Has my Macbook got a virus?!?!

[FleurDuMal]

Hey,

I've just been sent an email my our university IT guy saying that I've been blocked from the university network because I've been infected with a virus. Which, of course, means no internet.

Is this right?!? I thought Macs didn't get viruses! I've never had one before, and my Macbook seems to be behaving just fine as far as I can tell! Has this guy got it wrong? How can I check?

Here's the email:

Dear Student

Unfortunately it appears that your computer has been infected with a virus.
I have had to take emergency measures by blocking your network connectivity.
I would advise not connecting to any network and backing up your important
data. I would also recommend not carryingout any financial transactions on
your computer. Until it is fixed.

You can look at our web pages to ensure your general setup is a secure as
possible but until we can get access to the machines and see whether McAfee
antivirus knows about this virus and can clean it I would recommend using
the PAWS workstations.

Sorry about this but I have had to take drastic actions to prevent any
further infections.

 

[mkrishnan]

Are you actually blocked from the internet? How did you get an e-mail delivered to you, saying you have no internet access? That's like the phone company calling you to tell you the phone lines are down.

Most likely scenario: This is spam that some prankster made. Call the IT department up. They don't really send e-mails like that, usually.

 

[CanadaRAM]

Assuming the email is genuine: The most common cause of this is you passing along MS Office Macro viruses along with Word or Excel documents you have sent to someone. Get ClamXAV on another Mac, burn it to a CD then run it on your machine to see what's what. If you use Office there's a Microsoft utility floating around their site somewhere.

Also, all the IT staff know about you is your IP address on the network. If anybody hooked up to your network connection, or if you have a router connected to your port, then any virus or other thing on any computer attached that way would show up as 'yours'.

Without more information though, its not possible to say more than generalities.

 

[FleurDuMal]

Just to clarify, I am accessing my email through a university computer in our library hooked up physically to the network. I am literally blocked from all activity on the network - apart from, for some reason, parts of the university intranet.

I don't use MS Office. The only thing I use is NeoOffice (which I was using all day, at the time my connection failed), so whether that can pass on macro viruses (or whatever that is) I don't know. My internet connection was working fine one minute, and then the next it just kept on saying I need to "remediate" my connection or something.

I don't think that email was a hoax. It seems pretty genuine to me.

 

[princealfie]

Nope, that's a hoax email you just received. geewhiz!!!

 

[mkrishnan]

So did you call IT?

 

[FleurDuMal]

Nope, that's a hoax email you just received. geewhiz!!!

So it's just a coincidence that I've been locked out of the network at the very same time?

So did you call IT?

They won't be around. It's 8pm on a Friday night. There is a wireless clinic on Monday, but it's ages away from where I want to be.

 

[KurtangleTN]

Well the only real solution I can see is calling when they are available to square it out. It's odd how he doesn't let you know any further details on the virus or anything.

 

[Macky-Mac]

.....I don't use MS Office. The only thing I use is NeoOffice (which I was using all day, at the time my connection failed), so whether that can pass on macro viruses (or whatever that is) I don't know.....

the virus that CanadaRAM mentioned would be in the files in formats created by Office......and since NeoOffice will open ms office format files, you could have received an infected file from somebody, edited it, and sent it on. The virus wouldn't do anything to your mac but if the file is sent on to somebody with a PC, then it could do some damage to their computer

 

[yippy]

I believe him. Our university does send out emails like that (I work in our IT department). On my campus, the way to get blocked like that is almost always port scanning or actively trying to send files to other computers. Word viruses won't be detected. However, if you have a roommate and use the same wall jack, it could be them who has the virus. In our university they don't know who has the virus, so they block both.

Last thing, try calling IT anyway or look for numbers for higher up. While first line IT is definitely gone, we have a security staff that monitors the campus network 24/7 who you can call and get yourself re-enabled in these situations.

Forgot to mention, we don't tell people what virus they have either unless the directly ask the IT personnel, and even then it is not always possible to determine what the virus is just from the computers port scanning behavior.

 

[Killyp]

There's a big confusion here.

A Mac can have a virus on it, but it doesn't affect it (unless it as somebody has said, a Microsoft Office Macro virus, which is not a flaw in OS X, it's Office).

