How to check if there's a malware on my Mac?

[seleneS]

I had visited a website then was told that I might get a malware there. I haven't seen anything suspicious on my Mac. I didn't give my administrator password to any pop up dialog either. My OS is Snow Leopard. Here's the link to that website (please don't click on it if you think it might be dangerous) http://x-cafevn-db.info

How could I check if my Mac already got infected?


A second question: about Symantec Antivirus. I installed and removed this software long time ago when I was using Tiger. After upgrading (not clean install) to Snow Leopard, there are errors message pop up every time I start the system. This didn't happen with Tiger though. The message says:
"Symantec Antivirus Error
Symantec AntiVirus Auto-Protec could not continue. Please run LiveUpdate or reinstall Symantec AntiVirus and restart. (Code: 10)"
No file shows up when I search for Symantec in Finder.

How could I get rid of those messages?

Thank you.

 

[Darth.Titan]

Sophos Launches Free Anti-Virus Software for Mac OS X

As for question 2, you should have used the uninstaller for the Symantec Antivirus.

 

[MisterMe]

...

How could I check if my Mac already got infected?

....

Three steps:

1. Look at the upper lefthand corner of your display screen.
2. If you see a blue Apple logo, then you are not infected.
3. There is no Step 3.

 

[munkery]

You are fine if you did not password authenticate an installer that you did not double click to run.

If you just want an on demand anti-virus scanner to check your system every once and a while, use ClamXav. A search for osx and boonana in it's database shows the following:

Trojan.OSX.Cowhand
OSX.RSPlug-2
Trojan.OSX.OpinionSpy.B
Trojan.OSX.OpinionSpy.A
OSX.RSPlug
Trojan.OSX.iservices.A
Trojan.OSX.iservices.B
OSX.DNSChanger.dmg
OSX.DNSChanger.dmg-1
Trojan.OSX.RSPlug.F.dmg
Trojan.OSX.RSPlug.F.dmg-1
Trojan.OSX.RSPlug.F.dmg-2
Trojan.OSX.RSPlug.F.dmg-3
Trojan.OSX.RSPlug.F.dmg-4
Trojan.OSX.RSPlug.F.dmg-5
Trojan.OSX.RSPlug.G.dmg
Trojan.OSX.RSPlug.G
Exploit.OSX.Safari
OSX.DNSChanger
OSX.Trojan-2
Trojan.OSX.Opener
Trojan.OSX.RSPlug.C
Trojan.OSX.RSPlug.D
OSX.Tored
Trojan.Java.Boonana
Trojan.Java.Boonana-1
Trojan.Java.Boonana-2
Trojan.Java.Boonana-3
Trojan.Java.Boonana-4
Trojan.Java.Boonana-5

Some of these are no longer relevant. The relevant entries represent the variants of the 4 known active Trojans.

You can use it's Sentry feature to scan specific folders on access.

BTW, you have to configure Finder to find system files.

 

[seleneS]

Thank you all for yours suggestions. I feel assured that I'm safe because I didn't type my password to any installer and decide to leave the system alone. And I do see an Apple logo on the left hand corner of the screen but it's black though

Regard to the second question, is there any way that I could stop the error message? I already removed Symantec without using the uninstaller It's weird that the message only appears after I upgraded to Snow Leopard.

 

[GGJstudios]

Thank you all for yours suggestions. I feel assured that I'm safe because I didn't type my password to any installer and decide to leave the system alone. And I do see an Apple logo on the left hand corner of the screen but it's black though

Regard to the second question, is there any way that I could stop the error message? I already removed Symantec without using the uninstaller It's weird that the message only appears after I upgraded to Snow Leopard.

To fully remove any app: https://forums.macrumors.com/showthread.php?p=11171082#post11171082

Mac Virus/Malware Info

 

[iThinkergoiMac]

Three steps:

1. Look at the upper lefthand corner of your display screen.
2. If you see a blue Apple logo, then you are not infected.
3. There is no Step 3.

OH NO!!! I think I'm screwed!!!!

I followed your instructions to the letter. I very carefully inspected the upper left corner of my screen but I CANNOT FIND the blue Apple logo!!! I found a black one, but after looking all over the place, even with a magnifying glass, I can't find a blue one!!

What should I do?! Am I infected?! I can't lose all my stuff!!!!!!!!!!!!!

 

[seleneS]

I followed the post with a search for File Name and found the file "Symantec.conf". I deleted it and restarted the system. The message still appears!

I searched for Contents and found some files with extension .strings in Library/PrivateFrameworks/SymIR.framework.... or SymBase.framework and two files name "objects.nib" in folder library/PrivateFrameworkds/SymAppKitAdditions.framework. I guess the initial "Sym" here stands for Symantec. Am I correct? Can I trash them?

 

[GGJstudios]

OH NO!!! I think I'm screwed!!!!

I followed your instructions to the letter. I very carefully inspected the upper left corner of my screen but I CANNOT FIND the blue Apple logo!!! I found a black one, but after looking all over the place, even with a magnifying glass, I can't find a blue one!!

What should I do?! Am I infected?! I can't lose all my stuff!!!!!!!!!!!!!

No, you just need to follow a different process, specific to your computer:

1. Look at the upper lefthand corner of your display screen.
2. If you see a black Apple logo, then you are not infected.
3. There is no Step 3.

I followed the post with a search for File Name and found the file "Symantec.conf". I deleted it and restarted the system. The message still appears!

I searched for Contents and found some files with extension .strings in Library/PrivateFrameworks/SymIR.framework.... or SymBase.framework and two files name "objects.nib" in folder library/PrivateFrameworkds/SymAppKitAdditions.framework. I guess the initial "Sym" here stands for Symantec. Am I correct? Can I trash them?

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080427024142EN

 

[seleneS]

Pheeewww!! Symantec is out! I ended up removing all folders having "sym" in their name. No more error message . Thanks a lot!

 

[Darth.Titan]

You also might try reinstalling Symantec antivirus, then using the uninstaller properly afterward.

 

[MisterMe]

OH NO!!! I think I'm screwed!!!!

I followed your instructions to the letter. I very carefully inspected the upper left corner of my screen but I CANNOT FIND the blue Apple logo!!! I found a black one, but after looking all over the place, even with a magnifying glass, I can't find a blue one!!

What should I do?! Am I infected?! I can't lose all my stuff!!!!!!!!!!!!!

Fret not. Computers with the black Apple logo in the upper lefthand corner of the display are just as safe if not more so as those with the blue logo.

 

[iThinkergoiMac]

No, you just need to follow a different process, specific to your computer:

1. Look at the upper lefthand corner of your display screen.
2. If you see a black Apple logo, then you are not infected.
3. There is no Step 3.

Oh, PHEW! I was SO worried!!!!