AppleInsider › Forums › General › General Discussion › Virus or ?
New Posts  All Forums:Forum Nav:

Virus or ?

post #1 of 10
6/1/07 at 12:30pm
Thread Starter 
I'm fairly certain my Mac has a virus, worm, or whatever. How can I tell for sure and how do I fix the problem?
ADS
Reply
ADS
Reply
post #2 of 10
6/1/07 at 12:34pm
1. This should be in Genus Bar.

2. You are really giving us nothing to go on. Why do you suspect malware? Although I suppose we could suggest some scanning software anyway.

Also, I wouldn't worry too much about malware unless you've been visiting questionable websites or downloading packages from an untrusted source. Malware on a mac usually takes some user action. In fact, malware on anything often requires some user action.
Everybody's special. That doesn't mean we are all the same, though. It just means you have to be extra special if you want to stick out.
Reply
Everybody's special. That doesn't mean we are all the same, though. It just means you have to be extra special if you want to stick out.
Reply
post #3 of 10
6/1/07 at 1:10pm
Thread Starter 
Quote:
Originally Posted by Tankgunk View Post

1. This should be in Genus Bar.

2. You are really giving us nothing to go on. Why do you suspect malware? Although I suppose we could suggest some scanning software anyway.

Also, I wouldn't worry too much about malware unless you've been visiting questionable websites or downloading packages from an untrusted source. Malware on a mac usually takes some user action. In fact, malware on anything often requires some user action.

Sorry about putting this in the wrong place. The reason I think I've got a problem is: while online, a pop-up supposedly ran a test on my Mac and "found" problems. It showed a fix, but it was an .exe file. It didn't ask for $$$, so I don't think it was an advertisement. Because of the .exe file, it didn't come from Mac Utilities.
It may be a hoax, but I don't want to take a chance. Is there a way to check for a virus or whatever?
ADS
Reply
ADS
Reply
post #4 of 10
6/1/07 at 1:13pm
  • Kickaha
  • Really Fast Typing Member
That is 99.9999% sure to be a scam.

See, what they do is pretend to scan your system, then say "OMG! You need our software! CLICK HERE!" and voila - you install their malware.

More hints it's just a scam: 1) they claim to scan your system, then offer you an .exe. That's a Windows application. Which means that they think you have a Windows virus. And you'd be susceptible to this... how?

Google for ClamAV/X if you want a free, decent anti-virus scanner for the Mac.
My brain is hung like a HORSE!
Reply
My brain is hung like a HORSE!
Reply
post #5 of 10
6/1/07 at 1:24pm
Thread Starter 
Quote:
Originally Posted by Kickaha View Post

That is 99.9999% sure to be a scam.

See, what they do is pretend to scan your system, then say "OMG! You need our software! CLICK HERE!" and voila - you install their malware.

More hints it's just a scam: 1) they claim to scan your system, then offer you an .exe. That's a Windows application. Which means that they think you have a Windows virus. And you'd be susceptible to this... how?

Google for ClamAV/X if you want a free, decent anti-virus scanner for the Mac.

Thanks.
ADS
Reply
ADS
Reply
post #6 of 10
6/1/07 at 8:39pm
Thread Starter 
Quote:
Originally Posted by Kickaha View Post
That is 99.9999% sure to be a scam.


I downloaded ClamXav and turned it loose on my computer. It's been running for several hours and found this - so far:

/Users/sequitur/.Trash/Install751.exe: Trojan.Fakealert-50 FOUND

/Users/sequitur/Library/Caches/Firefox/Profiles/iprkzo8c.default/Cache/7482662Edo1:Trojan.Fakealert-50 FOUND

Kickaha, you seem to have hit the nail on the head: "exe: Trojan.Fakealert" or is that in itself an ogre? Does ClamXav eliminate or just locate problems?

ClamXav is doing its job, but it takes a LONG time to do it and there is no indicator (like a blue strip) to show
how much it's done and how much it has to go. So far, it hasn't completely checked the 17 Gigs currently in my Users and it's been about 3 hours. I haven't used it to check the rest of my Mac HD which is currently about 19 Gigs.
ADS
Reply
ADS
Reply
post #7 of 10
6/1/07 at 8:44pm
Quote:
Originally Posted by sequitur View Post

Quote:
Originally Posted by Kickaha View Post
That is 99.9999% sure to be a scam.


