Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How can you tell if you have a trojan?

M

Morrius

macrumors member
Original poster
Oct 23, 2007
95
0
I navigated to a webpage that I think had some malware on it. I got a message saying that Software Update needed my password. I wasn't running Software Update, so I quickly shut it down. I've been watching Activity Monitor like a hawk for the last few minutes, and nothing seems out of the ordinary. No processes that aren't immediately identifiable as stuff that's supposed to be there.

I'm running 10.6.8 and the latest versions of Safari, Flash, and Java, and all of my security stuff is up to date. All I hear about anti-virus software is that it usually does more harm than good. I'm just curious if there is something I should be on the lookout for, or if I'm freaking out over nothing.
 
Morrius said:
...or if I'm freaking out over nothing.
Click to expand...
This^ You don't have a trojan.

You don't need any 3rd party antivirus app to keep your Mac malware-free. Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. If you practice safe computing, the only malware in the wild that can affect Mac OS X is a handful of trojans, which cannot infect your Mac unless you actively install them, and they can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
  1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall

  2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General

  3. Uncheck "Enable Java" in Safari > Preferences > Security. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)

  4. Check your DNS settings by reading this.

  5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.

  6. Never let someone else have physical access to install anything on your Mac.

  7. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.
 
iisforiphone said:
agreed with the others unless you give permission for an malicious app to be installed (ie enter your password) than your safe
Click to expand...
Not all trojans require the admin password to be installed. However, in this case the OP canceled the installation and did not proceed, password or not.
 
^^

Not indicated in OP, but many Safari users--myself included--have Java disabled--so the link is not relevant in that case.
 
iisforiphone said:
how do you prevent trojans that dont require a password?
Click to expand...
Most trojans still have an install routine that requires the user to proceed with the installation, even if it doesn't ask for a password. For these, simply close the installer process. A few have been reported lately that don't have an install process, installed by the user opening an infected Word document from a malicious source, but for now those don't appear to be available in the wild, unless you're part of a targeted Thai NGO. I'm still waiting for more corroborating reports on those, as they appear to only have been reported by a few bloggers and not yet acknowledged, AFAIK, by any reputable security firms. IMO, those reports are not yet completely credible, but worth keeping an eye on.
 
GGJstudios said:
Most trojans still have an install routine that requires the user to proceed with the installation, even if it doesn't ask for a password. For these, simply close the installer process. A few have been reported lately that don't have an install process, but for now they don't appear to be available in the wild, unless you're part of a targeted Thai NGO. I'm still waiting for more corroborating reports on those, as they appear to only have been reported by a few bloggers and not yet acknowledged, AFAIK, by any reputable security firms. IMO, those reports are not yet completely credible, but worth keeping an eye on.
Click to expand...

thanks as usually your very help with information
 
Not necessarily

GGJstudios said:
Most trojans still have an install routine that requires the user to proceed with the installation, even if it doesn't ask for a password. For these, simply close the installer process. A few have been reported lately that don't have an install process, installed by the user opening an infected Word document from a malicious source, but for now those don't appear to be available in the wild, unless you're part of a targeted Thai NGO. I'm still waiting for more corroborating reports on those, as they appear to only have been reported by a few bloggers and not yet acknowledged, AFAIK, by any reputable security firms. IMO, those reports are not yet completely credible, but worth keeping an eye on.
Click to expand...

This is not necessarily the case anymore. More and more, malware writers are focusing on bypassing the need for a password to install. We've been seeing more new variants doing this, daily. Here is the latest info on this:
http://www.intego.com/mac-security-...es-advantage-of-unpatched-java-vulnerability/
 
But how can you tell?

Back to the main question, how can you tell if your Mac is infected with a Trojan horse or other malware? :confused:

Before purchasing the latest MacBook Pro I was a long-time Windows user. As such, whenever my Windows computer got infected with a virus or other malware it quickly became obvious.

Now as a Mac user, assuming I inadvertently install Mac malware (let's say a Trojan horse), would my Apple computer start behaving odd like my Windows computer did whenever it got infected?
 
bobr1952 said:
^^

Not indicated in OP, but many Safari users--myself included--have Java disabled--so the link is not relevant in that case.
Click to expand...

How is the link not relevant? As you rightly said, the OP did not indicate either way so you have to assume the default configuration of OSX, which is vulnerable. Let's be scientific about this.

In regards to knowing whether your Mac is infected, anti virus software is just one layer of defence and it is arguable how useful it is. The number of malware problems for Macs are so small and so high profile you can keep up to date with good information on the tech news sites in regards to specific behaviour and detection. e.g.

http://arstechnica.com/apple/news/2...controls-half-a-million-macs-and-counting.ars
 
theheyes said:
How is the link not relevant? As you rightly said, the OP did not indicate either way so you have to assume the default configuration of OSX, which is vulnerable. Let's be scientific about this.

In regards to knowing whether your Mac is infected, anti virus software is just one layer of defence and it is arguable how useful it is. The number of malware problems for Macs are so small and so high profile you can keep up to date with good information on the tech news sites in regards to specific behaviour and detection. e.g.

http://arstechnica.com/apple/news/2...controls-half-a-million-macs-and-counting.ars
Click to expand...

Incidentally, the default in Lion is that it ships without Java installed, and will prompt for the user to download it via Software Update if they try to run a program that requires it. Thus, out of the box, 10.7.x should be invulnerable to this trojan. Obviously, many people do have Java installed for various reasons, so there are many who need to take standard precautions against things like this, but this shouldn't affect many novice users.

jW
 
What about the symptoms...

theheyes said:
In regards to knowing whether your Mac is infected, anti virus software is just one layer of defence and it is arguable how useful it is. The number of malware problems for Macs are so small and so high profile you can keep up to date with good information on the tech news sites in regards to specific behaviour and detection. e.g.
Click to expand...

I'm not saying we should all drop everything and install antivirus to be free of malware. But the number of Macs infected seems to be growing, as revealed today by Forbes: At least 600,000 Macs have been infected by the Flashback malware. http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-should-install-antivirus-on-your-mac/

I also found out that if Macs are infected with Flashback, there's no way to know. http://www.intego.com/mac-security-blog/what-are-the-symptoms-of-the-flashback-malware/ So am I missing something, or is there another way to find out if infected with the malware other than scanning your Mac using an antivirus program?

I haven't found information elsewhere that explains the symptoms a Mac shows when infected by the Flashback Trojan. I'm also unfortunately not very tech savvy, at least not like some people on these forums. But it does seem a bit worrisome that my Mac could be infected by Flashback and I wouldn't even know it. :(
 
Okay, so I now have a process called .mkeeper running when I look at Activity Monitor. When I googled this, I got a whole bunch of hits saying that this was a sign of infection with FlashBack. I turned off Java in Safari prefs, and I have my firewall up and everything. When I ran these commands in Terminal:

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

They both said that the domain/default pair of it does not exist. Which means I'm not infected, so what's this .mkeeper process that's running?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back