My father is incredibly gullible... He somehow manages to pick up most Trojans/malware/etc. out there. Now his Mac is painfully slow. I'm going to visit home this weekend, and I would like to tune-up his Mac. Is there a universal method to rid his computer of all malicious content? Thanks
The new malware is said to specifically target Lion, and replicates the look and feel of the real Flash installer. It includes design elements and logos that could convince some users it is the actual official software from Adobe.
Are they smoking crack?! This installer looks nothing like Adobe's official Flash updater.
Quote:
Originally Posted by ConradJoe
That's the problem with blacklists as an exclusive method. They need to be updated constantly. Heurisitics-based AV has been around for decades.
Actually you are thinking viruses, which some malware just happens to include. All malware detection is blacklist based, which is why it is such a problem. You can install anything you want on your system made by anyone, so if you are gullible enough to run it there is nothing your system can do to stop it.
Blacklists that are maintained globally & updated real time are actually very effective & probably far more so than heuristics. In fact what I'd like to see is for Apple to use push technology for Macs so that instead of checking 1 a day they actually get notified immediately when an update is released & download it immediately. One of the most powerful features of an IDS/IPS system is global correlation, realtime updated blacklist contributed to by parties all around the world.
My father is incredibly gullible... He somehow manages to pick up most Trojans/malware/etc. out there. Now his Mac is painfully slow. I'm going to visit home this weekend, and I would like to tune-up his Mac. Is there a universal method to rid his computer of all malicious content? Thanks
A lot of things can slow down a system besides just malware, first thing I would do is run a permissions repair on his drive and reboot. You may also need to re-download latest combo update for his system & install it.
If he is on Snow Leopard make sure he has the option set to check against Apple for the malware blacklist. If he is still getting every new malware out there after that then it's time to take his computer away cause that takes a lot of talent to download what most of us have never once run into.
Are they smoking crack?! This installer looks nothing like Adobe's official Flash updater.
I don't think they report intended to claim that the fake installer was a sufficiently close copy of the real flash installer to fool someone who knows what the real installer looks like - but rather that the use of Adobe logo etc and the overall appearance would be enough to fool someone either with less experience or paying less attention that it it a legitimate installer.
I have seem some malicious software installers that have obvious flaws in the interface that should make anyone think twice about continuing - then again, esp on the windows side I have seen legitimate installers that were so poorly crafted I thought twice about using the software.
What does this mean? You being prompted to update doesn't immediately imply you didn't download the update from Adobe.
I think you'll need to go look for it manually since Spotlight doesn't look in Library folders.
READ THE ARTICLE. Remove the files and you'll be fine.
using search in finder and command f, i dont see file.
i looked in library and did not see. by prompted, i mean. i got a pop up saying new version of flash available. and it looked and worked exactly like previous flash updates. installer log shows install and everything seems normal as far as i can tell. is there some better way for me to find that file. let me know. thx
Oh, I see. You can't really find Mac trojans even if you're TRYING, can you?
It's not that hard to manually remove things anyway (on OSX or Windows) if you can see a process running. Both have functions for show all processes. You can pretty much identify stuff from there, not that I'm a Windows fan (I use a couple things without OSX versions so I've dealt with it).
The file Preferences.dylib is easy enough to find in the user library but once thrown into the trash it begins to wreak all sorts of havoc, to the point of eliminating the user trash folder from the underlying system architecture. The best way to deal with this, if you are as unfortunate as I to install it (from a link on a reputable e-commerce site, by the way) the best way to deal with it is as follows:
First, go to system preferences and make sure that automatic log in is switched off.
Second, create a root user and log in as the root user.
Third, delete your home account making sure to keep the home folder. It will remain in the Users folder but renamed usernamae(deleted)
Fourth, create a new user with the same user name as your original account. Give it the same password, even.
Finally, drag the contents of the old user folder into the new user folder. When you are prompted whether or not you want to replace a given folder, click yes and check the box that makes this action for all folders. This is your new user folder. Because Trash is not part of the user file structure, your old trash and it's contents won't follow you to the new account.
You might want to back up your computer before doing any of this.
why not just open up the terminal and delete is using rm? None of the underlying OS services a file can access get invoked that way. It just goes away.