They are probably detecting a virus from your computer, but the virus isn't affecting it because viruses don't work on Macs.

 

[apfhex]

They are probably detecting a virus from your computer, but the virus isn't affecting it because viruses don't work on Macs.

That doesn't make any sense, unless IT is in the habit of scanning all the files on the computer. AND only then if the Mac actually had a Windows virus file sitting somewhere on it.

Only possibilities I can think of are
- a MS Office macro virus
- you forwarded an email that had a virus attachment
- someone with Windows and a virus is using the same connection

 

[pianoman]

i would think an official letter from your University would be better constructed.

i.e., "I would also recommend not carryingout any financial transactions on
your computer. Until it is fixed."

"Until it is fixed" is not a sentence.

other things, too, make it sound unprofessional.

as for whether there actually is a virus, some of the explanations above seem reasonable.

 

[richard4339]

Our university is requiring VPN style logins to access anything on the network from personal computers now. They don't send out emails, they just cut you off and decline your login for 4 hours if they detect a virus or file-sharing. At the end of 4 hours, when you try to reconnect, if you're still having the issue, they cut you off again. It gets very frustrating, because it gives a lot of false positives.

 

[Blubbert]

So it's just a coincidence that I've been locked out of the network at the very same time?

Does your network enforce a download/upload limit? My school does this, and when you cross the limit, you get cut off from the outside internet, and are only left with the school intranet.

 

[FleurDuMal]

Just an update.

I've scanned my whole Macbook using the McAffee anti-virus software that the university recommended on their website that I should download, as well as the other programme metioned above. Neither of them found anything.

I doubt it's anything to do with downloading too much as I literally just use the internet for browsing. Plus we've not been informed of any download limit.

And about the email. Yes, it doesn't look very well written. Especially the "Until it is fixed" bit. However, the guy who sent it is probably just an IT technician. Not the vice-principal. I'm still sure the email is genuine. Although, strangely, I've googled the name given at the bottom of the email (which I snipped out) and it doesn't appear to be on our university website.

Strange. I guess I'm just gonna have to wait till Monday. Anyone know why these things only happen when you have exams looming?

 

[madog]

HAH! Makes me think of how sad people are when they tell me [local computer nerd] that their Mac won't work on their network because that's what Linksys support told them.

Oh, and this fits into the huge pimple on your wedding day, computer crash the night before a paper is do, broken leg right before the big marathon, or dead cell phone battery when your in the middle of nowhere scenarios. It happens all the time and will happen until you die [oops, forgot my medicatio...... ahhh!].

 

[localoid]

Do you know how to display the full email header information in your email client program?

If so, read the email's headers and you can (at least) tell where the email was actually came from. If it came from outside your university's domain/IP-block, then it's almost certainly bogus.

 

[yojitani]

Not really connected, but which uni do you attend fleur? With Gramsci as your avatar and your name after the Baudelaire book, I can't but hope you attend my alma mater - now going by the name of London Met.

 

[FleurDuMal]

Not really connected, but which uni do you attend fleur? With Gramsci as your avatar and your name after the Baudelaire book, I can't but hope you attend my alma mater - now going by the name of London Met.

Nope. King's College London. Well, for the next few weeks at least as I'm now doing my finals. Then it's either LSE or, once again, King's for a postgrad.

My girlfriend, however, does go to London Met

 

[yojitani]

Nope. King's College London. Well, for the next few weeks at least as I'm now doing my finals. Then it's either LSE or, once again, King's for a postgrad.

My girlfriend, however, does go to London Met

Cool. I heard London Met is a bit of a monstrosity now - too many people. I was there when it was still the University of North London.

Good luck with the postgrad stuff Kings and LSE are excellent places to be - you can't go wrong.

 

[FleurDuMal]

Cool. I heard London Met is a bit of a monstrosity now - too many people. I was there when it was still the University of North London.

My girlfriend seems to dislike it. Unfortunately, she's an international student (US), so she's paying through the nose for it.

Suffers from chronic lack of investment. Like you say, it seems there are far too many people there. One of her tutors left for Queen Mary University in protest of how badly the place is run/funded. The only experience I've had of it personally is the library, and that seemed to be a bit grotty.

 

[yojitani]

So what happened with this? Did you sort it out?