Virus / keylogger / trojan / adware on a Mac?

Similar Messages

• Any risk having opened trojan ZIP on my MAC ?

  Hi community.
  I hope, someone can help me:
  Today I received an e-mail (seemed to be a booking conformation from booking.com) with an attached ZIP file, that unfortunately was opend by my wife. "Opened" means that she double-clicked on the file - for about a second the unpack-icon appeared in the dock and then disappeared.
  Later I found in several forum threads, that these mails are known to include a trojan called Troj/Bredozp-ip.
  I'm now wondering wether these kind of trojans can have any effect on my MAC ?
  From all I know about viruses and trojans, I understood that MAC is rather safe, as long as I don't accept any installations with password etc.
  I would be happy, if anyone (with a deeper knowledge on this topic than I have) could confirm that this is right.
  Also I would be interested to know if there is ay chance to find out in OSX lion, whether my system is infected by a virus or trojan.
  Thanks,
  Tobias

  Trojan War
  If you discover a trojan program is running on your computer then look to the following information for assistance:
  A recent discussion on the Apple Support Communities: MacDefender Trojan.
  An excellent site devoted to Mac Malware: Macintosh Virus Guide
  Another site for removing MacDefende, et.al.: MAC Defender Rogue Anti-Virus analysis and Removal
  A new removal utility - MacDefenderKiller
  And to protect against a recent variant, MacGuard.
  How to Remove MacKeeper
  Before you delete anything, we need your help. Some AV folks in our community need to analyze these files in order to protect others. Before you delete anything please consider doing the following:   Upload either the original .zip file or the MacGuard application to http://www.VirusTotal.com.  If either is not detected by ClamXAV, then also upload it to http://cgi.clamav.net/sendvirus.cgi.   If you are uncomfortable doing this for any reason and can determine the URL of the site where you got it please send the link to [email protected].
  Removing strange software can be a task.  The following outlines various ways of uninstalling software:
  Uninstalling Software: The Basics
  Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash.  Applications may create preference files that are stored in the /Home/Library/Preferences/ folder.  Although they do nothing once you delete the associated application, they do take up some disk space.  If you want you can look for them in the above location and delete them, too.
  Some applications may install an uninstaller program that can be used to remove the application.  In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
  Some applications may install components in the /Home/Library/Applications Support/ folder.  You can also check there to see if the application has created a folder.  You can also delete the folder that's in the Applications Support folder.  Again, they don't do anything but take up disk space once the application is trashed.
  Some applications may install a Startup item or a Log In item.  Startup items are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder.  Log In Items are set in the Accounts preferences.  Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab.  Locate the item in the list for the application you want to remove and click on the Delete [-] button to delete it from the list.
  Some software use startup daemons or agents that are a new feature of the OS.  Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.
  If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term.  Unfortunately Spotlight will not look in certain folders by default.  You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead.  Download Easy Find at VersionTracker or MacUpdate.
  Some applications install a receipt in the /Library/Receipts/ folder.  Usually with the same name as the program or the developer.  The item generally has a ".pkg" extension.  Be sure you also delete this item as some programs use it to determine if it's already installed.
  There are many utilities that can uninstall applications.  Note that you must have this software installed before you install software you may need to uninstall.  Uninstallers won't work if you install them after the fact.  Here is a selection:
  AppZapper
  Automaton
  Hazel
  CleanApp
  Yank
  SuperPop
  Uninstaller
  Spring Cleaning
  Look for them and others at VersionTracker or MacUpdate.
  For more information visit The XLab FAQs and read the FAQs on removing software and dealing with spyware and malware.
  After removing all the components of the software you may have to restart the computer to fully disable the software.  This will be the case when removing software that has installed a daemon.  After the daemon has been removed you need to restart the computer to stop the daemon.  Alternatively, you can kill the daemon process using the Terminal application or Activity Monitor.

• Do I have a virus or Trojan malware on my MacBook Pro?

  I downloaded a faulty mp3 file from the internet which I think infected my computer with either a virus or Trojan malware. It took over my computer and disallowed me from accessing any applications. I clicked on Finder, for example, and a window would pop up saying, "Application not found," with a number after it. I rebooted by computer and was able to log back in using Safe Mode. Here, I deleted the  file I had downloaded, or so I thought, by dragging it to the trash and emptying it. However, my computer is acting bizarre and barely functions. I am unable to use DVD Player, it says, "There was an initialization error" with code -70017. My volume is unaccessible, there is a circle with a slash through it when I try to use it. Itunes will not work, Iphoto keeps crashing and will not open, and my internet browser is extremely slow and will not play video.
  I have downloaded and installed Sophoes Anti-Virus and MacScan in an attempt to rid my computer of the virus but it did not seem to do anything.
  Suggestions as to how to fix this problem would be greatly appreciated.

