Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Help iMac G5 trojan...

H

holyhandgrenade

macrumors newbie
Original poster
Dec 30, 2006
3
0
nex to the old man from scene 24
Ok so my cousin has an iMac G5 17" 1.8ghz rev.b same as me. He told me the other day that he thought he might have a virus because it had been running extremely slow and beachballing to oblivion, I told him he has a better chance of winning the lottery. Today he said before it crapped out he had a chance to run a virus scan and it found a trojan. If it starts it takes like 20 minutes to get off the white loading screen then another 20 to get off the blue loading OS X screen. What should he do?

Any help would be appreciated.


-HolyHandGrenade
 
holyhandgrenade said:
Ok so my cousin has an iMac G5 17" 1.8ghz rev.b same as me. He told me the other day that he thought he might have a virus because it had been running extremely slow and beachballing to oblivion, I told him he has a better chance of winning the lottery. Today he said before it crapped out he had a chance to run a virus scan and it found a trojan. If it starts it takes like 20 minutes to get off the white loading screen then another 20 to get off the blue loading OS X screen. What should he do?

Any help would be appreciated.


-HolyHandGrenade
Click to expand...

Boot an external disk in target mode and clean out the Trojan?
 
what?

IT'S NOT A GODDAMN TROJAN.

Boot from the install CD, run Disk Utility and repair the disk. It sounds like a failing hard drive, I had similar symptoms on the Rev A iMac hard drive I replaced today and on my other failed drives.

Repeat after me, it's not a virus and it's not a trojan...it's not a virus and it's not a trojan...
 
Yep, the HDD is on it's way out. I had the exact same symptoms before mine went kaput.

It's not a virus or a trojan. There aren't any for the Mac* what your cousin found on the virus scan (no need for this by the way, waste of time, tell him to get rid of it) is a Windows trojan - these cannot affect OSX and pose no safety threat to his system. It's up to Windows users to protect themselves from viruses.

*Before the nit-pickers on here tear me a new one I'll clarify by saying that there aren't any malicious programs in the wild that will affect an up to date installation of OSX 10.4
 
I was about to say... congrats (i think) on being the first person ever on a Mac to infected with a virus. It's the hard drive trying to tell you it's time for a dirt nap.
 
The Don Ditty said:
I was about to say... congrats (i think) on being the first person ever on a Mac to infected with a virus. It's the hard drive trying to tell you it's time for a dirt nap.
Click to expand...

He didn't say virus, he said Trojan, and there are documented examples of Macs with OSX getting Trojans (most notably at a high school in New England where one student presented it as a new version of iTunes.)

While there are no "in the wild" viruses, there has been some Trojan activity, and most *nix Trojans work as well. The rub is that you generally have to get the user to actually install the Trojan, so it's a targeted attack, not a random target of opportunity attack, though there have been remote execution vulnerabilities in applications to help get code installed.

Finally, you *can* infect Macs with viruses, it's just that they (to date) haven't been successful in the wild. That doesn't mean there aren't any OSX viruses in zoos.
 
compuwar said:
He didn't say virus, he said Trojan, and there are documented examples of Macs with OSX getting Trojans (most notably at a high school in New England where one student presented it as a new version of iTunes.)

While there are no "in the wild" viruses, there has been some Trojan activity, and most *nix Trojans work as well. The rub is that you generally have to get the user to actually install the Trojan, so it's a targeted attack, not a random target of opportunity attack, though there have been remote execution vulnerabilities in applications to help get code installed.

Finally, you *can* infect Macs with viruses, it's just that they (to date) haven't been successful in the wild. That doesn't mean there aren't any OSX viruses in zoos.
Click to expand...

yes, we all know Macs are NOT invincible.

But he doesn't have a trojan, his hard drive is failing.
 
should've corrected myself, but you did it for me. I am also well aware of the fact that there aren't any virii in the "wild", but they do exist.
 
appleretailguy said:
yes, we all know Macs are NOT invincible.

But he doesn't have a trojan, his hard drive is failing.
Click to expand...

