SmcFlasher.efi injected with Gen:Trojan 1044800800

Discussion in 'macOS' started by ceili, Nov 14, 2011.

  1. ceili macrumors newbie

    Joined:
    Nov 14, 2011
    #1
    Hi,

    I'm in a complete panic now: my Bitdefender antivirus just informed me that the file "SmcFlasher.efi" is infected with " Gen:Trojan 1044800800". It is unable to disinfect or quarantine it. I ran the scan after noticing decreased performance with my mac.

    My mac is the 13 inch bog standard Macbook pro that came shipped with OX lion. I can’t say more than that, as I can’t bring myself to turn it on and am using the school computer. Call me silly, but I’m having panic attacks over this, such things always have done since I was a child (boy, was that fun when my sister downloaded vundo onto an old PC).

    I’ve tried googling but aren’t coming up with much, beyond deleting smcflasher.efi being a bad idea. Part of the issue is that this laptop was given to me as part of disabled students along with quite a lot of school software, so I’m scared stiff to delete anything.

    Any advice? Ta very much.

    Edit: God damn it, wrong tab used to post thread. Wrong section, right?
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    It's a Windows trojan that can have absolutely no effect on Mac OS X. Just delete the file and you'll be fine.

    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

    For performance issues, there are a few things you can check:
    • Check your Login Items under System Preferences > Accounts to see what you have automatically launching.
    • Also check /Library/LaunchAgents/ and /Users/yourusername/Library/LaunchAgents/ for items launching at startup
    • Look at what widgets you may have running.
    • Launch Activity Monitor and change "My Processes" at the top to "All Processes". Then look to see what may be consuming system resources.
    • Take a look at the System Memory tab at the bottom of Activity Monitor to see if you have excessive "page outs", a sign that you may benefit from more RAM.
    • Make sure you're not running any 3rd party antivirus app, as many of those will drain resources, reducing performance. They're not needed to protect your Mac.
     
  3. ceili thread starter macrumors newbie

    Joined:
    Nov 14, 2011
    #3
    Thanks for that, though is it safe to delete SMCflasher file? I belief it's needed for firmware updates, unless I can replace it?

    Edit: Would love to get rid of the antivirus mate, trust me. It's not even a good one at that. Alas the contract I signed won't allow it, unless I want to give the mac back.
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    Where did you get the file? If from Apple, I'd re-download it.
    What do you mean? What contract? You don't need and aren't required to run any 3rd party antivirus on your computer. Are you running the AV on your computer, or the school's computer?
     
  5. ceili thread starter macrumors newbie

    Joined:
    Nov 14, 2011
    #5
    No idea to be honest, the mac came to me fully configurated and all i've being doing is installing firmware updates when it's asked of me.

    That's the part i'm confused with, would simply downloading the update from here: http://support.apple.com/kb/HT1237 replace the file, you know?
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    It would. Another possibility is that Bitdefender is mis-identifying a legit file as being infected, when it isn't. This is common among antivirus apps, as detection rates are less than 100%.
     
  7. ceili thread starter macrumors newbie

    Joined:
    Nov 14, 2011
    #7
    Hmm, I did wonder that too. It's only just started this though, which makes me consider if it is a real injection. It also mentions an embedded .exe file?

    I'll delete it and redownload the firmware from Apple now and post the outcome.

    Thanks, ceili
     
  8. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    .exe files cannot run on Mac OS X.
    Before doing that, try downloading and scanning with ClamXav to see if you get the same results.
     
  9. ceili, Nov 14, 2011
    Last edited: Nov 14, 2011

    ceili thread starter macrumors newbie

    Joined:
    Nov 14, 2011
    #9
    Yeah, I know. I just have a serious phobia of computer viruses etc so i've being in a bit of a rut thus far, not exactly thinking logically.

    Edit: Did a full scan as well as just the file itself: nothing. Bitdefender's not shuting up though. Would you recommend redownloading the file to see if that shuts up Bitdefender?
     
  10. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #10
    I encourage you to read the Mac Virus/Malware Info link I posted earlier. The best weapon against your phobia is to become better informed.
     
  11. ceili thread starter macrumors newbie

    Joined:
    Nov 14, 2011
    #11
    I will, ta. I've also edited my previous post.
     
  12. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    If you've scanned with ClamXav and found nothing, I would ignore Bitdefender and chalk it up to a false positive.
     
  13. ceili thread starter macrumors newbie

    Joined:
    Nov 14, 2011
    #13
    Guess i'll have to. I wonder why it's started flagging it up tonight. Oh well.

    I don't know whether I should make a new post for this, but I did try and download the firmware update from apple. I am most certainly picking the right one, but it says my system doesn't support it the software, or something along those lines.
     
  14. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    Go to  > About This Mac > More info > Hardware > SMC Version (system):
    Compare what you find there with the information on the site you linked.
     
  15. ceili thread starter macrumors newbie

    Joined:
    Nov 14, 2011
    #15
    Exact same versions, I take it that's the explaination?

    It's the answer's yes, I guess that's it from me. Thanks so much for helping. I admit, i'm concerned as to what this 'embedded .exe' thing is bitdefender is coming up with is. Though as you said, it could be a false positive or worse case scenario, a Trojan that can't hurt me.

    Ta for the help.
     
  16. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    Yep.
    If the file came from Apple, it doesn't have a trojan in it. Bitdefender is wrong. Even if the file came from a shady source (which doesn't seem to be the case), it's very unlikely that there would be a Windows trojan in a file that only runs on Mac OS X. It's completely inert on your system and you wouldn't have a reason to send that file to a Windows computer, so no worries!
     
  17. ceili thread starter macrumors newbie

    Joined:
    Nov 14, 2011
    #17
    Thanks so much for the help. You're completely right. I might look into seeing if there's a way to report this to bit defender as it's getting rather annoying now, considering i'm not allowed to just remove the damn thing.

    Thanks again
     

Share This Page