  This is not the work of a virus, or any other kind of malware. What it sounds like is a very badly corrupt hard drive causing all manner of corruption in your various system components and applications. You probably need to erase your hard drive and reinstall the system from scratch, as ds store has said.
  If you actually had malware, Sophos would find it. If Sophos found nothing, there was almost certainly nothing to find. If something like Sophos ever should find malware, unless the malware has "OSX" or "MacOS" in the name, it probably isn't Mac malware and thus isn't something you need to worry about (other than not passing it on to other people).
  MacScan is junk. It serves no useful purpose. See:
  MacScan disappoints

• Safari redirect hijack - may have iOS5 virus or trojan

  This morning, while clicking on a link on a website, I was redirected to a **** site. Not so unusual, eh?
  Except this was on my iPhone 4s, running iOS 5 and Safari, and the same link is good on my Mac desktops.
  Clearing data, history, caches, and a reboot does NOT fix the problem.
  It appears that there is a virus or trojan on my iPhone. Any ideas?

  I also have this exact problem
  I don't know how to resolve its I am not an expert in apple devices
  If you did eventually resolve this issue, can you please post e solution up here for usto try it too
  Regards

• Can you get an virus or trojaner through the connection-cable (PC) from your iPod touch?

  I had an trojaner on my PC earlier and my iPod touch 4G was connected to my computer. Is it possible for the trojaner or viruses in general to make their way through the connection cable or something? If a photo or something wasn't infected. I mean sync-wise, etc.

  It would be very difficult for a virus or trojan to get from the iPod to your PC via USB. Attaching a virus to any media file such as a photo or music track is very, very difficult, and all known exploits that would do this were blocked a long time ago. Attaching a trojan would not be possible. Unless there's a new exploit I haven't heard of, only if a trojan program was attached to an email and from there transferred to an app that could then be synced to your computer would it be possible malware come from your iPod. I think that rather unlikely and that your trojan got into your PC from some other source.
  Regards.
  Message was edited by: Dave Sawyer

• Virus, a Trojan, or something else?

  Virus, Trojan, something else?
  My computer sent an email to about 50 people yesterday with an attached zip file. The email had no subject, and the zip file contained about 20GB worth of documents off my computer. Most of the recipients are not in my addressbook, but all were people whom I have emailed before. The name of the attachment ends with documents-1-1.mailhold.zip.
  Does anyone know what cause be email to get sent? Was this a virus, a Trojan, or something else?
  Thanks for the help.

  Here's a known Word Macro problem... Remove W97M.Thus virus/trojan...
  http://www.lifebloodproject.com/wordpress/archives/311

• Adobe Flash 12 for windows 7 : Seems infected by a Virus or Trojan

  Adobe 12 seems infected with a virus.   After installing Adobe Flash 12 my computer is controlled by some program that tries to immediately connect to the internet and play VERY IRRITATING sounds that sound like someone is changing a radio station constantly.  Sounds from the NEWS, Music and vulgar content material is streamed from the internet to my computer even though I have not connected to the internet. This virus on Adobe immediately connects to the internet if I have a connection.  When I select my speaker and mixer control I see "Unknown Device" as the source of the sounds from the internet.
  I can MUTE the application in the mixer but  the malicious program continues to run.
  My antimalware and antivirus software cannot eliminate this computer virus because it is part of the Adobe Flash 12 software that was installed.
  The only way I can eliminate the problem is to UNINSTALL the Adobe Flash 12.
  Does anyone know why Adobe Flash 12 seems to be infected with a computer virus or trojan? 
  I recommend everyone avoid using Adobe software as they seem to have a malicious computer virus embedded in their software.
  Continual use of Adobe Flash 12 can result in others invading your computer and the loss of private information so I suggest everyone stop using Adobe Flash 12 until it is cleaned of the virus.
  Do you want your computer to constantly dial up the internet without your permission and transfer data to unknown persons?

  Mike,
  After I installed the software you recommended there was more to the story from my last email.
  My computer was now much worse and out of control so I was forced to turn off my machine and cold restart it.
  The computer would not restart at all. It tried to start windows but instead it ran in an infinite loop. I would see the Dell screen and then the Windows would pop up saying it was restarting and then it would go bland and the Dell Screen would pop up and then the Windows restart screen again and again and again.
  I shut it down and tried to start it in Safe Mode. That wouldn't work either. It was stuck in a loop just like in Normal mode.
  So I had to shut down and do a System Restore to a selected REstore point.
  That worked and now my computer is as it was before but it still has the virus and if I try to use Adobe Flash it will again connect to internet and play irritating sounds.
  So what could have fixed this problem?  Should I have quarantined the 4 offending files or just the DCOM file?
  Why  did your software nearly destroy my computer's ability to restart?
  What do you suggest?

