My MBP had a trojan virus.

Discussion in 'MacBook Pro' started by Leakyfawcet, Feb 12, 2009.

  1. Leakyfawcet macrumors newbie

    Joined:
    Feb 12, 2009
    #1
    I was browsing the Web yesterday, and all of a sudden I got a message from Safari stating that my comp. was infected with a virus. I quickly ran a scan with ClamAv, and found a Trojan virus hiding among my personal files. I used ClamAv to quarantine the virus, then I tossed the virus containing file into the trash. I emptied the trash and ran the ClamAv again too see if I had in fact removed the virus. Which, I did....

    My question is: Is ClamAv a good antivirus utility, and did I follow the correct procedure to get rid of the virus??
     
  2. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #2
    So, what did you install recently that contained a trojan (different than a virus) - because you CANNOT get them by browsing in Safari alone.
     
  3. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    1. Safari doesn't give you messages about viruses. It doesn't do virus checking.
    2. Chances are great that you visited a website with one of those bogus pop-ups that claims you have a virus, even though no website can tell that.
    3. You can't get a virus on Mac OS X, because none exist.
    4. For you to get a trojan, you have to install it, which involves entering your administrator password.
     
  4. Leakyfawcet thread starter macrumors newbie

    Joined:
    Feb 12, 2009
    #4
    I had downloaded Adobe Photoshop, and Xcode. Strangely the message from safari appeared right after I clicked a thumbnail of somebody's pic on myspace.
     
  5. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #5
    Legit, or torrent?

    Then that was a strange coincidence for a spam/scam company advertisement.

    Trojan removal tool here (.dmg link)
     
  6. Leakyfawcet thread starter macrumors newbie

    Joined:
    Feb 12, 2009
    #6
    I believe it was legit. I had downloaded it about two weeks previous to the trojan event.

    Thank you r.j.s I just ran the trojan removal tool, and there was nothing found. I must had gotten rid of it when I used ClamAV last night.
     
  7. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #7
    Well, the only current way to get a trojan is to install it yourself. So, maybe someone else with access to your MBP could have done it.

    Does it still show in ClamXav? Let us know the name, and we'll help remove it.

    Not necessarily, it may have been the wrong tool for your trojan.
     
  8. vandozza macrumors 6502a

    vandozza

    Joined:
    Jun 14, 2006
    Location:
    Australia
    #8
    LOL if you don't know if it's "legit" or not then I'd suggest that it's probably NOT.

    I think you would remember paying a few hundred dollars (at least) for Photoshop.

    (Unless you are talking about downloading a trial version?)
     
  9. PeterQC macrumors 6502a

    PeterQC

    Joined:
    Jun 30, 2008
    #9
    If you're not downloading shady program from torrent and only get your apps from safe places, you'll not have a use for antivirus, whatsoever. It might change in the few years, but not for now.

    You've downloaded Photoshop, it's pretty much the cause for your trojan. I assume that you will want to download iWork 9 and iLife 09 too. You'll be pretty much in the same problem. Go buy the softwares yourself or find free/open-sources alternatives and you won't have any more issues.

    Gimp for one, is the best that I know for now, and is available for Mac OS X.
    http://www.gimp.org/downloads/
     
  10. diazj3 macrumors 6502a

    Joined:
    Jan 19, 2008
    #10
    What do you mean by "I believe..."? software downloads are either legit or not... and when it comes to Adobe, there are no free rides. So, did you download it from the Adobe site (as a trail version) or paid for it? or did you dl it from some other place? There have been several reports about an illegitimate Adobe download that contains a trojan...
     
  11. Leakyfawcet thread starter macrumors newbie

    Joined:
    Feb 12, 2009
    #11
    I had also noticed that up until I removed the trojan, my memory was almost totally active(75-89%) while running Safari, Time Machine, and using my printer.

    Sorry I wasn't clear enough for some of you. I downloaded the trial version from the Adobe Website, and no I don't use torrents at all.
     
  12. PeterQC macrumors 6502a

    PeterQC

    Joined:
    Jun 30, 2008
    #12
    No way that you got a trojan from there. What have you done more precisely in the last week(s)? Did you have any friends that download Photoshop from torrent? Did you used a cracking tool or key finder to unlock Photoshop?
     
  13. Leakyfawcet thread starter macrumors newbie

    Joined:
    Feb 12, 2009
    #13
    Peter:No, none of the above. This thread has gone a little off topic.

    My question wasn't where I had got the trojan from. My questions were if I took the right measures to remove it, and if ClamAV is a good antivirus utility?
     
  14. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #14
    We don't know, because we don't know which one it is. We need to know it's name according to ClamXav, or where you might have gotten it. Otherwise, parts may still be lurking.

    And, yes, generally ClamXav is good, but it has never really been tested - because there are no viruses in the wild for OS X.
     
  15. PeterQC macrumors 6502a

    PeterQC

    Joined:
    Jun 30, 2008
    #15
    If the removing tool found nothing, and that your anti-virus found it and removed it, then it might be.

    It just seem REALLY questionnable to me why and how you got the trojan. I really don't see how you just got it from nowhere.
     
  16. The Hammer macrumors regular

    Joined:
    Jun 19, 2008
    Location:
    Toronto, Canada
    #16
    You took the right steps and Clam is Ok. I don't know if the big names are better for Macs or not.
     
  17. Leakyfawcet thread starter macrumors newbie

    Joined:
    Feb 12, 2009
    #17
    If this was true, wouldn't the iWorkservices Trojan Removal Tool have found it?
     
  18. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #18
    The tool I linked was for the PS CS4 trojan ... it may not find any others.
     
  19. Leakyfawcet thread starter macrumors newbie

    Joined:
    Feb 12, 2009
  20. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #20
    OK, you're fine. That is a Windows trojan, which are detected by ClamXav. It cannot do anything to your computer, but you could have passed it to other Windows machines.
     
  21. rj-300zx macrumors regular

    rj-300zx

    Joined:
    Feb 2, 2009
    #21
    Uhhhh no. I love Mac but every OS has viruses, if you run your mac without viruses thinking your safe think again. Not having Virus protection is like unprotected sex, if you think your ok then something bad is going to happen.
     
  22. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #22
    Proof?

    There are 0 viruses, look up the definition if needed, in the wild for OS X. There are a handful of trojans, ALL of them require the admin password in order to install, and NONE can replicate.
     
  23. Leakyfawcet thread starter macrumors newbie

    Joined:
    Feb 12, 2009
    #23
    Rj-300zx: What virus protection utility do you recommend?

    I assume you have a Nissan 300zx?
     
  24. pastrychef macrumors 601

    pastrychef

    Joined:
    Sep 15, 2006
    Location:
    New York City, NY
    #24
    Like r.j.s said, there are no viruses. If there are no viruses, what do you need virus protection for?
     
  25. Tallest Skil macrumors P6

    Tallest Skil

    Joined:
    Aug 13, 2006
    Location:
    1 Geostationary Tower Plaza
    #25
    Except that there are no viruses.

    Name one and prove us wrong.
     

Share This Page