My MBP had a trojan virus.

[fleshman03]

Yeah but in this particular case where there is a confirmed trojan installer with a torrented version of Photoshop CS4 that information is very important. If that is what he had, we couldn't have pointed him to the specific fix he would have needed.

Oh yeah, Macs' can't get viruses. OS X/UNIX != Windows. You can't even sneeze outside your home directory on a *nix box without going SU first.

I was only aware of the one in iWork and not the one in CS4. I would have adjusted my comments if I did.

My posts are no where near judging anyone's morals, more like trying to figure out what the problem might be, and since there are trojans in torrents ...

Agreed. However we've all seen those threads. I know I'm very hesitant to talk about such matters here.

I promptly deleted photoshop from my Mac. I didn't even get to use it. I didn't mean to start a flame war I was just in need of some advice.

For MacRumors, this isn't a flame war. They get much more ... flamy....

If you need help again, don't hesitate to come back. Some people will say some stuff, but there are some who will help you.

 

[marbles]

I promptly deleted photoshop from my Mac. I didn't even get to use it. I didn't mean to start a flame war I was just in need of some advice.

Don't worry fella!, there are those on here who would not have a word said about Apple and the Mac, we all know there are keyloggers and the like for Mac and tbh they are what bother me most cos them nick your credit details .

folks are being pedantic over the choice of words , virus, keylogger whatever.... call it what you will, a computer, any computer is vulnerable.

Who was it who said the only safe computer is one that is encased in lead and buried under 20ft of cement and surrounded by armed guards, extreme but you get my point.

 

[r.j.s]

Don't worry fella!, there are those on here who would not have a word said about Apple and the Mac, we all know there are keyloggers and the like for Mac and tbh they are what bother me most cos them nick your credit details .

Have you installed any keyloggers? If not, I wouldn't worry.

Remember, the thing about *NIX-based systems is that it asks for the admin password to make any system changes.

 

[UltraNEO*]

Read a bit further down the first page, the guy says he downloaded legit of the Adobe website and does not use torrents.
.

skimreaders

Your missing the point.

The OP might of downloaded the application from an authorised source and that's OK cause Adobe likes to give potential new comers a sneak peak for a few weeks. However, that isn't where the Trojan appears from. It's more likely the OP used a third party hacked key-gen/patcher, to create a acceptable application key, in return this said key-gen/patcher (created by some shady person(s)) offloaded it's payload while patching the host application.

This wouldn't of happened IF the OP had purchased the application in the first place. Personally... I think, we on MR shouldn't be giving help to people pirating software. Period.

I was only aware of the one in iWork and not the one in CS4. I would have adjusted my comments if I did.

Really? Oh, well, Here you go.
I'd suspect the OP used something like this.

 

[marbles]

Your missing the point.

The OP might of downloaded the application from an authorised source and that's OK cause Adobe likes to give potential new comers a sneak peak for a few weeks. However, that isn't where the Trojan appears from. It's more likely the OP used a third party hacked key-gen/patcher, to create a acceptable application key, in return this said key-gen/patcher (created by some shady person(s)) offloaded it's payload while patching the host application.

This wouldn't of happened IF the OP had purchased the application in the first place. Personally... I think, we on MR shouldn't be giving help to people pirating software. Period.



Really? Oh, well, Here you go.
I'd suspect the OP used something like this.

Ah, ok. I was unaware of this sort of thing, thanks for clarifying.

right, ban him then , or give him a severe telling off at least, or maybe a little bit of bannation and a telling off , or ..[sorry, I've been watching monty python on youtube] http://www.youtube.com/profile_videos?user=MontyPython]
really no need to take that tone with me though ,cheers.

~m

 

[Jethryn Freyman]

If ClamXAV could detect the trojan, then it was a Windows trojan. ClamXAV DOES NOT DETECT OS X THREATS.

 

[msandersen]

I was browsing the Web yesterday, and all of a sudden I got a message from Safari stating that my comp. was infected with a virus. I quickly ran a scan with ClamAv, and found a Trojan virus hiding among my personal files. I used ClamAv to quarantine the virus, then I tossed the virus containing file into the trash. I emptied the trash and ran the ClamAv again too see if I had in fact removed the virus. Which, I did....

My question is: Is ClamAv a good antivirus utility, and did I follow the correct procedure to get rid of the virus??

As stated, if it came from Safari, it would have been a bogus scam ad aimed at getting you to install a rogue Windows spyware program. Javascript attached to a picture link on Myspace could have done it. ClamXav finding something is a coincidence as you got spooked into doing a scan. As it was among your personal items (Documents folder, Downloads folder etc), it means it wasn't installed, but could have been anything with a hidden Windows virus/trojan downloaded or given you from somewhere. An MS Office file can contain a Macro virus, which can spread on version of Office supporting Visual Basic, but not affect Mac systems. I've seen one spread across a network of Macs programmed to erase the C drive on a certain date, though obviously it would have been ineffective on the Macs. A Word document can be cleaned, for instance by disabling Macros, trashing the Normal template, and copying the contents over to a new document and saving, but generally deleting infecting files is a wise move.

If ClamXAV could detect the trojan, then it was a Windows trojan. ClamXAV does not detect OS X threats.

