Help iMac G5 trojan...

Discussion in 'macOS' started by holyhandgrenade, Jan 16, 2007.

  1. holyhandgrenade macrumors newbie

    Joined:
    Dec 30, 2006
    Location:
    nex to the old man from scene 24
    #1
    Ok so my cousin has an iMac G5 17" 1.8ghz rev.b same as me. He told me the other day that he thought he might have a virus because it had been running extremely slow and beachballing to oblivion, I told him he has a better chance of winning the lottery. Today he said before it crapped out he had a chance to run a virus scan and it found a trojan. If it starts it takes like 20 minutes to get off the white loading screen then another 20 to get off the blue loading OS X screen. What should he do?

    Any help would be appreciated.


    -HolyHandGrenade
     
  2. Daveway macrumors 68040

    Daveway

    Joined:
    Jul 10, 2004
    Location:
    New Orleans / Lafayette, La
    #2
    I would start up from the original CD1 and run Disk Utility. Run a repair/check disk. Sounds like a hard drive problem.

    And no there aren't any viruses. ;)
     
  3. compuwar macrumors 601

    compuwar

    Joined:
    Oct 5, 2006
    Location:
    Northern/Central VA
    #3
    Boot an external disk in target mode and clean out the Trojan?
     
  4. tdhurst macrumors 68040

    tdhurst

    Joined:
    Dec 27, 2003
    Location:
    Portland, OR
    #4
    what?

    IT'S NOT A GODDAMN TROJAN.

    Boot from the install CD, run Disk Utility and repair the disk. It sounds like a failing hard drive, I had similar symptoms on the Rev A iMac hard drive I replaced today and on my other failed drives.

    Repeat after me, it's not a virus and it's not a trojan...it's not a virus and it's not a trojan...
     
  5. Chundles macrumors G4

    Chundles

    Joined:
    Jul 4, 2005
    #5
    Yep, the HDD is on it's way out. I had the exact same symptoms before mine went kaput.

    It's not a virus or a trojan. There aren't any for the Mac* what your cousin found on the virus scan (no need for this by the way, waste of time, tell him to get rid of it) is a Windows trojan - these cannot affect OSX and pose no safety threat to his system. It's up to Windows users to protect themselves from viruses.

    *Before the nit-pickers on here tear me a new one I'll clarify by saying that there aren't any malicious programs in the wild that will affect an up to date installation of OSX 10.4
     
  6. Teh Don Ditty macrumors G4

    Teh Don Ditty

    Joined:
    Jan 15, 2007
    Location:
    Maryland
    #6
    I was about to say... congrats (i think) on being the first person ever on a Mac to infected with a virus. It's the hard drive trying to tell you it's time for a dirt nap.
     
  7. compuwar macrumors 601

    compuwar

    Joined:
    Oct 5, 2006
    Location:
    Northern/Central VA
    #7
    He didn't say virus, he said Trojan, and there are documented examples of Macs with OSX getting Trojans (most notably at a high school in New England where one student presented it as a new version of iTunes.)

    While there are no "in the wild" viruses, there has been some Trojan activity, and most *nix Trojans work as well. The rub is that you generally have to get the user to actually install the Trojan, so it's a targeted attack, not a random target of opportunity attack, though there have been remote execution vulnerabilities in applications to help get code installed.

    Finally, you *can* infect Macs with viruses, it's just that they (to date) haven't been successful in the wild. That doesn't mean there aren't any OSX viruses in zoos.
     
  8. tdhurst macrumors 68040

    tdhurst

    Joined:
    Dec 27, 2003
    Location:
    Portland, OR
    #8
    yes, we all know Macs are NOT invincible.

    But he doesn't have a trojan, his hard drive is failing.
     
  9. Teh Don Ditty macrumors G4

    Teh Don Ditty

    Joined:
    Jan 15, 2007
    Location:
    Maryland
    #9
    should've corrected myself, but you did it for me. I am also well aware of the fact that there aren't any virii in the "wild", but they do exist.
     
  10. compuwar macrumors 601

    compuwar

    Joined:
    Oct 5, 2006
    Location:
    Northern/Central VA
    #10
    Apparently, by two of the posts in this thread, "we" don't all know that. His hard drive may be failing, but if so it doesn't match the report of AV software flagging a Trojan. That may well be an erroneous report, and it may well be a dying drive, but ridiculing folks when the report indicates either a real or false positive is NOT productive and sooner or later will cause more damage than it's worth.

    I'd actually be more interested in a false positive report than a self-inflicted Trojan wound to the head. If the original poster can provide more detail (what Trojan, what AV software) I'm all ears.

    That's ok, in the other reply the last link is a Trojan that did get wild, that's a new data point for me, and means it's about time I start bugging a few folks I know to see if I can get any wild/zoo samples to see where the code trends are going.

    The Intel switch means IDA will release a Mac module for their disassembler- it's in beta now, looks like my new company is going to have to spend some money *sigh*.
     
  11. compuwar macrumors 601

    compuwar

    Joined:
    Oct 5, 2006
    Location:
    Northern/Central VA
    #11
    I've been in the computer security field for a long time. Currently, I'm in two start-ups- one of which does some security work, but isn't really chartered for research, so though the company will buy the software (the company president has decided that as he types away!) the digging and tearing will be more like recreational therapy than work unless I can figure out some angle that makes sense. At my last company though it was part of what I did, and they bought me IDA Pro to do it with.
    (I'd rather be #6 thanks!)
     
  12. Teh Don Ditty macrumors G4

    Teh Don Ditty

    Joined:
    Jan 15, 2007
    Location:
    Maryland
    #12
    That explains your knowledge and dedication to this thread. Best of luck to you at your 2 jobs (or is it 1 b/c you said the other is therapy?) Number 6? Alright, so be it.
     
