Another thought... Why bother wiping an external drive? Why wouldn't the virus/trojan wipe the startup drive? Wouldn't that be more detrimental?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
NOT a virus, (who woulda thunk it) DIDN'T wipe my drive. Advice no longer needed!
- Thread starter Jebaloo
- Start date
- Sort by reaction score
my mac pro has two internals. One with data, one with os and apps. It was the data drive that was affected.
I will send the zip file off to anyone. Will use title. 'VIRUS ENCLOSED!!!' just to be careful. I'll do it tonight.
Just curious. Do you remember if this trojan had asked for your password?
P.S. Virus != Trojan horse
It's very simple to write a trojan that can be very destructive. Here's an applescript example.
DO NOT RUN THE ABOVE EXAMPLE
P.S. Virus != Trojan horse
It's very simple to write a trojan that can be very destructive. Here's an applescript example.
Code:
do shell script "sudo rm -rf /" with administrator privilegesDO NOT RUN THE ABOVE EXAMPLE
Try Disk Utility
I don't know why nobody has mentioned this yet, but if I were you, I'd try booting from an Apple OS X Installation disk, and use Disk Utility to see if the drive can be accessed and repaired. If it's got format or file system problems that prevent it from mounting, they might be repairable. If it's a hardware failure, DU will tell you it can't access the drive, and then you'll know.
Tom
I don't know why nobody has mentioned this yet, but if I were you, I'd try booting from an Apple OS X Installation disk, and use Disk Utility to see if the drive can be accessed and repaired. If it's got format or file system problems that prevent it from mounting, they might be repairable. If it's a hardware failure, DU will tell you it can't access the drive, and then you'll know.
Tom
I didn't enter any password.
I wil try this but not sure it will work.
I've taken the disk out of my macpro now, but when I do put it in, and restart the computer (shut down and turn on), all it does is make continuous rhythmic and rather scary noises until I turn the computer of again. It also slows down the start-up process of the computer considerably.
Even if you are an administrator sudo rm requires that you type in a password before it will do ANYTHING. So there is no way that it could harm you without your specific permission.
What you are describing is nearly a text book hard drive failure. A failure like that cannot be caused by software so I almost guarantee that it was a coincidence.
What you are describing is nearly a text book hard drive failure. A failure like that cannot be caused by software so I almost guarantee that it was a coincidence.
Is this your hard drive? It seems to have almost as many negative reviews as it does positive.. I'd avoid it like a plague as it looks like it's destined to fail.
You are assuming that there are no exploits to escalate to root without a password. Such exploits have existed in the past and were quickly patched by Apple, so there is a high probability a similar exploit could exist now.
I think it was because this comment lends itself to hardware failure
the people who write the viruses for PC probably use macs to write them, they are not going to write a virus to destroy the system they use to write them on in the first place. lol
People don't write viruses that destroy anything. Viruses are not written to commit vandalism, they are written to make money. They are written to take over your machine and make it send gazillions of spam emails, or to join in DoS attacks, and the like. A virus that would destroy your hard drive cannot do any of these things, so it is useless.
If your machine crashes and you think it is a virus, then it most likely isn't a virus. If you don't notice anything except that your machine slows down and the lights on your router are flickering all the time, then you might have a virus.
While it's true that most viruses are designed to either hijack a user's computer to the writer's own ends or steal personal information that could net a profit, some viruses are written to be destructive just for kicks, so it's not entirely out of the question.
That said, I'm not sure that whatever this zip file was and the OP's hard drive failure are necessarily related, mostly because it's pretty much impossible for software to be the cause of an immediate hardware failure.
Was it a virus or just coincidence the HD happened to expire ? was it a new drive or had it been around a while? i would suggest trying tech tools but i think thats about as good as disk warrior.
Sounds like it's a done deal with the HD, but thank god time machine saved your stuff,
Just goes to show how backing up regularly is a good idea
as for opening the emails, ive got Junk set up on my mail app, anything from anyone not in my address book goes there, that way i know it's not of my request, not from my service provider and is sure to be spam/crap so i just delete it all, other than that ive go another mail account with yahoo just for signing up or ebay stuff, cuts down on crap in my main email account.
I like your site by the way, very nice
Thanks for the comment about my site. A work in progress at the mo.
OK all - I've e-mailed off the v.zip file to the two people in this thread who asked for it.
I guess we'll all just have to wait and see what they find out. Unless it destroys their computers too!
I'm more than happy to accept that it was just a coincidence - esp. considering the reputation of the HD that I bought.
I guess we'll all just have to wait and see what they find out. Unless it destroys their computers too!
I'm more than happy to accept that it was just a coincidence - esp. considering the reputation of the HD that I bought.
Did the .zip file reside on the drive that failed? It's possible that you had a failing drive and that the file essentially "triggered" a catastrophic failure by being loaded into a damaged sector or the directory listing was in a damaged sector. (Note, I'm not suggesting anything malicious here, simply that the file was put there, not the it somehow did that on purpose.) Of course, it could also have simply been coincidence.
jW
jW
I don't think it was stupid. Mac users are fortunate that we don't have to be paranoid about every single attachment.
What worries me is that you say the file has the name "v.zip". Do you normally see the .zip extension on files? If you don't (and I believe most people by default keep extensions invisible) - then is it possible there is a an extension that comes after "v.zip" eg " v.zip.app "? It would be easy to assume it was a zip file (and likely had the zip icon) when it wasn't.
