Virus in Time Machine

Similar Messages

• I have a virus in time machine

  I have a win virus worm in my time machine back up. i have installed indigo virus scan but it will not remove it. each time i reinstall OXS the worm attacks...

  Thomas A Reed wrote:
  A Windows virus cannot attack your Mac.
  It's a worm Thomas it works on it's own.
  It's a Windows worm, but it could have morphed to include OS X, the only way to defeat it is to erase and install OS X via write protected media and work outwards.
  Since the infected user files will be on the external drive, hopefully that will delay it's ability to replicate enough for a av scan to remove it. The standard user account is used to reduce it's privilege access level, if it hops over to the Standard, that account will be removed anyway.
  Still if that all doesn't work or the Op gets reinfected from outside sources again, then the clone is there to fall back onto after another Zero erase from the disk.
  And throwing away a worm infected TM drive is certainly a good option than connecting infected media back to a clean system, however taking the drive to a malware experienced PC or Linux user with a DBAN disk to erase it completely would certainly save the drive.
  Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three.
  One common mistake that people make when the topic of a computer virus arises is to refer to a worm or Trojan horse as a virus. While the words Trojan, worm and virus are often used interchangeably, they are not exactly the same  thing. Viruses, worms and Trojan Horses are all malicious programs that can cause damage to your computer, but there are differences among the three, and knowing those differences can help you better protect your computer from their often damaging effects.
  What Is a Virus?
  A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. Like a human virus, a computer virus can range in severity: some may cause only mildly annoying effects while others can damage your hardware, software or files. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, (such as running an infected program) to keep it going. Because  a virus is spread by human action people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.
  What Is a Worm?
  A worm is similar to a virus by design and is considered to be a sub-class of a virus. Worms spread from computer to computer, but unlike a virus, it has the capability to travel without any human action. A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
  The biggest danger with a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect. One example would be for a worm to send a copy of itself to everyone listed in your e-mail address book. Then, the worm replicates and sends itself out to everyone listed in each of the receiver's address book, and the manifest continues on down the line.
  Due to the copying nature of a worm and its capability to travel across networks the end result in most cases is that the worm consumes too much system memory (or network bandwidth), causing Web servers, network servers and individual computers to stop responding. In recent worm attacks such as the much-talked-about Blaster Worm, the worm has been designed to tunnel into your system and allow malicious users to control your computer remotely.
  What Is a Trojan horse?
  A Trojan Horse is full of as much trickery as the mythological Trojan Horse it was named after. The Trojan Horse, at first glance will appear to be useful software but will actually do damage once installed or run on your computer.  Those on the receiving end of a Trojan Horse are usually tricked into opening them because they appear to be receiving legitimate software or files from a legitimate source.  When a Trojan is activated on your computer, the results can vary. Some Trojans are designed to be more annoying than malicious (like changing your desktop, adding silly active desktop icons) or they can cause serious damage by deleting files and destroying information on your system. Trojans are also known to create a backdoor on your computer that gives malicious users access to your system, possibly allowing confidential or personal information to be compromised. Unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.
  What Are Blended Threats?
  Added into the mix, we also have what is called a  blended threat. A blended threat is a more sophisticated attack that bundles some of the worst aspects of viruses, worms, Trojan horses and  malicious code into one single threat. Blended threats can use server and Internet vulnerabilities to initiate, then transmit and also spread an attack. Characteristics of blended threats are that they cause harm to the infected system or network, they propagates using multiple methods, the attack can come from multiple points, and blended threats also exploit vulnerabilities.
  To be considered a blended thread, the attack would normally serve to transport multiple attacks in one payload. For example it wouldn't just launch a DoS attack — it would also, for example, install a backdoor and maybe even damage a local system in one shot. Additionally, blended threats are designed to use multiple modes of transport. So, while a worm may travel and spread through e-mail, a single blended threat could use multiple routes including e-mail, IRC and file-sharing sharing networks.
  Lastly, rather than a specific attack on predetermined .exe files, a blended thread could do multiple malicious acts, like modify your exe files, HTML files and registry keys at the same time — basically it can cause damage within several areas of your network at one time.
  Blended threats are considered to be the worst risk to security since the inception of viruses, as most blended threats also require no human intervention to propagate.

