Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: yankeecat
yankeecat Author
User level: Level 1
0 points

I have a 4 yr. old iMac. I recently got a trojan on it that sent out emails to my address book. I got Norton Internet Security for Mac, and now my Mac is running slow, with way too many spinning beach balls of death. Was it a mistake to install Norton?

I have a 4 yr. old iMac. I recently got a trojan on it that sent out emails to my address book. I got Norton Internet Security for Mac, and now my Mac is running slow, with way too many spinning beach balls of death. Was it a mistake to install Norton?

Posted on Dec 12, 2012 12:21 PM

Reply
Question marked as Best reply
User profile for user: Kappy
Kappy
User level: Level 10
361,741 points

Posted on Dec 12, 2012 12:24 PM

Yes, a big mistake. You did not likely have a trojan. Just an email scammer.

View in context
4 replies
User profile for user: Kappy
Kappy
User level: Level 10
361,741 points

Dec 12, 2012 1:11 PM in response to yankeecat

Helpful Links Regarding Flashback Trojan and Virus Protection


An excellent link to read is Tom Reed's Mac Malware Guide.

Also, visit The XLab FAQs and read the FAQ on malware.

A link to a great User Tip about the trojan: Flashback Trojan User Tip.

To check for the trojan: Anti Flashback Trojan 2.0.4.


A Google search can reveal a variety of alternatives on how the remove the trojan should your computer get infected. This can get you started. Or the preferred method is to use Apple's protection tool: Flashback Malware Removal Tool 1.0.


Or, open Software Update. If you do not have the Apple protection software installed it will download and install it via Software Update. If no update appears that means you either already have it installed or it isn't needed for your system. The software is only available for Leopard, Snow Leopard, and Lion versions of OS X.


Also see Apple's article About Flashback malware.


For general anti-virus protection I only recommend using ClamXav.


You need to upgrade OS X to avoid any earlier infections. Backdoor.Cycbot is a Windows trojan.

Reply
User profile for user: John Galt
John Galt
User level: Level 10
141,150 points

Dec 12, 2012 1:25 PM in response to yankeecat

yankeecat wrote:


... The name of it was Backdoor.Cycbot.

What is that?


Here you go:


http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Bac kdoor%3AWin32%2FCycbot.B



When executed, Backdoor:Win32/Cycbot.B copies itself to c:\documents and settings\administrator\application data\microsoft\svchost.exe.

The malware modifies the following registry entries to ensure that its copy executes at each Windows start:

To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
or subkey: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adds value: "svchost"
With data: "c:\documents and settings\administrator\application data\microsoft\svchost.exe"


The malware creates the following files on an affected computer:


  • c:\documents and settings\administrator\application data\microsoft\stor.cfg
  • c:\documents and settings\administrator\application data\microsoft\windows\shell.exe
  • c:\documents and settings\administrator\local settings\temp\dwm.exe


These files store configuration and logging information for the malware.



When you find the Registry entries on your C: drive let me know.

Reply

I have a 4 yr. old iMac. I recently got a trojan on it that sent out emails to my address book. I got Norton Internet Security for Mac, and now my Mac is running slow, with way too many spinning beach balls of death. Was it a mistake to install Norton?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up