Sure not having to deal with the command line is a wonderful thing. But every once in a while a simple command can be immensely useful and far simpler than the GUI+services might make the endeavor otherwise.
Can't for the life of me figure out how to get it to search Libraries (and System), as I would like that very much, but whatever
Supposedly by invoking Spotlight with Command-Option-Space performs a "universal search" but I only read it somewhere; don't know if that works across various 10.x versions...
why not just open up the terminal and delete is using rm? None of the underlying OS services a file can access get invoked that way. It just goes away.
Sure not having to deal with the command line is a wonderful thing. But every once in a while a simple command can be immensely useful and far simpler than the GUI+services might make the endeavor otherwise.
I suppose that would work as well. All I know is that if the file is thrown in the trash it won't be deleted by emptying trash and it begins to cause serious problems.
Besides the risk of opening terminal, which is something some might not want to undertake, it is also possible that there are invisible elements of this Trojan Horse that won't be found in the User home folder file structure and thus would live on if the offending file is removed. Those underlying files don't end up in the new user home folder.
Comments
My father is incredibly gullible... He somehow manages to pick up most Trojans/malware/etc. out there. Now his Mac is painfully slow. I'm going to visit home this weekend, and I would like to tune-up his Mac. Is there a universal method to rid his computer of all malicious content? Thanks
1. Reformat
2. Reinstall
3. Reprimand
I thought something was weird when I saw "Flash 11".
Flash 11's out though?
Oh, wait, just beta. Forgot about that. I always use the betas.
The new malware is said to specifically target Lion, and replicates the look and feel of the real Flash installer. It includes design elements and logos that could convince some users it is the actual official software from Adobe.
Are they smoking crack?! This installer looks nothing like Adobe's official Flash updater.
That's the problem with blacklists as an exclusive method. They need to be updated constantly. Heurisitics-based AV has been around for decades.
Actually you are thinking viruses, which some malware just happens to include. All malware detection is blacklist based, which is why it is such a problem. You can install anything you want on your system made by anyone, so if you are gullible enough to run it there is nothing your system can do to stop it.
Blacklists that are maintained globally & updated real time are actually very effective & probably far more so than heuristics. In fact what I'd like to see is for Apple to use push technology for Macs so that instead of checking 1 a day they actually get notified immediately when an update is released & download it immediately. One of the most powerful features of an IDS/IPS system is global correlation, realtime updated blacklist contributed to by parties all around the world.
My father is incredibly gullible... He somehow manages to pick up most Trojans/malware/etc. out there. Now his Mac is painfully slow. I'm going to visit home this weekend, and I would like to tune-up his Mac. Is there a universal method to rid his computer of all malicious content? Thanks
A lot of things can slow down a system besides just malware, first thing I would do is run a permissions repair on his drive and reboot. You may also need to re-download latest combo update for his system & install it.
If he is on Snow Leopard make sure he has the option set to check against Apple for the malware blacklist. If he is still getting every new malware out there after that then it's time to take his computer away cause that takes a lot of talent to download what most of us have never once run into.
Are they smoking crack?! This installer looks nothing like Adobe's official Flash updater.
I don't think they report intended to claim that the fake installer was a sufficiently close copy of the real flash installer to fool someone who knows what the real installer looks like - but rather that the use of Adobe logo etc and the overall appearance would be enough to fool someone either with less experience or paying less attention that it it a legitimate installer.
I have seem some malicious software installers that have obvious flaws in the interface that should make anyone think twice about continuing - then again, esp on the windows side I have seen legitimate installers that were so poorly crafted I thought twice about using the software.
according to my mac i have the correct latest version of flash 10.3. so how do i know if somethings wrong. i dont see a problem at this point.
so how do i know if somethings wrong. i dont see a problem at this point.
By READING the article. If you don't have the crap in your Library, nothing's wrong.
And if you got Flash from Adobe, there's no way it could possibly be the trojan.
By READING the article. If you don't have the crap in your Library, nothing's wrong.
