ARDAgent virus?

Discussion in 'Mac Apps and Mac App Store' started by Ja Di ksw, May 13, 2010.

  1. Ja Di ksw macrumors 65816

    Ja Di ksw

    Joined:
    Apr 9, 2003
    #1
    Hi everyone. So, awhile ago after my computer crashed pretty hard and I fixed it, I ran a verify/repair disk permissions. The list was HUGE (I cannot overstate that enough), but I figured it was because something was messed up from the crash and I didn't worry. Later, I ran it again and the list was giant again. I looked more closely, and it said the ARDAgent had been modified and could not be repaired. Now when I run it the list is no longer huge, but it still gives this warning:

    Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired.

    So, I did a quick google and found a Macworld article (http://www.macworld.com/article/134165/2008/06/ardagent.html) saying the ARDAgent is a big security hole. Should I be worried about this, and if so, what can be done about it?

    Thanks for the help :)
     
  2. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #2
    It's not a virus, it is a security hole.

    They are not the same.

    from http://forums.macrumors.com/showpost.php?p=9701135&postcount=3
     
  3. Ja Di ksw thread starter macrumors 65816

    Ja Di ksw

    Joined:
    Apr 9, 2003
    #3
    Ok, so it's not a virus, but the point isn't whether it's a virus or a trojan or a security hole or whatever. The point is, should I be worried about my computer being at risk b/c of this warning that it has been modified and is unrepairable, and what can I do about it?
     
  4. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #4
    I understand, but your thread title implied otherwise.

    I can't answer your actual question with absolute certainty though, but if your are running Mac OS X on a secure network with a firewall, you should be safe. Or do you think you should be the target of an attack?
     
  5. stridemat Moderator

    stridemat

    Staff Member

    Joined:
    Apr 2, 2008
    Location:
    UK
    #5
    OP have you tried repairing permissions when booting off the OS X disk? Is this what you are doing now?
     
  6. Ja Di ksw thread starter macrumors 65816

    Ja Di ksw

    Joined:
    Apr 9, 2003
    #6
    I don't think there's any reason I should be targeted over other people, was just worried after a crash, then the permissions being changed (and unable to change back) on something that allowed for remote management. The article giving a warning finally made me worry enough to ask.
     
  7. Ja Di ksw thread starter macrumors 65816

    Ja Di ksw

    Joined:
    Apr 9, 2003
    #7
    Before I was doing it from my computer. I just tried it booting from the OS X disk, and it had an unbelievable amount of user or group differences. It kept saying the user should be 0, but was 502 (or the group should be 0, but was 20). I repaired them all, rebooted from my hard drive, and it still says there's a problem with the ARDAgent :(, even though the ARDAgent was the first one that had the incorrect user. Sigh.
     
  8. robert05au macrumors regular

    robert05au

    Joined:
    May 19, 2005
    Location:
    Dubbo, NSW
    #8
    There is nothing to be concerned about with the message as apple has said we can ignore these type of messages.

    http://support.apple.com/kb/ts1448

    It has a fair amount of others which apple say we can safely ignore.
     

Share This Page