Virus/Worm issue?

Discussion in 'MacBook Pro' started by pyaggy, Mar 31, 2012.

  1. pyaggy macrumors newbie

    Mar 31, 2012
    I'm at the end of my rope and I'm hoping someone can lead me in the right direction.

    My MacBook Pro is infected with some sort of virus or worm which affects my system in a myriad of ways, but the first symptom is that my internet browser (I've seen it in both Firefox and Safari) will cease to remember passwords, won't allow me to bookmark sites, and eventually doesn't allow me to access sites which need a password to enter (e.g., gmail).

    I have erase/reinstalled more times than I can count and even did a quick drop at the Apple store under the impression it was a hardware issue because the techs couldn't find anything wrong with the software. My logic board and hard drive were replaced, but still have the same issues. Although I have not yet reinstalled MS Word, previously it has affected this program most drastically by not allowing me to save for a variety of reasons (not enough memory, can't find the route/path, etc.).

    I have reinstalled using time machine and also by individually adding files, but it has also affected my machine after a reinstall but before I've brought back anything from my external hard drive. Currently, I have Kaspersky running, but it seems to, at best, have slowed the evolution of the virus/worm. It hasn't found any malware, virus, or worm.

    I have looked everywhere and cannot find an answer, so I'm hoping this sounds familiar to someone reading this. The only other part of this I can think to add is that I suspect that this is a very old malware (mid- '90s) that I brought back from a university computer lab (through MS Word), as I've had constant issues since that point with a variety of computers.

    Suggestions? The Apple employees know nothing about any of this and refuse to accept that a Mac is susceptible to a virus or worm.
  2. r.j.s Moderator emeritus


    Mar 7, 2007
  3. GGJstudios, Mar 31, 2012
    Last edited: Mar 31, 2012

    GGJstudios macrumors Westmere


    May 16, 2008
    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. If you practice safe computing, the only malware in the wild that can affect Mac OS X is a handful of trojans, which cannot infect your Mac unless you actively install them, and they can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
    Whatever your problems are, the possibility of it being malware-related is ridiculously remote.
    That's because there's none to find. Your problems aren't caused by malware. You have no malware on your Mac.
  4. pyaggy thread starter macrumors newbie

    Mar 31, 2012
    So, what are your recommendations then? I appreciate your confidence that my problem isn't a virus or worm, but it IS a problem. I have been dealing with it for over a year and has rendered my laptop useless because I cannot rely on it to save work or not freeze.
  5. GGJstudios macrumors Westmere


    May 16, 2008
    There is no such thing as a Mac OS X virus in the wild. Please read the information already posted. You do NOT have a malware problem. None of the symptoms you described are related to any Mac OS X malware ever released.

    When diagnosing Mac problems, malware should be your last consideration, not your first. As a first step in resolving problems, I recommend you uninstall Kapersky. You definitely don't need it, and running antivirus on your Mac can create certain problems. The most effective method for complete app removal is manual deletion:

    Next, do a clean install of your OS.
  6. pyaggy thread starter macrumors newbie

    Mar 31, 2012
    I have done a erase/reinstall at least a dozen times. Most recently, I did not bring over anything from my external hard drive and used only Safari to browse the internet. Yet, the problems continue.

    I would appreciate some suggestions as to possible causes based on the symptoms I described above. The issues seem very minor at first (not allowing me to bookmark, e.g.) and seem localized to passwords and keychains within browsers, but seem to grow in frequency and severity over time. Ultimately, my computer freezes.

    When MS Office is installed (I have not reinstalled it currently), the issues are much more serious and have prevented me from being able to confidently edit Word docs on my laptop for over a year.

    Again, I would appreciate some suggestions as to possible causes. Thanks.
  7. GGJstudios macrumors Westmere


    May 16, 2008
    Launch Activity Monitor and change "My Processes" at the top to "All Processes", then click on the CPU column heading once or twice, so the arrow points downward (highest values on top). Also, click on the System Memory tab at the bottom. Then take a screen shot, scroll down to see the rest of the list, take another screen shot and post them.
  8. pyaggy thread starter macrumors newbie

    Mar 31, 2012
  9. GGJstudios macrumors Westmere


    May 16, 2008
    The only thing I see running that could create some problems is Kapersky, which I still recommend uninstalling. Also, go through this list: Performance Tips For Mac OS X. Be sure to restart your computer afterwards.