• Viruses in Time machine backups

  MacKeeper has found virus files in my backup files created by TimeMacine on an external hard drive. None of the viruses are on my main hard disc.
  Some appear to be in quarantine << Application Support/MacKeeper/quarantine/ file0 or file 1 ... file4 >>
  Some are coming from my email: eg <<  broadband.rogers.com/INBOX.mbox/Messages/7253.emlx (file Description TR/Dropper.Gen) >>
  Many of the entries appear to be copies (same folder and name) . All but two has a file description starting with TR/; (Does TR? mean a trojan.?)
  One file description is EXP/CVE-2010-3333.KZ.102, another is HIDDENEXT/Worm.Gen.
  What should I do? Delete each file named by Mackeeper in most recent backup and then make a fresh backup?
  cajun50

  MacKeeper? Oh dear.
  Please read this:
  https://discussions.apple.com/docs/DOC-3026
  You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.
  https://discussions.apple.com/docs/DOC-2435
  More useful information can also be found here:
  www.thesafemac.com/mmg

• Disengaging Time Machine and external HD backup

  I recently transferred my files and applications to a new computer from my iMac5 by using the Firewire cable that went from my iMac5 to the external HD as the conduit between the two computers and now, whenever I turn on the iMac5 both Super Duper and Time Machine start indexing and searching for viruses. During this time I am unable to open System Preferences. What I'd really like to do is turn off both TM and Super Duper. What do I do?

  larry lund wrote:
  recently transferred my files and applications to a new computer
  What is the new computer, and what version of OSX is it running?
  from my iMac5 by using the Firewire cable that went from my iMac5 to the external HD as the conduit between the two computers
  How did you do that? Did you use +Setup Assistant+ or +Migration Assistant?+ If not, what did you do, and what did you copy?
  It sounds like you might have copied something that's not compatible with an Intel Mac or Snow Leopard.
  both Super Duper and Time Machine start indexing and searching for viruses.
  Time Machine does not search for viruses. I don't use Super Duper, but I've never heard of it doing that, either.
  Why do you think they're doing that?
  It may be that Spotlight is indexing the drive(s) the backups are on.
  During this time I am unable to open System Preferences. What I'd really like to do is turn off both TM and Super Duper. What do I do?
  Does the problem stop after a period of time?

• Cleaning virus-infected files on external hard drive used for Time Machine

  I am kinda reposting this with some extra explanation since I didn't really get any good respnses on my first post:
  I am running McAfee VirusScan and it locates and cleans virus infected files just fine on my computer, but when it finds infected files on the external hard drive I use for Time Machine backups, it says "Repair Failed". Is there a way to clean infected files on my Time Machine backup drive?
  I had found a virus in several documents on my Mac, which I cleaned, but it seemed to infect a bunch of the files located in Time Machine as well. I know these files shouldn't harm my Mac, but I still don't like having virus infected files. They seem to propagate and I don't want to give them to any of my Windows-using friends.

  Hi,
  Usually (but not always), virus-infected files aren't system-related, so if they cannot be repaired, there should be an option in VirusScan to delete them or quarantine them instead of repairing them. Assuming that you are archiving Mac-related files and not archives of Windows files, then it should certainly be safe to just have VirusScan delete or quarantine them. An alternative is that you could delete them manually. But before you do any of this, be sure to take a look at the filename and its location in the folder hierarchy to make sure that you aren't removing a file that's critical to the operation of some piece of software.
  Hope this helps,
  Ken

• How to uninstall Mcafee anti-virus from my machine because of machine bootup is taking too much of time for usage?

  Hi,
  How to uninstall Mcafee anti-virus from my machine because of machine bootup is taking too much of time for usage? so that i moved all mcafee related file to trash but while machine boot up mcafee showing and asking Authentication so any one give me better suggestion on this.
  Thanks in advance,
  Suresh Balakrishnan

  Hi All,
  i uninstalled AV successfully using as below mentioned links:
  Moved to VirusScan Other where hopefully an expert can help you.
  Until they do I Googled 'How to uninstall VirusScan 8.6 for MAC' and got this as one of the many choices:  https://kc.mcafee.com/corporate/index?page=content&id=KB54975
  There are also uninstall instructions in the User Guide: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 22000/PD22134/en_US/VirusScan%20for%20Mac%208.6.1%20User%20Guide%20Addendum.pdf
  By condemning files to the bin you may have scotched any automated method of removal but I will defer to the experts on that.
  Thanks lot,
  Suresh Balakrishann

• Sophos found a virus and trojan in Time Machine backup. What to do?