And if you got Flash from Adobe, there's no way it could possibly be the trojan.
i was prompted to update. so i didn't get directly from adobe. but it looked like last update and is for 10.3
searching mac (command find) and using spotlight, i dont see library file. what do you think?
if infected, any anti malware software?
i was prompted to update. so i didn't get directly from adobe. but it looked like last update and is for 10.3
searching mac (command find) and using spotlight, i dont see library file. what do you think?
if infected, any anti malware software?
also i have mac firewall turned on. does that prevent this type of thing? thx
i was prompted to update. so i didn't get directly from adobe.
What does this mean? You being prompted to update doesn't immediately imply you didn't download the update from Adobe.
searching mac (command find) and using spotlight, i dont see library file. what do you think?
I think you'll need to go look for it manually since Spotlight doesn't look in Library folders.
if infected, any anti malware software?
READ THE ARTICLE. Remove the files and you'll be fine.
What does this mean? You being prompted to update doesn't immediately imply you didn't download the update from Adobe.
I think you'll need to go look for it manually since Spotlight doesn't look in Library folders.
READ THE ARTICLE. Remove the files and you'll be fine.
using search in finder and command f, i dont see file.
i looked in library and did not see. by prompted, i mean. i got a pop up saying new version of flash available. and it looked and worked exactly like previous flash updates. installer log shows install and everything seems normal as far as i can tell. is there some better way for me to find that file. let me know. thx
using search in finder and command f, i dont see file.
Yes. You won't. Because you can't. Spotlight doesn't search Library folders by default, so you won't see that.
Can't for the life of me figure out how to get it to search Libraries (and System), as I would like that very much, but whatever.
i looked in library and did not see.
Then you don't have it. Shouldn't be a problem.
by prompted, i mean. i got a pop up saying new version of flash available. and it looked and worked exactly like previous flash updates.
If this pop-up was one from an existing Flash install, then you installed it from Adobe itself. You're fine.
What about that guy's post is in any way trollish?
He's asking a question that he wouldn't need to ask if he spent twenty seconds and read the actual article, but that's not trolling.
Because that guys post was an obvious ruse to make macs look just as vulnerable.
Because that guys post was an obvious ruse to make macs look just as vulnerable.
Oh, I see. You can't really find Mac trojans even if you're TRYING, can you?
Oh, I see. You can't really find Mac trojans even if you're TRYING, can you?
It's not that hard to manually remove things anyway (on OSX or Windows) if you can see a process running. Both have functions for show all processes. You can pretty much identify stuff from there, not that I'm a Windows fan (I use a couple things without OSX versions so I've dealt with it).
First, go to system preferences and make sure that automatic log in is switched off.
Second, create a root user and log in as the root user.
Third, delete your home account making sure to keep the home folder. It will remain in the Users folder but renamed usernamae(deleted)
Fourth, create a new user with the same user name as your original account. Give it the same password, even.
Finally, drag the contents of the old user folder into the new user folder. When you are prompted whether or not you want to replace a given folder, click yes and check the box that makes this action for all folders. This is your new user folder. Because Trash is not part of the user file structure, your old trash and it's contents won't follow you to the new account.
You might want to back up your computer before doing any of this.
Sure not having to deal with the command line is a wonderful thing. But every once in a while a simple command can be immensely useful and far simpler than the GUI+services might make the endeavor otherwise.
Can't for the life of me figure out how to get it to search Libraries (and System), as I would like that very much, but whatever
Supposedly by invoking Spotlight with Command-Option-Space performs a "universal search" but I only read it somewhere; don't know if that works across various 10.x versions...
why not just open up the terminal and delete is using rm? None of the underlying OS services a file can access get invoked that way. It just goes away.
Sure not having to deal with the command line is a wonderful thing. But every once in a while a simple command can be immensely useful and far simpler than the GUI+services might make the endeavor otherwise.
I suppose that would work as well. All I know is that if the file is thrown in the trash it won't be deleted by emptying trash and it begins to cause serious problems.
Besides the risk of opening terminal, which is something some might not want to undertake, it is also possible that there are invisible elements of this Trojan Horse that won't be found in the User home folder file structure and thus would live on if the offending file is removed. Those underlying files don't end up in the new user home folder.