Apart from the Leap-A Trojan it doesn't, unfortunately. The ClamAV people were sent a sample of the virus early on, but so far ClamXav doesn't detect the original iServices Trojan, which I downloaded specifically to test on. I might track down a copy of the CS4 variant as well. McAffee on my PC detects and removes it if I copy it over.
ClamAV is an opensource project by volunteers, so it's hard to cast blame, but it does point out you cannot rely on it. VirusBarrier has been reported by people here to have stopped the original iServices Trojan when it came out, and Indigo are the ones who found the CS4 variant as well. There is also MacScan.

There are 0 viruses, look up the definition if needed, in the wild for OS X. There are a handful of trojans, ALL of them require the admin password in order to install, and NONE can replicate.

...Leap-A is NOT a virus. It's a trojan

Semantics are irrelevant. Whether it is self-replicating or needs user interaction to download and install, the end result is the same. Whether it relies on a browser plugin vulnerability or social engineering, it can still be devastating. From what I remember, Leap-A was reported by some forum members to not have asked for a password, and it did spread on the local network, and if not for flaws in its coding, could have done worse.

Oh yeah, Macs' can't get viruses. OS X/UNIX != Windows. You can't even sneeze outside your home directory on a *nix box without going SU first.

Unix Elitism, lol. That's like saying Unix can't get hacked. Assuming that Unix programmers are perfect and don't inadvertently introduce security vulnerabilities belies the fact that there are regular security updates to fix buffer overflows and other permission escalation threats. Not to mention vulnerabilities introduced by 3rd party programs, like Flash, or Apple's own, Quicktime.

There is ZERO need for virus software for the Mac

um, right. Stick your head back in the sand.

Personally I only have ClamXav, as I don't want to pass on Windows viruses, least of all to my own PC, and have it set to scan downloads from Firefox. I have no real-time protection installed, as I am loath to put it on unless I feel I really need it.

 

[Jethryn Freyman]

Apart from the Leap-A Trojan it doesn't, unfortunately. The ClamAV people were sent a sample of the virus early on, but so far ClamXav doesn't detect the original iServices Trojan, which I downloaded specifically to test on. I might track down a copy of the CS4 variant as well. McAffee on my PC detects and removes it if I copy it over.
ClamAV is an opensource project by volunteers, so it's hard to cast blame, but it does point out you cannot rely on it. VirusBarrier has been reported by people here to have stopped the original iServices Trojan when it came out, and Indigo are the ones who found the CS4 variant as well. There is also MacScan.

The only OS X threat listed in the ClamAV database is "OSX.DNSChanger", which is actually OSX.RSPlug.A. This trojan was discovered in late 2007. Since then, there have been four revisions to the trojan (versions B to E.)

 

[msandersen]

The only OS X threat listed in the ClamAV database is "OSX.DNSChanger", which is actually OSX.RSPlug.A. This trojan was discovered in late 2007. Since then, there have been four revisions to the trojan (versions B to E.)

I'll take your word for it, I was going by the ClamXav home page, which only llists Leap-A, and states it is included in the ClamAV database:
http://www.clamxav.com/index.php?page=leap
At any rate, that makes it not to be relied upon for protecting Macs. As far as I know, ClamAV is mainly used on Unix systems to protect email systems against Windows viruses/trojans/worms, and I suppose the volunteers must be kept busy keeping up there.

 

[Eddyisgreat]

Unix Elitism, lol. That's like saying Unix can't get hacked. Assuming that Unix programmers are perfect and don't inadvertently introduce security vulnerabilities belies the fact that there are regular security updates to fix buffer overflows and other permission escalation threats. Not to mention vulnerabilities introduced by 3rd party programs, like Flash, or Apple's own, Quicktime.

hey thats fine. All I said is that at the core, unix was built around security. NT can be just as secure, but not out of the box. How about you hack my machine and throw me into a botnet or take control of my box. You'd be the first.

 

[msandersen]

hey thats fine. All I said is that at the core, unix was built around security. NT can be just as secure, but not out of the box. How about you hack my machine and throw me into a botnet or take control of my box. You'd be the first.

Not quite what you said, but true, Unix has a long history of being developed with security in mind, as it's been deployed on large mainframes serving universities and other largescale missioncritical systems. But Microsoft is finally getting a decent security model with Vista and refined with Windows 7, and because of the hammering they've been getting over security, they now arguably have the best code auditing procedures around, presumably better than Apple's, who haven't had to face the barrage of embarrassing viral outbreaks Ms has. That hasn't stopped all infections or some security issues cropping up like with IE7, but Windows machines will be more secure "out of the box" than they were.
All this is off-topic, I know.

 

[magallanes]

Not quite what you said, but true, Unix has a long history of being developed with security in mind, as it's been deployed on large mainframes serving universities and other largescale missioncritical systems. But Microsoft is finally getting a decent security model with Vista and refined with Windows 7, and because of the hammering they've been getting over security, they now arguably have the best code auditing procedures around, presumably better than Apple's, who haven't had to face the barrage of embarrassing viral outbreaks Ms has. That hasn't stopped all infections or some security issues cropping up like with IE7, but Windows machines will be more secure "out of the box" than they were.
All this is off-topic, I know.

Windows Vista and Windows 7 are not more secure, they just put their annoying UAC that many users decide to uninstall but the core (kernel) is in essence a NT core and the file system is the same as previous version.

In opposite, OSX is bases on Unix (not linux) and yes, Unix was created thinking in security and on the top, OSX is based in BSD, one if not the best Unix version in the market.

 

[darngooddesign]

I believe it was legit. I had downloaded it about two weeks previous to the trojan event.

I believe nothing, you either know or don't know.

If you do things legit you won't get a Trojan, but if you are pirating software then you are open to other things like that.