Any recommondations on how to remove DNSchanger and trojan virus?
My isp has sent an email indicating I have a 2 trojans and a dnschanger resulting in spam being sent out?
MacBook Pro, Mac OS X (10.6.8)
My isp has sent an email indicating I have a 2 trojans and a dnschanger resulting in spam being sent out?
MacBook Pro, Mac OS X (10.6.8)
Try using iAntivirus, its free and very easy to use and makes sure u dont get affected by viruses
Try using iAntivirus, its free and very easy to use and makes sure u dont get affected by viruses
Are you sure its from your ISP ?
Sounds more like a spam frightner email its self !
Seems legit, the contact numbers for them were correct - TPG. They suggeste running a virus scan? Any suggestions?
Some ISPs monitor for what they consider to be suspicious network packets coming from all their various customers' IP addresses. Such things usually are very Windows-oriented, and tend to have a higher false positive rate when the customer is using a Mac. It may simply be nothing at all.
However, it couldn't hurt to do a scan. I would not recommend iAntivirus, though. Get a copy of ClamXav:
Also, I would highly recommend reading my Mac Malware Guide:
http://www.reedcorner.net/guides/macvirus
(Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)
Information on DNSChanger can be found here:
http://reviews.cnet.com/8301-13727_7-57322316-263/fbi-tackles-dnschanger-malware -scam/
I believe ClamXav will get rid of it for you, and it's free.
Facts
1. DNSchangrs work only on windows XP they do what they say changer the DNS servers address on YOUR PC - Hijack your Web browser and point you at shadow sites, there aim is to steal your credit card and bank details.
They are often disguised in **** downloads *(that's the Trojan bit and they change the DNS numbers by running an secret .exe script)
That .exe script will NOT work within OSx period.
2. This year there Has been several versions of the SAME Trojan discovered in the wild directly targeting OSx.
Provided you are running the latest 10.6 or 10.7 - Apple has provided a builtin security and removal tool that is updated daily in the background that hunts down and searches for these Trojans using identifiers, notifies You and removes them automatically !
3. It might look legit but scammers are devious.
4. If you want to use added anti virus (remembering that there are NO viruses but several Trojans) look at something simple and preferably FREE or at least from a reputable company that understands Mac such as Integro.
Norton does bad things itself !
Try.
Clamdav
http://www.clamxav.com/download.php
Or
Intego
http://www.intego.com/internet-security-barrier/
Also you might want to monitor ALL internet traffic to and from your machine.
There is a little app that does this VERY WELL called
Little snitch
Visit this web site for details
http://www.obdev.at/products/littlesnitch/index.html
These are specific Mac Products !
As I said I think that e-mail is a scam its self.
1- Not quite true. There actually is a DNS Changer Trojan for Macs, called RSPlug. It hasn't been seen AFAIK for a while, though.
2- Apple's AV software built into Mac OS X 10.6-10.7 is not an active scanner. It will not "hunt down" or remove malware, it only prevents new malware from being installed at the time it is first opened after downloading, and only if it was downloaded using Quarantine-aware software.
All this is described in greater detail in mu guide.
You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
agfox wrote:
My isp has sent an email indicating I have a 2 trojans and a dnschanger resulting in spam being sent out?
How are you coming with this?
SecureMac, makers of MacScan provided a free DNSChanger removal tool here. It hasn't been updated since 2008, so I don't know if it finds all versions.
Hi, thank you for the suggestions. So far it seems clamxav has found about 30 Trojans.
Do these need to be manually removed or quarantined?
What Trojans and where are they? I would bet they're attached to junk email messages in Mail.
Edit: To be clear, they're also most likely Windows Trojans that are no danger to you.
I agree with Thomas. It is quite safe to remove them for good - no point in quaranteeing them.
agfox wrote:
Hi, thank you for the suggestions. So far it seems clamxav has found about 30 Trojans.
Do these need to be manually removed or quarantined?
As long as none of them were labled "OSX" Trojans, move them directly to the trash. If any are OSX let us know.
If you also found any emails (not attachments) that were marked as infected, DO NOT move them either to quarantine or the trash. Let me know and I'll tell you what to do with those.
Oh dear, possible problem. There were a number of .emlx files that were emails. I'd already moved to the trash and deleted. Is that what you mean by email that arn't attachments?
agfox wrote:
Oh dear, possible problem. There were a number of .emlx files that were emails. I'd already moved to the trash and deleted. Is that what you mean by email that arn't attachments?
Yes. Moving email will certainly corrupt the mailbox index which could cause you to lose additional email. To fix that simply rebuild each mailbox that you moved mail from.
More importantly, if you have IMAP accounts or POP accounts where you leave messages on the server, those emails will be downloaded to your Mac again the next time you check for new mail.
The correct way to go handle possibly infected emails is to choose "Reveal In Finder" for each one. When the window opens, double-click on the file to open it in your email client. If you decide you don't need to keep the message, use the email application's delete function to get rid of it on both your Computer and the server (gmail is a special case in that the only way to permanently delete an email is by using webmail in your browser, so you will have to hunt for it there). If you decide the message is something you need to keep then make note of the file number so you can ignore it the next time you scan.
Any recommondations on how to remove DNSchanger and trojan virus?