viruses?? malware?

Discussion in 'MacBook Pro' started by kingdummkopf, Jun 8, 2012.

  1. kingdummkopf macrumors member

    Joined:
    Jun 8, 2012
    #1
    hello.

    i recently purchaed a macbook pro. i think it's great. however, my brother also just bought an ipad and uses my macbook pro to put music and books on.

    i just went over to him and noticed him downloading ebooks and mp3 files from dodgy looking sites. he had downloaded rar files and things. the history showde that he had been on lots of bad sites like file hosting sites.

    these were some of the sites;

    Code:
    xbookshelf.wordpress.com
    bvocopyjj.blog.com
    www.nzb-magic.com/
    warezebookonline.blogspot.com
    ebookee.org
    usenet.nl
    bitsnoop.com
    www.gigaflat.com
    alternative007.proboards.com
    www.ipadibookdownloads.com
    wupload.com
    fileserver.com
    oron.com
    multiupload.co.uk
    depositfiles.com
    they were some of the sites i found in my histroy. there were also many pop ups all over my mac.

    i have now banned him from my computer. i have cleared all of my private data on safari, and scanned all the files he had downloaded with my anti-virus - virus barrier x6. they cone back okay, but i have deleted them anyway. i have also performed a full virus scan of my mac and it has come back clean.

    is my mac clean then? how about my personal files on my computer? i have important sensitive data on here. is that safe and clean? are those websites known for giving out viruses or malware? or would my anti virus protect my files and computer and keep it all clean?

    THANK YOU SO MUCH
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    LOL! :D And here it is!
    Once you give someone access to your computer, all bets are off, as they could install malware or keyloggers. A clean install would ensure it's all cleaned up.

    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.
    1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall

    2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General

    3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)

    4. Change your DNS servers to OpenDNS servers by reading this.

    5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.

    6. Never let someone else have access to install anything on your Mac.

    7. Don't open files that you receive from unknown or untrusted sources.

    8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.

    9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.
    That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. You don't need any 3rd party software to keep your Mac secure.
     
  3. kingdummkopf thread starter macrumors member

    Joined:
    Jun 8, 2012
    #4
    there was also, in the history, mention of a website called 4shared. whatever that is?

    do i need a clean install then?? he swears all he did was go on those sites, download zips, rar's, mp3's, epubs and mobi's. he said there were popups that took him to different sites, but he closed them.

    i really don't know what to do :(

    i'm so worried.
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    It sounds like either a file sharing site or a porn site. If your brother didn't install anything, you're probably fine. Clear your browser's cache and cookies and make sure you have an ad blocker to deal with pop ups. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?
     
  5. GimmeSlack12 macrumors 603

    GimmeSlack12

    Joined:
    Apr 29, 2005
    Location:
    San Francisco
    #6
    You have nothing to worry about. You really really really really have nothing to worry about.
    Honestly, seriously, as straight forward as I can say this. You. have. nothing. to. worry. about.

    I've used a Mac's since 1990 and have gone through every sort of virus or malware scare imaginable and zero of them were ever worth sweating because there was nothing wrong. Yes, today there is one Java trojan out there that caused a little bit of a stir in the Mac community but that has been resolved by Apple and there are tools available to detect and solve that issue. You are fine.
     
  6. kingdummkopf thread starter macrumors member

    Joined:
    Jun 8, 2012
    #7
    okay, so i've found out 4shared is a file hosting site. he downloaded stuff from there, which i scanned with the anti-virus i apparently don't need, and have paid a subscription for (lol)... and they said they were virus free.

    i did find these two programs installed.

    http://www.bestshareware.net/software/abc-epub-drm-removal-for-mac.htm
    http://www.ebook-converter.com/epub-drm-removal.htm

    i'm presuming they're safe. either way, i deleted them from my applications folder.

    so you think my mac is okay? i don't need a clean install?

    thanks for all the help by the way, i didn't want my new beautiful machine ruined already.

