Rootkit Trojan.Grozomon Yikes!

[aonarch]

Hey guys I run bootcamp on my Mac just for gaming. I was running a Superantispyware scan while in safemode on windows just as a precaution, when it found a trojan, not just a trojan but a rootkit. I was kind of concerned... Yes it is windows, it probably came from some download like a 3rd party driver or a Skyrim mod. Then when I check out the file extension I was shocked it is on my E drive, which is Mac OSX Lion. I am an IT professional and I deal with viruses all the time. I am confused though on how this got onto my MBP. Maybe it came from a flash drive. What I do not understand is this; a rootkit has to be designed for a specific OS correct? If that is true then this in fact is a Mac OSX virus.

 

[Phil A.]

Wirelessly posted (iPhone 4: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B179 Safari/7534.48.3)

It looks like a false positive to me - they are just system log files (actually smart query files used by the console)

 

[aonarch]

Wirelessly posted (iPhone 4: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B179 Safari/7534.48.3)

It looks like a false positive to me - they are just system log files (actually smart query files used by the console)

Ok I kind of wondered if that were the case, especially since they were date stamped for today.

 

[MisterMe]

Hey guys I run bootcamp on my Mac just for gaming. I was running a Superantispyware scan while in safemode on windows just as a precaution, ...

Those "suspicious" files are plain text log files. I am not aware of any platform that can be damaged by plain text. An anti-spyware utility that flags plain text as suspicious can't be much protection against much of anything.

 

[GGJstudios]

What I do not understand is this; a rootkit has to be designed for a specific OS correct? If that is true then this in fact is a Mac OSX virus.

As stated, it's a false positive. Log files are obviously not Mac malware. It cannot be a Mac OSX virus, since none exist in the wild.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. You cannot infect your Mac simply by visiting a website, unzipping a file, opening an email attachment or joining a network. The only malware in the wild that can affect Mac OS X is a handful of trojans, which cannot infect your Mac unless you actively install them, and they can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​