Virus or ?

Posted:
in General Discussion edited January 2014
I'm fairly certain my Mac has a virus, worm, or whatever. How can I tell for sure and how do I fix the problem?

Comments

  • Reply 1 of 9
    tankgunktankgunk Posts: 43member
    1. This should be in Genus Bar.



    2. You are really giving us nothing to go on. Why do you suspect malware? Although I suppose we could suggest some scanning software anyway.



    Also, I wouldn't worry too much about malware unless you've been visiting questionable websites or downloading packages from an untrusted source. Malware on a mac usually takes some user action. In fact, malware on anything often requires some user action.
  • Reply 2 of 9
    sequitursequitur Posts: 1,901member
    Quote:
    Originally Posted by Tankgunk View Post


    1. This should be in Genus Bar.



    2. You are really giving us nothing to go on. Why do you suspect malware? Although I suppose we could suggest some scanning software anyway.



    Also, I wouldn't worry too much about malware unless you've been visiting questionable websites or downloading packages from an untrusted source. Malware on a mac usually takes some user action. In fact, malware on anything often requires some user action.



    Sorry about putting this in the wrong place. The reason I think I've got a problem is: while online, a pop-up supposedly ran a test on my Mac and "found" problems. It showed a fix, but it was an .exe file. It didn't ask for $$$, so I don't think it was an advertisement. Because of the .exe file, it didn't come from Mac Utilities.

    It may be a hoax, but I don't want to take a chance. Is there a way to check for a virus or whatever?
  • Reply 3 of 9
    kickahakickaha Posts: 8,760member
    That is 99.9999% sure to be a scam.



    See, what they do is pretend to scan your system, then say "OMG! You need our software! CLICK HERE!" and voila - you install their malware.



    More hints it's just a scam: 1) they claim to scan your system, then offer you an .exe. That's a Windows application. Which means that they think you have a Windows virus. And you'd be susceptible to this... how?



    Google for ClamAV/X if you want a free, decent anti-virus scanner for the Mac.
  • Reply 4 of 9
    sequitursequitur Posts: 1,901member
    Quote:
    Originally Posted by Kickaha View Post


    That is 99.9999% sure to be a scam.



    See, what they do is pretend to scan your system, then say "OMG! You need our software! CLICK HERE!" and voila - you install their malware.



    More hints it's just a scam: 1) they claim to scan your system, then offer you an .exe. That's a Windows application. Which means that they think you have a Windows virus. And you'd be susceptible to this... how?



    Google for ClamAV/X if you want a free, decent anti-virus scanner for the Mac.



    Thanks.
  • Reply 5 of 9
    sequitursequitur Posts: 1,901member
    Quote:

    Originally Posted by Kickaha View Post

    That is 99.9999% sure to be a scam.





    I downloaded ClamXav and turned it loose on my computer. It's been running for several hours and found this - so far:



    /Users/sequitur/.Trash/Install751.exe: Trojan.Fakealert-50 FOUND



    /Users/sequitur/Library/Caches/Firefox/Profiles/iprkzo8c.default/Cache/7482662Edo1:Trojan.Fakealert-50 FOUND



    Kickaha, you seem to have hit the nail on the head: "exe: Trojan.Fakealert" or is that in itself an ogre? Does ClamXav eliminate or just locate problems?



    ClamXav is doing its job, but it takes a LONG time to do it and there is no indicator (like a blue strip) to show

    how much it's done and how much it has to go. So far, it hasn't completely checked the 17 Gigs currently in my Users and it's been about 3 hours. I haven't used it to check the rest of my Mac HD which is currently about 19 Gigs.
  • Reply 6 of 9
    slewisslewis Posts: 2,080member
    Quote:
    Originally Posted by sequitur View Post


    Quote:

    Originally Posted by Kickaha View Post

    That is 99.9999% sure to be a scam.





    I downloaded ClamXav and turned it loose on my computer. It's been running for several hours and found this:



    /Users/sequitur/.Trash/Install751.exe: Trojan.Fakealert-50 FOUND



    /Users/sequitur/Library/Caches/Firefox/Profiles/iprkzo8c.default/Cache/7482662Edo1:Trojan.Fakealert-50 FOUND



    Kickaha, you seem to have hit the nail on the head: "exe: Trojan.Fakealert" or is that in itself an ogre? Does ClamXav eliminate or just locate problems?



    ClamXav is doing its job, but it takes a LONG time to do it and there is no indicator (like a blue strip) to show

    how much it's done and how much it has to go. So far, it hasn't completely checked the 17 Gigs currently in my Users and it's been about 3 hours. I haven't used it to check the rest of my Mac HD which is currently about 19 Gigs.



    ClamXAV from what I understand will move them to a special folder and you can delete them yourself. Those are not threats however... any .exe cannot execute on a Mac period. But you'll probably want to delete them if for no other reason then they take up a few kilobytes of space. It looks like "Fakealert" is from that alert you clicked before. Yet another reason to hate ads.



    Sebastian
  • Reply 7 of 9
    kickahakickaha Posts: 8,760member
    What Slewis said - and also, recognize that the first one is in your Trash (just Empty Trash), and the second is in your Firefox cache (purge the cache). Voila! Done!



    The first one is actually a file named Install751.exe that is carrying the Trojan.Fakealert-50 payload.
  • Reply 8 of 9
    sequitursequitur Posts: 1,901member
    Quote:
    Originally Posted by Kickaha View Post


    What Slewis said - and also, recognize that the first one is in your Trash (just Empty Trash), and the second is in your Firefox cache (purge the cache). Voila! Done!



    The first one is actually a file named Install751.exe that is carrying the Trojan.Fakealert-50 payload.





    I should have remembered the adage: ?When all else fails, read the directions.? After some problems with ClamXav, I read the directions. ClamXav CAN be tweaked to show the thin blue line and to quarantine ?bandits?; you just have to use Preference BEFORE you make a selection of files to scan.



    Therefore, I rescanned after tweaking Preferences. ClamXav sent the ?bogies? to a file I named ?Quarantine.? I emptied the trash and deleted the .exe file in ?Quarantine?. Now, ?God?s in his heaven; all?s right with the world.? I can breathe easier now.



    I appreciate you guys pointing me in the right direction.
  • Reply 9 of 9
    Quote:
    Originally Posted by sequitur View Post


    I should have remembered the adage: ?When all else fails, read the directions.? After some problems with ClamXav, I read the directions. ClamXav CAN be tweaked to show the thin blue line and to quarantine ?bandits?; you just have to use Preference BEFORE you make a selection of files to scan.



    Therefore, I rescanned after tweaking Preferences. ClamXav sent the ?bogies? to a file I named ?Quarantine.? I emptied the trash and deleted the .exe file in ?Quarantine?. Now, ?God?s in his heaven; all?s right with the world.? I can breathe easier now.



    I appreciate you guys pointing me in the right direction.



    ha, something like that happened to my pc, only i'm not as lucky, and i don't use garbage norton, so i had to actually install an old copy of norton i had, which got rid of a few viruses, and then after that was solved, i still had pop ups like mad for anti-virus software. it just goes to show, these companies who sell anti-virus software want you to get virus's so you buy their product. i can't wait to just get my macbook at christmas and reformat and sell my pc.
Sign In or Register to comment.