Virus spread through instant messaging is the first to attack the Mac OS X platform.
  February 17, 2006: 5:51 AM EST
  SAN FRANCISCO (Reuters) - A malicious computer worm has been found that targets Apple Computer Inc.'s Mac OS X operating system, believed to be the first such virus aimed specifically at the Mac platform.
  The worm is called OSX/Leap-A, according to a posting on the Web site of antivirus software company Sophos, which said the worm is spread via instant messaging programs.
  The worm attempts to spread via Apple's (Research) iChat instant messaging program, which is compatible with America Online's popular AIM instant messaging program, according to the Sophos Web site.
  The worm sends itself to available contacts on the infected users' buddy list in a file called "latestpics.tgz," according to the Sophos Web site.
  The vast majority of malicious hacks are aimed at Microsoft Corp.'s Windows operating system and some of its products, largely because Microsoft has more than 90 percent of the market for computer operating systems.
  "This first Macintosh OS X threat is an example of the continuing spread of malicious code on to other platforms," said Vincent Weafer, senior director at Symantec Security Response, in a statement.
  The worm will not automatically infect Mac computers, but will ask users to accept the file, Weafer said.
  Symantec ranked the new worm as a Level 1 threat (with 5 being the most severe).
  An Apple spokesperson was not immediately available to comment.
  ---------------

  Hi Mario!
  Read these:
  Macworld: News: Leap-A malware: what you need to know
  Macworld: News: Digging deeper into the Leap-A malware
  More links in Ralph Johns (UK) Post.
  ali b

• Heard 2 days ago first mac virus

  PC friends tell me first mac virus discovered last week
  True?

  I didn't believe him so googled. Found this:
  The OSX/Leap-A worm spreads via the iChat instant messaging system, forwarding itself as a file called latestpics.tgz to contacts on the infected users' buddy list. When the latestpics.tgz archive file is opened on a computer it disguises its contents with a JPEG graphic icon in an attempt to fool people into thinking it is harmless.
  Some owners of Mac computers have held the belief that Mac OS X is incapable of harboring computer viruses, but Leap-A will leave them shellshocked.
  comments?

• ITunes ESET Nod32 Virus Popup

  Hello,
  I did a search for a few things in the iTunes store, and I immediately get a trojan warning from ESET Nod32 about it.  I formatted my computer, and tried it again, but I got the popup again.
  JS/TrojanDownloader.Iframe.NKF trojan
  I tried it on all my other computers as well and they all do the same thing.  Is this a false positive?
  I was looking for Indiana University from iTunes U so I searched for Bloomington and get this everytime.

  '''No''', that ABP support thread says:
  <pre><nowiki> "Apparently ESET (NOD32 Antivirus, ESET Smart Security) recently released an update to their virus definition database (db 6799) that wrongfully detects the malware JS/Redirector.B in Adblock Plus installations using the EasyList filter subscription.
  ESET has already confirmed and fixed this false positive, so all you need to do to fix the problem is to ignore the warning and update your virus signature database (db version 6800 contains the fix)." </nowiki></pre>
  It says to re-subscribe '''''if''''' ESET has trashed your ABP filter rules file.

• Anyone else gotten an anti-virus warning that Adobe file "Droplet Template.exe" is a Trojan?

  Got this warning for the first time today -- my anti-virus prevented "droplet template.exe" from opening because it is seen as a Trojan.

  This is from Vipre Threat Track after having received my file droplet template.exe for inspection:
  We have received and tested the sent file 'Droplet_Template.exe' but it was not detected as a threat by Vipre. Please update Vipre to definitions 30465 or higher to verify on your end.
    Let us know of the results. Thanks and have a great day ahead.
  I had Vipre scan the file after I applied the latest updates and it was not seen as a risk. I have Vipre set to check for updates every 30 minutes, so not sure how they got outdated. They are now 30474.

• Trojan Horse virus warning on my MAC

  I got a error message of Trojan Horse virus. the message has a number 800 404 5537 to help. They told me to enter an address on the internet explorer URL to control my computer to troubleshoot. Should I give them access? 

  This is a well-known fake tech support scam. If you call them, they will "show" you some things on your machine that they will tell you are indicative of viruses and other problems. (They are actually perfectly normal things that people can be easily frightened into misinterpreting.)
  If you go along with them, they will do two things: 1) require you to pay for a year or two of "service" by giving them a credit card, and 2) request remote access to your computer so they can fix it. They will then charge your credit card far more than they said they would and potentially use the remote access you grant them to install malicious software on your computer.
  Never fall for this kind of scam. If you do, there's only one possible response: cancel the credit card and erase the computer's hard drive.

