Q: I have 4 Trojan Horse viruses on my external drive I use for Time Machine.  My MacBook Pro hard drive is clean.  I have eased the external drive 3 times using Disk Utility and it still has the 4 Trojan Horse viruses. How do I get rid of them. Wayne

How do you know that there are 4 trojan on the drive? What is telling you this?

Allan

(I'm not responsible for anything that goes wrong)

3 things I WOULD do.

1. Open Disk Utility. Click your partition and go to the erase tab. Before you hit erase chose 35 pass data. That will erase the HD 35 times.

2. If step 1 doesn't work go to the Apple store.

They could do something.

3 Buy a new HD and (optional)  smash the other

(35 pass out data is next to the erase button under security options)

Norton is a known whay to cause problems on a Mac and provide no good.

I would suggest that you uninstall it. You don't need it.

Allan

If those 'trojans' are not present on your internal hard drive but show up in your Time Machine copy, they cannot be genuine.

Norton Antivirus (made by Symantec) has a very long and illustrious reputation for mangling Mac OS X systems, sometimes to the point where a complete reinstall is necessary. Among other things, it installs kernel extensions which are known to cause kernel panics and system freezes; it contains known and documented bugs which can silently corrupt Adobe Photoshop and Adobe InDesign files, destroy a user's ability to authenticate as an administrator, and (on PPC systems) can cause Classic to stop functioning; and Symantec has on at least two occasions now released flawed .dat file updates which erroneously report certain critical Mac OS X files as "viruses." (Deleting these "viruses" causes damage to the system that in some cases renders it unbootable.)

Norton Removal Tool (Symantec Uninstaller):

http://www.symantec.com/business/support/index?page=content&id=TECH103489&locale =en_US

And completely disgregard Jbaker958. What is being suggested there is completely absurd. No need to do any of that. Definitely uninstall Norton. But if you are going to use any A-V (Sophos or ClamXav recommended) you must be sure just what the "viruses" or malware in question are before proceeding further. The ones you are getting are most likely either false positives, guesses, or Windows only probably picked up from Mail.

As a follow-up to WZZZ's good advice:

You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.

https://discussions.apple.com/docs/DOC-2435

More useful information can also be found here:

www.thesafemac.com/mmg

ksu62 wrote:

 

I have 4 Trojan Horse viruses on my external drive I use for Time Machine.

Chances are excellent that all four are Windows only Trojans and of no concern to you. If you can provide the exact infection names for them, we can probably verify that for you.

There are ways to delete all backups of files on a Time Machine backup, but you seem to be beyond that now.

I see them when Ido a, view history'. This is after I do a Quick Scan of the extrenal drive. I am using "Norton Internet Security".

It's been many years since I used any Norton products, but I can guess that it's history file includes everything that it ever found, and not the results of your latest Quick Scan.

ksu62 wrote:

 

The infection names are:  classload.jar-719ef6a5.zip

                                          classload.jar-5db452le31.zip

                                          ar3.jar-6ce3b2f-45l483f.zip

                                          classload.jar-lef99412-63bsd3fl.zip

Those look alot like file names and not infection names. I don't find any reference to anything like that on Norton or VirusTotal. Since you said these were Trojans, I would expect to see "Trojan" as part of the infection name.

".jar" files are executable Java applets. The random alpha-numerics would seem to indicate a cache file, likely from a browser with Java enabled. And we all know what ".zip" means.

Worst case is that you had Java enabled in a browser and were infected by one of the late variants of the Flashback Trojan over a year ago or one of a couple of other attacks using the same vulnerability but targetted against a small number of political sympathizers. Much more probable is that thes were Windows only Trojans. Hopefully you have a fully up-to-date OS X, including Java, and have disabled Java in all your browsers by now.