You're are absolutely wrong.
My bet is that you didn't have a trojan. I say that because many of the things that it reports as being threats aren't really threats.
You know what... I've seen too many threads mentioning this iAntiVirus junk, so let's ake a look at the threat list.
iAntiVirus detects 96 threats. Pretty good, right? We'll see about that...
Application.OSX.* - 16 "threats"
- 11/16 are legitimate applications, used for system administration in schools and internet cafes. They _could_ be used maliciously, but they can and are used for a number of legitimate purposes (such as security auditing.)
- 3/16 are dedicated keyloggers. (A couple admin tools also can keylog, but these three are primarily keyloggers.)
- 1/16 are proofs of concept.
- 1/16 is a log management tool for a logging program. It doesn't log anything -- it just manages text files. Yes, I'm serious.
Backdoor.* - 10 "threats"
- 1/10 is a Classic virus. It is 100%, completely inert on OS X.
- 9/10 require user intervention to run. As in the user must run the backdoor itself.
DDoS.OSX.CometShower - 1 "threat"
This requires the user to install it. If activated, it can be used to perform a DDoS attack on a target, but that's about it.
Eicar_Test_Files - 1 "threat"
Not a threat. It's a test file used to verify that antivirus programs work correctly. I think it's a little deceptive to list this as a "threat"...
Email-Flooder.OSX.* - 3 "threats"
All three of these are mass mailing tools. They are not infectious, do not run without user intervention, and can't do much other than... uh... send e-mail.
Exploit.EvilGrade.a - 1 "threat"
The description that iAntiVirus provides is kinda deceptive. It's more a proof-of-concept than an "exploit tool."
Exploit.Exploit.OSX.CVE* - 2 "threats"
Both of these are PoCs.
Exploit.OSX.ARDAgent - 1 "threat"
My best guess is that it detects this PoC.
Exploit.OSX.CVE-* - 8 "threats"
Funny, but none of these seem to be discrete threats... instead, iAntiVirus claims to detect code that exploits these vulnerabilities. As far as I can tell, none of these have actually be exploited by malicious code "in the wild." That, and the most recent of the exploits is from 2007 -- and they've all been patched.
Exploit.OSX.Small - 1 "threat"
Hacktool.MacOS.UGMPortScanner - 1 "threat"
It's a port scanner. That's it. Oh, and it's for Mac OS 9 and below... and thus isn't even an OS X binary.
Hacktool.OSX.* - 10 "threats", 1 potential threat
- 1/11 reveals the IP of someone logged on to AIM. That's it. Oh, and the method it uses is obsolete. (Hacktool.OSX.AimSniff)
- 2/11 are "brute force" tools (i.e. penetration testing tools.) (Hacktool.OSX.BrutalGift & Hacktool.OSX.Cyanide)
- 1/11 is a tool for extracting audio from pcap dumps. (Hacktool.OSX.iChatSniff)
- 1/11 is a goddamn joke. It can "scan websites for web links" and do other crazy stuff... like open a telnet connection. No, I'm not making this up. (Hacktool.OSX.Heirophant)
- 1/11 is a password cracker (Hacktool.OSX.macKrack)
- 2/11 are penetration testing tools (Hacktool.OSX.MacSmurf & Hacktool.OSX.ManOfTheMiddle). It's worth noting that MacSmurf is mostly useless now that sane admins protect against smurf attacks (thanks, in no small part, to auditors using tools such as this one...)
- 1/11 is a SYN flood tool. (Hacktool.OSX.SYNer)
- 1/11 *might* be a threat. (Hacktool.OSX.UnderHand). I have been unable to find any reports of this being in the wild.
- 1/11 is a generic script-kiddie flooding tool. (Hacktool.OSX.ZapAttack)
Port-Flooder.OSX.Tsunami - 1 "threat"
Another kiddie flooding tool.
RogueAntiSpyware.OSX.Imunizator - 1 "threat"
Well gee PC Tools... don't you think it's kinda sleazy to list the same threat twice? This is the same as RogueAntiSpyware.OSX.MacSweeper.
RogueAntiSpyware.OSX.MacSweeper - 1 "threat"
I'll let PC Tools themselves describe this sucker: "It poses no threat and it does not have the capability to propagate or spread itself."
Rootkit.MacOS.Weapox - 1 threat
This is a rootkit. Yes, it works. I've neither seen it nor heard of it in the wild, but it could be used as a real threat.
Trojan-PSW.OSX.Corpref.A - 1 threat
Trojan. It's been found in the wild, but it requires you to enter your admin password.
Trojan.MacOS.* - 4 "threats"
Four more viruses for classic. You know I'm starting to see a pattern here...
Trojan.OSX.DNSChanger* - 2 "threats"
Both require admin passwords to operate. Actually, they're the same trojan, just one's rebranded. Again, it's pretty obvious that PC Tools is trying to pad their numbers by listing them separately.
Trojan.OSX.Lamzev.a - 1 threat(?)
Couldn't find much about this online other than it exists. I'll assume that PC Tools is telling the truth.
Trojan.OSX.RSPlug.C - 1 "threat"
Requires admin password. Does the same thing as the Trojan.OSX.DNSChanger* variants, but is technically a different threat.
Trojan.Trojan.OSX.RSPlug.* - 2 "threats"
Same as Trojan.OSX.RSPlug.C, but with a slightly different payload. It's a pretty big stretch to list this threat three times...
Virus.MacOS.* - 21 "threats"
This is absurd. These are *ALL* viruses for Mac OS 9 and below (aka Classic). It's actually impossible for them to run on the Intel machines, and they require virtualization on PowerPC Macs.
