Keyloggers

timsaw wrote:

... I have done some research and I have read in some places that keyloggers can't be installed via .rars and someone needs direct access to your machine…

True but the point is that you have direct access to your machine. You downloaded some unknown software from some unknown source. It's a good way to cause interesting things to happen. The resulting consequences are anyone's guess.

Read the response from MadMacs0 in this thread: Keylogger Possibility? I have not used the utility he mentioned so I cannot recommend it.

The safest action to take in your case is to revert to a backup created before the incident you describe, followed by changing any passwords you may have used since then.

Hi Tim

rather more likely that unrarx hid or deleted the file, I'd think, assuming that downloading/opening the rar is the extent of it.

try findanyfile to locate it - http://apps.tempel.org/FindAnyFile/

if you want to link here, minus the http &/or www surely somone'll check it out & put your mind at rest

I think the likelihood of having inadvertently installed one is small. Post the URL, just obscure it like

badsite dot com

preceded by http and www

for example.

I'll try it on my Mac.

Chrome may automatically delete downloads for all I know - I don't use it.

best not link here then, against the rules.

if you need to: a1 at howmarvellous.plus.com

No worries, but I'm afraid I am unwilling to post any email addresses here. Not only is it a openly searchable website, it is against its terms of use to reveal personal information.

I see the site you mentioned is a file sharing site similar to Megaupload, is that right? I could find no obvious way to download anything from it.

.rar files are generally associated with Windows, and would be an unlikely compression choice for someone designing a Trojan intended for OS X. Though .rar can be expanded easily enough in OS X, I am inclined to believe whatever it is was not designed for a Mac and can have no effect on one.

Music files themselves cannot do anything, the only possibility was to have downloaded and installed something masquerading as a music file.

Aside from the self-deleting download (which may be normal for Chrome), I can find no justification for any specific concern, only a general one for having downloaded something unknown.

I'm afraid I have not been much help at all, but thanks. I was halfway through creating yet another throwaway Yahoo account when I read Andy's response. Let me know what you determine.

It's seemingly a bug in unrarx that removes the original file if a resulting folder has the same name, extraction fails, and the default "Extract to File Directory " is chosen (eg: you just double-click the file to open it) (or maybe it's a bogus archive anyway,same bug) - but nothing to fear re malware that I see.

The Unarchiver deals with it as expected.

John Galt wrote:

timsaw wrote:

... I have done some research and I have read in some places that keyloggers can't be installed via .rars and someone needs direct access to your machine…

True but the point is that you have direct access to your machine. You downloaded some unknown software from some unknown source. It's a good way to cause interesting things to happen. The resulting consequences are anyone's guess.

Read the response from MadMacs0 in this thread: Keylogger Possibility? I have not used the utility he mentioned so I cannot recommend it.

The safest action to take in your case is to revert to a backup created before the incident you describe, followed by changing any passwords you may have used since then.

Running a scan on Spybot S&D, "perfect keylogger" popped up for a few seconds in the progress bar. No keylogger has turned up in the results.

susudomenty wrote:

Running a scan on Spybot S&D, "perfect keylogger" popped up for a few seconds in the progress bar. No keylogger has turned up in the results.

I'm not following you on this. There is no Spybot S&D for the Mac, so what's the connection.

I also don't understand why you are posting to threads that are marked "solved" and over five months old?