How can you tell if you have a trojan?

Discussion in 'macOS' started by Morrius, Apr 1, 2012.

  1. Morrius macrumors member

    Joined:
    Oct 23, 2007
    #1
    I navigated to a webpage that I think had some malware on it. I got a message saying that Software Update needed my password. I wasn't running Software Update, so I quickly shut it down. I've been watching Activity Monitor like a hawk for the last few minutes, and nothing seems out of the ordinary. No processes that aren't immediately identifiable as stuff that's supposed to be there.

    I'm running 10.6.8 and the latest versions of Safari, Flash, and Java, and all of my security stuff is up to date. All I hear about anti-virus software is that it usually does more harm than good. I'm just curious if there is something I should be on the lookout for, or if I'm freaking out over nothing.
     
  2. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #2
    If you didn't enter your administrator password you don't have a trojan.
     
  3. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    This^ You don't have a trojan.

    You don't need any 3rd party antivirus app to keep your Mac malware-free. Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. If you practice safe computing, the only malware in the wild that can affect Mac OS X is a handful of trojans, which cannot infect your Mac unless you actively install them, and they can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
    1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall

    2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General

    3. Uncheck "Enable Java" in Safari > Preferences > Security. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)

    4. Check your DNS settings by reading this.

    5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.

    6. Never let someone else have physical access to install anything on your Mac.

    7. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
    That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    Not if you read the OP's post:
     
  5. heisenberg123 macrumors 603

    heisenberg123

    Joined:
    Oct 31, 2010
    Location:
    Hamilton, Ontario
    #6
    agreed with the others unless you give permission for an malicious app to be installed (ie enter your password) than your safe
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    Not all trojans require the admin password to be installed. However, in this case the OP canceled the installation and did not proceed, password or not.
     
  7. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #8
  8. bobr1952 macrumors 68020

    bobr1952

    Joined:
    Jan 21, 2008
    Location:
    Melbourne, FL
    #9
    ^^

    Not indicated in OP, but many Safari users--myself included--have Java disabled--so the link is not relevant in that case.
     
  9. heisenberg123 macrumors 603

    heisenberg123

    Joined:
    Oct 31, 2010
    Location:
    Hamilton, Ontario
    #10
    how do you prevent trojans that dont require a password?
     
  10. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    Most trojans still have an install routine that requires the user to proceed with the installation, even if it doesn't ask for a password. For these, simply close the installer process. A few have been reported lately that don't have an install process, installed by the user opening an infected Word document from a malicious source, but for now those don't appear to be available in the wild, unless you're part of a targeted Thai NGO. I'm still waiting for more corroborating reports on those, as they appear to only have been reported by a few bloggers and not yet acknowledged, AFAIK, by any reputable security firms. IMO, those reports are not yet completely credible, but worth keeping an eye on.
     
  11. heisenberg123 macrumors 603

    heisenberg123

    Joined:
    Oct 31, 2010
    Location:
    Hamilton, Ontario
    #12
    thanks as usually your very help with information
     
  12. LysaM macrumors newbie

    Joined:
    Mar 9, 2012
    #13
    Not necessarily

    This is not necessarily the case anymore. More and more, malware writers are focusing on bypassing the need for a password to install. We've been seeing more new variants doing this, daily. Here is the latest info on this:
    http://www.intego.com/mac-security-...es-advantage-of-unpatched-java-vulnerability/
     
  13. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    Didn't you read the thread?
     
  14. John T macrumors 68020

    John T

    Joined:
    Mar 18, 2006
    Location:
    UK.
    #15
  15. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    Yes, their profile clearly states they're affiliated with that company.
     
  16. StrikerShoot macrumors newbie

    Joined:
    Feb 17, 2012
    Location:
    Seattle
    #17
    But how can you tell?

    Back to the main question, how can you tell if your Mac is infected with a Trojan horse or other malware? :confused:

    Before purchasing the latest MacBook Pro I was a long-time Windows user. As such, whenever my Windows computer got infected with a virus or other malware it quickly became obvious.

    Now as a Mac user, assuming I inadvertently install Mac malware (let's say a Trojan horse), would my Apple computer start behaving odd like my Windows computer did whenever it got infected?
     
  17. theheyes macrumors regular

    Joined:
    Mar 8, 2006
    Location:
    Manchester
    #18
    How is the link not relevant? As you rightly said, the OP did not indicate either way so you have to assume the default configuration of OSX, which is vulnerable. Let's be scientific about this.

    In regards to knowing whether your Mac is infected, anti virus software is just one layer of defence and it is arguable how useful it is. The number of malware problems for Macs are so small and so high profile you can keep up to date with good information on the tech news sites in regards to specific behaviour and detection. e.g.

    http://arstechnica.com/apple/news/2...controls-half-a-million-macs-and-counting.ars
     
  18. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #20
    Incidentally, the default in Lion is that it ships without Java installed, and will prompt for the user to download it via Software Update if they try to run a program that requires it. Thus, out of the box, 10.7.x should be invulnerable to this trojan. Obviously, many people do have Java installed for various reasons, so there are many who need to take standard precautions against things like this, but this shouldn't affect many novice users.

    jW
     
  19. StrikerShoot macrumors newbie

    Joined:
    Feb 17, 2012
    Location:
    Seattle
    #21
    What about the symptoms...

    I'm not saying we should all drop everything and install antivirus to be free of malware. But the number of Macs infected seems to be growing, as revealed today by Forbes: At least 600,000 Macs have been infected by the Flashback malware. http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-should-install-antivirus-on-your-mac/

    I also found out that if Macs are infected with Flashback, there's no way to know. http://www.intego.com/mac-security-blog/what-are-the-symptoms-of-the-flashback-malware/ So am I missing something, or is there another way to find out if infected with the malware other than scanning your Mac using an antivirus program?

    I haven't found information elsewhere that explains the symptoms a Mac shows when infected by the Flashback Trojan. I'm also unfortunately not very tech savvy, at least not like some people on these forums. But it does seem a bit worrisome that my Mac could be infected by Flashback and I wouldn't even know it. :(
     
  20. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #22
    That's not true. Read this to learn how to detect and remove it. This is also being discussed here.
     
  21. Morrius thread starter macrumors member

    Joined:
    Oct 23, 2007
    #23
    Okay, so I now have a process called .mkeeper running when I look at Activity Monitor. When I googled this, I got a whole bunch of hits saying that this was a sign of infection with FlashBack. I turned off Java in Safari prefs, and I have my firewall up and everything. When I ran these commands in Terminal:

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    They both said that the domain/default pair of it does not exist. Which means I'm not infected, so what's this .mkeeper process that's running?
     
  22. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #24
    Do you have MacKeeper installed? You can also do a search for mkeeper on your system. Use the instructions here to search:
     
  23. Morrius thread starter macrumors member

    Joined:
    Oct 23, 2007
    #25
    No, I don't. I'm very skeptical of that program.
     

Share This Page