11 Replies Latest reply: Apr 6, 2012 11:48 PM by laurence misterioso
laurence misterioso Level 1 Level 1 (0 points)

Macrumors (http://www.macrumors.com/) is reporting that there is a Trojan for Macs and has infiltrated Macbooks mainly in Canada. True/false?

 

If true, do the latest Java updates

1. eliminate  the penetration abiity of this virus?

2. take the virus out of the infected macbook?

 

Thanks


MacBook, Mac OS X (10.7.3)
  • 1. Re: Java?
    Ferretbite Level 4 Level 4 (1,575 points)

    It's true. And the updates are supposed to reinforce your Mac against his malware, though I'm not sure that they remove anything already installed.

  • 2. Re: Java?
    X423424X Level 6 Level 6 (14,190 points)

    The update does not eliminate the trojan if you already infected.  It will eliminate the ability of the trojans that took advantage of the security holes from using those now closed holes in the future.  That doesn't mean you are safe.  The bad guys are going to constanly search for other ways to "get in".  Windows users have been dealing with this for years.

     

    If you are infected, removal depends on which strain of the trojan you were infect with.

  • 3. Re: Java?
    laurence misterioso Level 1 Level 1 (0 points)

    Thanks, any thoughts on how to remove anything already installed? The macrumors has programming means through Terminal, but but that stuff is too difficult for the likes of me.

  • 4. Re: Java?
    X423424X Level 6 Level 6 (14,190 points)

    As I said above, removal depends on which flavor of trojan you get infected with.  Terminal is the easiest way to deal with this stuff.

     

    Here's what I am suggesting as a rudimentary test for some of the known strains of the flashback trojans.  Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:

     

    defaults read ~/.MacOSX/environment

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    ls -la ~/Library/LaunchAgents

    grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*

     

    For the two defaults command if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.

     

    The third command, ls, just lists the contents of your LaunchAgents, if any.  That's additional info to be used in conjunction with the last grep command.  If the grep shows any results then that too may indicate infection and again post its results.

  • 5. Re: Java?
    laurence misterioso Level 1 Level 1 (0 points)

    for command 3, I get:

    "574 May  4  2011 com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist"

     

    "601 Apr 28  2011 com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109.plist"

     

    Nov 18 13:30 com.apple.FolderActions.enabled.plist

     

    Apr 28  2009 com.apple.SafariBookmarksSyncer.plist

     

    Jan  4  2010 com.macpaw.CleanMyMac.helperTool.plist

     

    Mar 29  2010 com.macpaw.CleanMyMac.volumeWatcher.plist

     

    May 11  2011 com.prosofteng.DGMonitor.plist

     

    For command 4 grep I get:

    Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist:

     

    Any thoughts?

     

    Thanks.

  • 6. Re: Java?
    X423424X Level 6 Level 6 (14,190 points)

    For command 4 grep I get:

    Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist:

     

    Really???

     

    I think you copy/pasted the output from the wrong line.  I do know that my grep will display a CleanMyMac hit because references /Users/YOURACCOUNT/.Trash.  Maybe I'll fix that but at any rate it looks ok.

  • 7. Re: Java?
    laurence misterioso Level 1 Level 1 (0 points)

    I ran it again:

     

    grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*

     

    /Users/..../Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist:                     <string>/Users/...../.Trash</string>

     

    Mean anything to you?

     

    Thanks again.

  • 8. Re: Java?
    X423424X Level 6 Level 6 (14,190 points)

    Better.  What I expected as I said in my previous post.

  • 9. Re: Java?
    laurence misterioso Level 1 Level 1 (0 points)

    Thanks. Just for clarity, based on what I provided, am I clean or infected? Struggling with the issue. Thanks again.

  • 10. Re: Java?
    X423424X Level 6 Level 6 (14,190 points)

    I don't see anything that indicates the infections.  The defaults didn't find anyting and there is nothing suspecious in the launchagents.

  • 11. Re: Java?
    laurence misterioso Level 1 Level 1 (0 points)

    Many thanks for spending tme on this. Salute!