chadonline

Q: .rserv wants to connect to cuojshtbohnt.com

I have the message:

 

.rserv wants to connect to cuojshtbohnt.com

 

what is .rserv?  I googled it and couldn't locate anything ligitimate.

 

thanks

MacBook Pro, Mac OS X (10.6.8)

Posted on Mar 31, 2012 3:18 PM

Close

Q: .rserv wants to connect to cuojshtbohnt.com

  • All replies
  • Helpful answers

first Previous Page 16 of 16
  • by tetonfromthatplace,

    tetonfromthatplace tetonfromthatplace Apr 12, 2012 8:11 PM in response to chadonline
    Level 1 (0 points)
    Apr 12, 2012 8:11 PM in response to chadonline

    I got lots of bits and pieces of information from this thread and thought I would post what I found and did just to help out the next person.

     

    I originally got an email from the network admin saying my computer had the flashback virus.  The terminal commands from F--secure did NOT detect the virus.

    I then ran Little snitch and it informed me of two programs

    .aman and .flserv

    both located in /user/primary.

    These programs were trying to connect to

    vxvhwcixcxqcd.com

    vxvhwcixcxqcd.net

    tygoiuoigwodd.com

    tygoiuoigwodd.net


    I then ran the following command in terminal to show all hiden files in finder.
    defaults write com.apple.Finder AppleShowAllFiles YES
    Restarted finder, located .aman and .flserv and deleted the files.
    Everything seems to be back to normal now.

     

     

  • by X423424X,

    X423424X X423424X Apr 12, 2012 8:26 PM in response to tetonfromthatplace
    Level 6 (14,237 points)
    Apr 12, 2012 8:26 PM in response to tetonfromthatplace
    The terminal commands from F--secure did NOT detect the virus

     

    Go to F_Secure's Flashback Removal Tool web page, download their Flashback trojan detection/removal tool, and follow the instructions you find there.  That will detect those files and remove them it you allow it.

     

    Also download the latest Apple Java update that came out today and it may detect those files too and remove them.

  • by tetonfromthatplace,

    tetonfromthatplace tetonfromthatplace Apr 12, 2012 8:45 PM in response to X423424X
    Level 1 (0 points)
    Apr 12, 2012 8:45 PM in response to X423424X

    from F-secure's website I ran

     

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    and

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

     

    neither one of these found the virus.  I had already installed the apply java update.  Not sure why neither one of those things worked?  It wasn't until I installed Little Snatch that I saw what was happening and worked backwards.  

    Of course now I realize i have to figure out how to turn of Little Snatch.

     

    And,  was simply deleting the two files clean things up.  Or is there a more thorough investigation I need to do.   I'm normally pretty good about not installing downloaded programs unless I know what it is, so I am actually rather suprised my computer was infected.

  • by MadMacs0,

    MadMacs0 MadMacs0 Apr 12, 2012 8:53 PM in response to tetonfromthatplace
    Level 5 (4,791 points)
    Apr 12, 2012 8:53 PM in response to tetonfromthatplace

    tetonfromthatplace wrote:

     

    from F-secure's website I ran

     

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    and

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    I think you were probably using the wrong F-Secure guidance. The current one is for the "K" variant and has 18 steps.

    I had already installed the apply java update.

    He's referring to the new one that came out today which removes most Flashware malware.

    And,  was simply deleting the two files clean things up.  Or is there a more thorough investigation I need to do.

    Run the software update.

first Previous Page 16 of 16