1 3 4 5 6 7 Previous Next 100 Replies Latest reply: Jun 26, 2013 4:29 PM by MadMacs0 Go to original post Branched to a new discussion.
  • 75. Re: Mac Malware/poisoned images
    thomas_r. Level 7 Level 7 (27,925 points)

    Moreover I'm not going to visit his blog anymore cause he has already showed his lack of respect to user's privacy posting details on this board

     

    I have already apologized and said that I only mentioned you were from Italy because I thought it explained what I had read as rudeness, and I didn't honestly think you would care.  I can't imagine anyone caring about people knowing what country they are from.  Are you ashamed of being from Italy?

     

    In any case, I'm tired of you trashing me and yet providing absolutely no information that is of any help to anyone.  You think you know so well how it should be done, but you are not doing it.  I'm done responding to you.  I've said what needs to be said, and I am helping people.  You're doing nothing but running your mouth.  From this point forward, say what you like about me... you won't get the response you're looking for.

  • 76. Re: Mac Malware/poisoned images
    R C-R Level 6 Level 6 (14,175 points)

    Regarding where a user is from, providing that info is very useful in a forum like this for a variety of reasons.

     

    For example, it helps other users understand that what seems to them odd grammar or awkward sentence structure may be due to a language barrier or that colloquialisms may mean something other than they seem.

     

    It is very useful info when a solution or useful suggestion might depend on where the user is located, for example when recommending who to contact for support or service, or how some menu item or other term might be labeled.

     

    It is purely optional but it is in every user's best interests to add at least a minimal amount of location info to their user profiles.

  • 77. Re: Mac Malware/poisoned images
    thomas_r. Level 7 Level 7 (27,925 points)

    I agree completely.  Plus, most people have at least some pride of country and are not afraid of saying where they're from.  But Rayced seems very sensitive about the fact that I said he's from Italy.  It's not like I posted his e-mail address here or sent him abusive messages privately (or any kind of private messages at all, for that matter).

  • 78. Re: Mac Malware/poisoned images
    Rayced Level 1 Level 1 (5 points)

    Cool, and I'm the one who speculate!

     

    I really needed a laugh. And you were trying to lever this point since you've first wrote about me being italian ("a small country or stuff like that").

     

    But surprisingly this thread is becoming what? A social or anthropological study about me? That's the way you "help people"?

     

    Why don't you just answer to the "meat" of my questions I've posted earlier?

     

    Curiously you are answering the only personal one which is also the least important of them. It is called manipulation what you are doing, and beside what you think it sounds the same in any language.

    Bye.

  • 79. Re: Mac Malware/poisoned images
    ronaldz Level 1 Level 1 (5 points)

    I agree you should not have to reinstall the OS. 

     

    There are good removal instructions on Bleeping.com - key words remove mac malware

     

    VIrus Barrier at the Apple Store is a good free product that should help with this issue...

     

    CNET had a  good article on 19 May 11 " How bad is Mac Malware Scare?" 

     

    "So long and thank for all the fish!"

  • 80. Re: Mac Malware/poisoned images
    individualfreedom Level 1 Level 1 (0 points)

    You really want to know how bad is all the malware scare?  I'm here to tell you it's REALLY TRUE AND REALLY BAD.  Do not expect any assistance from personnel at the Apple Store, or from technicians:  junior, senior or otherwise, at Apple Care and no discrimination as to the type of computer, the length of time owned or whether you've purchased any type of extra-added "Care" plan.  Regardless of how much proof you have, the number of times you contact them, the curve and escalation of your anger, nothing will change and nobody will resolve this distressing and illegal issue.

     

    YOU'VE BEEN HACKED BY ROOTKIT MALWARE.

     

    It's true, real, painful and almost impossible to get rid of yourself.

     

    I know.

     

    I've dealt with this issue for almost a year now.

     

    I'm on my second IMac....

