Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Help! Backdoor.Wirenet.F

honeycombz

honeycombz

macrumors 6502a
Original poster
Jul 6, 2013
588
154
Hi, I just ran Bitdefender Virus Scanner on my mac and it found MAC.OSX.Backdoor.Wirenet.F in ~/.Install/cracker.app/Contents/MacOS/cracker what do I do? It says the threat could not be disinfected or quarantined do I manually trash it or is my computer screwed?

Update: Bitdefender Virus Scanner sucks and upgraded to Avast Mac 2015. Not sure if this is any better but scanning user folder now, and will scan entire computer tonight. Advice on how to deal with this greatly appreciated. Thanks. All my years of Macs I never once had a virus.

Update 2: Ugh, Avast seems Bunk messing with all my browser certificiates. What's up with Clam?
 
Last edited:
That is a variant of the Netwierd malware. Give this a read. The writer recommends completely erasing your drive and reinstalling OS X then manually putting your data back afterward to be sure you get rid of it.

The gentleman that runs that site is really up to speed on all this Mac malware, and I would trust his recommendation.
 
honeycombz said:
Hi, I just ran Bitdefender Virus Scanner on my mac and it found MAC.OSX.Backdoor.Wirenet.F in ~/.Install/cracker.app/Contents/MacOS/cracker what do I do? It says the threat could not be disinfected or quarantined do I manually trash it or is my computer screwed?

Update: Bitdefender Virus Scanner sucks and upgraded to Avast Mac 2015. Not sure if this is any better but scanning user folder now, and will scan entire computer tonight. Advice on how to deal with this greatly appreciated. Thanks. All my years of Macs I never once had a virus.

Update 2: Ugh, Avast seems Bunk messing with all my browser certificiates. What's up with Clam?
Click to expand...

This malware is a keylogger. So, it is extremely dangerous. It seems that
Weaselboy's suggestion is the only option.
Interestingly, though, Dr.Web successfully detects and removes BackDoor.Wirenet.1, but it is an older version of this malware.
 
I am currently scanning my entire drive, and every drive attached to the computer with clamxav while wrapping my head around this. Is there a way using the command line to look and see what kind of activity might have been going on? So far, outside of the .Install folder in the root of my user folder nothing else has been picked up my clamxav however I realize this doesn't entirely mean anything. Just wondering if there is anything else I should look for. There is no way to just view invisible files and go through every directory?
 
You can run this Terminal command then option click Finder in the Dock and relaunch it to see all hidden files. But unless you know exactly what you are looking for, and also what should be left alone, you are not going to be able to sort this IMO.

Code: 
defaults write com.apple.finder AppleShowAllFiles YES
 
There is no way to look at the source of the cracker.app to see what it was doing? or activity monitor to see if there is any unusual activity? i guess you are right in that i don't really know what to look for... just thought the cracker.app would have paths to other things in it. Is there a safe way to show you guys the file? or no?

Also, what's up with Linc Davis' terminal script here?

https://discussions.apple.com/thread/6029624?tstart=0

Is that safe to use?
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back