Malware infection (screenshot)

Discussion in 'OS X Mountain Lion (10.8)' started by hwojtek, Feb 24, 2013.

  1. hwojtek, Feb 24, 2013
    Last edited: Feb 26, 2013

    macrumors 6502a

    hwojtek

    Joined:
    Jan 26, 2008
    Location:
    A small rural village in western Poland
    #1
    When I turned my computer on today, I noticed a strange activity at boot up. LittleSnitch has blocked an outgoing connection (see attachment).

    The app has indeed been lurking in a hidden ".Install" folder in my home directory. It was installed a day ago at 10:56 pm (no trace of it in my logs, at least not that I can spot them). The rest can be seen on the screenshot. I didn't download nor run anything at the time (actually I was reading theatlantic.com). Any ideas?
    I have now zipped this app, removed it from startup items (yes, it was run from there). If anyone is interested I can email the contents.
     

    Attached Files:

  2. macrumors G4

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #2
    I'm not sure what that is, but it sure is an interesting find. I suspect you're right about it being possibly malicious and not to trust it.
     
  3. Drew017, Feb 24, 2013
    Last edited: Feb 24, 2013

    macrumors 65816

    Drew017

    Joined:
    May 29, 2011
    Location:
    East coast, USA
    #3
    It's probably not a virus… maybe just some malware or a program that was installed with another app.

    Mac Virus/ Malware FAQ
     
  4. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    Have you installed any apps related to CableVision?

    It's not malware.... or "maleware"! :D
     
  5. thread starter macrumors 6502a

    hwojtek

    Joined:
    Jan 26, 2008
    Location:
    A small rural village in western Poland
    #5
    The only app I ran this evening was a trial of "PDF Protector" which I've found redundant regarding I bought the Acrobat X Pro along with my Adobe CS. I have then removed the program.
    Point is, stuffing an app with a cryptic name into a hidden folder is just not fair. I would take this for granted if the app was documented and had a clear way of removing it. But if not LittleSnitch, I wouldn't ever know I have a parasite on my computer.
    And no, I do not have anything even remotely related to CableVision.
     
  6. macrumors 65816

    Drew017

    Joined:
    May 29, 2011
    Location:
    East coast, USA
    #6
    Fixed ;)
     
  7. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    It's possible the app was bundled with another app you installed, as that happens frequently. Yes, I agree they should let you know what you're installing, but the simple solution is to simply delete anything associated with that app. The most effective method for complete app removal is manual deletion:

    You may want to change your thread title to something more descriptive, since this obviously isn't a virus. There has never been a Mac OS X virus in the wild, and only a handful of trojans, which are easily avoided by practicing safe computing. See the link that Drew017 posted for more details.

    To edit your thread title, click the "Edit" button on your original post, then click "Go Advanced" and you will see where to edit the thread title.
     
  8. macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #8
    Are you sure 69.118.252.2 isn't your router ?
     
  9. thread starter macrumors 6502a

    hwojtek

    Joined:
    Jan 26, 2008
    Location:
    A small rural village in western Poland
    #9
    No, as LittleSnitch resolved it properly, this is ool-4576fc02.dyn.optonline.net - a network as on the "other side of the planet" as it gets, at least from my standpoint ;)

    And yes, I have removed it properly, I am quite proficient in terminal and grep ;)
     
  10. macrumors member

    Joined:
    Jun 14, 2012
    #10
    Hi sorry to hear about this. It would help to know a bit more...

    Where did you install PDF Protector from ?

    Do you have Gatekeeper and XProtect enabled ?

    Is Java disabled in your browser ? Which do you use ?

    thanks for posting
     
  11. thread starter macrumors 6502a

    hwojtek

    Joined:
    Jan 26, 2008
    Location:
    A small rural village in western Poland
    #11
    I seriously have no idea where from… I clean my downloads quite regularly, maybe a peek into my browser history would help, but I am not at this computer ATM.
    Gatekeeper - no.
    XProtect - yes.
    Java - disabled.
    Flash - mostly disabled, I run Click2Plugin.
    Safari - most recent, so 6.0.2, I believe.
     

Share This Page