My MBP is really, really, slow. do I have a virus?

gt40x4

macrumors member
Original poster
Mar 8, 2010
44
0
England
Hey guys, im not sure if my mbp has a virus or not cuz it has been running really, really, really, SLOW. so i was wondering of there is a way to test to see if i have a virus, are there any programs i cam run to check?

thanks :confused:
 

wrboyce

macrumors 6502
Oct 30, 2007
270
0
Check Activity Monitor.app (in /Applications/Utilities/) to see what's using up your resources.
 

Tim Lyons

macrumors member
Apr 21, 2010
58
0
Could you give a better description of what is slow, opening files... ect?

If so hard drive could be faulty / damaged :)
 

spinnerlys

Guest
Sep 7, 2008
14,328
7
forlod bygningen
Am I cruel if I write YES?

No, you don't have a virus. There are not viruses for Mac OS X. Wait for GGJstudios reply, as that explains it in more detail

Have you taken a look at the Activity Monitor in Applications / Utilities?
Don't forget to select to SHOW ALL PROCESSES and sort by CPU.

Also what Mac and what Mac OS X are you running and during what task does the MBP feel slow?
 

spinnerlys

Guest
Sep 7, 2008
14,328
7
forlod bygningen
Macs do get the occasional virus believing that they don't is a lie

After a quick google search I found this you might want to try?
You're are absolutely wrong.

From another thread:

My bet is that you didn't have a trojan. I say that because many of the things that it reports as being threats aren't really threats.

You know what... I've seen too many threads mentioning this iAntiVirus junk, so let's ake a look at the threat list.

iAntiVirus detects 96 threats. Pretty good, right? We'll see about that...

Application.OSX.* - 16 "threats"
  • 11/16 are legitimate applications, used for system administration in schools and internet cafes. They _could_ be used maliciously, but they can and are used for a number of legitimate purposes (such as security auditing.)
  • 3/16 are dedicated keyloggers. (A couple admin tools also can keylog, but these three are primarily keyloggers.)
  • 1/16 are proofs of concept.
  • 1/16 is a log management tool for a logging program. It doesn't log anything -- it just manages text files. Yes, I'm serious.

Backdoor.* - 10 "threats"
  • 1/10 is a Classic virus. It is 100%, completely inert on OS X.
  • 9/10 require user intervention to run. As in the user must run the backdoor itself.

DDoS.OSX.CometShower - 1 "threat"
This requires the user to install it. If activated, it can be used to perform a DDoS attack on a target, but that's about it.

Eicar_Test_Files - 1 "threat"
Not a threat. It's a test file used to verify that antivirus programs work correctly. I think it's a little deceptive to list this as a "threat"...

Email-Flooder.OSX.* - 3 "threats"
All three of these are mass mailing tools. They are not infectious, do not run without user intervention, and can't do much other than... uh... send e-mail.

Exploit.EvilGrade.a - 1 "threat"
The description that iAntiVirus provides is kinda deceptive. It's more a proof-of-concept than an "exploit tool."

Exploit.Exploit.OSX.CVE* - 2 "threats"
Both of these are PoCs.

Exploit.OSX.ARDAgent - 1 "threat"
My best guess is that it detects this PoC.

Exploit.OSX.CVE-* - 8 "threats"
Funny, but none of these seem to be discrete threats... instead, iAntiVirus claims to detect code that exploits these vulnerabilities. As far as I can tell, none of these have actually be exploited by malicious code "in the wild." That, and the most recent of the exploits is from 2007 -- and they've all been patched.

Exploit.OSX.Small - 1 "threat"
PoC.

Hacktool.MacOS.UGMPortScanner - 1 "threat"
It's a port scanner. That's it. Oh, and it's for Mac OS 9 and below... and thus isn't even an OS X binary.

