Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Status
Not open for further replies.
yankeefan24 said:
followed your process and this is what it gave me:

/Desktop/latestpics; exit
override rw-r--r-- virustes/wheel for latestpics.tgz? (y/n [n]) n
not overwritten
logout
[Process completed]

this is from my main account, my post above's first part was from a sub account.
I added in the EDIT that you have to do it from a new account.
 
from a new sub account it is giving me the same apps and data that you were saying should come out. it said overwrite and answered no, it gave a list (before it wouldn't give a list). How would this affect iChat/AIM? Also, what would happen if you said yes (i am NOT saying that someone should try).

and if a MOD sees this thread, please ban lasthope, or make him give an explanation of what this does and how to fuly get rid of this, and then ban him (second is preferred).
 
This might be a good time for a little public service announcement. It's not the best idea to do everything from your default Mac user account (the admin one). If you poke around in your applications folder, you may notice that you have write access to many of those files, no password required. Installers could and should do a better job here, but they don't.

Set up a second, non-privileged account, and do your day-to-day stuff from there.
 
yankeefan24 said:
from a new sub account it is giving me the same apps and data that you were saying should come out. it said overwrite and answered no, it gave a list (before it wouldn't give a list). How would this affect iChat/AIM? Also, what would happen if you said yes (i am NOT saying that someone should try)
It just gives you the same list. Unless you have already removed the infected apps, then it picks all new ones.
 
Benjamindaines said:
It just gives you the same list. Unless you have already removed the infected apps, then it picks all new ones.

yes, i removed skype and it gave me another game. :(
 
i think i have a side note. i still believe that it is going to be something big, and will be hard (if possible) to remove. It is putting itself into the apps scripts to make sure that it is not removed. I tried to uninstall it, but it came up again. I believe that something big is going to happen. Backup your drive EXTERNALLY and then stop using any chatting apps on your infected computer. The fact that it came as a tar file (i know nothing about it) suggests that there may be an extra file somewhere hidden within the computer.
 
yankeefan24 said:
i think i have a side note. i still believe that it is going to be something big, and will be hard (if possible) to remove. It is putting itself into the apps scripts to make sure that it is not removed. I tried to uninstall it, but it came up again. I believe that something big is going to happen. Backup your drive EXTERNALLY and then stop using any chatting apps on your infected computer. The fact that it came as a tar file (i know nothing about it) suggests that there may be an extra file somewhere hidden within the computer.

I am currently backing up RELIGIOUSLY everything on all of the computers in the house to my external. Then I'm going to disconnect my external so it doesn't get infected. My Mac is not infected yet *knocks on wood* but I cannot afford to lose any data. Right now, I am genuinely scared as to what is going to become of this.

I wonder what the mods are doing about this? Are they aware of it? This guy might be punished by law if anything serious happens like data loss. I'm like shaking. Someone please comfort me.
 
Alright guys, I am VERY relived to discover that my laptop is the only computer of mine infected. I am running ClamXav during the night to see what comes up (I am also running it on the other computers just incase). I have backed everything up but there isn't anything important on my laptop. So I am dedicating my laptop to the effort of removing this virus and to find out what exactly it does (if i can't / haven't get rid of it)
 
CoMpX said:
I am currently backing up RELIGIOUSLY everything on all of the computers in the house to my external. Then I'm going to disconnect my external so it doesn't get infected. My Mac is not infected yet *knocks on wood* but I cannot afford to lose any data. Right now, I am genuinely scared as to what is going to become of this.

I wonder what the mods are doing about this? Are they aware of it? This guy might be punished by law if anything serious happens like data loss. I'm like shaking. Someone please comfort me.

I LOVE THE COURT OF LAW, except we don't know if he is in the US or the UK (the only confirmed places i have heard this virus exists), so if he is in india or russia or china, we have to rely on extradition (probably to the US because that is where this site is hosted), and if their mysterious government doesn't comply, we have a problem. But if he IS in the US/UK, i guess when we press charges (if we) he has a real problem.

This is a what if situation, btw.
 
CoMpX said:
This might be a n33b question, but can this be officially called the first Mac virus?

that's wat i am calling it. It might be more technically a mac TROJAN but the same concept. any one who receives it from iChat/AIM/whatever would indeed have the first mac VIRUS. so its a split. i am calling it a virus.