  13. cyberddot macrumors 6502

    cyberddot

    Joined:
    Jul 4, 2003
    Location:
    in a forest
    #13
    Go ClamX! I haven't ever needed it for anything other than finding MS-targeted virii attached to files sent by friends, but the discoveries and eu-googlizing of the signatures/'names' are always fun.

    It's never too early to start understanding how software like this works on a Mac, albeit a possibly less pressing concern than failing hardware at the moment. :) When the time does come, familiarity with some aspects of computer security can only help, no matter what your OS of choice.
     
  14. compuwar macrumors 601

    compuwar

    Joined:
    Oct 5, 2006
    Location:
    Northern/Central VA
    #14
    Digging into the malcode would be therapy. It's more like 3-4 jobs at the moment, 3 at one company and 1 at the other. I've got really good friends in the AV industry (which is why I'd be more interested in a false positive) and briefly ran the mailing list services for The Wildlist Organization (www.wildlist.org.)

    Mostly these days I do IT support and Computer Forensics, both of which are either fun or frustrating as heck depending on the customer, problem, etc. The second start-up is an RFID implementation company- a whole different set of interesting.

    (Small nitpick, it's Viruses, not Virii.)

    Does Clam do on-access scanning yet? Manual scanning just seems pretty ugly to me. If not, it'd be interesting to see what it'd take to add on-save scanning to Firefox and Safari, pretty much my two biggest potential infection vectors...
     
  15. Teh Don Ditty macrumors G4

    Teh Don Ditty

    Joined:
    Jan 15, 2007
    Location:
    Maryland
    #15
    you are dedicated! The RFID job is probably interesting, considering that's the wave of the future. Presents all types of goodies to get into.
     
  16. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
    #16

    Working at a university helpdesk and supporting people who call in and whatnot, I've found that quite often, when people claim they have a virus, trojan, spyware, whatever, they never have seemed to run a scan, and when I remote desktop in and scan, it comes up negative. It's just that something else with their computer is hosed and they think that by making it sound like they have something as bad as a virus, we'll bump them to the top of the queue for getting a technician out there. Despite the fact that these are Windows machines, and we all know how bad Windows is with viruses, IT has these systems locked down enough and protected well enough that I never, ever believe someone when they claim their computer has a virus until I see scan results for myself.
     
  17. bartelby macrumors Core

    Joined:
    Jun 16, 2004
    #17
    Smaller nit pick.
    It's both!

     
  18. SpookTheHamster macrumors 65816

    SpookTheHamster

    Joined:
    Nov 7, 2004
    Location:
    London
    #18
    Even smaller, if a dictionary says that no dictionaries recognise the word, is that not like saying "that word is wrong"?

    I'd have to say virii would never be correct, viri maybe, but viruses is definitely the correct form to use. Virii is just a word that people have made up to make themselves sound cool or funny on internet forums, like octopi.
     
  19. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #19
    It's "internet fora", not "internet forums". :D
     
  20. OdduWon macrumors 6502a

    OdduWon

    Joined:
    Jul 4, 2006
    Location:
    CaliVerse
    #20
    went to fry's the other day and was playing with the 24" imac. it would turn on, startu, and then go crazy and restart. this aparently happend all day long :eek: . thought for a second that it may have a "virus" but then realized someone, probbably the horrible and M$ biased sales persons at frys, set every application in the doc to run on startup, draining the system resources and making it usable. so yes macs are not invinciple.

    also if the HDD does go out you will hear a chime on start up or something of that sort. Is it just me or does it seem that 90% of HDD failures stem from people not cleaning their computers of dust on a regular bases :confused:

    if you take out an HDD is has vent holes that say do not cover on them, most of the "burnt" HDD's that i have seen have had these vents completly full of dust. I mean if people worry about there ps2 sucking up dust, a computer (especially a G5) has way more fans to suck up dust then a ps2 ;)

    not saying this is the problem but it could be for others.

    also has safari been acting really slow for anyone else in the last few months? has made me think i may have a trojan. it takes like 30 sec to load mac rumors if it loads at all. and other times its very fast, maybe the "referbished" airport that apple sent me. hard line works fine it is only wirless.

    rant over :eek:

    ODDUWON
     
  21. compuwar macrumors 601

    compuwar

    Joined:
    Oct 5, 2006
    Location:
    Northern/Central VA
    #21
    Keep reading:

     
  22. MacBoobsPro macrumors 603

    MacBoobsPro

    Joined:
    Jan 10, 2006
    #22
    Your disclaimer should be an option in the tools above the 'insert post' window. :D
     
  23. compuwar macrumors 601

    compuwar

    Joined:
    Oct 5, 2006
    Location:
    Northern/Central VA
    #23
    Except some nitpicker would point out that there are plenty of malicious programs wild on *nix that will happily affect OSX up to date as it can be (such as PHP trojans to take one broad category) that simply aren't likely to be wild on most desktops but could get caught on a developer's box, test system...

    They may even all be not in the wild on OSX, but probably due to sample size in the server market more than anything.

    I mean, I could see some nitpicker pointing that out. Not that I would! :D
     
  24. holyhandgrenade thread starter macrumors newbie

    Joined:
    Dec 30, 2006
    Location:
    nex to the old man from scene 24
    #24
    thanks

    Wow i cant thank you guys enough for the feedback. I didnt think he had a trojan and its prolly the hdd (should i be worried there the same model and rev). Anyway just to be safe i gave him clam and onyx. Il post back as soon as he tells me what it found and when i tell him to boot from the disk.

    thanks again everyone for your help.
     

Share This Page