1. Welcome to the new MacRumors forums. See our announcement and read our FAQ

Malware infection (screenshot)

Discussion in 'OS X Mountain Lion (10.8)' started by hwojtek, Feb 24, 2013.

  1. hwojtek, Feb 24, 2013
    Last edited: Feb 26, 2013

    macrumors 6502a

    When I turned my computer on today, I noticed a strange activity at boot up. LittleSnitch has blocked an outgoing connection (see attachment).

    The app has indeed been lurking in a hidden ".Install" folder in my home directory. It was installed a day ago at 10:56 pm (no trace of it in my logs, at least not that I can spot them). The rest can be seen on the screenshot. I didn't download nor run anything at the time (actually I was reading theatlantic.com). Any ideas?
    I have now zipped this app, removed it from startup items (yes, it was run from there). If anyone is interested I can email the contents.

    Attached Files:

  2. macrumors demi-god


    I'm not sure what that is, but it sure is an interesting find. I suspect you're right about it being possibly malicious and not to trust it.
  3. Drew017, Feb 24, 2013
    Last edited: Feb 24, 2013

    macrumors 65816


    It's probably not a virus… maybe just some malware or a program that was installed with another app.

    Mac Virus/ Malware FAQ
  4. macrumors demi-god


    Have you installed any apps related to CableVision?

    It's not malware.... or "maleware"! :D
  5. macrumors 6502a

    The only app I ran this evening was a trial of "PDF Protector" which I've found redundant regarding I bought the Acrobat X Pro along with my Adobe CS. I have then removed the program.
    Point is, stuffing an app with a cryptic name into a hidden folder is just not fair. I would take this for granted if the app was documented and had a clear way of removing it. But if not LittleSnitch, I wouldn't ever know I have a parasite on my computer.
    And no, I do not have anything even remotely related to CableVision.
  6. macrumors 65816


    Fixed ;)
  7. macrumors demi-god


    It's possible the app was bundled with another app you installed, as that happens frequently. Yes, I agree they should let you know what you're installing, but the simple solution is to simply delete anything associated with that app. The most effective method for complete app removal is manual deletion:

    You may want to change your thread title to something more descriptive, since this obviously isn't a virus. There has never been a Mac OS X virus in the wild, and only a handful of trojans, which are easily avoided by practicing safe computing. See the link that Drew017 posted for more details.

    To edit your thread title, click the "Edit" button on your original post, then click "Go Advanced" and you will see where to edit the thread title.
  8. macrumors demi-god


    Are you sure isn't your router ?
  9. macrumors 6502a

    No, as LittleSnitch resolved it properly, this is ool-4576fc02.dyn.optonline.net - a network as on the "other side of the planet" as it gets, at least from my standpoint ;)

    And yes, I have removed it properly, I am quite proficient in terminal and grep ;)
  10. macrumors member

    Hi sorry to hear about this. It would help to know a bit more...

    Where did you install PDF Protector from ?

    Do you have Gatekeeper and XProtect enabled ?

    Is Java disabled in your browser ? Which do you use ?

    thanks for posting
  11. macrumors 6502a

    I seriously have no idea where from… I clean my downloads quite regularly, maybe a peek into my browser history would help, but I am not at this computer ATM.
    Gatekeeper - no.
    XProtect - yes.
    Java - disabled.
    Flash - mostly disabled, I run Click2Plugin.
    Safari - most recent, so 6.0.2, I believe.

Share This Page