Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

My MBP is really, really, slow. do I have a virus?

gt40x4

gt40x4

macrumors member
Original poster
Mar 8, 2010
44
0
England
Hey guys, im not sure if my mbp has a virus or not cuz it has been running really, really, really, SLOW. so i was wondering of there is a way to test to see if i have a virus, are there any programs i cam run to check?

thanks :confused:
 
Check Activity Monitor.app (in /Applications/Utilities/) to see what's using up your resources.
 
Could you give a better description of what is slow, opening files... ect?

If so hard drive could be faulty / damaged :)
 
Am I cruel if I write YES?

No, you don't have a virus. There are not viruses for Mac OS X. Wait for GGJstudios reply, as that explains it in more detail

Have you taken a look at the Activity Monitor in Applications / Utilities?
Don't forget to select to SHOW ALL PROCESSES and sort by CPU.

Also what Mac and what Mac OS X are you running and during what task does the MBP feel slow?
 
Tim Lyons said:
Macs do get the occasional virus believing that they don't is a lie

After a quick google search I found this you might want to try?
Click to expand...

You're are absolutely wrong.

From another thread:

ppc750fx said:
My bet is that you didn't have a trojan. I say that because many of the things that it reports as being threats aren't really threats.

You know what... I've seen too many threads mentioning this iAntiVirus junk, so let's ake a look at the threat list.

iAntiVirus detects 96 threats. Pretty good, right? We'll see about that...

Application.OSX.* - 16 "threats"
  • 11/16 are legitimate applications, used for system administration in schools and internet cafes. They _could_ be used maliciously, but they can and are used for a number of legitimate purposes (such as security auditing.)
  • 3/16 are dedicated keyloggers. (A couple admin tools also can keylog, but these three are primarily keyloggers.)
  • 1/16 are proofs of concept.
  • 1/16 is a log management tool for a logging program. It doesn't log anything -- it just manages text files. Yes, I'm serious.

Backdoor.* - 10 "threats"
  • 1/10 is a Classic virus. It is 100%, completely inert on OS X.
  • 9/10 require user intervention to run. As in the user must run the backdoor itself.

DDoS.OSX.CometShower - 1 "threat"
This requires the user to install it. If activated, it can be used to perform a DDoS attack on a target, but that's about it.

Eicar_Test_Files - 1 "threat"
Not a threat. It's a test file used to verify that antivirus programs work correctly. I think it's a little deceptive to list this as a "threat"...

Email-Flooder.OSX.* - 3 "threats"
All three of these are mass mailing tools. They are not infectious, do not run without user intervention, and can't do much other than... uh... send e-mail.

Exploit.EvilGrade.a - 1 "threat"
The description that iAntiVirus provides is kinda deceptive. It's more a proof-of-concept than an "exploit tool."

Exploit.Exploit.OSX.CVE* - 2 "threats"
Both of these are PoCs.

Exploit.OSX.ARDAgent - 1 "threat"
My best guess is that it detects this PoC.

Exploit.OSX.CVE-* - 8 "threats"
Funny, but none of these seem to be discrete threats... instead, iAntiVirus claims to detect code that exploits these vulnerabilities. As far as I can tell, none of these have actually be exploited by malicious code "in the wild." That, and the most recent of the exploits is from 2007 -- and they've all been patched.

Exploit.OSX.Small - 1 "threat"
PoC.

Hacktool.MacOS.UGMPortScanner - 1 "threat"
It's a port scanner. That's it. Oh, and it's for Mac OS 9 and below... and thus isn't even an OS X binary.