I downloaded ClamXav and turned it loose on my computer. It's been running for several hours and found this:

/Users/sequitur/.Trash/Install751.exe: Trojan.Fakealert-50 FOUND

/Users/sequitur/Library/Caches/Firefox/Profiles/iprkzo8c.default/Cache/7482662Edo1:Trojan.Fakealert-50 FOUND

Kickaha, you seem to have hit the nail on the head: "exe: Trojan.Fakealert" or is that in itself an ogre? Does ClamXav eliminate or just locate problems?

ClamXav is doing its job, but it takes a LONG time to do it and there is no indicator (like a blue strip) to show
how much it's done and how much it has to go. So far, it hasn't completely checked the 17 Gigs currently in my Users and it's been about 3 hours. I haven't used it to check the rest of my Mac HD which is currently about 19 Gigs.

ClamXAV from what I understand will move them to a special folder and you can delete them yourself. Those are not threats however... any .exe cannot execute on a Mac period. But you'll probably want to delete them if for no other reason then they take up a few kilobytes of space. It looks like "Fakealert" is from that alert you clicked before. Yet another reason to hate ads.

Sebastian
Þ & þ are called "Thorn" & þey represent þe sound you've associated "th" wiþ since þe 13þ or 14þ century. I'm bringing it back.
<(=_=)> (>=_=)> <(=_=<) ^(=_=^) (^=_=)^ ^(=_=)^ +(=_=)+
Reply
Þ & þ are called "Thorn" & þey represent þe sound you've associated "th" wiþ since þe 13þ or 14þ century. I'm bringing it back.
<(=_=)> (>=_=)> <(=_=<) ^(=_=^) (^=_=)^ ^(=_=)^ +(=_=)+
Reply
post #8 of 10
6/1/07 at 8:51pm
  • Kickaha
  • Really Fast Typing Member
What Slewis said - and also, recognize that the first one is in your Trash (just Empty Trash), and the second is in your Firefox cache (purge the cache). Voila! Done!

The first one is actually a file named Install751.exe that is carrying the Trojan.Fakealert-50 payload.
My brain is hung like a HORSE!
Reply
My brain is hung like a HORSE!
Reply
post #9 of 10
6/2/07 at 7:44am
Thread Starter 
Quote:
Originally Posted by Kickaha View Post

What Slewis said - and also, recognize that the first one is in your Trash (just Empty Trash), and the second is in your Firefox cache (purge the cache). Voila! Done!

The first one is actually a file named Install751.exe that is carrying the Trojan.Fakealert-50 payload.


I should have remembered the adage: When all else fails, read the directions. After some problems with ClamXav, I read the directions. ClamXav CAN be tweaked to show the thin blue line and to quarantine bandits; you just have to use Preference BEFORE you make a selection of files to scan.

Therefore, I rescanned after tweaking Preferences. ClamXav sent the bogies to a file I named Quarantine. I emptied the trash and deleted the .exe file in Quarantine. Now, Gods in his heaven; alls right with the world. I can breathe easier now.

I appreciate you guys pointing me in the right direction.
ADS
Reply
ADS
Reply
post #10 of 10
6/2/07 at 9:34am
Quote:
Originally Posted by sequitur View Post

I should have remembered the adage: When all else fails, read the directions. After some problems with ClamXav, I read the directions. ClamXav CAN be tweaked to show the thin blue line and to quarantine bandits; you just have to use Preference BEFORE you make a selection of files to scan.

Therefore, I rescanned after tweaking Preferences. ClamXav sent the bogies to a file I named Quarantine. I emptied the trash and deleted the .exe file in Quarantine. Now, Gods in his heaven; alls right with the world. I can breathe easier now.

I appreciate you guys pointing me in the right direction.

ha, something like that happened to my pc, only i'm not as lucky, and i don't use garbage norton, so i had to actually install an old copy of norton i had, which got rid of a few viruses, and then after that was solved, i still had pop ups like mad for anti-virus software. it just goes to show, these companies who sell anti-virus software want you to get virus's so you buy their product. i can't wait to just get my macbook at christmas and reformat and sell my pc.
MacBook Pro
2.2GHz Intel Core 2 Duo
2GB 667 DDR2 SDRAM - 2x1GB
120GB Serial ATA Drive@5400rpm
SuperDrive 8x
15" Glossy Widescreen Display

with a wireless Apple keyboard

and

iPod Touch
8GB
Reply
MacBook Pro
2.2GHz Intel Core 2 Duo
2GB 667 DDR2 SDRAM - 2x1GB
120GB Serial ATA Drive@5400rpm
SuperDrive 8x
15" Glossy Widescreen Display

with a wireless Apple keyboard

and

iPod Touch
8GB
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Virus or ?