Hacktool.OSX.* - 10 "threats", 1 potential threat
  • 1/11 reveals the IP of someone logged on to AIM. That's it. Oh, and the method it uses is obsolete. (Hacktool.OSX.AimSniff)
  • 2/11 are "brute force" tools (i.e. penetration testing tools.) (Hacktool.OSX.BrutalGift & Hacktool.OSX.Cyanide)
  • 1/11 is a tool for extracting audio from pcap dumps. (Hacktool.OSX.iChatSniff)
  • 1/11 is a goddamn joke. It can "scan websites for web links" and do other crazy stuff... like open a telnet connection. No, I'm not making this up. (Hacktool.OSX.Heirophant)
  • 1/11 is a password cracker (Hacktool.OSX.macKrack)
  • 2/11 are penetration testing tools (Hacktool.OSX.MacSmurf & Hacktool.OSX.ManOfTheMiddle). It's worth noting that MacSmurf is mostly useless now that sane admins protect against smurf attacks (thanks, in no small part, to auditors using tools such as this one...)
  • 1/11 is a SYN flood tool. (Hacktool.OSX.SYNer)
  • 1/11 *might* be a threat. (Hacktool.OSX.UnderHand). I have been unable to find any reports of this being in the wild.
  • 1/11 is a generic script-kiddie flooding tool. (Hacktool.OSX.ZapAttack)

Port-Flooder.OSX.Tsunami - 1 "threat"
Another kiddie flooding tool.

RogueAntiSpyware.OSX.Imunizator - 1 "threat"
Well gee PC Tools... don't you think it's kinda sleazy to list the same threat twice? This is the same as RogueAntiSpyware.OSX.MacSweeper.

RogueAntiSpyware.OSX.MacSweeper - 1 "threat"
I'll let PC Tools themselves describe this sucker: "It poses no threat and it does not have the capability to propagate or spread itself."

Rootkit.MacOS.Weapox - 1 threat
This is a rootkit. Yes, it works. I've neither seen it nor heard of it in the wild, but it could be used as a real threat.

Trojan-PSW.OSX.Corpref.A - 1 threat
Trojan. It's been found in the wild, but it requires you to enter your admin password.

Trojan.MacOS.* - 4 "threats"
Four more viruses for classic. You know I'm starting to see a pattern here...

Trojan.OSX.DNSChanger* - 2 "threats"
Both require admin passwords to operate. Actually, they're the same trojan, just one's rebranded. Again, it's pretty obvious that PC Tools is trying to pad their numbers by listing them separately.

Trojan.OSX.Lamzev.a - 1 threat(?)
Couldn't find much about this online other than it exists. I'll assume that PC Tools is telling the truth.

Trojan.OSX.RSPlug.C - 1 "threat"
Requires admin password. Does the same thing as the Trojan.OSX.DNSChanger* variants, but is technically a different threat.

Trojan.Trojan.OSX.RSPlug.* - 2 "threats"
Same as Trojan.OSX.RSPlug.C, but with a slightly different payload. It's a pretty big stretch to list this threat three times...

Virus.MacOS.* - 21 "threats"
This is absurd. These are *ALL* viruses for Mac OS 9 and below (aka Classic). It's actually impossible for them to run on the Intel machines, and they require virtualization on PowerPC Macs.

Virus.OSX.Leap - 1 threat
Technically self-reproducing, but requires users to manually launch the binary to infect their machine. PowerPC only. Still, I'll count it as a threat.

Worm.MacOS.Autostart - 1 "threat"
Sigh. Another virus that won't work on anything other than Classic.

Worm.OSX.Inqtana - 1 "threat"
Proof of concept. And the exploit it uses was patched years ago.

Worm.OSX.Renepo / "Opener" - 1 threat
Well... it does do malicious stuff, and it has been seen in the wild, so I guess we'll count this.

---

So let's review with some fun stats.

Of the 96 "threats" that iAntiVirus protects against:

- 28 are for Classic only.
- 5 are proofs-of-concept.
- 4 are the same as an already-listed threat. (IMHO it's pretty damn deceptive to list these as discrete threats.)
- 8 appear just to be references to exploits with no mention of what malicious software (if any) is detected. (What the hell?)
- 3 are "flooding" tools that could be used by script kiddies. They can't infect anything, they can't do anything on their own, and they can't do any serious damage to anyone. Two of them won't even work against any *nix box that's been secured by a half-sane admin.
- 3 are password cracking or brute forcing tools. Again: they can't infect, and they require a human operator.
- 3 are keyloggers that require manual installation.
- 9 are backdoors that must be explicitly started and/or installed (and that are defeated by the use of a firewall.)
- 15 are penetration testing tools that _could_ be misused, but that pose no threat to the machine they reside on.
- 3 are just WTFs. One manages logs, another uses an old trick to (drumroll) display an IP address, and the third does nothing that can't already be done with telnet, curl and grep.