Hacktool.OSX.* - 10 "threats", 1 potential threat
  • 1/11 reveals the IP of someone logged on to AIM. That's it. Oh, and the method it uses is obsolete. (Hacktool.OSX.AimSniff)
  • 2/11 are "brute force" tools (i.e. penetration testing tools.) (Hacktool.OSX.BrutalGift & Hacktool.OSX.Cyanide)
  • 1/11 is a tool for extracting audio from pcap dumps. (Hacktool.OSX.iChatSniff)
  • 1/11 is a goddamn joke. It can "scan websites for web links" and do other crazy stuff... like open a telnet connection. No, I'm not making this up. (Hacktool.OSX.Heirophant)
  • 1/11 is a password cracker (Hacktool.OSX.macKrack)
  • 2/11 are penetration testing tools (Hacktool.OSX.MacSmurf & Hacktool.OSX.ManOfTheMiddle). It's worth noting that MacSmurf is mostly useless now that sane admins protect against smurf attacks (thanks, in no small part, to auditors using tools such as this one...)
  • 1/11 is a SYN flood tool. (Hacktool.OSX.SYNer)
  • 1/11 *might* be a threat. (Hacktool.OSX.UnderHand). I have been unable to find any reports of this being in the wild.
  • 1/11 is a generic script-kiddie flooding tool. (Hacktool.OSX.ZapAttack)

Port-Flooder.OSX.Tsunami - 1 "threat"
Another kiddie flooding tool.

RogueAntiSpyware.OSX.Imunizator - 1 "threat"
Well gee PC Tools... don't you think it's kinda sleazy to list the same threat twice? This is the same as RogueAntiSpyware.OSX.MacSweeper.

RogueAntiSpyware.OSX.MacSweeper - 1 "threat"
I'll let PC Tools themselves describe this sucker: "It poses no threat and it does not have the capability to propagate or spread itself."

Rootkit.MacOS.Weapox - 1 threat
This is a rootkit. Yes, it works. I've neither seen it nor heard of it in the wild, but it could be used as a real threat.

Trojan-PSW.OSX.Corpref.A - 1 threat
Trojan. It's been found in the wild, but it requires you to enter your admin password.

Trojan.MacOS.* - 4 "threats"
Four more viruses for classic. You know I'm starting to see a pattern here...

Trojan.OSX.DNSChanger* - 2 "threats"
Both require admin passwords to operate. Actually, they're the same trojan, just one's rebranded. Again, it's pretty obvious that PC Tools is trying to pad their numbers by listing them separately.

Trojan.OSX.Lamzev.a - 1 threat(?)
Couldn't find much about this online other than it exists. I'll assume that PC Tools is telling the truth.

Trojan.OSX.RSPlug.C - 1 "threat"
Requires admin password. Does the same thing as the Trojan.OSX.DNSChanger* variants, but is technically a different threat.

Trojan.Trojan.OSX.RSPlug.* - 2 "threats"
Same as Trojan.OSX.RSPlug.C, but with a slightly different payload. It's a pretty big stretch to list this threat three times...

Virus.MacOS.* - 21 "threats"
This is absurd. These are *ALL* viruses for Mac OS 9 and below (aka Classic). It's actually impossible for them to run on the Intel machines, and they require virtualization on PowerPC Macs.

Virus.OSX.Leap - 1 threat
Technically self-reproducing, but requires users to manually launch the binary to infect their machine. PowerPC only. Still, I'll count it as a threat.

Worm.MacOS.Autostart - 1 "threat"
Sigh. Another virus that won't work on anything other than Classic.

Worm.OSX.Inqtana - 1 "threat"
Proof of concept. And the exploit it uses was patched years ago.

Worm.OSX.Renepo / "Opener" - 1 threat
Well... it does do malicious stuff, and it has been seen in the wild, so I guess we'll count this.

---

So let's review with some fun stats.

Of the 96 "threats" that iAntiVirus protects against:

- 28 are for Classic only.
- 5 are proofs-of-concept.
- 4 are the same as an already-listed threat. (IMHO it's pretty damn deceptive to list these as discrete threats.)
- 8 appear just to be references to exploits with no mention of what malicious software (if any) is detected. (What the hell?)
- 3 are "flooding" tools that could be used by script kiddies. They can't infect anything, they can't do anything on their own, and they can't do any serious damage to anyone. Two of them won't even work against any *nix box that's been secured by a half-sane admin.
- 3 are password cracking or brute forcing tools. Again: they can't infect, and they require a human operator.
- 3 are keyloggers that require manual installation.
- 9 are backdoors that must be explicitly started and/or installed (and that are defeated by the use of a firewall.)
- 15 are penetration testing tools that _could_ be misused, but that pose no threat to the machine they reside on.
- 3 are just WTFs. One manages logs, another uses an old trick to (drumroll) display an IP address, and the third does nothing that can't already be done with telnet, curl and grep.