Virus.OSX.Leap - 1 threat
Technically self-reproducing, but requires users to manually launch the binary to infect their machine. PowerPC only. Still, I'll count it as a threat.
Worm.MacOS.Autostart - 1 "threat"
Sigh. Another virus that won't work on anything other than Classic.
Worm.OSX.Inqtana - 1 "threat"
Proof of concept. And the exploit it uses was patched years ago.
Worm.OSX.Renepo / "Opener" - 1 threat
Well... it does do malicious stuff, and it has been seen in the wild, so I guess we'll count this.
So let's review with some fun stats.
Of the 96 "threats" that iAntiVirus protects against:
- 28 are for Classic only.
- 5 are proofs-of-concept.
- 4 are the same as an already-listed threat. (IMHO it's pretty damn deceptive to list these as discrete threats.)
- 8 appear just to be references to exploits with no mention of what malicious software (if any) is detected. (What the hell?)
- 3 are "flooding" tools that could be used by script kiddies. They can't infect anything, they can't do anything on their own, and they can't do any serious damage to anyone. Two of them won't even work against any *nix box that's been secured by a half-sane admin.
- 3 are password cracking or brute forcing tools. Again: they can't infect, and they require a human operator.
- 3 are keyloggers that require manual installation.
- 9 are backdoors that must be explicitly started and/or installed (and that are defeated by the use of a firewall.)
- 15 are penetration testing tools that _could_ be misused, but that pose no threat to the machine they reside on.
- 3 are just WTFs. One manages logs, another uses an old trick to (drumroll) display an IP address, and the third does nothing that can't already be done with telnet, curl and grep.
So what does that leave?
- 2 appear to be threats, but I couldn't find enough information to be sure what iAntiVirus is actually looking for.
- 1 is a real, live rootkit.
- 1 is a PowerPC-only worm (no, it's not a virus despite PC Tools' classification) that requires the user to execute it.
- 2 are trojans that change DNS settings (and that require user intervention and privilege escalation to take effect). These two threats are listed as five separate entries.
- 1 threat is described by PC Tools themselves thusly: "It poses no threat and it does not have the capability to propagate or spread itself.". That didn't stop them from ranking it with a mid-level threat rating *and* listing it under two separate names though...
- 1 is a worm that's been seen in the wild.
Some more stats:
Number of self-propagating threats that iAntiVirus protects against: 0. There are none.
Number of threats that iAntiVirus has listed multiple times under different names: 3
Number of known trojans in the wild that iAntiVirus doesn't claim to offer protection against: 2
So in summary, I stand by my claim that iAntiVirus is junk. It's marketed in an exceptionally deceptive manner, will detect and remove a bunch of stuff that isn't a threat, and preys on people who don't do due diligence before handing over their time, CPU power, and (if you buy a one year license for the "paid version") money.
Now can we *please* stop recommending this POS?
The point is, it's bogus, as the link I posted illustrates. The vast majority of "threats" it describes are not threats at all. They just want to scam you into buying their software.
No anti-virus app can detect viruses in Mac OS X because no such viruses exist. Having AV software will not protect you from a Mac virus, because it wouldn't know what to look for. You can't protect yourself from something that doesn't exist.
I've read some of your other threads and you really need to learn to relax and enjoy your Mac. It's very different from the Windows world, where viruses and other malware are rampant. You don't have to "fiddle" with Mac OS X to keep it safe and functioning well.
A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.
As of this time, there are NO viruses in the wild that affect current Mac OS X. In the past, there have been a few viruses that ran on older versions of the Mac operating system, but no longer.
There are, as of this time, trojans that can affect Mac OS X, but these must be downloaded and installed by the user, which involves entering the user's administrator password. Trojans can easily be avoided by the user exercising common sense and caution when installing applications. A common source of trojans is pirated software, typically downloaded from bit torrent sites.
Having virus protection software on your Mac is pointless, as far as protecting your Mac from viruses, since AV software can't detect a virus that doesn't exist. It is possible to have a file reside on your hard drive that contains a Windows virus, but since a Windows virus (program) can't run in native Mac OS X, it would be harmless to your Mac. Some choose to run AV on their Mac to scan for Windows viruses, so the Mac user can't pass a virus-infected file to a Windows user. In my opinion, a Windows user should be protected by their own AV software, so the burden of protection lies with the Windows user.
I'm sure that Apple has addressed this issue with the numerous security updates and 2 new versions of OS X since that article was released.I'm fairly new to Mac, so I could be wrong I am not stating I'm 100% correct but when I see this, it looks like a virus to me?
Discovered on 2,17,2006
Inqtana is a proof-of-concept worm, coded with a stop date of February 24th and confining its spread to very specific bluetooth addresses. In other words, Inqtana in its current form poses no real threat to Mac users.
You are new to computers as well?
Nobody is saying that Mac's can't, or won't ever, get a virus. If anyone does, they are wrong. The Mac is not a magic infallible platform. One day, someone, somewhere, will discover a vulnerability, and exploit it, and we'll have our first Mac OS X virus.I stand corrected Spinnerlys.
Who's flaming? The OP asked about viruses. The responses have been about viruses. What do you think is flaming or off-topic? Some people don't respond for a while because they have LIVES.This thread has gained a life of its own. The OP hasn't responded... maybe he was scared of the flamers.
Solution: Keep threads OT!
Nope.ok maby i frased this wrong, sorry guys, can you get a virus from visiting websites?
Well, theoretically you can certainly get infected with a virus on a Mac. As of yet this hasn't happened in reality. A subtle but very important nuance!Not on a Mac.