Macrumors (http://www.macrumors.com/) is reporting that there is a Trojan for Macs and has infiltrated Macbooks mainly in Canada. True/false?
If true, do the latest Java updates
1. eliminate the penetration abiity of this virus?
2. take the virus out of the infected macbook?
Thanks
MacBook, Mac OS X (10.7.3)
It's true. And the updates are supposed to reinforce your Mac against his malware, though I'm not sure that they remove anything already installed.
The update does not eliminate the trojan if you already infected. It will eliminate the ability of the trojans that took advantage of the security holes from using those now closed holes in the future. That doesn't mean you are safe. The bad guys are going to constanly search for other ways to "get in". Windows users have been dealing with this for years.
If you are infected, removal depends on which strain of the trojan you were infect with.
Thanks, any thoughts on how to remove anything already installed? The macrumors has programming means through Terminal, but but that stuff is too difficult for the likes of me.
As I said above, removal depends on which flavor of trojan you get infected with. Terminal is the easiest way to deal with this stuff.
Here's what I am suggesting as a rudimentary test for some of the known strains of the flashback trojans. Open a terminal window and copy/paste each of the following lines hitting return after each one and note the results:
defaults read ~/.MacOSX/environment
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
ls -la ~/Library/LaunchAgents
grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*
For the two defaults command if you get anything other than a "does not exist" error message post the results since you are almost certainly infected.
The third command, ls, just lists the contents of your LaunchAgents, if any. That's additional info to be used in conjunction with the last grep command. If the grep shows any results then that too may indicate infection and again post its results.
for command 3, I get:
"574 May 4 2011 com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist"
"601 Apr 28 2011 com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109.plist"
Nov 18 13:30 com.apple.FolderActions.enabled.plist
Apr 28 2009 com.apple.SafariBookmarksSyncer.plist
Jan 4 2010 com.macpaw.CleanMyMac.helperTool.plist
Mar 29 2010 com.macpaw.CleanMyMac.volumeWatcher.plist
May 11 2011 com.prosofteng.DGMonitor.plist
For command 4 grep I get:
Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist:
Any thoughts?
Thanks.
For command 4 grep I get:
Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist:
Really???
I think you copy/pasted the output from the wrong line. I do know that my grep will display a CleanMyMac hit because references /Users/YOURACCOUNT/.Trash. Maybe I'll fix that but at any rate it looks ok.
I ran it again:
grep "/Users/$USER/\..*" ~/Library/LaunchAgents/*
/Users/..../Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist: <string>/Users/...../.Trash</string>
Mean anything to you?
Thanks again.
Better. What I expected as I said in my previous post.
Thanks. Just for clarity, based on what I provided, am I clean or infected? Struggling with the issue. Thanks again.
I don't see anything that indicates the infections. The defaults didn't find anyting and there is nothing suspecious in the launchagents.
Many thanks for spending tme on this. Salute!
Java?