• Warning "anti-viral" trojan virus circulating using apple icon

  I accidently loaded a trojan virus when I thought I was downloading an anti-viral program sent from Apple - they use the Apple logo.  It then results in continuous pop-ups of *********** sites.  Apple tech support could not help but I found a website providing instructions to remove the malware.  Website is called "bleeping.com"  Yes, the irony of the name given what I had to get rid of - be careful.

  This was "news" three weeks ago. And every day here, but mostly over on forum for Snow Leopard
  There are dozens of articles, threads, links on how to help, as well as on what it is.
  Apple Community threads "macdefender"
  What is odd is a policy of turning customers away.
  Microsoft links fake Mac AV to Windows scareware gang
  http://www.reedcorner.net/news.php/?p=82
  MacInTouch - security discussion
  The most common and popular AV mentioned -
  ClamXav
  Intego Software 
  Mac BitDefender
  Norton for Mac
  Sophos Anti-Virus for Mac Home Edition
  MACDEFENDER Malware
  ZDNet Security
  Snow Leopard malware attacks
  New MAC OS X scareware delivered through blackhat SEO
  MacDefender Trojan
  http://www.reedcorner.com/guides/macvirus/

• Is "settingsDOTdeviceDOTserviceDOTcom-appserviceDOTcom a real Apple service? I hace got a mail from it warning me about a Trojan having infected my iPhone

  I Hace received as trance MessagePad from a supo sedlo Apple service and I soul de like to be dure it real y comes from Apple.
  THe service ñame is settings. device. Service. Com - appservice. com.     I hace left away the dota to avioíd  any posible connection
  THanks a lot
  gutima

  No, it's not. If it's asking you to provide personal information, forward it to [email protected] and then delete it.
  (123633)

• I ran a virus/trojan fix and this is what it said it could not repair something in the main library core or something like that.  What do I do?  The problem seems to be with safari?

  I ran a virus/trojan fix and this is what it said it could not repair something in the main library core or something like that.  What do I do?  The problem seems to be with safari?

  I ran the utility disk and this is what it said.
  Warning permission differ Applications/Safari drwxr-xrx they are -rwxr-xr system/livrary Cores has been modified and will not be repaired.
  Permission apllication differ on System/livrary/Pr or could be -rw-r--r-- they are rwxr-xr-x Application/iTune be droxr-xr-x they are rwxr-xr-x
  Then I hit fix permissions and it said this
  Warning SUID file Systm/Library/Core has been modified will not be repaired
  I also downloaded Bitdefender Virus Scanner and it found nothing.

• Warning message in Lion

  Hi ,
  I just installed Mac OSX Lion.
  When I download a set of images (like a manga for example) in Preview , a warning message saying that this is an image taken from the internet (and asking me if I'm sure I want to open it) keep bugging me. How to get rid of this message ?
  Thanks to thoses who could help me.

  Does it say "image" or application
  Protect your computer from harmful applications
  Some harmful applications exist that can cause problems for your computer. Frequently, a harmful application will try to appear as an innocent document, such as a movie or graphic file. These applications, called “trojans,” are most often spread by Internet downloads and email enclosures.
  Important: If you receive an application warning and you don’t expect the file to be an application, don’t open the file. Delete it from your computer. 
  Here are some tips to protect your computer from harmful applications.
  Never download unlicensed or “pirated” software from the Internet.
  Accept only applications you receive from a known and trusted source.
  Run an antivirus program if you find any suspicious files or applications, or if you notice any suspicious behavior on your computer.
  To reduce the amount of exposure to harmful applications or files, limit the number of administrator accounts you create. Consider creating a user account for your daily work and use the administrator account only when you need to install software or administer accounts.
  If you enabled the root user and you don’t currently need it, disable it.

• I think I have  some Malware/Trojan Horse on MacBook Pro. How to get rid of it?

  My MacBook Pro has worked perfect for the last 2 years, but over the last 2 days when I am on Chrome it has started clicking onto random websites when I click other links, and showing certain words as underlined and as hotlinks. I think I recognise that from having a PC as Malware or Trojan Horse? What is the best way to remove this as I have read through a few threads on here and they advise not downloading any anti virus software as it slows down your Mac instead of helping.
  <Post Edited By Host>

  You installed the "VSearch" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.