I installed that new Mac trojan by accident!

Discussion in 'macOS' started by tmt345, Aug 16, 2009.

  1. tmt345 macrumors member

    Joined:
    Aug 24, 2008
    #1
    One of my friends sent me an email for a video that was supposed to be funny but the video said I had to install a Quicktime Update so I downloaded a file called quicktimeupdate.dmg and I installed it! This friend is always mocking Mac OS X's security so I know why he sent me this! Please is there a patch that can help me or something or has a patch already been released. I did some research and heres a news article about it.

    http://arstechnica.com/apple/news/2...hijacks-your-macs-dns-spotted-in-the-wild.ars

    I don't want a person from Argentina tracking my Mac, help me please! Oh, and I'm planning to get payback by pretending to make my friends Windows 7 computer BSOD so don't worry.

    Thank You
     
  2. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
  3. tmt345 thread starter macrumors member

    Joined:
    Aug 24, 2008
    #3
    If I have to reinstall then do you think I should download Snow Leopard and install that instead? If I really do need to reinstall then I'm going to 1 up my friend and give him an even worse trojan.
     
  4. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #4
    No, install 10.5 and then install 10.6 when you receive the media.
     
  5. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #5
    No.

    And why not just be a bigger man about it and let it go?

    If you retaliate, they will do something worse, and the cycle will continue until somebody physically destroys the other person's machine.
     
  6. tmt345 thread starter macrumors member

    Joined:
    Aug 24, 2008
    #6
    Ok, I think I forgot to add though that I was going to buy Snow Leopard (I already have it pre-ordered) if thats what you meant by "when you receive the media". Backup here I go...
     
  7. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #7
    It's probably too late to backup ...
     
  8. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #8
    I wasn't implying anything. I just meant that you'll be sure to have the retail code when you install from media, without any chance of someone modifying the code before you download it.
     
  9. tmt345 thread starter macrumors member

    Joined:
    Aug 24, 2008
    #9
    What do you mean, I'm still able to access my files and stuff. I just don't want some creep from another country tracking me and everything I do and possibly sending me more bad stuff.
     
  10. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #10
    You are backing up files that have potentially been corrupted ...
     
  11. belvdr macrumors 603

    Joined:
    Aug 15, 2005
    #11
    He means you may be backing up the trojan, only to restore it on the new system.
     
  12. tmt345 thread starter macrumors member

    Joined:
    Aug 24, 2008
    #12
    Thanks everyone for the help, as a last resort I've downloaded ClamXav to scan my system and if it doesn't find anything I will reinstall.
     
  13. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #13
    It probably wont find find anything, since the trojan is new.
     
  14. tmt345 thread starter macrumors member

    Joined:
    Aug 24, 2008
    #14
    I'm not even able to update it, it says "ERROR 59 unable to update virus definitions" (and its not being blocked by my firewall, i checked), I'm just going to reinstall instead of dealing with all this stuff. Weird stuff is starting to happen, like my system seems a tad bit slower. The internet is laggy now sometimes and when I yahooed clamxav freaky things started to happen. I got redirected to some weird IP address and that redirected me to some other search site. I had to use google instead.
     
  15. sushi Moderator emeritus

    sushi

    Joined:
    Jul 19, 2002
    Location:
    キャンプスワ&#
    #15
    Suggest that after you fix your computer, you just ignore his effort to attack yours.

    And if he asks you about it, say, that everything is working fine with your computer.

    It will drive him crazy without you doing anything. :)
     
  16. chaos86 macrumors 65816

    chaos86

    Joined:
    Sep 11, 2003
    Location:
    127.0.0.1
    #16
    What would happen if the OP installed little snitch, or some other packet intercepting software, waited til the trojan phoned home, then tracked down the file through the little snitch software and deleted it? i.e. manual virus removal.
     
  17. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #17
    Depends. Other trojans have cron scripts that run to ensure the files are in place.
     
  18. EmperorDarius macrumors 6502a

    Joined:
    Jan 2, 2009
    #18
    I think you should do a scan with a trial version of Sophos av. It's the only av I know that detected all the Jahlav trojans (probably the one you have) I've found.
     
  19. DoctorPeppers macrumors newbie

    DoctorPeppers

    Joined:
    Aug 14, 2009
    Location:
    Wisconsin
  20. pilotError macrumors 68020

    pilotError

    Joined:
    Apr 12, 2006
    Location:
    Long Island
    #20
    Download Pacifist and open up the pkg that was contained in the .dmg file.

    That will show you what files are contained in the package and where they go. You can then go on a mission to delete all the files it installed.
     
  21. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #21
    You didn't install it by accident. You installed it out of stupidity. How often did the operating system ask you if you really wanted to install this? Twice. Did it tell you what website the software came from? Yes, it did. Was that website www.apple.com? Not, it wasn't.
     
  22. yetanotherdave macrumors 68000

    yetanotherdave

    Joined:
    Apr 27, 2007
    Location:
    Bristol, England
  23. bli625 macrumors 6502a

    bli625

    Joined:
    Mar 8, 2009
    #23
    If nothing else works, just disconnect yourself from the internet, backup all your important files, and reinstall.
     
  24. EmperorDarius macrumors 6502a

    Joined:
    Jan 2, 2009
    #24
    The "reinstall your system" advices are exaggerated. It's just a stupid DNS changer.
    Here's a direct removal tool:

    http://www.dnschanger.com/
     

Share This Page