    After that, let's take the problems you may still be having, one at a time.
  10. pyaggy thread starter macrumors newbie

    Mar 31, 2012
    The problems I've had predate Kaspersky by a year. Kaspersky has only been on my computer for 2 weeks.
  11. GGJstudios macrumors Westmere


    May 16, 2008
    Suit yourself. You asked for help. I offered help. If you don't want to follow suggested solutions, I'm sure you'll figure it out on your own.
  12. pyaggy thread starter macrumors newbie

    Mar 31, 2012
    Of course I appreciate your help. I am only stating a fact. These issues have been repetitive over the course of the past year. You suggested we take them one at a time; the first symptoms relate to Safari (previously, Firefox)
    - denied access to sites that need a password (cites connectivity issues)
    - saved passwords do not show up and must be entered manually (usually precipitates an error page not allowing me access to the website)

    These usually begin to occur over time, especially after my computer goes into sleep mode.
  13. /user/me macrumors 6502

    Feb 28, 2011
    Uninstall the antivirus program that you don't need, then do a fresh install of your operating system - not just your browser. reinstall everything (Reinstalling is different than creating a new user account or rebooting your computer). If your browser isn't connecting to certain websites, it's much more likely to be your network as opposed to your computer conspiring against you. In addition, imo, saved passwords are more trouble than they're worth, especially if someone else gets a hold of your computer.
  14. Freyqq macrumors 601

    Dec 13, 2004
  15. kaielement macrumors 65816

    Dec 16, 2010
    Totally agree with this. I dont think anyone should use any antivirus on a Mac like Nortin or macafee or the one you used. The problem with then is that they only scan for virus that effect windos machines. But because of how the Mac OSX is built a windos virus will never effect a Mac machine. They are a totally wast of money and dont do anything. Sounds like you might have an issue with something not being in the right directories and might be more problem then it's worth so I would get an external hard drive and transfer any files you need to and do a reinstall of the os.
  16. DVD9 macrumors 6502a

    Feb 18, 2010
    Is this what you're looking for?

    All you have to do is download the .doc file if you're running Office 2004 or 2008. No install permission is needed.

    "Cluley noted that neither /tmp/ nor /$HOME/Library/LaunchAgents folders in OS X require root privileges, so you won't see a prompt for credentials when the malware is installed. The Trojan is installed in the userland, the part of the system that doesn't contain critical system components."

    Now, the question this raises is whether the trojan itself is rare, or is it the discovery of the trojan that is rare? There is a huge computer security industry, but 99% of that industry's assets are focused on discovering and servicing Windows based security problems due to 1) Windows being the overwhelmingly dominant OS and 2) the consumer culture popularized and supported by the major media that Windows is constantly under attack by effective malware/spyware authors while OSX is not.
  17. Queen6 macrumors 603


    Dec 11, 2008
    Putting out the fire with gasoline...
    Agreed however, there are reasons to run antivirus/malware on OS X especially if you are dealing with a mixed environment passing on malicious code even inadvertently does you no favours in the profesional world, let alone family and friends. What does not hurt your Mac may bring a PC to it`s knees ;)

    You do need to be careful on the choice of program ClamXav is extremely light and only looks in realtime at what you specify and it`s free. If anyone seriously believes that running ClamXav on todays modern hardware impacts performance, the sentry is presently utilising 0.2% of CPU consuming just over an hours worth of CPU time over several weeks and this is on a machine over four years old. The paid for packages I agree are a waste of $ offering little more than a placebo with a heavyweight user interface. ClamAV the parent of ClamXav protects numerous servers globally...

    I have never had a positive hit in all the years I have run the program Equally OS X is gaining traction and it`s simply a matter of time before someone figures it out, ClamXav cost me nothing monetarily or time in productivity, this is a safety net that costs little more than five minutes of your time.

    As for the OP issue first thing that spellings to my mind is how much free space does he have on the drive, my own Early 2008 MBP has very limited space and also tends to go bonkers below a certain threshold.
  18. mfuchs88 macrumors 6502

    Nov 26, 2011
    I would trust GGJ because this guy's pretty experienced and even if you're pretty positive that this is not causing the problem, it's worth a shot. This guy is typically right about almost everything and I have learned to always try what he says because often times it works very well. Best of luck with your issue. :)
  19. pera macrumors newbie

    Apr 5, 2012
    Have you tried resetting PRAM? Updating firmware? :)
  20. Hecatic macrumors newbie

    Apr 4, 2012
    Sounds like a safari's cookie problem to me.

    How did you log in here?
  21. Ccrew macrumors 68020

    Feb 28, 2011

    While I have faith in GGJ's advice, I have an issue when he repeatedly posts the links that there has never been a virus in the wild on OSX. While semantically it's true in the very thin definition of a virus that he adheres to it does lull unknowing users into a false sense of security. There are a LOT of malware/trojans popping up and while not technically a virus, most users would consider them such. Trying to make those users differentiate between virus and malware is splitting hairs IMHO. That isn't always the best thing for the community.

    Another thing is that GGJ's definition of a virus has shifted. Other than self replicating, it used to include that it didn't need user authentication to install. Most of the new malware have found their way past the userauth problem.

