Help!! I Have A Mac Trojan/virus

Discussion in 'Mac Apps and Mac App Store' started by samrulestothema, Jun 15, 2008.

  1. samrulestothema macrumors regular

    Feb 6, 2008

    OK so i went onto a free site with high quality music videos, i clicked on a link which took me to another page to view the video.

    It then told me that I needed to install a new codec in order to view the video.

    I downloaded and did this :(

    The video still did not play and so I eventually gave up, and just bought the song in iTunes.

    Over the last week or so, my supposedly broadband speed internet is VERY slow, and when i go to a secure website it directs me to other pages. I noticed this with my online banking. I knew it was wrong because when i first started online banking last year i memorized the url, and i check each time . (scare tactics make me do this). Bu the URL is different. :(
    I had a look on the net, and it says that there are at least a dozen "codecs" out there and that only a few people have been fooled into this. Ha, my luck. It also says that they are most common on porn sites. Im sure this is not how i got it, browsing porn is not one of my favorite things to do.

    Im not very computer literate.

    How do i get rid of this?! Will a clean install of OS X do this?!?!?!

    What do i need to do a clean install? Just the OS X cds my mac came with ?!

    sorry to go on, but i thought the more info i give you the easier you guys can help me out.

    HELP ME PLEASE!!! i have 2 OS X cds/dvds. they came with my mac i bought this year. are these enough to reinstall it? i have an external hard drive, i would put my pictures and music onto that and just wipe everything. any chance the trojan is in my pictures or music?

  2. migulic macrumors member

    Mar 25, 2008
    Yes, a clean install of OS X from the discs that came with your computer should do the trick. As for your pictures and music, try restoring them after doing the clean install and seeing if the problem comes back. If it doesn't, that means you're safe.

    Otherwise you could try running some anti-virus software such as Norton AntiVirus or ClamXav (
  3. Osarkon macrumors 68020


    Aug 30, 2006
    Surely you could try uninstalling the codec?

    Also, were you using Safari? If so, goto Safari - Reset Safari in the menu bar.

    That might do the trick.
  4. samrulestothema thread starter macrumors regular

    Feb 6, 2008
    hi there,

    i have tried resetting safari but im not sure if that worked, still getting slow net.

    how di find and uninstall the codec?
  5. motulist macrumors 601


    Dec 2, 2003
    Alright, here's the deal.

    #1. Never ever install something that comes from a site you don't have a good reason to trust.

    #2. You probably don't have a trojan, just a lame piece of software messing up your system.

    About determining the problem:

    A) Open up the program called Activity Monitor (use spotlight to find it)

    B) select to view "All Processes" from the pull down menu in the upper right of that program's window. Now look to see if anything is taking up a large percent of your CPU, and tell us what you see.

    C) click the network tab at the bottom, and look at how much data it says is going up and down, and tell us those numbers.

    EDIT: and oh yeah, tell us exactly which site this came from so we can go check out what it is that they had you install.
  6. richard.mac macrumors 603


    Feb 2, 2007
    51.50024, -0.12662
    ive actually downloaded one of these trojans before. to get infected you have to open the disk image, open the installer, give your password and then click install.

    did you do this? if so youre infected and follow the link to remove it above… if not you will be fine
  7. samrulestothema thread starter macrumors regular

    Feb 6, 2008
    yes i did do this unfortunetely.bu thats ok because i have just reinstalled mac os x and the problem has gone :D

    Thank You all for helping so quickly.

    Very appreciative. I love how the Mac community help eachother out without questioning themselves.

  8. Schtumple macrumors 601


    Jun 13, 2007
    It's what we're here for :)
  9. MBHockey macrumors 68040


    Oct 4, 2003
    New York
    I've never heard "high quality music videos" used as a euphemism for porn :p
  10. r.j.s Moderator emeritus


    Mar 7, 2007
    I believe this is the first case of someone coming here claiming they have a virus/trojan/malware, and it actually be true - malware in this case, but true none the less.
  11. northy124 macrumors 68020


    Nov 18, 2007
  12. samrulestothema thread starter macrumors regular

    Feb 6, 2008
    #13 got me ;) lol
  13. CanadaRAM macrumors G5


    Oct 11, 2004
    On the Left Coast - Victoria BC Canada
    No, because the codec wasn't a codec.
    Look up Trojan Horse -- it seems likely this was a genuine trojan.

    more likely a malicious piece of software messing up the system -- AKA a trojan.

    The remapping of secure internet hosts is not something that's going to happen with a benign piece of software misbehaving.

    If a piece of software can trick the user into issuing password permission to install, the fabled Mac "invulnerability" is out the window.

    samrules: Good work on being vigilant about watching your banking site URLs, and searching the net for identification of the likely malware.

Share This Page