  I ran Sophos Anti-Virus last night and it found two Windows viruses (one of them is Troj/20120158-P, a trojan, the other is Mal/TibsPk-A, a "malicious behavior" type). Both are attachments on emails that are in Time Machine only. Obviously I'm not worried about them affecting the Mac, but I'd like to avoid accidentally sending them to some poor victim who's using Windows.
  I can track down the files by going into the drive and manually deleting them, but would that mess up Time Machine? Is there a better solution?
  Thanks!

  You should never poke around in your Time Machine backups to delete files in the Finder. That can damage the backups. You also should make sure that Sophos does not attempt to quarantine files from your Time Machine backup. In fact, you probably should ensure that Sophos (and any other anti-virus software) never touches your Time Machine backups in any way, even just for scanning. Let Sophos do its job of keeping the malware off your main hard drive, and leave Time Machine alone to back up freely without interference.
  As for how to handle those e-mail messages in your backups, I would just leave them. They're not doing any harm there, and there's almost no chance that a chain of circumstances would arise that would result in you restoring those messages and then sending them to a Windows user. They will eventually be removed from your backups, when the backup drive fills up and Time Machine has to start removing the oldest deleted files from the backup to make room for new stuff.

• What do I do when I suspect a virus? Is it safe to do a back up on my external time machine?

  What do I do when I suspect a virus? Is it safe to do a backup on my external time machine?

  It is not a virus.
  Please explain exactly what makes you think you might have a virus.
  Yes. It is safe to backup to an external Time Capsule using Time Machine as the software to do that on your Mac.

• How can I clean virus infected files on my Time Machine disk?

  I am running McAfee VirusScan and it locates and cleans virus infected files just fine on my computer, but when it finds infected files on my Time Machine backup drive it says "Repair Failed". Is there a way to clean infected files on my Time Machine backup drive?
  Related question: Is this because the actual files are saved in a central hidden location and the files I see when I open the backup disk with finder are actually just alias links?

  Schmactor,
  First, it is unlikely that your software is actually finding a virus of any kind. Many supposed reports of a virus will, in fact, be perfectly legitimate (and harmless) files. While it is possible that you'll receive a virus, it is still unlikely. Most ISPs run anti-virus software on their email servers; if a virus is sent to you in an email, it is usually removed before you download it.
  Even if you have downloaded an email, it is even less likely that you're going to send it to a Windows-using friend. Since any Windows virus is going to do absolutely nothing on your Mac, you most likely will just delete it. Are you in the habit of forwarding random emails that have unidentifiable attachments to your friends?
  Keep in mind that it is always in the best interest of the developers of anti-virus software titles that the software constantly "finds" things, even when nothing exists. If you were to purchase anti-virus software, only to find that it does absolutely nothing for months at a time, you will not pay for further updates. I have been using a Mac for many, many years, and I have never run any kind of anti-virus software. I have also never sent a virus to someone else.
  Scott

• Time Machine & Anti Virus

  I have had some performance problems using Time Machine (both on a FW drive and the Time Capsule).
  The Problems are slow Backup Creation and even slower restores (including system crashes)
  I am using the Intego Virus Barrier X5 (including 'Real-Time Scanner').
  Once I shut down the Real-Time Scanner the Time Machine is performing as advertised.
  Has anybody had similar experiences? is there a way to configure time machine or anti-virus so they don't bite each other.
  M72

  Welcome to Apple Discussions.
  Since there are no known viruses that attack OS X, your Intego Virus Barrier is scanning for nothing. Uninstall it and your backups should run fine on both TC and TM.
  -mj

• Time Machine and Norton Anti Virus

  I started getting error messages from Time Machine after I installed Norton Anti Virus. Norton found virus issues on the Time Machine Disk, but on on the Mac from where all the files originated.
  Are there particular settings I need to use them together?

  Don't allow Norton to touch your TM backup volume. Unless your employer requires you to use anti-virus software I would recommend uninstalling it. There are no Mac viruses. The software is really not necessary.
  If removing it is not an option for you, then be sure Norton does not attempt to check your TM backup volume. If it does it will misunderstand the content of certain files used by TM. If it makes any changes as a result of this your entire TM backup will become useless (and may be so already.)