    @GimmeSlack12, sorry, posted before i saw your reply. okay sweet. thanks! i'm so glad i finally swicthed over to os x. after both of your replies i just feel safe on it, lol.
     
  7. pragmatous macrumors 65816

    Joined:
    May 23, 2012
    #8
    Never underestimate the might of the hacking community.

    Flashback by definition of a virus was a virus. It downloaded itself, ran, and installed malware that gave hackers access to your computer. That's a virus.

     
  8. heisenberg123 macrumors 603

    heisenberg123

    Joined:
    Oct 31, 2010
    Location:
    Hamilton, Ontario
    #9
    No it was not a virus, virus' don't say "hello I want to install on you system may I have your admin password please"
     
  9. DVD9 macrumors 6502a

    Joined:
    Feb 18, 2010
    #10

    WTF?

    Where did he find those sites? Where's the Pirate Bay? You need to educate him as to where to find the good stuff.
     
  10. kingdummkopf, Jun 8, 2012
    Last edited: Jun 8, 2012

    kingdummkopf thread starter macrumors member

    Joined:
    Jun 8, 2012
    #11
    haha. i don't particularly download stuff.

    i did find a couple of these folders downloaded though, "NoRecords.HTM". i asked him what they were, and he said when he was this site;

    Code:
    http://esspc-ebooks.com/
    and he searched for something, these htm files downloaded themselves. i again scanned them (force of habit) and deleted them.

    along with that, he tried to access an ftp site.

    Code:
    ftp://194.44.214.3/pub/e-books/
    .

    he said once it came up with my mac username, he cancelled it. i don't have my mac passworded you see, because we kind of share it. could the ftp have accessed my mac?

    anyone know what they are? and why they would download automatically? well.. at least that's what he says.

    sorry for all the questions, just want to make sure my mac is good in future.
     
  11. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    No, that's not the definition of a virus, and Flashback wasn't one. It was a trojan. Read the FAQ I posted earlier to learn accurate definitions of malware types.
     
  12. kingdummkopf, Jun 8, 2012
    Last edited by a moderator: Jun 10, 2012

    kingdummkopf thread starter macrumors member

    Joined:
    Jun 8, 2012
    #13
    ... again. sorry about all these questions. i just don't really understand much about this.

    so he showed me what he did with the ftp password thing. i got a screenshot for you.

    [​IMG]

    now does that mean, you needed the login details of the ftp to get in? my username appeared in the window you see, and am scared in case, because i don't have a password, that if he had entered the ftp site then someone might have access to my computer.

    but that might be wrong. i don't know? if my username was entered and he pressed 'ok' will that have allowed people to access my computer??

    argh. i'm confused.
     
  13. pragmatous macrumors 65816

    Joined:
    May 23, 2012
    #14
    In the perfect world you would be right but unfortunately working in IT it is not. Computers are messy 1's and 0's and nothing is ever strait forward.

    You are right but yet wrong. An ambiguity that is the IT world.

    It's actually a combination but for the sake of simplicity and explaining to the user that it's better to be cautious than assume you're safe. The word virus scares people more than trojan. Trojan is a condom. A virus hurts people so it's more scary. This is why "virus" is used and not trojan or malware. Have any idea how many questions I get when I say it's malware? When I say it's a virus the user understands. It's about speaking a language the user can relate with. Basic communication with the user is IT 101. Please learn it.

    Never ever assume you're safe. You should still use common sense and be cautious regardless what it is you're using. It's best to learn and understand that than play ignorance and assume safety.

     
  14. pragmatous, Jun 8, 2012
    Last edited: Jun 8, 2012

    pragmatous macrumors 65816

    Joined:
    May 23, 2012
    #15
    So what I tell users all the time is malware/viruses/trojan etc etc are usually getting to you by email or an ad on a website. You can protect yourself by not going to ads or staying away from those websites with a lot of ads. If you don't know what the email is don't open it. Never open an attachment from an email that didn't come from someone you know. Don't go to websites with a lot of ads. Don't use applications that have ads in them. Always click the 'x" or I guess in your case the red button if you don't know what it is.

