Trojan Programme Detected?

Question

Level 1

0 points

Trojan Programme Detected?

Hello, Macbook users!

I use Macbook Pro and I recently received a warning from Kaspersky that my mac is infected with Trojan virus.

My school re-imaged my MacBook on Thursday 22 August 2013 and Kaspersky detected "Trojan.Win32.Hosts2.Gen" in File / Private / etc / hosts on Friday 23 August 2013. (It's so weired! I NEVER torrent!)

However, I saw a post on Kaspersky discussion forum and some of the users aruge that they might have received false warning. So, I'm just wondering if this was just a false warning or real one. But I guess my Mac is really infected with Trojan virus since I am running few anti virus programmes at the same time and all of them give me warnings about virus / infected files. I disinfected the detected files but I'm still concerend.

I did some research about Trojan virus and I am so worried now. 😟

So what I know is:

1. Trojan programme is a very dangerous virus programme.

2. Hackers can hack through my computer if my computer is infected with Trojan virus.

3. Recent Trojan programmes are so smart they hide themselves and even Terminal cannot detect them.

I'm so concerned right now I can't do anything 😟

So my questions are:

1. How do I completely get rid of Trojan virus? I'm scanning my Mac with Kaspersky, Magician, Sophos and Dr. Web Light now and they give me different results so I am kind of skeptical about using Anti-virus programme.

2. Is there any possibility that I got Trojan because of re-imaging? Would it be better if I ask the school to re-image my computer again?

3. Can re-imaging get rid of Trojan virus?

4. If the answer to question 2 is no, how did I get Trojan virus?

5. What do the Trojan remains do? Is there any possibility that remains do any harm to my computer?

6. How do I view hidden Trojan files?

7. Could it be a false warning?

I'm so confused and frustrated right now. I never had virus before and I thought Mac don't get virus. I'm really concerned that I might lose all my files and documents.😟 I asked around a bit but I still don't know what to do. Please, please, please help me!

Thanks in advance! 🙂

*P.S: The photos might help!

Mac Pro, OS X Mountain Lion (10.8.4), 2.5 GHz Intel Core i5

Posted on Aug 23, 2013 9:02 PM

Reply

Answer 1

Best reply

Linc Davis

Level 10

209,547 points

Aug 23, 2013 10:57 PM in response to Sean Choi

Step 1

Remove the worthless, time-wasting "Kaspersky Security" product by following the instructions on this page. If you have a different version of the product, the procedure may be different.

Back up all data before making any changes.

Step 2

Triple-click anywhere in the line below on this page to select it:

/etc/hosts

Right-click or control-click the line and select

Services ▹ Open

from the contextual menu.* A TextEdit window should open. Post the contents of that window — the text, please, not a screenshot.

*If you don't see the contextual menu item, copy the selected text to the Clipboard (command-C). In the Finder, select

Go ▹ Go to Folder...

from the menu bar, paste into the box that opens (command-V). You won't see what you pasted because a line break is included. Press return.

Reply

Answer 2

Sean Choi Author

Level 1

0 points

Aug 24, 2013 1:35 AM in response to Linc Davis

Do I have to get rid of Kaspersky? It's managed by the school so I can't get rid of it. 😟

Also, would re-imaging the computer get rid of Trojan?

Reply

Answer 3

Aug 24, 2013 1:45 AM in response to Sean Choi

Kaspersky is junk and causes nothing but problems for those who install it. If your school uses Kaspersky for Macs, they really don't know what they're doing - if I were you, I would follow Linc's advice and uninstall it.

I'm not sure what you mean by 're-imaging'?

Clinton

Reply

Answer 4

Linc Davis

Level 10

209,547 points

Aug 24, 2013 6:47 AM in response to Sean Choi

Please post the results of Step 2.

Reply

Answer 5

gsb_

Level 1

0 points

Apr 15, 2014 8:40 AM in response to Linc Davis

Here are the contents of the file of etc/hosts requested above.

