Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: springcopse
springcopse Author
User level: Level 1
3 points

I think I've installed malware/trojan...

I think ive installed malware/trojan by downloading and installing software from gimpshop.com - is there a way i can tell? Total lapse of concentration on my behalf but now panicking.....

MacBook Air, iOS 7.0.4

Posted on Dec 20, 2013 10:27 AM

Reply
3 replies
User profile for user: WZZZ
WZZZ
User level: Level 6
13,220 points

Dec 20, 2013 10:37 AM in response to springcopse

I don't know what that site is or what malware it may have installed, if any, but you can do a full manual scan with the highly rated Intego Virus Barrier Express, available for free from the Mac App Store. Be sure to update the definitions.


Don't know why you think that site will have installed malware. Virus Total is coming up clean for that.


https://www.virustotal.com/en/url/a2023c41e2b02273817a3aea8bb80edd22c34ecfac0e8b e24b7059281681e1e3/analysis/1387564395/


Why do you think it installed malware?

Reply
User profile for user: springcopse
springcopse Author
User level: Level 1
3 points

Dec 20, 2013 10:46 AM in response to WZZZ

I was on the main GIMP (opensource photo editing) website and then somehow (too many windows and searches open) ended up on the gimpshop.com website. I downloaded and installed the software but then I later found out that it may have malware:


http://answers.yahoo.com/question/index?qid=20130102064939AAzYItr


My security settings are set to only allow apps to be downloaded from Mac App Store or identified developers so it just didnt occur to me.

Reply
User profile for user: WZZZ
WZZZ
User level: Level 6
13,220 points

Dec 20, 2013 1:36 PM in response to springcopse

I just checked that site with Sucuri SiteCheck. It comes up clean, except with a notice that it's using an oudated version of wordpress.


http://sitecheck.sucuri.net/results/gimpshop.com


Then I checked with Quterra, which reports one potentially suspicious file. Note potentially. But that site, which is based on heuristics, not the presence of any actual malware, is only making a guess.


http://quttera.com/detailed_report/gimpshop.com


Could be it's installing adware. Obnoxious but less vicious than a trojan. See


http://www.thesafemac.com/arg/


If Virus Barrier Express doesn't come up with anything, though not foolproof, I'd probably relax. Besides that, since you are only allowing code signed or MAS apps in, and this guy, though maybe disreputable, isn't fly by night using code signing for a quick hit, that's another sign you can relax, especially if your browser and OS are up to date.


EDIT: Well, actually, there's a caveat with what I said about an updated OS. Both 10.8 and 10.7 haven't received security updates in quite a while. And neither has XProect (the built in anti malware program) since Oct 9. Apple is dragging its feet there. Only 10.9 got patched. But I wouldn't let that make me crazy.

Reply

I think I've installed malware/trojan...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up