Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

OSX Inqtana-B Virus?

This morning while performing a routine update of Sophos anti-virus software (yes, I am running it to practice safe computing and to help my friends in the PC world by not passing on PC viruses) I received the following message from my computer.

"Virus 'OX/Inqtana-B' detected in Macintosh HD:Library:Spotlight:Microsoft Office.mdimporter:Contents:MacOS:Microsoft Office

Disinfection not available for this virus."

I can't find any info on the Apple site about it and have done a search in the forum and found only Inqtana.A.

One question--
How do I get rid of it?

thanks in advance,
Rae


Powerbook Mac OS X (10.4.5)

Posted on Feb 21, 2006 8:24 AM

Reply
45 replies

Feb 21, 2006 9:00 AM in response to SuperSizeIt

"Now that Macs are unsafe as a PC/Windows. Buyers don't really see the advantage of having a Mac anymore. "


There is, at this time, a world of difference between the safety and security of Windows and those using the Mac OS. While no one knows how long it will last we still don't face the constant and unending barrage of viruses, trojans, worms and other malware that is released for Windows users every single day. That may change, but for now it still holds true that the Mac is far far safer and vastly more secure than Windows.

I believe the advantages of owning a Mac, other than security, play more of a part in the purchasing decision that you are giving credit for.

Feb 21, 2006 9:13 AM in response to technorae

I had Sophos delete a ton of Microsoft Office 2004 file, so many that I can no longer use Office unless I reinstall. Just for curiosity, I ran the immediate scan and about 2/3 through it's found 145 instances of OSX/Inqtana-B.

Personally, I'm going to call BS on this because I have not had Bluetooth on and that is supposedly how the virus / worm is spread. I'm going to look at the log files when this thing is done running, then I'll check to see how badly this thing messed up my computer. I'll report back in a bit.

Feb 21, 2006 9:29 AM in response to SuperSizeIt

OSX/Inqtana-B, from Sophos' website.

SuperSizelt, I would go with Intego's products, because they aren't intrusive and that many people have reported issues with Symantec products, including products from the Norton family.

dj john, Bluetooth is this wrom/virus' way of spreading automatically, however, it can very well have spread manually, if it was contained in an Office document that you got by email, for example.

Edit : Who are BS, by the way ?

Feb 21, 2006 10:01 AM in response to SuperSizeIt

I think this is a Sophos issue. I sent them an email and here's what I got back:

"Hello John,

It's probably a false positive in the detection. We are going pull that
detection until we can correct the matter."

I noticed that Sophos updated the IDE file shortly after they posted the original. I'm guessing there isn't a problem. If you don't have Sophos set to delete the files automatically, you can drag them back into your Applications > Microsoft Office _ > Office folder and it should work. I don't know about any other programs.

I'm going to reinstall my OS tonight just to be safe, but I think this was a MAJOR issue coming from Sophos.

Feb 21, 2006 10:02 AM in response to SuperSizeIt

Okay, so OS X is just as insecure as Windows because there are a couple of trojans that require manual user intervention to run and spread, while Windows has literally tens of thousands of viruses that can install and spread themselves without user intevention or even knowledge?!

So with this B variant, my count of total OS X trojans is now up to 6, and still 0 viruses for OS X. And these latest ones use pure social engineering; no system vulnerabilities are exploted at all. Really insecure...

The Safari thing they're talking about today is an actual vulnerability, although as far we know no one has made an exploit for it yet.

We should all be careful about what files we download and run, and maybe we're arriving at the point that we need to run anti-malware software, but OS X is a far cry from being as vulnerable as Windows.

Feb 21, 2006 11:24 AM in response to technorae

Wow is it that easy to wipe out your drive with a simple modification of this virus?

I found this post on ZDNET:

http://www.zdnet.com/5208-10533-0.html?forumID=1&threadID=18024&messageID=352778 &start=1

"Do you know how easy it would be to change the example's shell script into one that deletes all of a user's personal files? Let me help:
rm -rf ~/"

Feb 21, 2006 11:43 AM in response to TheresaL

So my scan returned, are you sitting, 474 instances of the worm. Interestingly they were ALL in Printer Drivers and folders of applications that I haven't used in ages, with the exception of Microsoft Office 2004.

I sent an email to our Virus team, but have not heard back. Again, it is possible that my computers did have this, but I'm still thinking it was an issue with Sophos.

PowerBook G4 15" 1.67GHZ Mac OS X (10.4.5)

OSX Inqtana-B Virus?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.