Currently Being ModeratedOct 20, 2011 4:00 PM (in response to TheSmokeMonster)
Currently Being ModeratedOct 20, 2011 5:43 PM (in response to TheSmokeMonster)
Apple doesn't like LittleSnitch, not only that, it's payware thus the tip is advertising, they are touchy about that.
They don't like drawing attention to vulnerabilites (MacDefender a exception as it was so widespread and thus needed removal).
Apple has Xprotect already updated to combat this threat, and many other trojans, and Apple doesn't like Flash neither.
Did I mention Apple doesn't like Gizmodo niether? Something about them buying a lost iPhone prototype....
Fossil. The information I provided shows you what the virus is and how to uninstall it if it is there. Ds_store gives some information I'm sure a google search or he could elaborate on as I only heard about this today. You don't need to go to the gizmodo link or download little snitch I was just trying to be thorough and wasn't thinking about apple politics when I posted it as store points out.
Having said that I apologize if I did something wrong and I hope I can be forgiven if so.
Do apple have an update for this trojan virus?
Apple updated it's XProtect database last week and I believe that it will warn you should you try to install this latest FlashBack threat. If, for whatever reason, you install it then the XProtect system will be permanently disabled and the only way to repair it is to restore from backup. None of the AV software available nor the instructions provided above can repair XProtect. Intego has more on this.
i haven't Xprotectupdater in my activity monitor ?
XProtectUpdater only runs once every twenty-four hours for a fraction of a second, so your chances of seeing it in Activity Monitor are pretty much zero.
what should i do to see if i'm infected and how can i fix this ?
If I understand what F-Security's analysis revealed, you can check to see if XProtect was disabled by looking at either of the following two files:
If they are blank, then you have been infected.
The only way to repair is to replace those two files from backup.
Currently Being ModeratedOct 24, 2011 9:37 AM (in response to TheSmokeMonster)
i have :
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
So Doctor , what have my macbook pro ?
So Doctor , what have my macbook pro ?
Not sure why you are asking TheSmokeMonster this question.
What you posted does not look blank to me so it wasn't infected.
Why do you think your MacBook Pro has something? You haven't given us any symptoms.
Currently Being ModeratedOct 24, 2011 1:32 PM (in response to TheSmokeMonster)
You don't need to go to the gizmodo link or download little snitch I was just trying to be thorough and wasn't thinking about apple politics when I posted it as store points out.
Don't let ds store bully you. I don't know how he thinks he knows what Apple likes and doesn't like, but mentioning Little Snitch here is not a problem. Where he got the idea that Apple doesn't like Little Snitch I don't know. I've mentioned it myself on a number of occasions, and the moderators have never had a problem with that.
Used correctly, Little Snitch can be an invaluable tool for detecting malicious attempts to "phone home"... though, note that it is of limited use, since anything that has infected your computer can simply disable it, as at least one variant of Flashback does.
Currently Being ModeratedOct 24, 2011 11:34 PM (in response to TheSmokeMonster)
Here's another idea, that I had forgotten about, to see if XProtect is still working. Open your Terminal app (in the Utilities folder) then copy and paste the following into a new window after the "$" prompt:
sudo launchctl list
hit return and when prompted, enter your admin password (you won't see any typing) and hit return again.
The list should include "com.apple.xprotectupdater.plist" if it's working.