     

    I've contacted a White Hat Hacker who was helpful and the one person who has actually done extensive research on this subject as it affects Macs and has written articles on the subject.  He lives in Holland and he has been very helpful also.

     

    The only way you, yourself can eradicate the problem is to do a complete 32-pass erase of your system and reload everything NEW AND FRESH after the erasure.  You cannot back stuff up and reload it; you'll only be regenerating the same problem.  And, best to reload all your programs from disks.

     

    At this stage, I trust nobody and nothing.

     

    Do I know who did this to me?

     

    Not for sure.  Is there any means by which to catch him or her? 

     

    Not really.  Does anybody care?  Unless they've stolen more than $10,000 in money or goods or they've engaged in some kind of kiddie ****, no, nobody cares.  The FBI will be more than happy to take a report on how I was "spied" on via the webcam, listened to via the microphone, how my Itunes were stolen and they will be extremely patient and empathic.  However, they'll do nothing. 

     

    They are more interested in catching those kids who hacked SONY.  There's actual big money at stake there, with me, not so much.

     

    So should you be "paranoid"  -- no.  Should you believe you're at RISK? 

     

    Unless you're Pinocchio the little wooden puppet waltzing down the road picking flowers, I'd believe you're at risk.

     

    Do you believe everything the government tells you?

     

    Well, then don't believe everything Mac says either.

     

    I know I don't.


  • 81. Re: Mac Malware/poisoned images
    thomas_r. Level 7 Level 7 (27,925 points)

    What on Earth are you ranting about?  That's an awfully long complaint to not even have bothered mentioning what malware you're talking about.  You didn't even describe any actual symptoms!  I suspect that you've misidentified some other problem as malware.

  • 82. Re: Mac Malware/poisoned images
    noondaywitch Level 6 Level 6 (8,130 points)

    Sounds like the seat to keyboard interface to me.

  • 83. Re: Mac Malware/poisoned images
    manosdelumbre Level 1 Level 1 (0 points)

    You guys in reply to that other dude is right on

  • 84. Re: Mac Malware/poisoned images
    Peter Bannon Level 6 Level 6 (10,080 points)

    I agree. What the heck was that all about?

  • 85. Re: Mac Malware/poisoned images
    manosdelumbre Level 1 Level 1 (0 points)

    I don't know enough to know ...ha,ha,ha,

  • 86. Re: Mac Malware/poisoned images
    individualfreedom Level 1 Level 1 (0 points)

    Well let's see...if you read the ORIGINAL POST (which actually refers to rootkit malware) blah blah blah, we then get to Mr. Reed's response which is, and he might wish to go back and check (as did I), "to erase by zeroing out."

    Right?

     

     

    And what I'm telling you is that will not do the trick.

     

    You need to do a FULL 32-pass erase if you want to get rid of what both you and I are referring to.

     

    Just writing 00000 over your files won't do jack to remove it.

     

    As for actual symptoms, I could show you an IO Reg log which mentions profiles for a "Mac Book Pro" numerous times...I've never owned one in my life and what the profiles for various versions of Mac Book have to do with Imac 10.6.8 make no sense.  Just another way to i.d. how Rootkit Malware makes an invasion.  In this case, shuts down the Airport and "removes" your airport card from your computer.  Not really, but really.

    Google it. 

     

     

    As for all that extraneous stuff about Italians and stuff, no worries.  I'm an equal opportunity rootkit malware remover person, and, unlike you guys, I don't judge anybody or what they've got to say.  I had no idea about any of this stuff and when I asked for help I felt like the people I'd been buying computers from since the 1970s (that'd be Apple/Mac) just hung me out to dry.  I would not like to see this happen to anybody.

     

    So, instead of standing around and feeling bad and helpless, I did everything I could to get other people to help me help myself.

     

    Plenty more is wrong with Mac/Apple since the advent of dual core processing and nobody at the Apple is going to admit it or assist customers who are currently calling and growing number who will be.

     

    I was just trying to be helpful.

