Help!! I Have A Mac Trojan/virus

[samrulestothema]

HELP ME PLEASE!!!

OK so i went onto a free site with high quality music videos, i clicked on a link which took me to another page to view the video.

It then told me that I needed to install a new codec in order to view the video.


I downloaded and did this

The video still did not play and so I eventually gave up, and just bought the song in iTunes.

Over the last week or so, my supposedly broadband speed internet is VERY slow, and when i go to a secure website it directs me to other pages. I noticed this with my online banking. I knew it was wrong because when i first started online banking last year i memorized the url, and i check each time . (scare tactics make me do this). Bu the URL is different.
I had a look on the net, and it says that there are at least a dozen "codecs" out there and that only a few people have been fooled into this. Ha, my luck. It also says that they are most common on porn sites. Im sure this is not how i got it, browsing porn is not one of my favorite things to do.

Im not very computer literate.

How do i get rid of this?! Will a clean install of OS X do this?!?!?!

What do i need to do a clean install? Just the OS X cds my mac came with ?!

sorry to go on, but i thought the more info i give you the easier you guys can help me out.

HELP ME PLEASE!!! i have 2 OS X cds/dvds. they came with my mac i bought this year. are these enough to reinstall it? i have an external hard drive, i would put my pictures and music onto that and just wipe everything. any chance the trojan is in my pictures or music?


Sam

 

[migulic]

Yes, a clean install of OS X from the discs that came with your computer should do the trick. As for your pictures and music, try restoring them after doing the clean install and seeing if the problem comes back. If it doesn't, that means you're safe.

Otherwise you could try running some anti-virus software such as Norton AntiVirus or ClamXav (http://www.clamxav.com/).

 

[Osarkon]

Surely you could try uninstalling the codec?

Also, were you using Safari? If so, goto Safari - Reset Safari in the menu bar.

That might do the trick.

 

[samrulestothema]

Surely you could try uninstalling the codec?

Also, were you using Safari? If so, goto Safari - Reset Safari in the menu bar.

That might do the trick.

hi there,

i have tried resetting safari but im not sure if that worked, still getting slow net.

how di find and uninstall the codec?

 

[motulist]

Alright, here's the deal.

#1. Never ever install something that comes from a site you don't have a good reason to trust.

#2. You probably don't have a trojan, just a lame piece of software messing up your system.


About determining the problem:

A) Open up the program called Activity Monitor (use spotlight to find it)

B) select to view "All Processes" from the pull down menu in the upper right of that program's window. Now look to see if anything is taking up a large percent of your CPU, and tell us what you see.

C) click the network tab at the bottom, and look at how much data it says is going up and down, and tell us those numbers.


EDIT: and oh yeah, tell us exactly which site this came from so we can go check out what it is that they had you install.

 

[Sun Baked]

You can try searching "Mac OS X Trojan Removal"

http://www.macworld.com/article/60823/2007/10/trojanhorse.html

 

[richard.mac]

ive actually downloaded one of these trojans before. to get infected you have to open the disk image, open the installer, give your password and then click install.

did you do this? if so youre infected and follow the link to remove it above… if not you will be fine

 

[samrulestothema]

ive actually downloaded one of these trojans before. to get infected you have to open the disk image, open the installer, give your password and then click install.

did you do this? if so youre infected and follow the link to remove it above… if not you will be fine

yes i did do this unfortunetely.bu thats ok because i have just reinstalled mac os x and the problem has gone

Thank You all for helping so quickly.

Very appreciative. I love how the Mac community help eachother out without questioning themselves.

thanks
Sam

 

[Schtumple]

I love how the Mac community help eachother out without questioning themselves.

thanks
Sam

It's what we're here for

 

[MBHockey]

I've never heard "high quality music videos" used as a euphemism for porn

 

[r.j.s]

I believe this is the first case of someone coming here claiming they have a virus/trojan/malware, and it actually be true - malware in this case, but true none the less.

 

[northy124]

You can try searching "Mac OS X Trojan Removal"

http://www.macworld.com/article/60823/2007/10/trojanhorse.html

Thanks I did the exact same thing last night, Never again I say never, Install a trojan.

Edit: Sorted now woot.

 

[samrulestothema]

I've never heard "high quality music videos" used as a euphemism for porn

HAHAHAHA.you got me lol

 

[CanadaRAM]

Surely you could try uninstalling the codec?

No, because the codec wasn't a codec.
Look up Trojan Horse -- it seems likely this was a genuine trojan.

#2. You probably don't have a trojan, just a lame piece of software messing up your system

more likely a malicious piece of software messing up the system -- AKA a trojan.

The remapping of secure internet hosts is not something that's going to happen with a benign piece of software misbehaving.

If a piece of software can trick the user into issuing password permission to install, the fabled Mac "invulnerability" is out the window.

samrules: Good work on being vigilant about watching your banking site URLs, and searching the net for identification of the likely malware.