216.239.32.20 www.google.ac # __CE_WATERMARK__

216.239.32.20 www.google.ad # __CE_WATERMARK__

216.239.32.20 www.google.ae # __CE_WATERMARK__

216.239.32.20 www.google.al # __CE_WATERMARK__

216.239.32.20 www.google.am # __CE_WATERMARK__

216.239.32.20 www.google.as # __CE_WATERMARK__

216.239.32.20 www.google.at # __CE_WATERMARK__

216.239.32.20 www.google.az # __CE_WATERMARK__

216.239.32.20 www.google.ba # __CE_WATERMARK__

216.239.32.20 www.google.be # __CE_WATERMARK__

216.239.32.20 www.google.bf # __CE_WATERMARK__

216.239.32.20 www.google.bg # __CE_WATERMARK__

216.239.32.20 www.google.bi # __CE_WATERMARK__

216.239.32.20 www.google.bj # __CE_WATERMARK__

216.239.32.20 www.google.bs # __CE_WATERMARK__

216.239.32.20 www.google.bt # __CE_WATERMARK__

216.239.32.20 www.google.by # __CE_WATERMARK__

216.239.32.20 www.google.ca # __CE_WATERMARK__

216.239.32.20 www.google.cat # __CE_WATERMARK__

216.239.32.20 www.google.cc # __CE_WATERMARK__

216.239.32.20 www.google.cd # __CE_WATERMARK__

216.239.32.20 www.google.cf # __CE_WATERMARK__

216.239.32.20 www.google.cg # __CE_WATERMARK__

216.239.32.20 www.google.ch # __CE_WATERMARK__

216.239.32.20 www.google.ci # __CE_WATERMARK__

216.239.32.20 www.google.cl # __CE_WATERMARK__

216.239.32.20 www.google.cm # __CE_WATERMARK__

216.239.32.20 www.google.cn # __CE_WATERMARK__

216.239.32.20 www.google.co.ao # __CE_WATERMARK__

216.239.32.20 www.google.co.bw # __CE_WATERMARK__

216.239.32.20 www.google.co.ck # __CE_WATERMARK__

216.239.32.20 www.google.co.cr # __CE_WATERMARK__

216.239.32.20 www.google.co.id # __CE_WATERMARK__

216.239.32.20 www.google.co.il # __CE_WATERMARK__

216.239.32.20 www.google.co.in # __CE_WATERMARK__

216.239.32.20 www.google.co.jp # __CE_WATERMARK__

216.239.32.20 www.google.co.ke # __CE_WATERMARK__

216.239.32.20 www.google.co.kr # __CE_WATERMARK__

216.239.32.20 www.google.co.ls # __CE_WATERMARK__

216.239.32.20 www.google.co.ma # __CE_WATERMARK__

216.239.32.20 www.google.co.mz # __CE_WATERMARK__

216.239.32.20 www.google.co.nz # __CE_WATERMARK__

216.239.32.20 www.google.co.th # __CE_WATERMARK__

216.239.32.20 www.google.co.tz # __CE_WATERMARK__

216.239.32.20 www.google.co.ug # __CE_WATERMARK__

216.239.32.20 www.google.co.uk # __CE_WATERMARK__

216.239.32.20 www.google.co.uz # __CE_WATERMARK__

216.239.32.20 www.google.co.ve # __CE_WATERMARK__

216.239.32.20 www.google.co.vi # __CE_WATERMARK__

216.239.32.20 www.google.co.za # __CE_WATERMARK__

216.239.32.20 www.google.co.zm # __CE_WATERMARK__

216.239.32.20 www.google.co.zw # __CE_WATERMARK__

216.239.32.20 www.google.com # __CE_WATERMARK__

216.239.32.20 www.google.com.af # __CE_WATERMARK__

216.239.32.20 www.google.com.ag # __CE_WATERMARK__

216.239.32.20 www.google.com.ai # __CE_WATERMARK__

216.239.32.20 www.google.com.ar # __CE_WATERMARK__

216.239.32.20 www.google.com.au # __CE_WATERMARK__

216.239.32.20 www.google.com.bd # __CE_WATERMARK__

216.239.32.20 www.google.com.bh # __CE_WATERMARK__

216.239.32.20 www.google.com.bn # __CE_WATERMARK__

216.239.32.20 www.google.com.bo # __CE_WATERMARK__

216.239.32.20 www.google.com.br # __CE_WATERMARK__

216.239.32.20 www.google.com.bz # __CE_WATERMARK__

216.239.32.20 www.google.com.co # __CE_WATERMARK__

216.239.32.20 www.google.com.cu # __CE_WATERMARK__

216.239.32.20 www.google.com.cy # __CE_WATERMARK__

216.239.32.20 www.google.com.do # __CE_WATERMARK__