Apparently, by two of the posts in this thread, "we" don't all know that. His hard drive may be failing, but if so it doesn't match the report of AV software flagging a Trojan. That may well be an erroneous report, and it may well be a dying drive, but ridiculing folks when the report indicates either a real or false positive is NOT productive and sooner or later will cause more damage than it's worth.

I'd actually be more interested in a false positive report than a self-inflicted Trojan wound to the head. If the original poster can provide more detail (what Trojan, what AV software) I'm all ears.

The Don Ditty said:
should've corrected myself, but you did it for me. I am also well aware of the fact that there aren't any virii in the "wild", but they do exist.
Click to expand...

That's ok, in the other reply the last link is a Trojan that did get wild, that's a new data point for me, and means it's about time I start bugging a few folks I know to see if I can get any wild/zoo samples to see where the code trends are going.

The Intel switch means IDA will release a Mac module for their disassembler- it's in beta now, looks like my new company is going to have to spend some money *sigh*.
 
The Don Ditty said:
ooooooooo sounds like you have a fun job. What is it that you do Mr. Number 2 (sorry, I was on an Austin Power kick)
Click to expand...

I've been in the computer security field for a long time. Currently, I'm in two start-ups- one of which does some security work, but isn't really chartered for research, so though the company will buy the software (the company president has decided that as he types away!) the digging and tearing will be more like recreational therapy than work unless I can figure out some angle that makes sense. At my last company though it was part of what I did, and they bought me IDA Pro to do it with.
(I'd rather be #6 thanks!)
 
That explains your knowledge and dedication to this thread. Best of luck to you at your 2 jobs (or is it 1 b/c you said the other is therapy?) Number 6? Alright, so be it.
 
Go ClamX! I haven't ever needed it for anything other than finding MS-targeted virii attached to files sent by friends, but the discoveries and eu-googlizing of the signatures/'names' are always fun.

It's never too early to start understanding how software like this works on a Mac, albeit a possibly less pressing concern than failing hardware at the moment. :) When the time does come, familiarity with some aspects of computer security can only help, no matter what your OS of choice.
 
The Don Ditty said:
That explains your knowledge and dedication to this thread. Best of luck to you at your 2 jobs (or is it 1 b/c you said the other is therapy?) Number 6? Alright, so be it.
Click to expand...

Digging into the malcode would be therapy. It's more like 3-4 jobs at the moment, 3 at one company and 1 at the other. I've got really good friends in the AV industry (which is why I'd be more interested in a false positive) and briefly ran the mailing list services for The Wildlist Organization (www.wildlist.org.)

Mostly these days I do IT support and Computer Forensics, both of which are either fun or frustrating as heck depending on the customer, problem, etc. The second start-up is an RFID implementation company- a whole different set of interesting.

cyberddot said:
Go ClamX! I haven't ever needed it for anything other than finding MS-targeted virii attached to files sent by friends, but the discoveries and eu-googlizing of the signatures/'names' are always fun.

It's never too early to start understanding how software like this works on a Mac, albeit a possibly less pressing concern than failing hardware at the moment. :) When the time does come, familiarity with some aspects of computer security can only help, no matter what your OS of choice.
Click to expand...

(Small nitpick, it's Viruses, not Virii.)

Does Clam do on-access scanning yet? Manual scanning just seems pretty ugly to me. If not, it'd be interesting to see what it'd take to add on-save scanning to Firefox and Safari, pretty much my two biggest potential infection vectors...
 
you are dedicated! The RFID job is probably interesting, considering that's the wave of the future. Presents all types of goodies to get into.
 
compuwar said:
Apparently, by two of the posts in this thread, "we" don't all know that. His hard drive may be failing, but if so it doesn't match the report of AV software flagging a Trojan. That may well be an erroneous report, and it may well be a dying drive, but ridiculing folks when the report indicates either a real or false positive is NOT productive and sooner or later will cause more damage than it's worth.
Click to expand...


