Skip navigation

Java?

359 Views 11 Replies Latest reply: Apr 6, 2012 11:48 PM by laurence misterioso RSS
laurence misterioso Level 1 Level 1 (0 points)
Currently Being Moderated
Apr 6, 2012 9:26 PM

Macrumors (http://www.macrumors.com/) is reporting that there is a Trojan for Macs and has infiltrated Macbooks mainly in Canada. True/false?

 

If true, do the latest Java updates

1. eliminate  the penetration abiity of this virus?

2. take the virus out of the infected macbook?

 

Thanks

MacBook, Mac OS X (10.7.3)
  • Ferretbite Level 4 Level 4 (1,575 points)
    Currently Being Moderated
    Apr 6, 2012 9:37 PM (in response to laurence misterioso)

    It's true. And the updates are supposed to reinforce your Mac against his malware, though I'm not sure that they remove anything already installed.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 6, 2012 9:52 PM (in response to laurence misterioso)

    The update does not eliminate the trojan if you already infected.  It will eliminate the ability of the trojans that took advantage of the security holes from using those now closed holes in the future.  That doesn't mean you are safe.  The bad guys are going to constanly search for other ways to "get in".  Windows users have been dealing with this for years.

     

    If you are infected, removal depends on which strain of the trojan you were infect with.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 6, 2012 10:03 PM (in response to laurence misterioso)

    As I said above, removal depends on which flavor of trojan you get infected with.  Terminal is the easiest way to deal with this stuff.

     

    Here's what I am suggesting as a rudimentary test for some of the known strains of the flashback trojans.  Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:

     

    defaults read ~/.MacOSX/environment

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    ls -la ~/Library/LaunchAgents

    grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*

     

    For the two defaults command if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.

     

    The third command, ls, just lists the contents of your LaunchAgents, if any.  That's additional info to be used in conjunction with the last grep command.  If the grep shows any results then that too may indicate infection and again post its results.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 6, 2012 10:43 PM (in response to laurence misterioso)

    For command 4 grep I get:

    Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist:

     

    Really???

     

    I think you copy/pasted the output from the wrong line.  I do know that my grep will display a CleanMyMac hit because references /Users/YOURACCOUNT/.Trash.  Maybe I'll fix that but at any rate it looks ok.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 6, 2012 10:52 PM (in response to laurence misterioso)

    Better.  What I expected as I said in my previous post.

  • X423424X Level 6 Level 6 (14,190 points)
    Currently Being Moderated
    Apr 6, 2012 11:41 PM (in response to laurence misterioso)

    I don't see anything that indicates the infections.  The defaults didn't find anyting and there is nothing suspecious in the launchagents.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.