• TS1338 I have 4 Trojan Horse viruses on my external drive I use for Time Machine.  My MacBook Pro hard drive is clean.  I have eased the external drive 3 times using Disk Utility and it still has the 4 Trojan Horse viruses. How do I get rid of them. Wayne

  I have 4 Trojan Horse viruses on my external drive I use for Time Machine.  My MacBook Pro hard drive is clean.  I have eased the external drive 3 times using Disk Utility and it still has the 4 Trojan Horse viruses. How do I get rid of them. I am using 10.8.3  Wayne

  ksu62 wrote:
  The infection names are:  classload.jar-719ef6a5.zip
                                            classload.jar-5db452le31.zip
                                            ar3.jar-6ce3b2f-45l483f.zip
                                            classload.jar-lef99412-63bsd3fl.zip
  Those look alot like file names and not infection names. I don't find any reference to anything like that on Norton or VirusTotal. Since you said these were Trojans, I would expect to see "Trojan" as part of the infection name.
  ".jar" files are executable Java applets. The random alpha-numerics would seem to indicate a cache file, likely from a browser with Java enabled. And we all know what ".zip" means.
  Worst case is that you had Java enabled in a browser and were infected by one of the late variants of the Flashback Trojan over a year ago or one of a couple of other attacks using the same vulnerability but targetted against a small number of political sympathizers. Much more probable is that thes were Windows only Trojans. Hopefully you have a fully up-to-date OS X, including Java, and have disabled Java in all your browsers by now.

• If my Mac ends up with a virus, can I use Time Machine to go back before the virus?

  I have recently just bought a 2TB external hard drive and have just backed up using Time Machine. I was just wondering, if my Mac was to become infected with a virus, would I be able to use Time Machine to restore my machine to back before it became infected with the virus? (So I didn't have to do a full factory setting resortation)
  Thank you in advance for any assistance with this query.

  My apologies.  As a computer user since the days of Mainframes in 1970's, I tend to be rather precise in how I phrase things (a legacy of the old punch-card days). Also I write medico-legal reports for a living, again a field where precision is rather essential!
  I saometimes forget that just because I read and write the word 'virus' as meaning just that, others (as you say) are prone to use it as a blanket term for malware and other 'irritations'.
  Thanks for your clarifications WZZZ.  Hope winter in the Big Apple is treating you well.

• Time Machine "freezes" and I am NOT running anti-virus software

  I am incredibly frustrasted and disappointed as a first-time Apple user (brand new iMac (Intel-based) with an external LaCie 500 GB external hard disk). The problem is Time Machine. It backs up on schedule, but when I enter Time Machine, I cannot navigate at all. The background screen (outer space) moves, the cursor moves, but I cannot click on anything. I have to "force quit". So I guess I have things backed up, but can't do anything with them.
  I am NOT running antivirus software. I had Intego loaded on the computer, but removed it completely after reading on Apple blogs that this could interfere with Time Machine. I have reformatted the external hard disk. Still, Time Machine freezes. Apple has put out a couple of patches, I understand, but that was months ago and all of my software is up to date.
  I have called Apple support TWICE and they act as if I am from the moon -- how dare I question that the Time Machine does not work properly?
  Does anyone out there know how to fix this? I am ready to return this computer to the Apple store, which cheerfully sold me on the idea of an external hard disk as a back-up.

  Hello Zurichmike (lovely country):
  Welcome to Apple discussions.
  There are several things you could try. Easy ones first:
  Erase and reformat your external HD.
  Run repair disk from your software install DVD (on your internal HD).
  Go to Macintosh HD>library>preferences. Trash the TM preference file (com.apple.timemachine.plist) and restart. The TM preferences will need to be changed as they are now default values.
  Barry

• Removing a virus from a time machine backup

  Using the freeware version of Bitdefender, I scanned my imac and found several trojans within e-mail attachments (which I had never opened) that had been archived by Time Machine.  However, it said it could not remove the malware.  Is there a way for me to go into those backups and remove the offending files?

  I came to the same conclusion.  Since this was showing up on multiple back-ups. I figured there had to be files still on the machine that were getting copied into the back-ups.  Looking carefully at the offending files (to the extent I could in the back-ups),  I figured out the files were probably old Outlook pst files that I had kept.  (I'd stopped using Outlook when I got the mac in 2011.)  I checked those files with Bitdefender, and sure enough there were nasty attachments. which bitdefender easily removed.  Nevertheless, I decided to take the cleaned-up pst files off the machine and store them on a dvd.  As you say, since my back-up drive isn't huge, the back-ups with the malware in them should be deleted shortly.  It is puzzling, though, that Bitdefender didn't find the original files until I scanned them specifically.  I guess that's the shortcoming of free versions.