    In regards to your ftp site:

    Pinging Ka9q.UAR.Net [194.44.214.3] with 32 bytes of data:
    Reply from 194.44.214.3: bytes=32 time=127ms TTL=56
    Reply from 194.44.214.3: bytes=32 time=127ms TTL=56
    Reply from 194.44.214.3: bytes=32 time=127ms TTL=56
    Reply from 194.44.214.3: bytes=32 time=126ms TTL=56

    Ping statistics for 194.44.214.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 126ms, Maximum = 127ms, Average = 126ms

    C:\Users\>tracert 194.44.214.3
    13 104 ms 106 ms 106 ms ae-2-70.edge3.Frankfurt1.Level3.net [4.69.154.71
    ]
    14 129 ms 128 ms 128 ms dialup-212.162.19.58.frankfurt1.mik.net [212.162
    .19.58]
    15 127 ms 127 ms 127 ms Ka9q.UAR.Net [194.44.214.3]

    Trace complete.

    So here you can kinda see where that site is. http://whatismyipaddress.com/ip/194.44.214.3

    It gives you a geological map of where that IP is within 50 miles. You will notice that it is in the Ukraine. I would say that is concerning and unless you know exactly what it is you're doing with that FTP site I would recommend not using it.

    http://www.ip-adress.com/ip_tracer/ka9q.uar.net - Here's another tool I like to use and here you can see it says the same thing.

    I did some digging around and it looks like a hosting site that stores files, music, movies, applications - I'm guessing illegally.

     
  15. Mak47 macrumors 6502a

    Joined:
    Mar 27, 2011
    Location:
    Harrisburg, PA
    #16
    First, stop freaking out. You're probably perfectly fine. Power off your computer and don't touch it for a little bit. That isn't technical info, it's just to help you look at things calmly.

    When you turn it on, go through your files and applications and delete anything that isn't yours. Also delete your anti-virus program and cancel the subscription. It has nothing positive to offer you.

    Once the unwanted stuff is deleted, it's gone. Simple as that. If you are really worried or are unsure of how to do this, make an appointment at the Genius Bar and ask for help.

    The last thing you want to do is get all panicked and start picking apart your Mac. You'll drive yourself crazy and may end up fixing something that wasn't broken.
     
  16. kingdummkopf thread starter macrumors member

    Joined:
    Jun 8, 2012
    #17
    okay, so i'll probably avoid ftps in future. as i said, it wasn't me using it, but for future reference, i'll keep my bro away from doing anything not above board.

    so the dialog box thing that appeared asking for a username and password... was it trying to access my mac, or was it asking for the username and password for the ftp site and my details just appeared? what concerns me is i don't use a password, so if it was trying to access my mac, then it would only need my username that was already inputted.

    then again i don't really know am talking about lol.

    yeah i feel a bit better now after having my computer turned off going to bed. i was just very worried because i have my whole life saved on this computer and the thought of someone accessing it terrified me.
     
  17. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #18
    The definitions for various malware types are accurate, even in an imperfect world, and even if some people are unaware of those definitions. Flashback is a trojan. It does not replicate itself, which is one of the two primary characteristics of a virus. The Flashback trojan is completely avoidable by prudent user action. That is not true for viruses.
    There's nothing "messy" about 1s and 0s, and everything is very strait forward, even if the user may not understand why things work the way they do. Computers do exactly what programming tells them to do, even if it's something the user doesn't want or expect or understand.
    It's not a combination. If it doesn't meet the two basic requirements, it's not a virus.

