My MBP had a trojan virus.

[Leakyfawcet]

I was browsing the Web yesterday, and all of a sudden I got a message from Safari stating that my comp. was infected with a virus. I quickly ran a scan with ClamAv, and found a Trojan virus hiding among my personal files. I used ClamAv to quarantine the virus, then I tossed the virus containing file into the trash. I emptied the trash and ran the ClamAv again too see if I had in fact removed the virus. Which, I did....

My question is: Is ClamAv a good antivirus utility, and did I follow the correct procedure to get rid of the virus??

 

[r.j.s]

So, what did you install recently that contained a trojan (different than a virus) - because you CANNOT get them by browsing in Safari alone.

 

[GGJstudios]

1. Safari doesn't give you messages about viruses. It doesn't do virus checking.
2. Chances are great that you visited a website with one of those bogus pop-ups that claims you have a virus, even though no website can tell that.
3. You can't get a virus on Mac OS X, because none exist.
4. For you to get a trojan, you have to install it, which involves entering your administrator password.

 

[Leakyfawcet]

I had downloaded Adobe Photoshop, and Xcode. Strangely the message from safari appeared right after I clicked a thumbnail of somebody's pic on myspace.

 

[r.j.s]

I had downloaded Adobe Photoshop,

Legit, or torrent?

Strangely the message from safari appeared right after I clicked a thumbnail of somebody's pic on myspace.

Then that was a strange coincidence for a spam/scam company advertisement.

Trojan removal tool here (.dmg link)

 

[Leakyfawcet]

I believe it was legit. I had downloaded it about two weeks previous to the trojan event.

Thank you r.j.s I just ran the trojan removal tool, and there was nothing found. I must had gotten rid of it when I used ClamAV last night.

 

[r.j.s]

I believe it was legit. I had downloaded it about two weeks previous to the trojan event.

Well, the only current way to get a trojan is to install it yourself. So, maybe someone else with access to your MBP could have done it.

Does it still show in ClamXav? Let us know the name, and we'll help remove it.

Thank you r.j.s I just ran the trojan removal tool, and there was nothing found. I must had gotten rid of it when I used ClamAV last night.

Not necessarily, it may have been the wrong tool for your trojan.

 

[vandozza]

I believe it was legit.

LOL if you don't know if it's "legit" or not then I'd suggest that it's probably NOT.

I think you would remember paying a few hundred dollars (at least) for Photoshop.

(Unless you are talking about downloading a trial version?)

 

[PeterQC]

If you're not downloading shady program from torrent and only get your apps from safe places, you'll not have a use for antivirus, whatsoever. It might change in the few years, but not for now.

You've downloaded Photoshop, it's pretty much the cause for your trojan. I assume that you will want to download iWork 9 and iLife 09 too. You'll be pretty much in the same problem. Go buy the softwares yourself or find free/open-sources alternatives and you won't have any more issues.

Gimp for one, is the best that I know for now, and is available for Mac OS X.
http://www.gimp.org/downloads/

 

[diazj3]

I believe it was legit. I had downloaded it about two weeks previous to the trojan event.

What do you mean by "I believe..."? software downloads are either legit or not... and when it comes to Adobe, there are no free rides. So, did you download it from the Adobe site (as a trail version) or paid for it? or did you dl it from some other place? There have been several reports about an illegitimate Adobe download that contains a trojan...

 

[Leakyfawcet]

I had also noticed that up until I removed the trojan, my memory was almost totally active(75-89%) while running Safari, Time Machine, and using my printer.

Sorry I wasn't clear enough for some of you. I downloaded the trial version from the Adobe Website, and no I don't use torrents at all.

 

[PeterQC]

No way that you got a trojan from there. What have you done more precisely in the last week(s)? Did you have any friends that download Photoshop from torrent? Did you used a cracking tool or key finder to unlock Photoshop?

 

[Leakyfawcet]

Peter:No, none of the above. This thread has gone a little off topic.

My question wasn't where I had got the trojan from. My questions were if I took the right measures to remove it, and if ClamAV is a good antivirus utility?

 

[r.j.s]

if I took the right measures to remove it,

We don't know, because we don't know which one it is. We need to know it's name according to ClamXav, or where you might have gotten it. Otherwise, parts may still be lurking.

And, yes, generally ClamXav is good, but it has never really been tested - because there are no viruses in the wild for OS X.

 

[PeterQC]

Peter:No, none of the above. This thread has gone a little off topic.

My question wasn't where I had got the trojan from. My questions were if I took the right measures to remove it, and if ClamAV is a good antivirus utility?

If the removing tool found nothing, and that your anti-virus found it and removed it, then it might be.

It just seem REALLY questionnable to me why and how you got the trojan. I really don't see how you just got it from nowhere.

 

[The Hammer]

Peter:No, none of the above. This thread has gone a little off topic.

My question wasn't where I had got the trojan from. My questions were if I took the right measures to remove it, and if ClamAV is a good antivirus utility?

You took the right steps and Clam is Ok. I don't know if the big names are better for Macs or not.

 

[Leakyfawcet]

Otherwise, parts may still be lurking.

If this was true, wouldn't the iWorkservices Trojan Removal Tool have found it?

 

[r.j.s]

The tool I linked was for the PS CS4 trojan ... it may not find any others.

 

[Leakyfawcet]

The name of the file was Trojan.Fraudload.

 

[r.j.s]

The name of the file was Trojan.Fraudload.

OK, you're fine. That is a Windows trojan, which are detected by ClamXav. It cannot do anything to your computer, but you could have passed it to other Windows machines.

 

[rj-300zx]

1. Safari doesn't give you messages about viruses. It doesn't do virus checking.
2. Chances are great that you visited a website with one of those bogus pop-ups that claims you have a virus, even though no website can tell that.
3. You can't get a virus on Mac OS X, because none exist.
4. For you to get a trojan, you have to install it, which involves entering your administrator password.

Uhhhh no. I love Mac but every OS has viruses, if you run your mac without viruses thinking your safe think again. Not having Virus protection is like unprotected sex, if you think your ok then something bad is going to happen.

 

[r.j.s]

Uhhhh no. I love Mac but every OS has viruses, if you run your mac without viruses thinking your safe think again. Not having Virus protection is like unprotected sex, if you think your ok then something bad is going to happen.

Proof?

There are 0 viruses, look up the definition if needed, in the wild for OS X. There are a handful of trojans, ALL of them require the admin password in order to install, and NONE can replicate.

 

[Leakyfawcet]

Rj-300zx: What virus protection utility do you recommend?

I assume you have a Nissan 300zx?

 

[pastrychef]

Rj-300zx: What virus protection utility do you recommend?

I assume you have a Nissan 300zx?

Like r.j.s said, there are no viruses. If there are no viruses, what do you need virus protection for?

 

[Tallest Skil]

Uhhhh no. I love Mac but every OS has viruses, if you run your mac without viruses thinking your safe think again. Not having Virus protection is like unprotected sex, if you think your ok then something bad is going to happen.

Except that there are no viruses.

Name one and prove us wrong.