     

    I didn't know this was a forum for insulting people you don't know.  I thought it was to try to inform people about things they might not be aware of because Apple really isn't forthcoming.

     

    As for "the seat to keyboard interface" being the problem...are you always so cavalier in the crappy glib comments you think it's okay to make to people you've never met, or is Saturday night when you take your stupid pills?

     

    Comments like that ain't okay.

     

    In another life, I'd have no problem using your raggedy *** for a footstool and charging you for the privilege.

  • 87. Re: Mac Malware/poisoned images
    MadMacs0 Level 4 Level 4 (3,725 points)

    OK, I'll give you the benefit of the doubt here and ask that you give us all some information so we can try and get a handle on this.  In the twenty odd years I've been a Mac user and malware troubleshooter, I have never heard of a Mac OS X RootKit.  With the Darwin underpinnings, anything is possible, so did you run the latest versions of  rkhunter or chkrootkit and did they find anything?  What AV software did you try and were they successful at finding anything.  Can you identify the names of any of the rootkit files involved?  Do you have any idea how they got there?

     

    I'm an active participant in the rkhunter, clamav and ClamXav user forums and would be more than happy to turn these communities loose on something like this, but without details we won't be able to help anybody else.

     

    And I'm sorry, the requirement to run a 32 pass erase to get it off your hard drive is way beyond anything I experienced as a Government IT security guy, back in the day.

  • 88. Re: Mac Malware/poisoned images
    thomas_r. Level 7 Level 7 (27,925 points)

    Well let's see...if you read the ORIGINAL POST (which actually refers to rootkit malware)

     

    Actually, I just searched the post you are talking about, and it does not say anything about a rootkit.  Someone else mentioned it, but I've done quite a bit of testing with the malware in question (MacDefender and its variants) and that idea doesn't hold water.

     

    we then get to Mr. Reed's response which is, and he might wish to go back and check (as did I), "to erase by zeroing out."

     

    I recommended no such thing, since it's ridiculous.  What I actually said was "even if reinstallation of the system was required, zeroing out the entire drive would serve no purpose whatsoever."

     

    Zeroing or even 32-pass secure erasing is pointless.  Malware cannot simply come back from an erased hard drive.  You're making claims that are not based in reality without any evidence whatsoever.

     

    As for actual symptoms, I could show you an IO Reg log which mentions profiles for a "Mac Book Pro" numerous times

     

    Do you know what ioreg is for?  Do you know what the information it provides means?  It is NORMAL to see references to other hardware in your output from "ioreg -l", if that's what you're looking at.

     

    None of the claims you're making are based in reality.

  • 89. Re: Mac Malware/poisoned images
    R C-R Level 6 Level 6 (14,175 points)

    MadMacs0 wrote:

    And I'm sorry, the requirement to run a 32 pass erase to get it off your hard drive is way beyond anything I experienced as a Government IT security guy, back in the day.

    It is way beyond the security recommendations of any competent security person, period.

     

    In fact, Disk Utility provides a 35, not 32, pass erase that complies with the Gutmann secure erase standard. But Gutmann himself says this will have no more effect on modern drives than a simple scrubbing with random data, & that it is most often treated "as a kind of voodoo incantation to banish evil spirits" by those lacking in technical expertise.

     

    Sadly, the parallels to what this latest contributor has posted are too obvious to ignore. There is no evidence whatsoever to support the idea that a multi-pass erase is any more effective against a malware infection than the usual techniques. Even a rootkit infection that subverts the OS can be removed by reinstalling the OS while booted from an uninfected source. You don't even need to erase the drive when doing this since the newly installed OS will simply ignore any remnants of the rootkit that remain on the drive.

     

    For something as weak as the MacDefender trojan variants, which simply try to trick users into sending credit card info to criminals, it is only necessary to remove the files it installs. For this malware erasing the drive or reinstalling the OS is the equivalent of a voodoo incantation, suggested by people that don't have the technical expertise to analyse how it works or what it does.

1 3 4 5 6 7 Previous Next