    As for being cautious, go back and read my first post in this thread. Nothing about it suggests that you shouldn't be cautious. Practicing safe computing assumes that you're not inherently safe and that you need to take steps to protect your computer from malware. I've listed those steps in that post.
    That's not why those terms are used. It has nothing to do with "scary" or condoms. If you don't know why those terms are used, you could benefit from some additional learning.
    No, it's about benefitting the user by informing them of the facts. Educating them about facts is a much better way to serve them, rather than simply conforming to the user's uninformed thinking and language.
    Again, re-read that first post. There is nothing in it that suggests playing ignorant and assuming safety. It does recommend the common sense and cautious approach of practicing safe computing and gives specific steps for doing so.
    Ads, while annoying, are not inherently dangerous. Just because a website has many ads does not indicate the presence or likelihood of malware. Also, there are many other vectors through which malware can be introduced to a computer, beyond emails or ads. If you want to help users, I recommend you spend some time gaining an understanding of malware as it relates to Macs, so you'll stop giving them misinformation. Reading the 3rd post in this thread, along with the FAQ that's linked there is a good way to start.
     
  18. Southernboyj macrumors 68000

    Southernboyj

    Joined:
    Mar 8, 2012
    Location:
    Mobile, AL
    #19
    LOL!!! :D

    So true!
     
  19. jlc1978 macrumors 68000

    jlc1978

    Joined:
    Aug 14, 2009
    #20
    I disagree with you're definition of a virus - specifically with how you differentiate between the spread of a trojan and virus. A virus can spread pretending to be an email attachment and require intervention to execute; it can also act as a trojan horse by pretending to be a useful attachment while carrying a payload designed to compromise a system.

    So if a piece of malware spreads via email and appears to be something of interest so you click on it, but installs a backdoor without your knowledge, is it a virus or is it a trojan? Arguments could be made for either scenario.

    In fact, a self replicating virus that requires no user interaction would probably fall under the worm category.

    Of course, in the end the semantics differences don't matter as one term becomes the popular usage; witness what happened to hacker. Once a term is broadly accepted trying to parse differences is like pushing rope uphill.
     
  20. pragmatous macrumors 65816

    Joined:
    May 23, 2012
    #21
    You don't have to stop using all FTP sites. Just that FTP site is concerning. That site is a hosting site you go there to "login" to download movies, music, porn ... Injecting viruses into files isn't hard to do tho. My point is it looks like an untrusted source and you have no idea what they are doing to those files they are hosting.

    It's not trying to access your mac. It doesn't particularly work that way. Basically just be cautious and don't assume safety. Your anti-virus that you paid for is fine still use it.

    Here's a free one tho that you can use.
    http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

    You can't say macs don't get viruses because they clearly do. It's 1's and 0's - All software can get a virus. Don't assume safety instead be proactive and be safe.

     
  21. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #22
    It's not my definition. It's the industry's definition, and it's accurate, whether you agree with it or not. Viruses do not require user action to install or replicate. A trojan cannot self-replicate, whether it requires user action to install or not. There has never been a Mac OS X virus in the wild. There have been trojans, of which Flashback is one.
    Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here and here.
    Name one. I have never said Macs can't get viruses. They don't get them because no Mac OS X virus exists in the wild.
     
  22. pragmatous macrumors 65816

    Joined:
    May 23, 2012
    #23
    I know for a fact that malware and viruses come from websites and ads. :)



    ----------

    You can read books all day long but in the actual industry it's a different ball game.

     
  23. heisenberg123 macrumors 603

    heisenberg123

    Joined:
    Oct 31, 2010
    Location:
    Hamilton, Ontario
    #24
    so you call it something it isn't to make it easier for non-computer literate people can understand?
     
  24. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #25
    I didn't say otherwise. I said that just because a site has ads doesn't mean it's likely to have malware. I also said there are many other ways of encountering malware other than emails or ads on websites.
    Having spent over 40 years in the industry, I'm quite aware of the nature of that "ball game", and who said anything about reading books? Those malware definitions are from industry security firms and anyone who is informed will acknowledge the accuracy of those definitions. Only those who are not informed will disagree.
     

Share This Page