So what does that leave?

- 2 appear to be threats, but I couldn't find enough information to be sure what iAntiVirus is actually looking for.
- 1 is a real, live rootkit.
- 1 is a PowerPC-only worm (no, it's not a virus despite PC Tools' classification) that requires the user to execute it.
- 2 are trojans that change DNS settings (and that require user intervention and privilege escalation to take effect). These two threats are listed as five separate entries.
- 1 threat is described by PC Tools themselves thusly: "It poses no threat and it does not have the capability to propagate or spread itself.". That didn't stop them from ranking it with a mid-level threat rating *and* listing it under two separate names though...
- 1 is a worm that's been seen in the wild.

Some more stats:

Number of self-propagating threats that iAntiVirus protects against: 0. There are none.
Number of threats that iAntiVirus has listed multiple times under different names: 3
Number of known trojans in the wild that iAntiVirus doesn't claim to offer protection against: 2

---

So in summary, I stand by my claim that iAntiVirus is junk. It's marketed in an exceptionally deceptive manner, will detect and remove a bunch of stuff that isn't a threat, and preys on people who don't do due diligence before handing over their time, CPU power, and (if you buy a one year license for the "paid version") money.

Now can we *please* stop recommending this POS?
Click to expand...


The above is the post GGJstudios alludes to in the following post I quoted (from this thread), which might be of interest to people who believe in viruses on Mac OS X.


GGJstudios said:
The point is, it's bogus, as the link I posted illustrates. The vast majority of "threats" it describes are not threats at all. They just want to scam you into buying their software.

No anti-virus app can detect viruses in Mac OS X because no such viruses exist. Having AV software will not protect you from a Mac virus, because it wouldn't know what to look for. You can't protect yourself from something that doesn't exist.

I've read some of your other threads and you really need to learn to relax and enjoy your Mac. It's very different from the Windows world, where viruses and other malware are rampant. You don't have to "fiddle" with Mac OS X to keep it safe and functioning well.

A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.

From Symantec:


As of this time, there are NO viruses in the wild that affect current Mac OS X. In the past, there have been a few viruses that ran on older versions of the Mac operating system, but no longer.

There are, as of this time, trojans that can affect Mac OS X, but these must be downloaded and installed by the user, which involves entering the user's administrator password. Trojans can easily be avoided by the user exercising common sense and caution when installing applications. A common source of trojans is pirated software, typically downloaded from bit torrent sites.

Having virus protection software on your Mac is pointless, as far as protecting your Mac from viruses, since AV software can't detect a virus that doesn't exist. It is possible to have a file reside on your hard drive that contains a Windows virus, but since a Windows virus (program) can't run in native Mac OS X, it would be harmless to your Mac. Some choose to run AV on their Mac to scan for Windows viruses, so the Mac user can't pass a virus-infected file to a Windows user. In my opinion, a Windows user should be protected by their own AV software, so the burden of protection lies with the Windows user.
Click to expand...
 
I'm fairly new to Mac, so I could be wrong I am not stating I'm 100% correct but when I see this, it looks like a virus to me? :rolleyes:

I am aware that some Antivirus companies do scam, and play on the "fear" on new computer users *Cough* Norton.
 
Tim Lyons said:
Macs do get the occasional virus believing that they don't is a lie

After a quick google search I found this you might want to try?
Click to expand...

Epic Fail...
Another thing you can do is to take your installation DVD that came with your Mac, put it in your Mac, and reboot and hold the "D" key. This will run some diagnostic tests on your hardware, so if you have a hard driver that is failing, this would tell you that.
 
Tim Lyons said:
I'm fairly new to Mac, so I could be wrong I am not stating I'm 100% correct but when I see this, it looks like a virus to me? :rolleyes:

Discovered on 2,17,2006

Inqtana is a proof-of-concept worm, coded with a stop date of February 24th and confining its spread to very specific bluetooth addresses. In other words, Inqtana in its current form poses no real threat to Mac users.
Click to expand...

