Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: imacyh.com
imacyh.com Author
User level: Level 1
0 points

Spyware/Trojan problem, please help.

Hi
Several days ago some sites started to give me a page with captcha and a message that my computer or another computer that connected to my network maybe infected with a virus.
Yesterday i got the same page in a site that i didn't visited before and i found a link for the avast anti virus scanner in that page, with a recommendation to scan my mac.
I already have iantivirus and the program didn't detected anything, i surfed to avast website and downloaded the trial version and it just finished scanning, the result was 3 viruses and 82 warnings.

The viruses are: win32 Buzus-WS [Trj], Win32:Spyware-gen [spy], Win32:Spyware-gen [spy]
The trojan detected in a zipfile that contains wallpapers! Is it possible that atrojan embedded in an image?
The viruses are detected in a windows program i downloaded for a friend about 3 months ago and i forgot to delete it from my hard drive.

The warnings are mostly a corrupted zip files, and some files are tagged as decompression bomb.

Regarding the trojan and the viruses, i deleted the files that contains them, and i know that those are windows viruses but i have to ask: Is it gonna affect my mac in anyway?
Regarding the warnings: What is decompression bomb? Is it gonna harm my mac?

Are those viruses the reason i got the captcha pages from several sites?

Please help.

Macbook Intel Core 2 Duo 2GHz, memory 2 GB, Mac OS X (10.6.6)

Posted on Feb 23, 2011 3:53 AM

Reply
7 replies
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Feb 23, 2011 4:10 AM in response to imacyh.com

Several days ago some sites started to give me a page with captcha and a message that my computer or another computer that connected to my network maybe infected with a virus.


See my [Mac Virus guide|http://www.reedcorner.net/guides/macvirus>. It will answer most of the questions you have asked here.

If you're going to one site and being redirected to a different one, the section at the end, titled "Do I have a virus?", specifically talks about this kind of redirection and what the possible causes and solutions are.

i surfed to avast website and downloaded the trial version and it just finished scanning, the result was 3 viruses and 82 warnings.


Hopefully, you made it to the real avast site! In any case, though, the viruses it found were all Windows viruses and cannot affect your Mac in any way.
Reply
User profile for user: imacyh.com
imacyh.com Author
User level: Level 1
0 points

Feb 23, 2011 5:15 AM in response to thomas_r.

Thanks for the help, and yes i made it to the real avast site and downloaded the trial version.
Anyway i am not getting a redirecting page, instead i am getting a page with a captcha image before i log to the site.
Here is an image of what i am getting:
http://i56.tinypic.com/2yx25ww.jpg

Underneath what you see in the image is:
"View advanced details and evidence regarding your restriction
What happened?

Your computer or another computer on your network appears to be compromised with a virus. This allows online criminals to use it as part of a botnet to send spam and attack websites.
Why am I seeing this page?

This website is participating in a project to stop attacks and educate visitors with infected machines about how they can clean up their systems.
What should I do?

Make sure your anti-virus software is up to date and run a full scan.
When will this restriction go away?

This restriction will disappear when no more harmful behavior is detected. Completing the challenge above proves you are a human and gives you temporary access. You can ask the website owner to permanently whitelist you."

What about the decompression bombs? Are those bad files that need to be deleted? Some of the files that avast tagged as bombs are very trusted files ( Educational files and videos downloaded from many software official sites like unity3d.com )
Any suggestions?
Reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
112,638 points

Feb 23, 2011 5:18 AM in response to imacyh.com

imacyh.com wrote:
Hi
Several days ago some sites started to give me a page with captcha and a message that my computer or another computer that connected to my network maybe infected with a virus.

There is no way a website can scan your computer or your network to determine such a thing. It is a scam to get you to download malware thinking you are downloading (or scanning) your computer.
These things are targeted at Windows users and probably continue to work because 90% (random number pulled out of rear) of the time, if they claim that there is a virus, and the user scans their Windows computer, it will find a virus. The odds are just good that there will be some form of malware on a Windows computer.

It was interesting that you found some, but as you noted, they were transferred by you from a Windows machine. They can't do any harm.

Don't fall for the social engineering scams. Thomas's guide talks about some of them.
Bottom line, you can't get any malware on your Mac just by reading email (including previews) or surfing the 'net. You have to actually take action to allow those things to download and provide an admin password to install them. Don't "allow" or install anything that you do not know the source.
Reply
User profile for user: The hatter
The hatter
User level: Level 9
60,990 points

Feb 23, 2011 6:18 AM in response to imacyh.com

It is all totally a bogus scam. That should be the end of it.

Will criminals buy $25 kits? and get unsuspecting victims to fall prey? will some Facebook app or other such app?

Infecting ad servers is now an old exploit, as is injecting using javascript and plug-ins.

Whoever or whatever is in the news, you will find scams and CERT and others will try to warn people not to fall prey, whether it is wallpaper, or relief funds for victims of New Zealand or latest LL photo smoking a bong.

And someone posts something similar as yours almost daily (odd that they don't post under Networking?).
Reply
User profile for user: thomas_r.
thomas_r.
User level: Level 7
31,989 points

Feb 23, 2011 9:43 AM in response to imacyh.com

Anyway i am not getting a redirecting page, instead i am getting a page with a captcha image before i log to the site.


I'm not sure that I entirely understand what you're seeing, but keep in mind that no web site can scan your computer for viruses. You are not infected, you're just seeing a scam that is an attempt to convince you to download malware, in the form of fake anti-virus software. And undoubtedly Windows malware that wouldn't work on your Mac even if you did try to download it.

What about the decompression bombs?


http://en.wikipedia.org/wiki/Zip_bomb

If the files Avast is telling you are zip bombs are trusted files from known sources with known contents, then don't worry about it. And ditch Avast. You shouldn't install more than one AV program at a time. If you want AV software, go for either [ClamXav|http://www.clamxav.com> or [Sophos Anti-Virus for Mac Home Edition|http://www.sophos.com/products/free-tools/free-mac-anti-virus>, both of which are free.
Reply

Spyware/Trojan problem, please help.

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up