Working at a university helpdesk and supporting people who call in and whatnot, I've found that quite often, when people claim they have a virus, trojan, spyware, whatever, they never have seemed to run a scan, and when I remote desktop in and scan, it comes up negative. It's just that something else with their computer is hosed and they think that by making it sound like they have something as bad as a virus, we'll bump them to the top of the queue for getting a technician out there. Despite the fact that these are Windows machines, and we all know how bad Windows is with viruses, IT has these systems locked down enough and protected well enough that I never, ever believe someone when they claim their computer has a virus until I see scan results for myself.
 
compuwar said:
(Small nitpick, it's Viruses, not Virii.)
Click to expand...

Smaller nit pick.
It's both!

Dictionary.com said:
7 results for: Virii
Displaying 1 best match. Browse all 7 results below.


Plural of virus
Wikipedia, the free encyclopedia - Cite This Source

In the English language, the standard plural of virus is viruses. This is the most frequently occurring form of the plural, and refers to both a biological virus and a computer virus.

The less frequent variations viri and virii are virtually unknown in edited prose, and no major dictionary recognizes them as alternative forms.
Click to expand...
 
Even smaller, if a dictionary says that no dictionaries recognise the word, is that not like saying "that word is wrong"?

I'd have to say virii would never be correct, viri maybe, but viruses is definitely the correct form to use. Virii is just a word that people have made up to make themselves sound cool or funny on internet forums, like octopi.
 
SpookTheHamster said:
Even smaller, if a dictionary says that no dictionaries recognise the word, is that not like saying "that word is wrong"?

I'd have to say virii would never be correct, viri maybe, but viruses is definitely the correct form to use. Virii is just a word that people have made up to make themselves sound cool or funny on internet forums, like octopi.
Click to expand...

It's "internet fora", not "internet forums". :D
 
went to fry's the other day and was playing with the 24" imac. it would turn on, startu, and then go crazy and restart. this aparently happend all day long :eek: . thought for a second that it may have a "virus" but then realized someone, probbably the horrible and M$ biased sales persons at frys, set every application in the doc to run on startup, draining the system resources and making it usable. so yes macs are not invinciple.

also if the HDD does go out you will hear a chime on start up or something of that sort. Is it just me or does it seem that 90% of HDD failures stem from people not cleaning their computers of dust on a regular bases :confused:

if you take out an HDD is has vent holes that say do not cover on them, most of the "burnt" HDD's that i have seen have had these vents completly full of dust. I mean if people worry about there ps2 sucking up dust, a computer (especially a G5) has way more fans to suck up dust then a ps2 ;)

not saying this is the problem but it could be for others.

also has safari been acting really slow for anyone else in the last few months? has made me think i may have a trojan. it takes like 30 sec to load mac rumors if it loads at all. and other times its very fast, maybe the "referbished" airport that apple sent me. hard line works fine it is only wirless.

rant over :eek:

ODDUWON
 
Chundles said:
Yep, the HDD is on it's way out. I had the exact same symptoms before mine went kaput.

It's not a virus or a trojan. There aren't any for the Mac* what your cousin found on the virus scan (no need for this by the way, waste of time, tell him to get rid of it) is a Windows trojan - these cannot affect OSX and pose no safety threat to his system. It's up to Windows users to protect themselves from viruses.

*Before the nit-pickers on here tear me a new one I'll clarify by saying that there aren't any malicious programs in the wild that will affect an up to date installation of OSX 10.4
Click to expand...

Your disclaimer should be an option in the tools above the 'insert post' window. :D
 
MacboobsPro said:
Your disclaimer should be an option in the tools above the 'insert post' window. :D
Click to expand...

Except some nitpicker would point out that there are plenty of malicious programs wild on *nix that will happily affect OSX up to date as it can be (such as PHP trojans to take one broad category) that simply aren't likely to be wild on most desktops but could get caught on a developer's box, test system...

They may even all be not in the wild on OSX, but probably due to sample size in the server market more than anything.

I mean, I could see some nitpicker pointing that out. Not that I would! :D
 
thanks

Wow i cant thank you guys enough for the feedback. I didnt think he had a trojan and its prolly the hdd (should i be worried there the same model and rev). Anyway just to be safe i gave him clam and onyx. Il post back as soon as he tells me what it found and when i tell him to boot from the disk.

thanks again everyone for your help.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back