• TS3274 Can an iPad get a virus or Trojan infection?

  I'm just wondering if an iPad can get infected with viruses?

  No, there are no known virus or trojan for a non jailbroken device.
  If it is jailbroken then yes.

• How do I get rid of Adware from a Mac laptop with OS 10.6.8

  I have adware on my Mac Laptop that has OS 10.6.8 operating system.
  AdMedic needs 10.7 or later.
  I am looking at The Safe Mac website for answers.
  Any others I should visit?

  stedman1 wrote:
  Please download and run "Ad Medic" at the site below to remove adware. It has been created by one of the long time contributors to this site.
  http://www.thesafemac.com/admedic/
  Unfortunately you need OS X 10.7 (Lion) or above to use AdMedic or it's successor today AdwareMedic.  Best bet today for Snow Leopard users would be to use the older Adware Removal Tool from the same author, but he's not planning to update it in the future.

• Virus - Gen:Trojan:Heur.LP.Ev5@auW5fMI

  After performing an Adobe Reader update my Bitdefender software indicated that my system was infected with a virus "Gen:Trojan:Heur.LP.Ev5@auW5fMI".  WOuld appreciate any advice as to how this can be removed.

  Several searches in the McAfee database (full given name, and different parts of it) gave me no results. And a Google search only gave the two messages in this thread.

• Mcfee Software has detected viruses and trojans

  Bought laptop 2 days ago and installed McFee software (as recommended). McFee scan says computer is virus free and no problems found.
  Problem is I have various warnings on pop ups saying system has up to 23 viruses and trojans detected "system is about to crash".
  Anyone know what is going on?

  > Bought laptop 2 days ago and installed McFee software (as recommended).
  Just out of curiosity, who recommends you to install McFee?
  I dont know what is wrong there but maybe this McFee has detected some Toshiba specific stuff and has identified them as virus. I dont know what is listed as virus.
  Contact McFee manufacturer and ask for help. Toshiba doesnt support this third part software.

• How do I remove adware from my MAC OS X

  Can someone help me remove adware from my MAC OS X (10.6.8)?  This started a few days ago and is not only super annoying, but it seems to be suddenly slowing down my browser.

  Written by Thomas Reed, a long time poster and the ‘expert’ on malware.
  Malware Guide – Adware – 10.6 and under

• JAVA OPENSTR.A - VIRUS OR TROJAN???

  Hi There,
  I am a knowledgable home computer user, but I do not know anything about programming or in depth stuff.
  Trend Micro's "House Call" virus scanner found the following file and reported it as a virus.
  C:\Documents and Settings\Ned\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-5768e0d4.zip javainstaller\InstallerApplet.class
  I wonder if this file is perhaps a valid Sun Java file, but it has a "signature" similar to that of a virus or Trojan and hence was reported by House Call as a virus.
  Could you please advise me?
  Thanks very much for your help.
  Sincerely,
  Guiterdas.

  The same here.
  Norton Anti Virus autoprotect suddenly reported the presence of the virus Trojan.ByteVerify in the InstallerApplet.class file in some temp directory.
  The scanner found the same file in my docs and settings. Saved a copy in case it's a hoax, but what's up?

• JAVA Virus Found - Trojan Horse (URGENT)

  I used NAVCE to perform a virus scan on my system and it reported a virus found, trojan horse. Here's the report:
  Scan type: Manual Scan
  Event: Virus Found!
  Virus name: Trojan Horse
  File: C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-1012b178-3c3750b0.class
  Location: Quarantine
  Computer: SLEEP
  User: Administrator
  Action taken: Clean failed : Quarantine succeeded :
  Date found: Fri Oct 24 00:51:03 2003
  The folder that the trojan horse resides is a hidden file. Can anyone tell me what's happening? Preferably someone from Sun would like to explain?

  forget it. You got that virus from some webpage. Besides, it shouldn't activate unless some moron has changed the defaults on yout windows comp. just delete it, don't lose yer sleep.

• Mac web browsing problem - potentially malware/trojan/adware

  Hi All,
  I am new to the mac OS but i downloaded a torrent on the recommendation of a friend for MS Office for Mac last night onto my macbook air. It all appeared okay until i tried to browse the internet today.
  However, every time i now open a session in Safari or Chrome, i get a number of additional windows popping open with ads for gambling, ****, etc. I have no idea how to remove whatever it is that I have on my machine. Any help would be appreciated as i am totally new to the Mac world. Even when i do a google search, the first 4 or 5 results are for ads and then i get additional pop ups opening. I have tried disabling pop ups, cookies, extensions etc in Safari preferences but this does not make a difference.
  Some guidance would be great from you more knowledgeable members.
  Thanks.

  You probably installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot" or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.