How to check if there's a malware on my Mac?

Discussion in 'macOS' started by seleneS, Nov 4, 2010.

  1. seleneS macrumors member

    Joined:
    Jul 28, 2010
    #1
    I had visited a website then was told that I might get a malware there. I haven't seen anything suspicious on my Mac. I didn't give my administrator password to any pop up dialog either. My OS is Snow Leopard. Here's the link to that website (please don't click on it if you think it might be dangerous) http://x-cafevn-db.info

    How could I check if my Mac already got infected?


    A second question: about Symantec Antivirus. I installed and removed this software long time ago when I was using Tiger. After upgrading (not clean install) to Snow Leopard, there are errors message pop up every time I start the system. This didn't happen with Tiger though. The message says:
    "Symantec Antivirus Error
    Symantec AntiVirus Auto-Protec could not continue. Please run LiveUpdate or reinstall Symantec AntiVirus and restart. (Code: 10)"
    No file shows up when I search for Symantec in Finder.

    How could I get rid of those messages?

    Thank you.
     
  2. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #3
    Three steps:
    1. Look at the upper lefthand corner of your display screen.
    2. If you see a blue Apple logo, then you are not infected.
    3. There is no Step 3.
     
  3. munkery, Nov 4, 2010
    Last edited: Nov 5, 2010

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #4
    You are fine if you did not password authenticate an installer that you did not double click to run.

    If you just want an on demand anti-virus scanner to check your system every once and a while, use ClamXav. A search for osx and boonana in it's database shows the following:

    Trojan.OSX.Cowhand
    OSX.RSPlug-2
    Trojan.OSX.OpinionSpy.B
    Trojan.OSX.OpinionSpy.A
    OSX.RSPlug
    Trojan.OSX.iservices.A
    Trojan.OSX.iservices.B
    OSX.DNSChanger.dmg
    OSX.DNSChanger.dmg-1
    Trojan.OSX.RSPlug.F.dmg
    Trojan.OSX.RSPlug.F.dmg-1
    Trojan.OSX.RSPlug.F.dmg-2
    Trojan.OSX.RSPlug.F.dmg-3
    Trojan.OSX.RSPlug.F.dmg-4
    Trojan.OSX.RSPlug.F.dmg-5
    Trojan.OSX.RSPlug.G.dmg
    Trojan.OSX.RSPlug.G
    Exploit.OSX.Safari
    OSX.DNSChanger
    OSX.Trojan-2
    Trojan.OSX.Opener
    Trojan.OSX.RSPlug.C
    Trojan.OSX.RSPlug.D
    OSX.Tored
    Trojan.Java.Boonana
    Trojan.Java.Boonana-1
    Trojan.Java.Boonana-2
    Trojan.Java.Boonana-3
    Trojan.Java.Boonana-4
    Trojan.Java.Boonana-5

    Some of these are no longer relevant. The relevant entries represent the variants of the 4 known active Trojans.

    You can use it's Sentry feature to scan specific folders on access.

    BTW, you have to configure Finder to find system files.
     
  4. seleneS thread starter macrumors member

    Joined:
    Jul 28, 2010
    #5
    Thank you all for yours suggestions. I feel assured that I'm safe because I didn't type my password to any installer and decide to leave the system alone. And I do see an Apple logo on the left hand corner of the screen but it's black though :D

    Regard to the second question, is there any way that I could stop the error message? I already removed Symantec without using the uninstaller :( It's weird that the message only appears after I upgraded to Snow Leopard.
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    To fully remove any app: http://forums.macrumors.com/showthread.php?p=11171082#post11171082

    Mac Virus/Malware Info
     
  6. iThinkergoiMac macrumors 68030

    Joined:
    Jan 20, 2010
    Location:
    Terra
    #7
    OH NO!!! I think I'm screwed!!!!

    I followed your instructions to the letter. I very carefully inspected the upper left corner of my screen but I CANNOT FIND the blue Apple logo!!! I found a black one, but after looking all over the place, even with a magnifying glass, I can't find a blue one!!

    What should I do?! Am I infected?! I can't lose all my stuff!!!!!!!!!!!!! :eek:
     
  7. seleneS thread starter macrumors member

    Joined:
    Jul 28, 2010
    #8
    I followed the post with a search for File Name and found the file "Symantec.conf". I deleted it and restarted the system. The message still appears!

    I searched for Contents and found some files with extension .strings in Library/PrivateFrameworks/SymIR.framework.... or SymBase.framework and two files name "objects.nib" in folder library/PrivateFrameworkds/SymAppKitAdditions.framework. I guess the initial "Sym" here stands for Symantec. Am I correct? Can I trash them?
     
  8. GGJstudios, Nov 5, 2010
    Last edited: Nov 5, 2010

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    No, you just need to follow a different process, specific to your computer:
    1. Look at the upper lefthand corner of your display screen.
    2. If you see a black Apple logo, then you are not infected.
    3. There is no Step 3.
    :D
    http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080427024142EN
     
  9. seleneS thread starter macrumors member

    Joined:
    Jul 28, 2010
    #10
    Pheeewww!! Symantec is out! I ended up removing all folders having "sym" in their name. No more error message :D. Thanks a lot!
     
  10. Darth.Titan macrumors 68030

    Darth.Titan

    Joined:
    Oct 31, 2007
    Location:
    Austin, TX
    #11
    You also might try reinstalling Symantec antivirus, then using the uninstaller properly afterward.
     
  11. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #12
    Fret not. Computers with the black Apple logo in the upper lefthand corner of the display are just as safe if not more so as those with the blue logo.
     
  12. iThinkergoiMac macrumors 68030

    Joined:
    Jan 20, 2010
    Location:
    Terra
    #13
    Oh, PHEW! I was SO worried!!!!

    :D
     

Share This Page