Benjamindaines said:
Alright guys, I am VERY relived to discover that my laptop is the only computer of mine infected. I am running ClamXav during the night to see what comes up (I am also running it on the other computers just incase). I have backed everything up but there isn't anything important on my laptop. So I am dedicating my laptop to the effort of removing this virus and to find out what exactly it does (if i can't / haven't get rid of it)

glad you are dedicating your laptop to the cause. i am basicly doing the same with mine, just don't know as much as you probably do. i tried to do a full hdd scan with ClamXav and it said it couldn't, but i am pretty sure that my TiBook doesn't have it.
 
yankeefan24 said:
that's wat i am calling it. It might be more technically a mac TROJAN but the same concept. any one who receives it from iChat/AIM/whatever would indeed have the first mac VIRUS. so its a split. i am calling it a virus.

This is a VERY< VERY sad day for the Mac platform. I always hoped that this would not happen in my lifetime. I am almost in shock now, I can't believe this is reality. All because of this bastard with hi pics. I am extremely pissed, sad, and scared. This guy needs to pay. This is war IMO.
 
CoMpX said:
This might be a n33b question, but can this be officially called the first Mac virus?
There have been Mac viruses in the past, before OS X. This program falls more in between a worm and trojan horse. This incident does, however, provide a wonderful opportunity to tell overly complacent Mac users "I told you so." Stuff like this, and not classical viruses, is how most Windows malware spreads.
 
Maybe someone should email the file to symantec or another antivirus company so they can analyise it.
If it is the first mac virus then I can proudly say "I was one of the first people to get a mac virus"
Also has anyone tried Pm'ing an admin to see what they say about it.
The other day after I got the virus, before the 10.4.5 update I reinstalled the OS. 1. to get the virus off my ibook, and 2. because my KB was acting up again and wanted to see if it would fix it (It didint), but all is good because apple is sending me a new one.

Also a quick question for those who got the virus. At the time I ran the file i had my external hard drive connected which has some apps on it, along with my backups. Does this only propigate in the main drive or everywhere an app exists.
 
It's not surprising that an Admin account would allow something to cause problems via the terminal. :rolleyes:

This still seems more of a social engineering Trojan than a virus. I'm not worried about catching it. Don't you have to accept the file from IM to get the "infection"?
 
CoMpX said:
This is a VERY< VERY sad day for the Mac platform. I always hoped that this would not happen in my lifetime. I am almost in shock now, I can't believe this is reality. All because of this bastard with hi pics. I am extremely pissed, sad, and scared. This guy needs to pay. This is war IMO.

Did you just proclaim war over this? lol... :p
 
Really late into this

But reading this thread is giving me a headache. Can someone simply spell out a few things: How do you become infected? How do you know your infected? How do you treat?
 
Laser47 said:
Maybe someone should email the file to symantec or another antivirus company so they can analyise it.
If it is the first mac virus then I can proudly say "I was one of the first people to get a mac virus"
Also has anyone tried Pm'ing an admin to see what they say about it.
The other day after I got the virus, before the 10.4.5 update I reinstalled the OS. 1. to get the virus off my ibook, and 2. because my KB was acting up again and wanted to see if it would fix it (It didint), but all is good because apple is sending me a new one.

Also a quick question for those who got the virus. At the time I ran the file i had my external hard drive connected which has some apps on it, along with my backups. Does this only propigate in the main drive or everywhere an app exists.

I can't believe i was the first Mac OS X user to get a virus.

i don't know about external hdd. this is a problem to all. and i think war is NOT a bad idea. ;) but an mod should check this guys IP to make sure he doesn't try to sign up again.

EDIT: ON MY INFECTED COMPUTER, I CAN NOT DO A FULL LOG OUT. is this a coincidence or virus affected, i can only quick log out.

This is only on a sub account that i have done most of my attempts to try to get the virus uninstalled, not the first account to get it (an admin).
 
I have sent a threatening PM to lasthope and have forwarded the PM to DoctorQ as well. I have also asked DoctorQ for the users email address or if he can't release that for him to forward my message to it as well. Of course I have asked that lasthope be banned.
 
I submitted a story to Macrumors about this, lets see what happens. Just watch, front page of MR, Mac virus!!
 
Benjamindaines said:
What do you mean by full logout VS a quck logout?

full logout as in apple menu then log out, quick logout as in switch user, thats just what i use because i only have one account on it.
 
Has anyone contacted Apple about this? Someone with more knowledge than me should really contact Apple and let them know that this is becoming serious and many people are becoming infected. Maybe they will know what to do or release a patch or something.
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.