So what does that leave?

- 2 appear to be threats, but I couldn't find enough information to be sure what iAntiVirus is actually looking for.
- 1 is a real, live rootkit.
- 1 is a PowerPC-only worm (no, it's not a virus despite PC Tools' classification) that requires the user to execute it.
- 2 are trojans that change DNS settings (and that require user intervention and privilege escalation to take effect). These two threats are listed as five separate entries.
- 1 threat is described by PC Tools themselves thusly: "It poses no threat and it does not have the capability to propagate or spread itself.". That didn't stop them from ranking it with a mid-level threat rating *and* listing it under two separate names though...
- 1 is a worm that's been seen in the wild.

Some more stats:

Number of self-propagating threats that iAntiVirus protects against: 0. There are none.
Number of threats that iAntiVirus has listed multiple times under different names: 3
Number of known trojans in the wild that iAntiVirus doesn't claim to offer protection against: 2

---

So in summary, I stand by my claim that iAntiVirus is junk. It's marketed in an exceptionally deceptive manner, will detect and remove a bunch of stuff that isn't a threat, and preys on people who don't do due diligence before handing over their time, CPU power, and (if you buy a one year license for the "paid version") money.

Now can we *please* stop recommending this POS?

The above is the post GGJstudios alludes to in the following post I quoted (from this thread), which might be of interest to people who believe in viruses on Mac OS X.


The point is, it's bogus, as the link I posted illustrates. The vast majority of "threats" it describes are not threats at all. They just want to scam you into buying their software.

No anti-virus app can detect viruses in Mac OS X because no such viruses exist. Having AV software will not protect you from a Mac virus, because it wouldn't know what to look for. You can't protect yourself from something that doesn't exist.

I've read some of your other threads and you really need to learn to relax and enjoy your Mac. It's very different from the Windows world, where viruses and other malware are rampant. You don't have to "fiddle" with Mac OS X to keep it safe and functioning well.

A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.

From Symantec:


As of this time, there are NO viruses in the wild that affect current Mac OS X. In the past, there have been a few viruses that ran on older versions of the Mac operating system, but no longer.

There are, as of this time, trojans that can affect Mac OS X, but these must be downloaded and installed by the user, which involves entering the user's administrator password. Trojans can easily be avoided by the user exercising common sense and caution when installing applications. A common source of trojans is pirated software, typically downloaded from bit torrent sites.

Having virus protection software on your Mac is pointless, as far as protecting your Mac from viruses, since AV software can't detect a virus that doesn't exist. It is possible to have a file reside on your hard drive that contains a Windows virus, but since a Windows virus (program) can't run in native Mac OS X, it would be harmless to your Mac. Some choose to run AV on their Mac to scan for Windows viruses, so the Mac user can't pass a virus-infected file to a Windows user. In my opinion, a Windows user should be protected by their own AV software, so the burden of protection lies with the Windows user.
 

Tim Lyons

macrumors member
Apr 21, 2010
58
0
I'm fairly new to Mac, so I could be wrong I am not stating I'm 100% correct but when I see this, it looks like a virus to me? :rolleyes:

I am aware that some Antivirus companies do scam, and play on the "fear" on new computer users *Cough* Norton.
 

tdgrn

macrumors 6502
May 1, 2008
363
7
Little Rock, AR
Macs do get the occasional virus believing that they don't is a lie

After a quick google search I found this you might want to try?
Epic Fail...
Another thing you can do is to take your installation DVD that came with your Mac, put it in your Mac, and reboot and hold the "D" key. This will run some diagnostic tests on your hardware, so if you have a hard driver that is failing, this would tell you that.
 

tdgrn

macrumors 6502
May 1, 2008
363
7
Little Rock, AR
I'm fairly new to Mac, so I could be wrong I am not stating I'm 100% correct but when I see this, it looks like a virus to me? :rolleyes:

Discovered on 2,17,2006

Inqtana is a proof-of-concept worm, coded with a stop date of February 24th and confining its spread to very specific bluetooth addresses. In other words, Inqtana in its current form poses no real threat to Mac users.
I'm sure that Apple has addressed this issue with the numerous security updates and 2 new versions of OS X since that article was released.
 

spinnerlys

Guest
Sep 7, 2008
14,328
7
forlod bygningen
I'm fairly new to Mac, so I could be wrong I am not stating I'm 100% correct but when I see this, it looks like a virus to me? :rolleyes:
You are new to computers as well?