I'm sure that Apple has addressed this issue with the numerous security updates and 2 new versions of OS X since that article was released.
 
Tim Lyons said:
I'm fairly new to Mac, so I could be wrong I am not stating I'm 100% correct but when I see this, it looks like a virus to me? :rolleyes:
Click to expand...

You are new to computers as well?

Inqtana is a proof-of-concept worm. from the website you linked to.

A worm is not the same as a virus. Read my second post again (which I didn't write but stole).
 
Things to check for when your computer is "running really, really slow":

Open Activity Monitor or, in Terminal, type "top". See if a process is using close to 100% of CPU time (or more, on dual-core machines). Sometimes, for some reason, on my system Finder starts to eat CPU time. Force Quitting Finder or restarting fixes the problem.

Unexplained freezes and long delays in reading files or writing could be a sign of impending hard drive failure. Given the OP's post, I think this is highly suspect. If you suspect this, STOP USING YOUR HARD DRIVE immediately. Get it replaced with another one, then put the old one in a USB enclosure so you can make a backup of your files (if not already too late).

Check to see if there is network activity going on. Is Finder trying to scan your LAN for connected servers? Trying to access a shared drive on the network? That can cause long delays.
 
Someone on a Mac thinks they have a virus???? Wow! That's a first!!! :D Here's a sure way to find out.... if you have technology (or even mainstream) news reporters beating down your door, wanting an interview, you know you have a Mac OS X virus. Be sure to look for a few Microsoft representatives in the group!
 
Tim Lyons said:
I stand corrected Spinnerlys.
Click to expand...

Nobody is saying that Mac's can't, or won't ever, get a virus. If anyone does, they are wrong. The Mac is not a magic infallible platform. One day, someone, somewhere, will discover a vulnerability, and exploit it, and we'll have our first Mac OS X virus.

We're just saying that so far, in 10 years of OS X, this hasn't happened yet.

There are worms and trojans, but these will always exist since they play on social exploits rather than computer exploits. Heck, the original Trojan Horse didn't even have anything to do with computers. :) Right now, there aren't very many of these either for OS X, but they do exist. How does one currently get infected with an OS X worm? (1) Surf shady sites looking for porn or warez, (2) download an app from an unknown source, (3) open it, (4) give it your admin password. As long as you can avoid doing all of those steps, you'll be fine.
 
It's alive!

This thread has gained a life of its own. The OP hasn't responded... maybe he was scared of the flamers.

Solution: Keep threads OT! :D

-Aaron-
 
notjustjay said:
Nobody is saying that Mac's can't, or won't ever, get a virus. If anyone does, they are wrong. The Mac is not a magic infallible platform.
Click to expand...

That is kinda more what I was getting at, people can become typhlotic to that at times.
 
aarond12 said:
This thread has gained a life of its own. The OP hasn't responded... maybe he was scared of the flamers.

Solution: Keep threads OT! :D

-Aaron-
Click to expand...
Who's flaming? The OP asked about viruses. The responses have been about viruses. What do you think is flaming or off-topic? Some people don't respond for a while because they have LIVES.
 
ok maby i frased this wrong, sorry guys, can you get a virus from visiting websites?
 
gt40x4 said:
ok maby i frased this wrong, sorry guys, can you get a virus from visiting websites?
Click to expand...

Nope.

What about any of the other ideas that have been thrown at you? Care to comment on them? Just because you don't know what is slowing down your computer, doesn't mean it has to be a non-existent virus. We showed you some ways to fix and find out what could be wrong.

Btw, have you read the thread at all? We told you there are NO (0 = 1-1 or 0 = 27382719 - 27382719) viruses for Mac OS X.
 
GGJstudios said:
Not on a Mac.
Click to expand...
Well, theoretically you can certainly get infected with a virus on a Mac. As of yet this hasn't happened in reality. A subtle but very important nuance!

Anyway, slow computers are mostly caused by other things like hanging applications, crashing hard drives, etc.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back