SmcFlasher.efi injected with Gen:Trojan 1044800800

ceili

macrumors newbie
Original poster
Nov 14, 2011
9
0
Hi,

I'm in a complete panic now: my Bitdefender antivirus just informed me that the file "SmcFlasher.efi" is infected with " Gen:Trojan 1044800800". It is unable to disinfect or quarantine it. I ran the scan after noticing decreased performance with my mac.

My mac is the 13 inch bog standard Macbook pro that came shipped with OX lion. I can’t say more than that, as I can’t bring myself to turn it on and am using the school computer. Call me silly, but I’m having panic attacks over this, such things always have done since I was a child (boy, was that fun when my sister downloaded vundo onto an old PC).

I’ve tried googling but aren’t coming up with much, beyond deleting smcflasher.efi being a bad idea. Part of the issue is that this laptop was given to me as part of disabled students along with quite a lot of school software, so I’m scared stiff to delete anything.

Any advice? Ta very much.

Edit: God damn it, wrong tab used to post thread. Wrong section, right?
 

GGJstudios

macrumors Westmere
May 16, 2008
44,422
772
I'm in a complete panic now: my Bitdefender antivirus just informed me that the file "SmcFlasher.efi" is infected with " Gen:Trojan 1044800800". It is unable to disinfect or quarantine it. I ran the scan after noticing decreased performance with my mac.
It's a Windows trojan that can have absolutely no effect on Mac OS X. Just delete the file and you'll be fine.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

For performance issues, there are a few things you can check:
  • Check your Login Items under System Preferences > Accounts to see what you have automatically launching.
  • Also check /Library/LaunchAgents/ and /Users/yourusername/Library/LaunchAgents/ for items launching at startup
  • Look at what widgets you may have running.
  • Launch Activity Monitor and change "My Processes" at the top to "All Processes". Then look to see what may be consuming system resources.
  • Take a look at the System Memory tab at the bottom of Activity Monitor to see if you have excessive "page outs", a sign that you may benefit from more RAM.
  • Make sure you're not running any 3rd party antivirus app, as many of those will drain resources, reducing performance. They're not needed to protect your Mac.
 

ceili

macrumors newbie
Original poster
Nov 14, 2011
9
0
It's a Windows trojan that can have absolutely no effect on Mac OS X. Just delete the file and you'll be fine.

[/LIST]
Thanks for that, though is it safe to delete SMCflasher file? I belief it's needed for firmware updates, unless I can replace it?

Edit: Would love to get rid of the antivirus mate, trust me. It's not even a good one at that. Alas the contract I signed won't allow it, unless I want to give the mac back.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,422
772
Thanks for that, though is it safe to delete SMCflasher file? I belief it's needed for firmware updates, unless I can replace it?
Where did you get the file? If from Apple, I'd re-download it.
Edit: Would love to get rid of the antivirus mate, trust me. It's not even a good one at that. Alas the contract I signed won't allow it, unless I want to give the mac back.
What do you mean? What contract? You don't need and aren't required to run any 3rd party antivirus on your computer. Are you running the AV on your computer, or the school's computer?
 

GGJstudios

macrumors Westmere
May 16, 2008
44,422
772
No idea to be honest, the mac came to me fully configurated and all i've being doing is installing firmware updates when it's asked of me.

That's the part i'm confused with, would simply downloading the update from here: http://support.apple.com/kb/HT1237 replace the file, you know?
It would. Another possibility is that Bitdefender is mis-identifying a legit file as being infected, when it isn't. This is common among antivirus apps, as detection rates are less than 100%.
 

ceili

macrumors newbie
Original poster
Nov 14, 2011
9
0
It would. Another possibility is that Bitdefender is mis-identifying a legit file as being infected, when it isn't. This is common among antivirus apps, as detection rates are less than 100%.
Hmm, I did wonder that too. It's only just started this though, which makes me consider if it is a real injection. It also mentions an embedded .exe file?

I'll delete it and redownload the firmware from Apple now and post the outcome.

Thanks, ceili
 

GGJstudios

macrumors Westmere
May 16, 2008
44,422
772
Hmm, I did wonder that too. It's only just started this though, which makes me consider if it is a real injection. It also mentions an embedded .exe file?
.exe files cannot run on Mac OS X.
I'll delete it and redownload the firmware from Apple now and post the outcome.
Before doing that, try downloading and scanning with ClamXav to see if you get the same results.
 

ceili

macrumors newbie
Original poster
Nov 14, 2011
9
0
.exe files cannot run on Mac OS X.

Before doing that, try downloading and scanning with ClamXav to see if you get the same results.
Yeah, I know. I just have a serious phobia of computer viruses etc so i've being in a bit of a rut thus far, not exactly thinking logically.

Edit: Did a full scan as well as just the file itself: nothing. Bitdefender's not shuting up though. Would you recommend redownloading the file to see if that shuts up Bitdefender?
 
Last edited:

GGJstudios

macrumors Westmere
May 16, 2008
44,422
772
Yeah, I know. I just have a serious phobia of computer viruses etc so i've being in a bit of a rut thus far, not exactly thinking logically.
I encourage you to read the Mac Virus/Malware Info link I posted earlier. The best weapon against your phobia is to become better informed.
 

ceili

macrumors newbie
Original poster
Nov 14, 2011
9
0
If you've scanned with ClamXav and found nothing, I would ignore Bitdefender and chalk it up to a false positive.
Guess i'll have to. I wonder why it's started flagging it up tonight. Oh well.

I don't know whether I should make a new post for this, but I did try and download the firmware update from apple. I am most certainly picking the right one, but it says my system doesn't support it the software, or something along those lines.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,422
772
Guess i'll have to. I wonder why it's started flagging it up tonight. Oh well.

I don't know whether I should make a new post for this, but I did try and download the firmware update from apple. I am most certainly picking the right one, but it says my system doesn't support it the software, or something along those lines.
Go to  > About This Mac > More info > Hardware > SMC Version (system):
Compare what you find there with the information on the site you linked.
 

ceili

macrumors newbie
Original poster
Nov 14, 2011
9
0
Go to  > About This Mac > More info > Hardware > SMC Version (system):
Compare what you find there with the information on the site you linked.
Exact same versions, I take it that's the explaination?

It's the answer's yes, I guess that's it from me. Thanks so much for helping. I admit, i'm concerned as to what this 'embedded .exe' thing is bitdefender is coming up with is. Though as you said, it could be a false positive or worse case scenario, a Trojan that can't hurt me.

Ta for the help.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,422
772
Exact same versions, I take it that's the explaination?
Yep.
Though as you said, it could be a false positive or worse case scenario, a Trojan that can't hurt me.
If the file came from Apple, it doesn't have a trojan in it. Bitdefender is wrong. Even if the file came from a shady source (which doesn't seem to be the case), it's very unlikely that there would be a Windows trojan in a file that only runs on Mac OS X. It's completely inert on your system and you wouldn't have a reason to send that file to a Windows computer, so no worries!
 

ceili

macrumors newbie
Original poster
Nov 14, 2011
9
0
Yep.

If the file came from Apple, it doesn't have a trojan in it. Bitdefender is wrong. Even if the file came from a shady source (which doesn't seem to be the case), it's very unlikely that there would be a Windows trojan in a file that only runs on Mac OS X. It's completely inert on your system and you wouldn't have a reason to send that file to a Windows computer, so no worries!
Thanks so much for the help. You're completely right. I might look into seeing if there's a way to report this to bit defender as it's getting rather annoying now, considering i'm not allowed to just remove the damn thing.

Thanks again
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.