indiannaT

Q: My mac has a virus! Help!

Hi guys! Im in need of some help!

 

I've got a virus - malware I'm pretty sure.

I got it from downloading a torrent from a site i dont normally visit. (stupid i know).

I know this because as soon as I downloaded it, i got the 'are you sure you want to open this' warning (which i never get from torrents) so i clicked 'no', but as right afterward a new wi-fi option popped up on my menu called FreeHat (I'm in an area with only my wi-fi), and when i switch tabs in safari my screen goes pixilated for a second or two. Up until now my mac was working great, no problems. My wi fi icon has also changed places ( moved a few to the left of where it normally sits).

I've since deleted anything I can find related to the file, but I'm obviously missing something. I had a look through activity monitor but I dont have enough experience to tell whats supposed to be there or not.

Ive cleared by browser history, and my recycle bin. I'm in the middle of scanning with ClamXav but i want this thing gone before it does more damage! my mac is already visibly slower!

Should i stay away from logging in to anything in safari in the meantime? Clear my cookies? reset all my passwords?

Will this this log keystrokes?

I was thinking of doing a complete system overhaul to be safe, but my time machine is having issues, so i haven't backed up in over a year (I'm terrible i know….)

 

Im using a  15Inch early 2011 Mac Pro running Lion 10.7.5

If anyone knows how to help i would REALLY appreciate it!

I can post activity monitor shots, or scan results or whatever helps. thank you!!

MacBook Pro (15-inch Early 2011), Mac OS X (10.7.5)

Posted on Nov 20, 2014 11:25 PM

Close

Q: My mac has a virus! Help!

  • All replies
  • Helpful answers

  • by Kurt Lang,

    Kurt Lang Kurt Lang Nov 21, 2014 8:19 AM in response to indiannaT
    Level 8 (37,706 points)
    Nov 21, 2014 8:19 AM in response to indiannaT

    Torrents for a while now have been the number one way simpler crooks and large, organized crime syndicates have been infecting Macs, as Trojans stuffed into installers of illegal copies of software has proven to be the easiest way to do it.

     

    Since there's no way to know what was installed, or possibly any way to even know how to remove it, your best and safest move would be to erase the drive, reinstall the OS, and then only your legally purchased software.

     

    Before doing that, copy personal files such as your email data, other documents and pictures to an external drive (hard drive or flash) so you can copy those back. Do not restore anything else.

  • by 5thwind,

    5thwind 5thwind Sep 11, 2016 4:52 PM in response to Kurt Lang
    Level 1 (4 points)
    Sep 11, 2016 4:52 PM in response to Kurt Lang

    Torjans 1.pngTrojans 2.pngTrojans 3.pngI erased the drive and reinstalled the osx and its still there!

    This is the third time I tried erasing these file and when i delete them they come right back. These file are not not in my backups , but when i reinstall the backs theses file come right back.

  • by Meg St._Clair,

    Meg St._Clair Meg St._Clair Sep 11, 2016 5:01 PM in response to 5thwind
    Level 9 (58,429 points)
    iPhone
    Sep 11, 2016 5:01 PM in response to 5thwind

    Rather than adding on to a thread that has been dormant for almost two years, you'd probably be better served by starting your own thread. Explain the problem from the beginning. Describe what problems you observed and outline what steps you've taken so far.

  • by 5thwind,

    5thwind 5thwind Sep 11, 2016 5:01 PM in response to 5thwind
    Level 1 (4 points)
    Sep 11, 2016 5:01 PM in response to 5thwind

    I erased the Harddrive and reinstalled the osx and its still there!

    This is the third time I tried erasing these files below and when i delete them they come right back. These filesTorjans 1.pngTrojans 2.pngTrojans 3.png are not not in my backups , but when i reinstall the backs theses file come right back.

  • by Kurt Lang,

    Kurt Lang Kurt Lang Sep 11, 2016 5:09 PM in response to 5thwind
    Level 8 (37,706 points)
    Sep 11, 2016 5:09 PM in response to 5thwind

    If you don't know what it is you're looking for, you shouldn't be playing around in the normally hidden areas of the OS. Consider yourself lucky you haven't removed something critical. Or you possibly already have. Then you get to install the OS again.

     

    sleepimage is just what it say. It's an image of the computer's state when you put it in sleep mode. This file is read back when you wake the machine to reset it to where it left off.

     

    That zz folder is just one of dozen or so named that way with all kinds of cryptically named files and folders in them. All normal cache data you shouldn't be even be paying attention to.