216.239.32.20 www.google.com.ec # __CE_WATERMARK__

216.239.32.20 www.google.com.eg # __CE_WATERMARK__

216.239.32.20 www.google.com.et # __CE_WATERMARK__

216.239.32.20 www.google.com.fj # __CE_WATERMARK__

216.239.32.20 www.google.com.gh # __CE_WATERMARK__

216.239.32.20 www.google.com.gi # __CE_WATERMARK__

216.239.32.20 www.google.com.gt # __CE_WATERMARK__

216.239.32.20 www.google.com.hk # __CE_WATERMARK__

216.239.32.20 www.google.com.jm # __CE_WATERMARK__

216.239.32.20 www.google.com.kh # __CE_WATERMARK__

216.239.32.20 www.google.com.kw # __CE_WATERMARK__

216.239.32.20 www.google.com.lb # __CE_WATERMARK__

216.239.32.20 www.google.com.lc # __CE_WATERMARK__

216.239.32.20 www.google.com.ly # __CE_WATERMARK__

216.239.32.20 www.google.com.mm # __CE_WATERMARK__

216.239.32.20 www.google.com.mt # __CE_WATERMARK__

216.239.32.20 www.google.com.mx # __CE_WATERMARK__

216.239.32.20 www.google.com.my # __CE_WATERMARK__

216.239.32.20 www.google.com.na # __CE_WATERMARK__

216.239.32.20 www.google.com.nf # __CE_WATERMARK__

216.239.32.20 www.google.com.ng # __CE_WATERMARK__

216.239.32.20 www.google.com.ni # __CE_WATERMARK__

216.239.32.20 www.google.com.np # __CE_WATERMARK__

216.239.32.20 www.google.com.om # __CE_WATERMARK__

216.239.32.20 www.google.com.pa # __CE_WATERMARK__

216.239.32.20 www.google.com.pe # __CE_WATERMARK__

216.239.32.20 www.google.com.pg # __CE_WATERMARK__

216.239.32.20 www.google.com.ph # __CE_WATERMARK__

216.239.32.20 www.google.com.pk # __CE_WATERMARK__

216.239.32.20 www.google.com.pr # __CE_WATERMARK__

216.239.32.20 www.google.com.py # __CE_WATERMARK__

216.239.32.20 www.google.com.qa # __CE_WATERMARK__

216.239.32.20 www.google.com.sa # __CE_WATERMARK__

216.239.32.20 www.google.com.sb # __CE_WATERMARK__

216.239.32.20 www.google.com.sg # __CE_WATERMARK__

216.239.32.20 www.google.com.sl # __CE_WATERMARK__

216.239.32.20 www.google.com.sv # __CE_WATERMARK__

216.239.32.20 www.google.com.tj # __CE_WATERMARK__

216.239.32.20 www.google.com.tn # __CE_WATERMARK__

216.239.32.20 www.google.com.tr # __CE_WATERMARK__

216.239.32.20 www.google.com.tw # __CE_WATERMARK__

216.239.32.20 www.google.com.ua # __CE_WATERMARK__

216.239.32.20 www.google.com.uy # __CE_WATERMARK__

216.239.32.20 www.google.com.vc # __CE_WATERMARK__

216.239.32.20 www.google.com.vn # __CE_WATERMARK__

216.239.32.20 www.google.cv # __CE_WATERMARK__

216.239.32.20 www.google.cz # __CE_WATERMARK__

216.239.32.20 www.google.de # __CE_WATERMARK__

216.239.32.20 www.google.dj # __CE_WATERMARK__

216.239.32.20 www.google.dk # __CE_WATERMARK__

216.239.32.20 www.google.dm # __CE_WATERMARK__

216.239.32.20 www.google.dz # __CE_WATERMARK__

216.239.32.20 www.google.ee # __CE_WATERMARK__

216.239.32.20 www.google.es # __CE_WATERMARK__

216.239.32.20 www.google.fi # __CE_WATERMARK__

216.239.32.20 www.google.fm # __CE_WATERMARK__

216.239.32.20 www.google.fr # __CE_WATERMARK__

216.239.32.20 www.google.ga # __CE_WATERMARK__

216.239.32.20 www.google.ge # __CE_WATERMARK__

216.239.32.20 www.google.gf # __CE_WATERMARK__

216.239.32.20 www.google.gg # __CE_WATERMARK__

216.239.32.20 www.google.gl # __CE_WATERMARK__

216.239.32.20 www.google.gm # __CE_WATERMARK__

216.239.32.20 www.google.gp # __CE_WATERMARK__

216.239.32.20 www.google.gr # __CE_WATERMARK__

216.239.32.20 www.google.gy # __CE_WATERMARK__

216.239.32.20 www.google.hn # __CE_WATERMARK__

216.239.32.20 www.google.hr # __CE_WATERMARK__