    Don't get me wrong here, I have a lot of respect for GGJ's help and patience here on the board, but he's not a god either (none of us are) and while his links make for informative reads you should research and come up with your own conclusions also.

    Besides, the best virus is the one no one's found yet. Those are the ones that make you worry.
  22. WillEH macrumors 6502a


    Feb 8, 2011
    United Kingdom
    Yes, but if GGJ say's it's not a virus, then it's not! haven't you learned your place on this forum already?!?!? :rolleyes:
  23. GGJstudios macrumors Westmere


    May 16, 2008
    If you'll notice, that standard post indicates:
    1. Mac OS X is not immune to malware
    2. There has never been a Mac OS X virus in the wild
    3. There are trojans in the wild, but they can be avoided by user action.
    There's nothing at all misleading about that. I always recommend practicing safe computing.
    That's not true. A virus never needs user authentication or any other user action to install. Read the Mac Virus/Malware FAQ, which I constantly link to, for the accurate definition of a virus, trojan, etc.
    All of the recent malware is in the form of trojans. As I've said repeatedly, while many trojans ask for an admin password during the install process, many don't. Recent trojans don't even have a standard installation process, as prior trojans did. The prompt or lack of a prompt for an admin password has never been a trusted criteria for detecting malware in general.
    No, I'm not a god. I'm also not infallible. Not to mention the fact that the malware environment changes from time to time, so posts will change to reflect that.

    While I always welcome legitimate challenges to anything I post, my definitions of viruses and trojans has not changed.
    I'm not the one who defined what a virus is. I simply educate people who are misled into thinking that all malware is a virus. It isn't.

    A gun is a weapon. A knife is a weapon. A gun is not a knife. A knife is not a gun.
    A virus is malware. A trojan is malware. A virus is not a trojan. A trojan is not a virus.
  24. Ccrew macrumors 68020

    Feb 28, 2011
    GGJ, I don't have a personal issue with you and I hope it didn't come across as such. It certainly wasn't meant that way. Sometimes in this meduim it's difficult to express a point or do it in a conversational fashion where both parties understand where the other is.

    What I have an issue with is the fact that in some fashion I see what you do with your very narrow definition of a virus as counterproductive to some users computing safety. They come here and they think they have a virus, and state such, and they're met with "There's never been a virus on a Mac".

    Well, in a narrow definition that's true. But we're not here for a narrow definition. Most don't care that it's a virus, or a trojan, or something their dog dragged in from outside they just know that their computer is doing something stupid and they can't figure out what it is. They make the mistake of calling it a virus. Then they're sent packing. Look at r.j.s's answer above. Don't think that that doesn't come from constantly seeing here that there's no viruses on a Mac? I'm willing to bet half the responses like that, and I've even seen them from mods come from this kind of constant barrage.

    Now you can dissect this post all you want like you did the last, but if you do you're doing the same thing.. you're trying to break down a larger definition so you can attack it. That definition - the concept that in the big picture many users see viruses, malware, trojans, and the dog's spit all as the same thing. My point is that at the end of the day we're not doing them any favors. Not that what you're doing is bad, or you're a bad person, or any of that. Just that IMHO a lot of users get run off with advice that although not totally flawed, is incomplete because they mentioned the wrong keyword. And when they do question it? They're met by a barrage exactly as you suppled above. Not good for the thin skinned and not really good for the community.

    BTW, in my early days on this board I attacked your definition of a virus, and the "needs user auth" WAS one of your parameters. I remember well.

    Green is not blue, blue is not red, and red is not yellow, but dammit they're ALL colors.
  25. GGJstudios macrumors Westmere


    May 16, 2008
    No, it didn't come across that way, and I didn't take it as such.
    I wasn't "dissecting" or breaking down your post to attack it. I was simply responding to the various statements you made. It's simply clearer communication if I post a response after quoting the part of your post that I'm addressing. It's by no means intended as an attack.
    I agree that to simply say, "there are no Mac viruses" and leave it as such is counterproductive. That's why you'll find I go into much more detail, including links, to qualify and explain such a statement. I believe we have a responsibility to educate, inform and help those who come here with questions. Just because the uninformed masses calls any malware a virus doesn't mean we should perpetuate that misinformation when posting here. Yes, there are some who stubbornly refuse to acknowledge accurate malware definitions, but many come here really wanting to know facts. That's an opportunity for us to debunk myths and give them accurate information.
    If you can provide a link to a post where I've ever said that, I'll be delighted to correct it. I don't recall ever saying such a thing, but as I've said before, I'm not infallible.
    I agree! In the same way, viruses are not trojans, and trojans are not worms, and worms are not spyware, but dammit they're ALL malware! :D

Share This Page