4 Replies Latest reply: Feb 20, 2008 11:51 AM by LPSD
LPSD Level 1 (0 points)
I need some help with virus on my Imac G5 (it runs OSX, use safari with pop up blocked). Surfing on the net I clicked on some music site (the wrong one obviously) and suddenly my Imac went idle. The only thing it now allows to do is to change file names, and I can only can give it a forced shutdown.

As I connected my Ibook to the Imac network, I immediately got a warning (OSX warning) for unauthorised processes that were initiated. Going through this log, it showed that the Imac (not the Ibook) was seeking connection to paysites and scanning the drive for passwords. Since then I have disconnected the Imac, or actually I have shut it down since.

I can connect to any file on the Imac via my Ibook (when it is connected), but I cannot find the root of this unfortunate events taking place. I have scanned the internet for help, but I just do not know what to do anymore. Does anyone have suggestions on how I can get my Imac back to life again?


Imac G5, Ibook G4, Macbook Intel, Mac OS X (10.5.2)
  • sanhodo Level 1 (15 points)
    Do you remember which site you clicked on? It would help the rest of us to know which site to stay away from.
  • Klaus1 Level 8 (47,775 points)
    Just on the off chance that you really were infected:

    From MacWorld, January 10, 2008:

    SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:


    The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X. Called DNSChanger Trojan and also known as OSX.RSPlug.A Trojan Horse the software attacks users attempting to play a fake video file.

    Upon attempting to play the video, the victim receives the following message:

    “Quicktime Player is unable to play movie file.
Please click here to download new version of codec.”
    Upon running the installer, the user's DNS records are modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's DNS records stay modified on a minute-by-minute basis.

    SecureMac's DNSChanger Removal Tool allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
  • LPSD Level 1 (0 points)

    I will try this tonight, and see how I can run this from the Ibook on the Imac since the latter is completely idle. Will let you know

  • LPSD Level 1 (0 points)
    Unfortunately I do not know which site it was. I was just googling to find a song from a long time ago, but clicked on a site and bang. I tried to run the DNS changer removal tool, but no result.

    I started the Imac, connected via the Ibook to its drive, copied the file, and then run it. But it only runs on the Ibook (I cannot get it to scan any directory on the Imac). I also tried to get to it on the Imac, but as explained earlier (I can move the pointer over the screen) it does not respond and only allows me to change the file name.

    I can move around with the control keys but each file or directory I connect to has a black box around it, then I can click on it (or enter) and the only thing that is possible is the file name change.