piyush1180

Q: found my mack to be infected by Fujack work - malware - any suggestions how to remove it ?

My mac connects to the net via a fire wall.

 

Recently the firewall is blocking a outgoing connection from my mac.

 

Wire wall Report shows : Fujack worm blocked.

 

On researching on the web : found it to be malware  - thunderstrike 2

 

No solutions currently listed by Apple on removing this.

 

Mac support - suggested - Malware bytes - tried - did not work.

 

Appriciate if any of the Apple / OS X experts around the world could help.

iMac (21.5-inch, Late 2013), OS X El Capitan (10.11.6)

Posted on Aug 8, 2016 12:37 AM

Close

Q: found my mack to be infected by Fujack work - malware - any suggestions how to remove it ?

  • All replies
  • Helpful answers

  • by dialabrain,Helpful

    dialabrain dialabrain Aug 8, 2016 3:23 AM in response to piyush1180
    Level 5 (6,178 points)
    Mac App Store
    Aug 8, 2016 3:23 AM in response to piyush1180

    FWIW, the "Fujack worm" only infects Windows. Thunderstrike 2 never exited "in the wild". It was a proof of concept which was patched by Apple in case one ever existed. They are two different things. You need to do more research.

  • by piyush1180,

    piyush1180 piyush1180 Aug 8, 2016 3:35 AM in response to piyush1180
    Level 1 (4 points)
    Desktops
    Aug 8, 2016 3:35 AM in response to piyush1180

    Well noted, thank you.

     

    Fujack was found on other PCs in my network and my Mac is doing the exact same thing - trying to export info to a google doc file - not created / authorised by me.

     

    i.e. :

     

    docs.google.com/uc?export=download&id=0B_9-nB1GMlQPYlcy ZEJndDVOX1E&revid=0B_9-nB1GMlQPZEhRK3JOWXZDczJRWWE2NWow T0YyMitMS0hNPQ


     

    Website is infected with Blk/Domain.13030057

     

     

     

    Please advice how to fix this or remove the malware.

     

    Tried Malware bytes recommend by Apple support, does not detect.

  • by dialabrain,Helpful

    dialabrain dialabrain Aug 8, 2016 4:05 AM in response to piyush1180
    Level 5 (6,178 points)
    Mac App Store
    Aug 8, 2016 4:05 AM in response to piyush1180

    piyush1180 wrote:

     

    Website is infected with Blk/Domain.13030057

    I really can't tell you any more because it's beyond my knowledge base. The line above seems to indicate a website you are trying to reach is infected, not your Mac. One thing that could be happening is you have an anti-virus program installed on your Mac and it's giving you a false positive warning. Running anti-virus programs on Macs is a bad idea. If you have one installed, I would uninstall it.

  • by piyush1180,

    piyush1180 piyush1180 Aug 8, 2016 4:07 AM in response to dialabrain
    Level 1 (4 points)
    Desktops
    Aug 8, 2016 4:07 AM in response to dialabrain

    Well noted,

     

    No anti virus installed.

     

    This is a worm which tries to export data to a remote domain in this case a google doc file.

     

    The firewall in my network is blocking the connection.

     

    If I switch off the firewall, warning goes, because the worm is able to connect to the concerned domain.

     

    We have found Fujack in 6 PCs in our network and it was trying to connect to same domain.

     

    I am confident, there's a malware, spyware in my Mac.

  • by dialabrain,

    dialabrain dialabrain Aug 8, 2016 4:19 AM in response to piyush1180
    Level 5 (6,178 points)
    Mac App Store
    Aug 8, 2016 4:19 AM in response to piyush1180

    You can install EtreCheck and post the results.

    http://etrecheck.com/

     

    Perhaps someone else will have an idea.

  • by piyush1180,

    piyush1180 piyush1180 Aug 8, 2016 4:33 AM in response to dialabrain
    Level 1 (4 points)
    Desktops
    Aug 8, 2016 4:33 AM in response to dialabrain

    Hi,

    here's the report:

    EtreCheck version: 2.9.13 (267)

    Report generated 2016-08-08 16:59:16

    Download EtreCheck from https://etrecheck.com

    Runtime 4:31

    Performance: Good

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

     

    Problem: No problem - just checking

     

    Hardware Information:

        iMac (21.5-inch, Late 2013)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        iMac - model: iMac14,1

        1 2.7 GHz Intel Core i5 CPU: 4-core

        8 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                4 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                4 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en1: 802.11 a/b/g/n/ac

     

    Video Information:

        Intel Iris Pro

            iMac 1920 x 1080

     

    System Software:

        OS X El Capitan 10.11.6 (15G31) - Time since boot: about 7 hours

     

    Disk Information:

        APPLE HDD ST1000LM024 disk0 : (1 TB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

            Macintosh HD (disk1) / : 998.97 GB (892.12 GB free)

                Encrypted AES-XTS Unlocked

                Core Storage: disk0s2 999.35 GB Online

     

    USB Information:

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

        Apple Inc. FaceTime HD Camera (Built-in)

        Plantronics Plantronics BT300

        Western Digital  External HDD     250.06 GB

            EFI (disk2s1) <not mounted> : 210 MB

            Time Machine Backups (disk2s2) /Volumes/Time Machine Backups : 249.72 GB (3.64 GB free)

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Kernel Extensions:

            /Library/Application Support/Hotspot Shield

        [not loaded]    com.anchorfree.tun (1.1.1 - SDK 10.8 - 2016-07-27) [Support]

     

            /Library/Application Support/WDSmartWare

        [not loaded]    com.wdc.driver.1394HP (1.0.7 - 2015-10-19) [Support]

        [not loaded]    com.wdc.driver.USBHP (1.0.6 - 2015-10-19) [Support]

     

            /System/Library/Extensions

        [loaded]    com.actionsmicro.ezsound (1.0 - SDK 10.9 - 2016-08-04) [Support]

        [loaded]    com.howard.framebuffer (1.0.0.44 - SDK 10.10 - 2016-08-04) [Support]

        [not loaded]    com.plantronics.driver.PlantronicsDriverShield (4.3 - SDK 10.8 - 2016-08-04) [Support]

        [loaded]    com.yourcompany.driver.usbscsistor (1.0.0.43 - SDK 10.10 - 2016-08-04) [Support]

     

    System Launch Agents:

        [not loaded]    8 Apple tasks

        [loaded]    148 Apple tasks

        [running]    82 Apple tasks

     

    System Launch Daemons:

        [not loaded]    46 Apple tasks

        [loaded]    147 Apple tasks

        [running]    98 Apple tasks

     

    Launch Agents:

        [failed]    com.adobe.ARMDCHelper.cc24aef4a1b90ed56a...plist (2016-07-14) [Support]

        [loaded]    com.oracle.java.Java-Updater.plist (2013-11-25) [Support]

        [loaded]    com.plantronics.Spokes.plist (2014-11-25) [Support]

        [loaded]    org.macosforge.xquartz.startx.plist (2013-11-11) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.ARMDC.Communicator.plist (2016-07-14) [Support]

        [loaded]    com.adobe.ARMDC.SMJobBlessHelper.plist (2016-07-14) [Support]

        [loaded]    com.adobe.fpsaud.plist (2016-06-29) [Support]

        [loaded]    com.anchorfree.ajaxserver.plist (2016-02-20) [Support]

        [loaded]    com.malwarebytes.HelperTool.plist (2016-06-30) [Support]

        [loaded]    com.oracle.java.Helper-Tool.plist (2013-11-25) [Support]

        [loaded]    com.oracle.java.JavaUpdateHelper.plist (2015-04-21) [Support]

        [loaded]    com.westerndigital.WD-SmartWare-Installer.plist (2014-11-05) [Support]

        [loaded]    org.macosforge.xquartz.privileged_startx.plist (2013-11-11) [Support]

     

    User Launch Agents:

        [failed]    com.adobe.ARM.[...].plist (2013-11-26) [Support]

     

     

    Other Apps:

        [running]    com.anchorfree.hss-mac.hsshelper

        [running]    com.skype.skype.51872

        [running]    org.mozilla.firefox.75232

        [loaded]    395 Apple tasks

        [running]    221 Apple tasks

     

    Internet Plug-ins:

        FlashPlayer-10.6: 22.0.0.209 - SDK 10.9 (2016-07-27) [Support]

        QuickTime Plugin: 7.7.3 (2016-07-23)

        AdobePDFViewerNPAPI: 15.017.20053 - SDK 10.11 (2016-08-04) [Support]

        AdobePDFViewer: 15.017.20053 - SDK 10.11 (2016-08-04) [Support]

        Flash Player: 22.0.0.209 - SDK 10.9 (2016-07-27) [Support]

        Default Browser: 601 - SDK 10.11 (2016-07-23)

        WebVideoPlugin: 3.0.4.14 - SDK 10.7 (2014-02-17) [Support]

        JavaAppletPlugin: Java 8 Update 45 (2015-04-21) Check version

     

    Safari Extensions:

        Blur - Abine, the online privacy company. - https://www.abine.com (2016-07-22)

        TrafficLight - Bitdefender SRL - http://trafficlight.bitdefender.com/ (2016-07-05)

        Adblock Plus - Eyeo GmbH - https://adblockplus.org/ (2016-07-22)

        WOT - WOT Services Ltd - http://www.mywot.com/ (2016-06-29)

     

    3rd Party Preference Panes:

        Flash Player (2016-06-29) [Support]

        Java (2015-04-21) [Support]

     

    Time Machine:

        Skip System Files: NO

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 998.97 GB Disk used: 106.86 GB

        Destinations:

            Time Machine Backups [Local]

            Total size: 249.72 GB

            Total number of backups: 65

            Oldest backup: 27/10/14, 12:49 PM

            Last backup: 08/08/16, 3:49 PM

            Size of backup disk: Too small

                Backup size 249.72 GB < (Disk used 106.86 GB X 3)

     

    Top Processes by CPU:

             6%    firefox

             5%    backupd

             5%    kernel_task

             2%    mdworker32

             1%    WindowServer

     

    Top Processes by Memory:

        827 MB    firefox

        801 MB    kernel_task

        614 MB    Numbers

        492 MB    iPhoto

        459 MB    Safari

     

    Virtual Memory Information:

        96 MB    Free RAM

        7.90 GB    Used RAM (1.54 GB Cached)

        0 B    Swap Used

     

    Diagnostics Information:

        Aug 8, 2016, 08:56:14 AM    Self test - passed

     

    Any conclusions ?