216.239.32.20 www.google.ht # __CE_WATERMARK__

216.239.32.20 www.google.hu # __CE_WATERMARK__

216.239.32.20 www.google.ie # __CE_WATERMARK__

216.239.32.20 www.google.im # __CE_WATERMARK__

216.239.32.20 www.google.io # __CE_WATERMARK__

216.239.32.20 www.google.iq # __CE_WATERMARK__

216.239.32.20 www.google.ir # __CE_WATERMARK__

216.239.32.20 www.google.is # __CE_WATERMARK__

216.239.32.20 www.google.it # __CE_WATERMARK__

216.239.32.20 www.google.je # __CE_WATERMARK__

216.239.32.20 www.google.jo # __CE_WATERMARK__

216.239.32.20 www.google.kg # __CE_WATERMARK__

216.239.32.20 www.google.ki # __CE_WATERMARK__

216.239.32.20 www.google.kz # __CE_WATERMARK__

216.239.32.20 www.google.la # __CE_WATERMARK__

216.239.32.20 www.google.li # __CE_WATERMARK__

216.239.32.20 www.google.lk # __CE_WATERMARK__

216.239.32.20 www.google.lt # __CE_WATERMARK__

216.239.32.20 www.google.lu # __CE_WATERMARK__

216.239.32.20 www.google.lv # __CE_WATERMARK__

216.239.32.20 www.google.md # __CE_WATERMARK__

216.239.32.20 www.google.me # __CE_WATERMARK__

216.239.32.20 www.google.mg # __CE_WATERMARK__

216.239.32.20 www.google.mk # __CE_WATERMARK__

216.239.32.20 www.google.ml # __CE_WATERMARK__

216.239.32.20 www.google.mn # __CE_WATERMARK__

216.239.32.20 www.google.ms # __CE_WATERMARK__

216.239.32.20 www.google.mu # __CE_WATERMARK__

216.239.32.20 www.google.mv # __CE_WATERMARK__

216.239.32.20 www.google.mw # __CE_WATERMARK__

216.239.32.20 www.google.ne # __CE_WATERMARK__

216.239.32.20 www.google.nl # __CE_WATERMARK__

216.239.32.20 www.google.no # __CE_WATERMARK__

216.239.32.20 www.google.nr # __CE_WATERMARK__

216.239.32.20 www.google.nu # __CE_WATERMARK__

216.239.32.20 www.google.pl # __CE_WATERMARK__

216.239.32.20 www.google.pn # __CE_WATERMARK__

216.239.32.20 www.google.ps # __CE_WATERMARK__

216.239.32.20 www.google.pt # __CE_WATERMARK__

216.239.32.20 www.google.ro # __CE_WATERMARK__

216.239.32.20 www.google.rs # __CE_WATERMARK__

216.239.32.20 www.google.ru # __CE_WATERMARK__

216.239.32.20 www.google.rw # __CE_WATERMARK__

216.239.32.20 www.google.sc # __CE_WATERMARK__

216.239.32.20 www.google.se # __CE_WATERMARK__

216.239.32.20 www.google.sh # __CE_WATERMARK__

216.239.32.20 www.google.si # __CE_WATERMARK__

216.239.32.20 www.google.sk # __CE_WATERMARK__

216.239.32.20 www.google.sm # __CE_WATERMARK__

216.239.32.20 www.google.sn # __CE_WATERMARK__

216.239.32.20 www.google.so # __CE_WATERMARK__

216.239.32.20 www.google.st # __CE_WATERMARK__

216.239.32.20 www.google.td # __CE_WATERMARK__

216.239.32.20 www.google.tg # __CE_WATERMARK__

216.239.32.20 www.google.tk # __CE_WATERMARK__

216.239.32.20 www.google.tl # __CE_WATERMARK__

216.239.32.20 www.google.tm # __CE_WATERMARK__

216.239.32.20 www.google.tn # __CE_WATERMARK__

216.239.32.20 www.google.to # __CE_WATERMARK__

216.239.32.20 www.google.tt # __CE_WATERMARK__

216.239.32.20 www.google.us # __CE_WATERMARK__

216.239.32.20 www.google.vg # __CE_WATERMARK__

216.239.32.20 www.google.vu # __CE_WATERMARK__

216.239.32.20 www.google.ws # __CE_WATERMARK__

#This file has been replaced with its default version by Kaspersky Lab because of possible infection

#

127.0.0.1 localhost

::1 localhost

Reply

Answer 6

Jun 25, 2014 12:10 PM in response to gsb_

Had the same problem. Turns out this is caused by the latest version of Covenant Eyes. http://www.covenanteyes.com/

Reply