Skip navigation

Any risk having opened trojan ZIP on my MAC ?

2126 Views 5 Replies Latest reply: Mar 29, 2012 3:03 PM by MadMacs0 RSS
DocToby Calculating status...
Currently Being Moderated
Mar 29, 2012 10:52 AM

Hi community.

 

I hope, someone can help me:

 

Today I received an e-mail (seemed to be a booking conformation from booking.com) with an attached ZIP file, that unfortunately was opend by my wife. "Opened" means that she double-clicked on the file - for about a second the unpack-icon appeared in the dock and then disappeared.

 

Later I found in several forum threads, that these mails are known to include a trojan called Troj/Bredozp-ip.

 

I'm now wondering wether these kind of trojans can have any effect on my MAC ?

From all I know about viruses and trojans, I understood that MAC is rather safe, as long as I don't accept any installations with password etc.

 

I would be happy, if anyone (with a deeper knowledge on this topic than I have) could confirm that this is right.

Also I would be interested to know if there is ay chance to find out in OSX lion, whether my system is infected by a virus or trojan.

 

Thanks,

Tobias

iMac, Mac OS X (10.7)
  • Kappy Level 10 Level 10 (221,035 points)
    Currently Being Moderated
    Mar 29, 2012 10:55 AM (in response to DocToby)

    Trojan War

     

    If you discover a trojan program is running on your computer then look to the following information for assistance:

     

    1. A recent discussion on the Apple Support Communities: MacDefender Trojan.
    2. An excellent site devoted to Mac Malware: Macintosh Virus Guide
    3. Another site for removing MacDefende, et.al.: MAC Defender Rogue Anti-Virus analysis and Removal
    4. A new removal utility - MacDefenderKiller
    5. And to protect against a recent variant, MacGuard.
    6. How to Remove MacKeeper

     

     

    Before you delete anything, we need your help. Some AV folks in our community need to analyze these files in order to protect others. Before you delete anything please consider doing the following:   Upload either the original .zip file or the MacGuard application to http://www.VirusTotal.com.  If either is not detected by ClamXAV, then also upload it to http://cgi.clamav.net/sendvirus.cgi.   If you are uncomfortable doing this for any reason and can determine the URL of the site where you got it please send the link to macdefender@mailinator.com.

     

    Removing strange software can be a task.  The following outlines various ways of uninstalling software:

     

    Uninstalling Software: The Basics

     

    Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash.  Applications may create preference files that are stored in the /Home/Library/Preferences/ folder.  Although they do nothing once you delete the associated application, they do take up some disk space.  If you want you can look for them in the above location and delete them, too.

     

    Some applications may install an uninstaller program that can be used to remove the application.  In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.

     

    Some applications may install components in the /Home/Library/Applications Support/ folder.  You can also check there to see if the application has created a folder.  You can also delete the folder that's in the Applications Support folder.  Again, they don't do anything but take up disk space once the application is trashed.

     

    Some applications may install a Startup item or a Log In item.  Startup items are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder.  Log In Items are set in the Accounts preferences.  Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab.  Locate the item in the list for the application you want to remove and click on the Delete [-] button to delete it from the list.

     

    Some software use startup daemons or agents that are a new feature of the OS.  Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.

     

    If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term.  Unfortunately Spotlight will not look in certain folders by default.  You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead.  Download Easy Find at VersionTracker or MacUpdate.

     

    Some applications install a receipt in the /Library/Receipts/ folder.  Usually with the same name as the program or the developer.  The item generally has a ".pkg" extension.  Be sure you also delete this item as some programs use it to determine if it's already installed.

     

    There are many utilities that can uninstall applications.  Note that you must have this software installed before you install software you may need to uninstall.  Uninstallers won't work if you install them after the fact.  Here is a selection:

     

    • AppZapper
    • Automaton
    • Hazel
    • CleanApp
    • Yank
    • SuperPop
    • Uninstaller
    • Spring Cleaning

     

    Look for them and others at VersionTracker or MacUpdate.

     

    For more information visit The XLab FAQs and read the FAQs on removing software and dealing with spyware and malware.

     

    After removing all the components of the software you may have to restart the computer to fully disable the software.  This will be the case when removing software that has installed a daemon.  After the daemon has been removed you need to restart the computer to stop the daemon.  Alternatively, you can kill the daemon process using the Terminal application or Activity Monitor.

  • thomas_r. Level 7 Level 7 (26,960 points)
    Currently Being Moderated
    Mar 29, 2012 11:59 AM (in response to DocToby)

    The trojan you mentioned is not a Mac trojan.  I can't say whether that's actually the one you downloaded, but I've never yet heard of a Mac trojan being delivered that way, while it's extremely common for Windows malware to show up in e-mail messages.  No worries, you're fine.  Just delete it.

  • LysaM Calculating status...
    Currently Being Moderated
    Mar 29, 2012 2:24 PM (in response to DocToby)

    Can you email a copy of the file (or just forward the email itself) to sample@intego.com?

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Mar 29, 2012 3:03 PM (in response to LysaM)

    And upload it to http://VirusTotal.com then give us the URL To the report.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.