How do you identify a RAT on your Mac & remove it?

Discussion in 'MacBook Pro' started by Will79, Mar 22, 2014.

  1. Will79 macrumors member

    Joined:
    Mar 20, 2014
    #1
    I've been noticing some weird mouse activity on my mac recently. For example: Just now, I was playing a game on my Windows computer for a while, looked at my mac for help and noticed that the mouse was in a different place than before. Thinking nothing of it, I proceeded with the game and when I looked at my mac again, it was in another different place.

    It was nobody in my house because it was sitting right next to me.

    My questions:
    - How can I identify a RAT on my mac?
    - If there is one, how can I remove it?

    I'm worried because my parents' computer got infected with a RAT recently and it died after a few days; they could no longer turn it on. If my macbook died, I would not be able to replace it as I no longer receive an income as high as the one I did when I purchased it.
     
  2. Gav Mack macrumors 68020

    Gav Mack

    Joined:
    Jun 15, 2008
    Location:
    Sagittarius A*
    #2
    It's likely that the movement on your MacBook Pro is caused by dust and particles on the trackpad or worse case scenario it's starting to malfunction.

    Download ClamXav from the developers site and check for any malware installed, if you don't have adobe reader or java 7 installed which are the most vulnerable back doors into OSX you should be fine. If you have flash player installed in system preferences click on the app and make sure it's up to date.

    With windows machines it's not the 'rat' that is the main problem it's the 'rootkit' which hides the malware/rat from the anti virus program's that's the real pita to get rid of completely. It's more likely that computer died due to power problems/overheating than via malware, the infection more of a coincidence though Trojans can make the CPU spike massively and make it overheat.
     
  3. Will79, Mar 22, 2014
    Last edited: Mar 22, 2014

    Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #3
    I just turned it on to install ClamXav, hovered the mouse over an icon at the top, looked at my other computer for about 20 seconds and when I looked back, it had moved to the icon next to it.

    Edit:
    Things I've recently done:
    - Updated Java (it kept popping up and asking me to so in the end I complied)
    - Installed the mac security update on iTunes
     
  4. Barney63 macrumors 6502a

    Barney63

    Joined:
    Jan 9, 2014
    Location:
    Bolton, UK.
  5. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #5
    There's specific hardware issues that can cause the mouse pointer to move, even with no apparent input from you.
    Can you tell us exactly which Mac you have, and which version of OS X you are using?
     
  6. Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #6
    Here's what About This Mac says:

    Version: 10.9.2
    Processor: 2.5 GHz Intel Core i5
    Memory: 4 GB 1600 MHz DDR3
     
  7. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #7
    What Mac model do you have? Mac mini, iMac, MacBook Pro, something else?

    You can also click on the More Info… button in that same About This Mac window, which will show you lots more information about your Mac, telling you exactly which it is.
     
  8. Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #8
    Macbook Pro.
    I thought this was the Macbook Pro subforum.
    More Info says:

    Processor: 2.5 GHz Intel Core i5
    Memory: 4 GB 1600 MHz DDR3
    Graphics: Intel HD Graphics 4000 1024 MB
    Software: OS X 10.9.2 (13C64)
     
  9. Meister Suspended

    Meister

    Joined:
    Oct 10, 2013
    #9
    Catch it with cheese?
    If that doesnt work maybe RAT- poison.
     
  10. Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #10
    Wow, definitely never heard that one before.
     
  11. Meister Suspended

    Meister

    Joined:
    Oct 10, 2013
    #11
    See. Thats what I am here for. ;)
     
  12. Gav Mack macrumors 68020

    Gav Mack

    Joined:
    Jun 15, 2008
    Location:
    Sagittarius A*
    #12
    Quantum mouse-chanics? turn the acceleration/speed on the trackpad down to to the lowest settings and see if it moves less. Trojans only access the mouse in movies and tv! Have a look at the login items for your account in system preferences.
     
  13. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #13
    There's no guarantee that everyone posts in correct forum, and with at least 3 different Macs with those specs, I had to ask.
    You do say "mouse". Do you use an external mouse or other device, or only the built-in trackpad?
     
  14. Will79, Mar 22, 2014
    Last edited: Mar 22, 2014

    Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #14
    Just logged into my mac and the mouse seemed to have a life of its own.
    When I tapped to click (yes, it is enabled in System Preferences > Trackpad), it just moved. It was also jumping around randomly.

    It seems to have calmed down now, but it's still jumping around a bit and sometimes spawns in random places when I'm finished typing and try to move it somewhere.

