Help! Backdoor.Wirenet.F

Discussion in 'OS X Mavericks (10.9)' started by honeycombz, Mar 15, 2015.

  1. honeycombz, Mar 15, 2015
    Last edited: Mar 15, 2015

    honeycombz macrumors 6502

    honeycombz

    Joined:
    Jul 6, 2013
    #1
    Hi, I just ran Bitdefender Virus Scanner on my mac and it found MAC.OSX.Backdoor.Wirenet.F in ~/.Install/cracker.app/Contents/MacOS/cracker what do I do? It says the threat could not be disinfected or quarantined do I manually trash it or is my computer screwed?

    Update: Bitdefender Virus Scanner sucks and upgraded to Avast Mac 2015. Not sure if this is any better but scanning user folder now, and will scan entire computer tonight. Advice on how to deal with this greatly appreciated. Thanks. All my years of Macs I never once had a virus.

    Update 2: Ugh, Avast seems Bunk messing with all my browser certificiates. What's up with Clam?
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    That is a variant of the Netwierd malware. Give this a read. The writer recommends completely erasing your drive and reinstalling OS X then manually putting your data back afterward to be sure you get rid of it.

    The gentleman that runs that site is really up to speed on all this Mac malware, and I would trust his recommendation.
     
  3. honeycombz thread starter macrumors 6502

    honeycombz

    Joined:
    Jul 6, 2013
  4. Ulenspiegel macrumors 68030

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #4
    This malware is a keylogger. So, it is extremely dangerous. It seems that
    Weaselboy's suggestion is the only option.
    Interestingly, though, Dr.Web successfully detects and removes BackDoor.Wirenet.1, but it is an older version of this malware.
     
  5. honeycombz thread starter macrumors 6502

    honeycombz

    Joined:
    Jul 6, 2013
    #5
    I am currently scanning my entire drive, and every drive attached to the computer with clamxav while wrapping my head around this. Is there a way using the command line to look and see what kind of activity might have been going on? So far, outside of the .Install folder in the root of my user folder nothing else has been picked up my clamxav however I realize this doesn't entirely mean anything. Just wondering if there is anything else I should look for. There is no way to just view invisible files and go through every directory?
     
  6. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #6
    You can run this Terminal command then option click Finder in the Dock and relaunch it to see all hidden files. But unless you know exactly what you are looking for, and also what should be left alone, you are not going to be able to sort this IMO.

    Code:
    defaults write com.apple.finder AppleShowAllFiles YES
     
  7. honeycombz, Mar 16, 2015
    Last edited: Mar 16, 2015

    honeycombz thread starter macrumors 6502

    honeycombz

    Joined:
    Jul 6, 2013
    #7
    There is no way to look at the source of the cracker.app to see what it was doing? or activity monitor to see if there is any unusual activity? i guess you are right in that i don't really know what to look for... just thought the cracker.app would have paths to other things in it. Is there a safe way to show you guys the file? or no?

    Also, what's up with Linc Davis' terminal script here?

    https://discussions.apple.com/thread/6029624?tstart=0

    Is that safe to use?
     

Share This Page