Adobe Trojan on Mac

[naftalim]

So, it seems that it is in fact possible to get a virus/trojan on a Mac,

I am using Sophos Anti Virus as I noticed my iMac is running way slow. It's a fairly new machine with 8GB RAM and 2 TB HD so should be fine. Turns out several copies of Troj/PDFJs-ON (files are report.zip, report.pdf

One was removed by Sophos, the other needs to be removed manually. However, according to Adobe, the fix is a patch to the Adobe Reader, but I don't use or have Adobe Reader. I do have other Adobe products.

What can I do?

Thanks,

 

[Apple OC]

I believe Adobe reader comes preinstalled on Macs ... so that you are able to read PDF files

Edit: Does not come preinstalled ... it must be downloaded

 

[GGJstudios]

So, it seems that it is in fact possible to get a virus/trojan on a Mac,

Here we go again! It's NOT a virus; it's a trojan. It only runs on Windows. It does NOT run on Mac OS X. You can have files infected with Windows malware on your Mac but they cannot affect your Mac in any way.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpdfjsb.html

What can I do?

1. Delete the infected files.
2. Read and learn: Mac Virus/Malware Info

I believe Adobe reader comes preinstalled on Macs ... so that you are able to read PDF files

No, Adobe Reader is not preinstalled. You can read PDF files with Preview.app.

 

[angelwatt]

You can have a virus or trojan on your Mac (they're just files after all), but that doesn't mean your Mac was "infected." The trojan you mentioned can only infect Windows machines, which is stated by Sophos.

 

[Richard1028]

I believe Adobe reader comes preinstalled on Macs ... so that you are able to read PDF files

I don't think so.

 

[simsaladimbamba]

I believe Adobe reader comes preinstalled on Macs ... so that you are able to read PDF files

PDF files can be read via QuickLook or Preview, as Apple uses its QUARTZ technology to do so:
http://en.wikipedia.org/wiki/Quartz_(graphics_layer)
One could even use PDF files without Adobe products in prior versions of Mac OS X.

 

[naftalim]

Thanks, I tracked the file down and deleted it.

Here we go again! It's NOT a virus; it's a trojan. It only runs on Windows. It does NOT run on Mac OS X. You can have files infected with Windows malware on your Mac but they cannot affect your Mac in any way.

http://www.sophos.com/security/analyses/viruses-and-spyware/trojpdfjsb.html

1. Delete the infected files.
2. Read and learn: Mac Virus/Malware Info

No, Adobe Reader is not preinstalled. You can read PDF files with Preview.app.

 

[munkery]

Windows executables, whether malicious or not, often will consume a lot of resources if you try to execute the program in Mac OS X as your system will try to execute the code despite not being able to execute it.

The malicious executable will not infect your system but will consume resources until you kill the process. But, the process will not appear in Activity Monitor because it is not actually executed. Your system exhausts resources by trying to execute the program.

If you restart your system, the resources will be freed as the windows executable is unable to modify your system to be executed on start up. Then you can delete the Windows executable files.

Don't worry your system is still clean.

Also, Preview.app and other functions to view PDFs built into Mac OS X access library files based on Adobe's PDF specification. So, Preview.app is based on the same foundation as Adobe Reader.

 

[Resist]

So, it seems that it is in fact possible to get a virus/trojan on a Mac,

It's always been possible to get a virus on a Mac. Just that not many people want to make them for an OS that covers a small market.

 

[simsaladimbamba]

It's always been possible to get a virus on a Mac. Just that not many people want to make them for an OS that covers a small market.

http://seekingalpha.com/article/52722-the-mac-os-x-malware-myth-continues

And actually it would be quite a glorious job to have written the first Mac OS X virus.

 

[old-wiz]

Windows executables, whether malicious or not, often will consume a lot of resources if you try to execute the program in Mac OS X as your system will try to execute the code despite not being able to execute it.

IIRC, the OSx loader will not even load a windows executable in the first place, much less try to execute the program. Every OS can look at a file before trying to load it and determine whether or not it is even the right kind of executable for that OS.

 

[munkery]

IIRC, the OSx loader will not even load a windows executable in the first place, much less try to execute the program. Every OS can look at a file before trying to load it and determine whether or not it is even the right kind of executable for that OS.

Really? I have dealt with issues on Mac where the machine was slow because it was trying to decompress an executable as the user thought it was an archived file like a RAR. The mistake being made because the icons for EXE and RAR look similar. In most cases, the executables were Windows malware. Always required a restart to fix but never tried killing Unarchiver in Activity Monitor. Maybe it's just the decompression software eating up the resources trying to deal with the EXE like it is an archive?

 

[old-wiz]

Really? I have dealt with issues on Mac where the machine was slow because it was trying to decompress an executable as the user thought it was an archived file like a RAR. The mistake being made because the icons for EXE and RAR look similar. In most cases, the executables were Windows malware. Always required a restart to fix but never tried killing Unarchiver in Activity Monitor. Maybe it's just the decompression software eating up the resources trying to deal with the EXE like it is an archive?

It would seem that it's the decompression software going crazy. I used to work in *NIX kernel software, and the loaders are very picky about what they are able to load. Before bothering to try to actually load a program, you check the file's info to make sure it actually is a program that can run on the system.