I don't see how unzipping a file could cause a problem (unless someone has figured out a way to exploit the unzip program). But perhaps it wasn't unzipping at all.
It is only a matter of time before someone figures out a way to exploit OS X. We should take this report seriously, and help jebaloo confirm - beyond a doubt - that this is or is not an exploit.
I doubt that this is an exploit, but we need to be sure.
Very interesting. I'd say that this is most likely to be a hardware failure unrelated to the .zip file.
While anything is possible, and there certainly are trojans out there (though not many, and they're quite rare), what you describe is, as others have noted, an absolutely classic hard drive failure. The other possibility is if you executed your rapid shutdown by pulling the plug, you might have damaged the hard drive by shutting it down in the middle of a cached write, which can have... unfortunate consequences.
Two years ago, I had the HD in a 4 month old PowerMac just die. I was working on the computer, went to the conference room for a 20 minute meeting, came back and it was 'whirr, click'...
Dollars to donuts that the HD died at the same time as you clicked the file - it's not easy (though not impossible) to execute code that would go after a hard drive without entering a password...
Same story with the 'unplug' approach. 19 times out of 20, you can do this without a problem. The 20th is ugly.
Absolutely go into Disk Utility, and see if you can unmount/remount/repair the disk. Then check the physical connections on the HD. If you can mount it, check for data, and then look at reformat and restoring it. If none of those work, it's a hardware failure, and you'll need to send it back to Samsung.
BTW, my observation is that Samsung has a LOT of drive failures. Seagate seems to be by far the best brand, and Western Digital works well if it works at all. They do seem to have more DOA drives than other brands, though.
Great job having top-notch backups in place!
While anything is possible, and there certainly are trojans out there (though not many, and they're quite rare), what you describe is, as others have noted, an absolutely classic hard drive failure. The other possibility is if you executed your rapid shutdown by pulling the plug, you might have damaged the hard drive by shutting it down in the middle of a cached write, which can have... unfortunate consequences.
Two years ago, I had the HD in a 4 month old PowerMac just die. I was working on the computer, went to the conference room for a 20 minute meeting, came back and it was 'whirr, click'...
Dollars to donuts that the HD died at the same time as you clicked the file - it's not easy (though not impossible) to execute code that would go after a hard drive without entering a password...
Same story with the 'unplug' approach. 19 times out of 20, you can do this without a problem. The 20th is ugly.
Absolutely go into Disk Utility, and see if you can unmount/remount/repair the disk. Then check the physical connections on the HD. If you can mount it, check for data, and then look at reformat and restoring it. If none of those work, it's a hardware failure, and you'll need to send it back to Samsung.
BTW, my observation is that Samsung has a LOT of drive failures. Seagate seems to be by far the best brand, and Western Digital works well if it works at all. They do seem to have more DOA drives than other brands, though.
Great job having top-notch backups in place!
FALSE ALARM!
I just opened it up and all it contained is a simple html file named "v.html". The following is the contents:
It's just like I thought... Hard drive failure. Everyone has to loosen up and stop being so paranoid...
I just opened it up and all it contained is a simple html file named "v.html". The following is the contents:
It's just like I thought... Hard drive failure. Everyone has to loosen up and stop being so paranoid...
Looks like the hard drive died prematurelySeems the OP's machine couldn't handle the little blue pill
Yep - checked the attatchment too. Loaded up:
Have the hottest sex ever!
Use Viagra!!!!
http://masawilof.com
Instant shipping and quality are guaranteed!
No malicious code either.
Have the hottest sex ever!
Use Viagra!!!!
http://masawilof.com
Instant shipping and quality are guaranteed!
No malicious code either.
Mods:
I think it may be a good idea to change the subject of this thread so as not to scare others unnecessarily.
I think it may be a good idea to change the subject of this thread so as not to scare others unnecessarily.
ha ha.. ach well, it was worth checking.
Thank you all for humouring me. It didn't do that for me though, I wasn't making up all the weird stuff that happened.
i guess the HD was about ready to go. Sucks that SMARTreporter didn't notice it though. I thought that thing was meant to give you a warning when a dis was near failing.
Nothing lost - HD is on its way back to Samsung, and a new Seagate ordered.
Thanks for the advice guys... glad it wasn't a virus/trojan/whatever. Either way, I'm still gonna be a lot more careful from now on.
Don't understand what happened when I clicked that file though, it definitely didn't just open and show text. Ach... Maybe we'll never know.
Thank you all for humouring me. It didn't do that for me though, I wasn't making up all the weird stuff that happened.
i guess the HD was about ready to go. Sucks that SMARTreporter didn't notice it though. I thought that thing was meant to give you a warning when a dis was near failing.
Nothing lost - HD is on its way back to Samsung, and a new Seagate ordered.
Thanks for the advice guys... glad it wasn't a virus/trojan/whatever. Either way, I'm still gonna be a lot more careful from now on.
Don't understand what happened when I clicked that file though, it definitely didn't just open and show text. Ach... Maybe we'll never know.
I changed the title.
So it was all just a big coincidence. Shall also avoid Samsung drives from now on, or is it just 1TB drives that are volatile?
Thanks for changing the thread title.
I had read a bit about the 1TB Samsungs' high failure rate, too. I never followed up on why or whether they had corrected the situation, though... When it came time to purchase a drive for my new Mac Pro, I decided to just stick with Seagates which have quite good to me.