    So now I'm leaning towards there being some issue with my trackpad; whether it be physical or technical.

    What kind of information can I give you all to aid your diagnosis'?

    Edit: Another event which concerned me was the popup when I started Google Chrome which stated that my preferences could not be read. I proceeded and found that the only thing different was that AdBlock had been removed. I did a Google search and didn't find much for mac, only Windows.

    I tried slowing it down but that didn't really make much difference.
    Here are my login items:

    [​IMG]

    The "uTorrent" item has filled me with suspicion as I do not remember ever downloading it. I have selected "hide this item when I login".

    I use the trackpad.
     
  15. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #15
    µTorrent is a torrent app (as the name suggests)

    If you don't recall installing that, you may want to uninstall it - or at least delete the item from your Login Items.
    ("Hiding" that µTorrent item does not prevent it from operating, it just hides it - you should select that line, then click the (-) at the bottom of that window to delete it from the list completely)
    Go into your Sharing pref pane, and check that ONLY the services that you use are checked. If you don't need or use any sharing services, I would suggest that you uncheck all the boxes, if any are checked. You may need to unlock that pane to make changes, but be sure to click the padlock in the bottom left corner to lock the pane, and prevent further changes.

    If you really don't see anything there, then you may simply have a mechanical problem. Some MBPros have battery problems. The battery begins to swell underneath, applying pressure to the underside of the trackpad, causing intermittent or erratic movement of the trackpad cursor, along with random un-called clicks. Makes it appear to be under control, but is just random stuff happening. An Apple service shop would be able to verify what's happening.
     
  16. Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #16
    Yup, I don't recall installing uTorrent and can't find it in Applications anywhere. I also just did I search in All My Files for "utorrent" and didn't find anything.

    There is nothing checked in Sharing.

    Would dropping the laptop cause issues like this?
    It has fallen off the chair quite a few times.
     
  17. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #17
    I just about fell off my chair when I read that - but, no, dropping your laptop won't install new software.
    But, the trackpad could be misaligned, and can give you some issues, I suppose. There is a small gap all around the trackpad, where the glass goes under the case edge. You might look very closely to see if that gap varies around the edge. You can sometimes tell by pushing the edge of a sheet of paper into that gap. It should push in fairly easily all the way around.

    And, finally, a trip to a "genius" can get a good clue about your laptop, to check if the trackpad tests OK there, too...
     
  18. Ledgem macrumors 65816

    Ledgem

    Joined:
    Jan 18, 2008
    Location:
    Hawaii, USA
    #18
    The easiest way to tell if it's a hardware issue or malware is to disconnect it from the internet. Shut off the wifi and/or unplug the ethernet cable. If the wifi turns on again by itself then it still wouldn't necessarily be clear as to whether it was a hardware problem or malware; at that point you would need to blacklist the device on your router to ensure that net access was cut off.

    If net access is cut off and things are still moving around on their own, it's probably a hardware problem. If cutting off net access stops the problem, it might be malware.

    As an aside, Little Snitch is a wonderful program for peace of mind with these things. Unless you blindly grant net access to anything and everything, programs don't communicate with the internet without your knowledge and permission. If you're concerned about RATs and other malware, it's worth the purchase.
     
  19. Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #19
    I meant would dropping it cause the battery issue you mentioned...
     
  20. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #20
    No, dropping wouldn't likely affect the battery at all, but might result in the trackpad alignment issues. That's worth checking, I think.
     
  21. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #21
    The problem is, what type of MacBook Pro are you using? Early-2011, mid-2012, or what?
     
  22. nickandre21 macrumors 6502a

    Joined:
    Jun 21, 2012
    #22
    I would try to see if that's a hardware or software issue. To do so log into bootcamp or maybe go into recovery mode or apple hard ware test and verify if within there your cursor moves around if it does its a sure shot hardware issue if not i would do a clean install of osx. Has liquid ever fallen on your trackpad?
     
  23. Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #23
    All the specs

    It says Lion but I updated it to Mavericks a while ago.
     
  24. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #24
    No....what I meant was this.

    As seen in this image, my rMBP is late-2013. What's yours? Giving us the specs doesn't help. We need to know the type of your MBP first.

    Judging from the specs though, my best guess is that yours is a mid-2012 13".
     

    Attached Files:

  25. Will79 thread starter macrumors member

    Joined:
    Mar 20, 2014
    #25
    Yup, mid-2012 13".
     

Share This Page