Need help resolving Leopard Trojan Horse/Virus

Discussion in 'macOS' started by Ceyx, Feb 15, 2008.

  1. Ceyx macrumors newbie

    Joined:
    Feb 15, 2008
    #1
    I just got a new iMac with Leopard installed and clicked on a link that was very similar to this (that I found quoted at chinwong.com/index.php/site/comments/mac_attack/):

    ""OSX.RSPlug.A, has been found on a number of pornographic Web sites, the security company Intego reports.

    “A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites,” Intego warns. When they arrive at these sites, they will see still photos, purportedly from free porn videos. But if they click on them, they will receive this message: “Quicktime Player is unable to play movie file. Please click here to download new version of codec.”"

    ***It was not a porno site, but was in fact a google search result that was shown as linking to my website! It downloaded 5 "setup.exe" files, which I deleted, and forgot about. Then I went to create a .Mac account and it said I should do a Software Update, which I did for two updates (and for which I had to enter my administrative password) it ran the updates and said I'd have to restart, to which I said yes, but a Windows Crossover program was running at the time which cancelled the automatic restart, so I was prompted to quit the program and manually restart, which I did . When the computer restarted it said I had two updates that needed to be installed, which I thought was strange, as I thought they had already been installed, but I said okay to that anyway. Then it started progress bars and was taking a long time, saying, "writing files", which it did to 100%. Then it said "patching files" , and I thought that was really fishy, as I'd never seen anthing like that before on a Mac, so I shut the computer down. When I rebooted, I got the gray kernel panic window that says "you need to restart your computer. Hold down the power key for a few seconda or press the Restart button." in four different languages. I unplugged the computer and an external back-up drive.

    What should I do now? I don't have any anti-virus software installed.

    Any assistance would be more than greatly appreciated! I have tons of data on the drive that is not backed up! Many thanks in advance, Ceyx
     
  2. ebel3003 macrumors 6502a

    ebel3003

    Joined:
    Jun 20, 2007
    Location:
    "The Google"
    #2
    The new software update does say "Patching Files" now with 10.5.x updates. Looks like your only option is a reinstall (Either clean install or Archive and install to preserve your info). Turning off your computer during this process is probably what broke it.
     
  3. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #3
    Yeah, no virus, you just killed it by shutting it down in the middle of a software update. Never, ever do that, no matter what you think might be happening. You'll have to do an archive and install as recommended by the last poster.

    jW
     
  4. Fry-man22 macrumors 6502

    Fry-man22

    Joined:
    Nov 25, 2007
    #4
    So people may not realize this but switchers really need to understand: AN EXE FILE CANNOT RUN ON YOUR OS X INSTALL; IGNORE ALL EXE FILES UNDER OS X. Your Mac was fine after it downloaded the files, had you been on a PC then yes you would have given yourself a virus; as it is you just killed an APPLE software update because you didn't take the time to understand what was going on. If you were to open the setup.exe from that Crossover app then you might be able to create an issue but I doubt it.

    I'd say screw that crossover thing anyway, that was what obfuscated the issue for you and made you think there was an issue; the whole reason I wanted to be on OSX was so I could put Windows in its own sandbox and it couldn't screw up my install with any "ntfs.sys" or "hal.dll" not found errors. A translation app like that crossover is always going to have limitations not found in a Virtual environment (I use Fusion) and it's likely not going to perform as well either. I love having Widows virtualized, it can have issues and OSX just keeps chugging along unbothered.

    I'd recommend a virtual for any windows work so you know for sure where things are happening and you can also restore it very easily if you DO follow a link from a porn site to your site and end up with 5 EXE files where they can actually do some harm:).

    If there is a virus for OS X it will be a .App or a Apple script file or another RECOGNIZED FILE TYPE to OSX.
     
  5. applefan69 macrumors 6502a

    applefan69

    Joined:
    Oct 9, 2007
    Location:
    Medicine Hat
    #5
    lol no offence buddy but this topic made me laugh. I completely understand how a new mac user could've gotten worried and confused like you did.

    But, as others have said your mac is fine, or would be, if you hadnt turned your computer off during software update.

    One more thing to remember, if say in the future for WHATEVER reason, i mean IF i stress IF viruses ever became a problem on OS X. Remember, recieving a software update can't hurt. All the software that comes from the software update program, comes from apples server, and there is NO way apple would ever put a virus on their server.

    So in short whenever you EVER downloading software from the software update program you have NOTHING to worry about, and never turn your computer off in the middle of it.
     

Share This Page