There was 1 malware found on my computer how do I see if there is more? When I did my software update it was detected and removed but now I'm concerned if there is anything else on my macBook Pro?
MacBook Pro, Mac OS X (10.6.8)
ClamXAV, free Virus scanner...
Free Sophos...
http://www.sophos.com/products/enterprise/endpoint/security-and-control/mac/
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
My daughter had something like this come up after a software update and is panicking but didn't take a screen shot so I'm not sure of the exact wording.
Something like "malware (some name here with OSX in it) has been detected on your computer and had been removed" with an "OK" button which she clicked.
Is this normal behavior for the recent security updates or does this warrant additional searching as recommended by BDAqua?
You are in the Leopard, 10.5 forum, but your profile is showing 10.6, Snow Leopard. There was an update in 10.6 to patch Java and run the Flashback detection and removal tool. I haven't needed to use it, so I don't know what the exact wording of the message would have been after a cleanup. But if it was after a software update, it could have been that and been legitimate. It would have completely cleaned the Flashback infection, if there was one. Getting such a message would have been normal.
There was no such thing for Leopard, so if that's what your daughter is using, that popup was a scam.
Sorry about wrong forum. I chose the thread with the most similar issue that came up in search.
Anyway, she's using 10.6. And feels that the window looked like the image posted in this article: http://www.intego.com/mac-security-blog/apple-issues-java-update-and-flashback-r emoval-tool/
In the past anything like this would be suspicious so having an actual system alert (assuming it is legitimate) caught her off guard.
I can't verify the exact message, but if it came up after running the latest Java 10.6 update, then it was legit. The Flashback removal and detection tool was bundled with that latest update.
BTW, tell her to turn off Java (not JavaScript, which is different) in whatever browser she is using. It is very rarely needed by any site and Java is bound to be attacked again.
Yes, she ran the update today and then the alert came up so I'll assume we're good until something else happens.
Thanks, Java now turned off.
There was malware found on my computer how do I see if there is more?
