Adobe Trojan on Mac

Discussion in 'macOS' started by naftalim, Dec 20, 2010.

  1. naftalim macrumors 6502

    Joined:
    Sep 18, 2007
    Location:
    Vancouver, BC
    #1
    So, it seems that it is in fact possible to get a virus/trojan on a Mac, :mad:

    I am using Sophos Anti Virus as I noticed my iMac is running way slow. It's a fairly new machine with 8GB RAM and 2 TB HD so should be fine. Turns out several copies of Troj/PDFJs-ON (files are report.zip, report.pdf

    One was removed by Sophos, the other needs to be removed manually. However, according to Adobe, the fix is a patch to the Adobe Reader, but I don't use or have Adobe Reader. I do have other Adobe products.

    What can I do?

    Thanks,
     
  2. Apple OC, Dec 20, 2010
    Last edited: Dec 20, 2010

    Apple OC macrumors 68040

    Apple OC

    Joined:
    Oct 14, 2010
    Location:
    Hogtown
    #2
    I believe Adobe reader comes preinstalled on Macs ... so that you are able to read PDF files

    Edit: Does not come preinstalled ... it must be downloaded
     
  3. GGJstudios, Dec 20, 2010
    Last edited: Dec 20, 2010

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    Here we go again! It's NOT a virus; it's a trojan. It only runs on Windows. It does NOT run on Mac OS X. You can have files infected with Windows malware on your Mac but they cannot affect your Mac in any way.

    http://www.sophos.com/security/analyses/viruses-and-spyware/trojpdfjsb.html
    1. Delete the infected files.
    2. Read and learn: Mac Virus/Malware Info
    No, Adobe Reader is not preinstalled. You can read PDF files with Preview.app.
     
  4. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #4
    You can have a virus or trojan on your Mac (they're just files after all), but that doesn't mean your Mac was "infected." The trojan you mentioned can only infect Windows machines, which is stated by Sophos.
     
  5. Richard1028 macrumors 68000

    Joined:
    Jan 8, 2009
    #5
    I don't think so.
     
  6. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #6
    PDF files can be read via QuickLook or Preview, as Apple uses its QUARTZ technology to do so:
    http://en.wikipedia.org/wiki/Quartz_(graphics_layer)
    One could even use PDF files without Adobe products in prior versions of Mac OS X.
     
  7. naftalim thread starter macrumors 6502

    Joined:
    Sep 18, 2007
    Location:
    Vancouver, BC
    #7
    Thanks, I tracked the file down and deleted it.

     
  8. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #8
    Windows executables, whether malicious or not, often will consume a lot of resources if you try to execute the program in Mac OS X as your system will try to execute the code despite not being able to execute it.

    The malicious executable will not infect your system but will consume resources until you kill the process. But, the process will not appear in Activity Monitor because it is not actually executed. Your system exhausts resources by trying to execute the program.

    If you restart your system, the resources will be freed as the windows executable is unable to modify your system to be executed on start up. Then you can delete the Windows executable files.

    Don't worry your system is still clean.

    Also, Preview.app and other functions to view PDFs built into Mac OS X access library files based on Adobe's PDF specification. So, Preview.app is based on the same foundation as Adobe Reader.
     
  9. Resist macrumors 68030

    Joined:
    Jan 15, 2008
    #9
    It's always been possible to get a virus on a Mac. Just that not many people want to make them for an OS that covers a small market.
     
  10. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #10
  11. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #11
    IIRC, the OSx loader will not even load a windows executable in the first place, much less try to execute the program. Every OS can look at a file before trying to load it and determine whether or not it is even the right kind of executable for that OS.
     
  12. munkery, Dec 21, 2010
    Last edited: Dec 21, 2010

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #12
    Really? I have dealt with issues on Mac where the machine was slow because it was trying to decompress an executable as the user thought it was an archived file like a RAR. The mistake being made because the icons for EXE and RAR look similar. In most cases, the executables were Windows malware. Always required a restart to fix but never tried killing Unarchiver in Activity Monitor. Maybe it's just the decompression software eating up the resources trying to deal with the EXE like it is an archive?
     
  13. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #13
    It would seem that it's the decompression software going crazy. I used to work in *NIX kernel software, and the loaders are very picky about what they are able to load. Before bothering to try to actually load a program, you check the file's info to make sure it actually is a program that can run on the system.
     

Share This Page