Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: ParagJ_11
ParagJ_11 Author
User level: Level 1
62 points

Do I have a virus or malware, spyware ?

Hi,

Bit worried right now..two things that i observed today.

1. when i opened apple.com, I had a advertisement banner on top of it. First I thought, apple website was hacked, then realized..apple is find...darn, its my system that has been compromised...
Opened safari and still the same. Then I downloaded macscan and it said all clear. restarted and it went.

2. My mac just blinked..as if I a screenshot was taken..much like the way we take screenshot on iphone by pressing the home and sleep button.

Do i have virus or malware, key logger screenshot logger..i dunno what else it could be? how do i find out my system is secure ??

Thanks, Pj

iMac, Macbook, iPhone, iTouch, Mac OS X (10.5.5)

Posted on Apr 17, 2009 5:28 AM

Reply
12 replies
User profile for user: Michael Prior
Michael Prior
User level: Level 1
14 points

Apr 17, 2009 7:13 AM in response to Kappy

Hi Kappy

I received an e.mail today claiming that there was a serious virus effecting Macs, it describes a Mac OSX Botnet aka Mac Bot or i Botnet that has infiltrated thousands of Macs, however when you click on purchase anti virus at the bottom it takes you to the 'PC Tools' web site and suggests anti virus software for the Mac at $29.95. I'm assuming this is just a sales ploy, what do you think ?

Best,, Michael
Reply
User profile for user: iBod
iBod
User level: Level 7
29,345 points

Apr 17, 2009 7:17 AM in response to Michael Prior

a serious virus effecting Macs, it describes a Mac OSX Botnet aka Mac Bot or i Botnet that has infiltrated thousands of Macs


That's half true. There have been reports of a small botnet made up of Macs but it's not caused the spread of a virus. According to the reports it's from hacked versions of iLife/iWorks that people installed on their machines after downloading pirated versions.
Reply
User profile for user: Kappy
Kappy
User level: Level 10
361,741 points

Apr 17, 2009 7:27 AM in response to Michael Prior

See the following as relevant:

*First Mac-based botnet becomes active*

The first known botnet to exploit Mac OS X has been activated, security researchers claim. The network is believed to have been put in place by iServices, a Trojan infection accompanying some pirated versions of iWork '09 and Photoshop CS4. Although downloaded at least 20,000 times by the end of January, the Trojan's payload has remained dormant for some time, in the same manner as many Windows botnets.

Symptoms of the active iServices botnet may begin with excessive CPU usage on a Mac, the result of a PHP script instigating denial-of-service attacks on websites. Many anti-virus programs have been updated to block iServices however, and it may also be possible to halt the Trojan's operations by deleting "System/Library/StartupItems/DivX" and/or "System/Library/StartupItems/iWorkServices" folders. Some security companies, such as SecureMac, are offering removal tools specifically targeted at iServices.

In spite of the potential number of infected computers, the danger from the current botnet is expected to be minimal, both as a result of security measures and the limited vectors of infection. Symantec researchers warn, though, that the code in iServices is designed to be extremely flexible, and as such modified versions may appear in upcoming months.
Reply
User profile for user: iBod
iBod
User level: Level 7
29,345 points

Apr 17, 2009 7:30 AM in response to ParagJ_11

Try running [ClamXav|http://www.clamxav.com> as well to see if that finds anything.

Have you installed anything 'naughty' recently? If you haven't then it's highly unlikely to be caused by malware. If you have, then it could well be.

The most common malware updates the DNS settings in your network preferences to direct you to alternative sites than the one you requested. Check your settings to see if there any numbers listed there and post them here if there are so we can check if they're legit or the result of a malware installation.
Reply
User profile for user: R C-R
R C-R
User level: Level 6
17,782 points

Apr 17, 2009 4:16 PM in response to ParagJ_11

ParagJ_11 wrote:
how do i remove all plugins installed in safari ??


First, see if there are any suspicious ones, since some are very useful. (In particular, you probably want to keep the QuickTime plug-in.) You can list all plugins easily from within Safari: just select "Installed Plug-ins" from its Help menu.

The plug-ins themselves are located in /Library/Internet Plug-Ins & in ~/Library/Internet Plug-Ins (the root level Library folder & the Library folders in home folders).

I suggest that you do not remove any of them until you verify which are safe and desirable, of if you must go it alone, move the suspected ones to a desktop folder to deactivate them & see if anything changes.
Reply
User profile for user: R C-R
R C-R
User level: Level 6
17,782 points

Apr 17, 2009 8:10 PM in response to ParagJ_11

The only thing I can find on the nsIQTScriptablePlugin plug-in that isn't related to Windows suggests it is a Mozilla Firefox Component, & therefore should be safe. (It probably won't even interact with Safari.)

If you have any questions about its safety, temporarily move it to a desktop folder & see if there is any difference in the Mac's behavior.
Reply

Do I have a virus or malware, spyware ?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up