Malware,spyware,paranoia?

Discussion in 'OS X El Capitan (10.11)' started by tyler550, Jun 30, 2016.

  1. tyler550 macrumors newbie

    Joined:
    Mar 8, 2015
    #1
    Hi everyone,

    I was just watching a film with VLC player when iPhoto launched all by itself & started a full screen picture slide show.The only way I could get it to stop was to type in my admin password.

    A little research revealed that attaching an iphone or camera to a mac can cause iphoto to launch automatically but I didn't attach anything to my mac,besides,iphoto doesn't even work (hasn't since upgrading osx) so isn't this pretty weird behavior?

    I wasn't even connected to the web at the time this occurred but you remember that fake Abode update that was installing malware on macs some time ago? Could this be a similar thing? Could I have installed something on my mac by entering my password to get the picture slide show to stop? Maybe the film itself contained something?
    Should I run something like Avast free scanner for mac just to be sure or am I just being paranoid?

    Thnx
    Tyler
     
  2. rnbwd macrumors regular

    rnbwd

    Joined:
    Jul 6, 2015
    Location:
    Seattle
    #2
    Potentially, I haven't heard of that malware being reported but I've also never had that happen - it could have been iCloud signing in for photos. I'd personally recommend using the apps built by objective-see.com . They write about their research and software in blog posts, everything is free, and they're approach is fundamentally different than something like avast. Knockknock and task exployer and dylib hijacker, kextviewer are passive tools that basically show most of the processes running in the background, kernel extensions, at launch, etc. - this is most likely where malware would be running if it exists. But the only thing it does is say whether or not an app is signed, and optionally it queries a database to see if it's any process has been registered as a virus / malware. What's nice is that it only runs when you choose to run it - and it doesn't make assumptions or try to sell you anything - it lets you decide whether or not the process is malicious -'with warnings if there's a suspicious unsigned app running in to background with access to the OS it shouldn't have.

    The preventive apps they have are more experimental, but also very powerful. Blockblock basically sends you a message whenever a new process from an app you installed (chrome updates, whatever) registers itself as a launch script. Malware is hard to kill sometimes because even if you find it and delete, it could just be the process spawned from the malware which isn't actually touched, so when delete it just registers itself again. No virus products are perfect, even if they find and delete known malware, it's always one step behind. block block doesn't care if it's malware, it just lets you know when a program is registering a new launch service and then you can approve or disapprove. I've never actually seen malware on my system, every process I've seen or scanned has checked out okay and I just let it pass and tell it to remember it's legit so it won't ask again. Honestly this approach is more comprehensive, simple, and useful than any program running as a service monitoring malware. Not to mention is free. Ransomware / ostarious have a similar approach. Both are considered experimental and I had to uninstall ostarious because of false positives.

    One laser thing is lockdown - only use this if you know what your doing, do not automatically fix all the suggestions, but there's a few gems in there, like deleting the FileVault password when the computer sleeps, making the AppStore check for updates daily, and if your in a public place, turning off file sharing and continuity might be a good idea on public wifi. Honestly that's all I use - I am skeptical of most (maybe all) of the popular virus scammers (scanners) marketed
     
  3. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #3
    I would just download and run the free app Malwarebytes to check for adware/malware. I'm not a fan of Avast or any of those "protection" apps. Many of them install all sorts of launch items and kext (driver) extensions that cause more trouble than anything.

    MWB is just a stand alone app that will do the scan then you can just quit the app and even delete it if you like.

    I have not seen any malware that behaves like you described though.
     
  4. tyler550 thread starter macrumors newbie

    Joined:
    Mar 8, 2015
    #4
    Thnx for the responses.

    I was so desperate for a resolution that I tried the Avast scan instead of waiting for a response from the members here & it didn't detect anything.There were approx 13 folders that it couldn't scan which kind of makes it useless.I've uninstalled Avast,hopefully it hasn't left anything behind & hopefully it doesn't cause more problems as mentioned above.

    I did run the MWB scan & that detected nothing as well so I've uninstalled it too.

    I'm going to ASSUME that this strange occurrence was just that,a strange occurrence & nothing nasty.
    I've had a mac since 2011 yet the viruse/malware/spyware paranoia from the old windows days still remains.(foolish)

    Thnx for all the feedback,mods can delete or close this thread if they choose.
     

Share This Page