Inqtana is a proof-of-concept worm. from the website you linked to.

A worm is not the same as a virus. Read my second post again (which I didn't write but stole).
 

notjustjay

macrumors 603
Sep 19, 2003
6,050
156
Canada, eh?
Things to check for when your computer is "running really, really slow":

Open Activity Monitor or, in Terminal, type "top". See if a process is using close to 100% of CPU time (or more, on dual-core machines). Sometimes, for some reason, on my system Finder starts to eat CPU time. Force Quitting Finder or restarting fixes the problem.

Unexplained freezes and long delays in reading files or writing could be a sign of impending hard drive failure. Given the OP's post, I think this is highly suspect. If you suspect this, STOP USING YOUR HARD DRIVE immediately. Get it replaced with another one, then put the old one in a USB enclosure so you can make a backup of your files (if not already too late).

Check to see if there is network activity going on. Is Finder trying to scan your LAN for connected servers? Trying to access a shared drive on the network? That can cause long delays.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,425
780
Someone on a Mac thinks they have a virus???? Wow! That's a first!!! :D Here's a sure way to find out.... if you have technology (or even mainstream) news reporters beating down your door, wanting an interview, you know you have a Mac OS X virus. Be sure to look for a few Microsoft representatives in the group!
 

notjustjay

macrumors 603
Sep 19, 2003
6,050
156
Canada, eh?
I stand corrected Spinnerlys.
Nobody is saying that Mac's can't, or won't ever, get a virus. If anyone does, they are wrong. The Mac is not a magic infallible platform. One day, someone, somewhere, will discover a vulnerability, and exploit it, and we'll have our first Mac OS X virus.

We're just saying that so far, in 10 years of OS X, this hasn't happened yet.

There are worms and trojans, but these will always exist since they play on social exploits rather than computer exploits. Heck, the original Trojan Horse didn't even have anything to do with computers. :) Right now, there aren't very many of these either for OS X, but they do exist. How does one currently get infected with an OS X worm? (1) Surf shady sites looking for porn or warez, (2) download an app from an unknown source, (3) open it, (4) give it your admin password. As long as you can avoid doing all of those steps, you'll be fine.
 

aarond12

macrumors 65816
May 20, 2002
1,100
49
Dallas, TX USA
It's alive!

This thread has gained a life of its own. The OP hasn't responded... maybe he was scared of the flamers.

Solution: Keep threads OT! :D

-Aaron-
 

Tim Lyons

macrumors member
Apr 21, 2010
58
0
Nobody is saying that Mac's can't, or won't ever, get a virus. If anyone does, they are wrong. The Mac is not a magic infallible platform.
That is kinda more what I was getting at, people can become typhlotic to that at times.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,425
780
This thread has gained a life of its own. The OP hasn't responded... maybe he was scared of the flamers.

Solution: Keep threads OT! :D

-Aaron-
Who's flaming? The OP asked about viruses. The responses have been about viruses. What do you think is flaming or off-topic? Some people don't respond for a while because they have LIVES.
 

gt40x4

macrumors member
Original poster
Mar 8, 2010
44
0
England
ok maby i frased this wrong, sorry guys, can you get a virus from visiting websites?
 

spinnerlys

Guest
Sep 7, 2008
14,328
7
forlod bygningen
ok maby i frased this wrong, sorry guys, can you get a virus from visiting websites?
Nope.

What about any of the other ideas that have been thrown at you? Care to comment on them? Just because you don't know what is slowing down your computer, doesn't mean it has to be a non-existent virus. We showed you some ways to fix and find out what could be wrong.

Btw, have you read the thread at all? We told you there are NO (0 = 1-1 or 0 = 27382719 - 27382719) viruses for Mac OS X.
 

dyn

macrumors 68030
Aug 8, 2009
2,708
384
.nl
Not on a Mac.
Well, theoretically you can certainly get infected with a virus on a Mac. As of yet this hasn't happened in reality. A subtle but very important nuance!

Anyway, slow computers are mostly caused by other things like hanging applications, crashing hard drives, etc.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.