Want to highlight a helpful answer? Upvote!
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Help me please! My macbook pro late 2013 has infected trojan (BackDoor.Wirenet.2). How to remove it.
MacBook Pro with Retina display, OS X Mavericks (10.9.1)
hi, I am malware analyst at Dr.Web. Full disk is our innovation cure method "fill disk and malware stop work!". Just joking. Sorry, but problem with full disk probably is our fault. Anyway you should ask developers on forum http://forum.drweb.com/index.php?showforum=51
hi, I am malware analyst at Dr.Web.
Can you provide any additional comments regarding the malware? I'm not familiar with this variant of Wirenet, so I don't know how it got installed or whether it actually contains a backdoor that would allow for additional installs or system modifications.
There is similar file on torents "MS Office 2011 Volume license.rar" size about 107KB.
Thank you for your comments. I fixed it by shutdown my Mac. After I had turned on again,"Other" space was recoverable. When I scaned malware by Dr.web, it didn't have any malware and my Mac is normal. Consequently, I think OS X Mavericks laged to read space.
Thank you for your comments.
Thanks for your comments.
Thanks.
I was recently reviewing your comments. I was told my MacBook Pro was compromised by a colleague, using brute force to enter a backdor allowing rootkit access and administraion rights. I believe if I use the time machine backup files I will end up having these rights reinstated when uploading the backup.
But First, I would like your opinion concerning the following information collected, and what course of action I should proceed with for removing and securing in the event there is substantial imformation from MacBook Pro LOG following my comments.
Thank you for any support
Boot Mode: Normal
USB
Hub (SMSC)
Hub (SMSC)
System diagnostics
Preview 2014-01-28-003447 hang
SecurityAgent 2014-01-30-141803 crash
SecurityAgent 2014-01-30-141811 crash
SecurityAgent 2014-01-30-141949 crash
SecurityAgent 2014-01-30-142226 crash
SecurityAgent 2014-01-30-142411 crash
SecurityAgent 2014-01-30-142519 crash
User diagnostics
cider 2014-01-26-234202 crash
Extrinsic system jobs
com.microsoft.office.licensing.helper
launchd items
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
Library/LaunchAgents/com.apple.FolderActions.enabled.plist
(com.apple.FolderActions.enabled)
Library/LaunchAgents/com.apple.FolderActions.folders.plist
(com.apple.FolderActions.folders)
Extrinsic loadable bundles
/System/Library/Extensions/HuaweiDataCardDriver.kext
(com.huawei.driver.HuaweiDataCardDriver)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
/Library/Spotlight/LogicPro.mdimporter
(No bundle ID)
Unsigned shared libraries
/usr/lib/bkLib.dylib
/usr/lib/lib6200Lib.dylib
/usr/lib/lib6246Lib.dylib
/usr/lib/lib6270Lib.dylib
/usr/lib/lib7225lib.dylib
/usr/lib/lib8200Alib.dylib
/usr/lib/lib8200lib.dylib
/usr/lib/lib8220lib.dylib
/usr/lib/libAgent.dylib
/usr/lib/libcurl.zte.dylib
/usr/lib/libIceraDownloadLib.dylib
/usr/lib/libmd5.dylib
/usr/lib/libTinyXml.dylib
Restricted user files: 317
Font problems: 40
Elapsed time (s): 213
nikdgr wrote:
I was told my MacBook Pro was compromised by a colleague, using brute force to enter a backdor allowing rootkit access and administraion rights.
Linc will probably be along shortly (although he doesn't always respond to "me too" requests), but I for one would like to know a lot more about how this was accomplished.
By brute force do you mean someone had physical access to your computer and installed this backdoor? That's normally the only way that sort of thing can happen unless your software is way out-of-date or something new is lurking about. And I'm assuming you meant "root" access, since rootkits are malware attacks. It would be helpful if your colleague could provide specific details on how this was accomplished and any malware found on your computer.
It also sounds like a law or two was broken here and you should be contacting appropriate authorities to both find the perpetrator and determine what information has been compromised, before you attempt anything such as restoration from backup.
I was told my MacBook Pro was compromised by a colleague
I would strongly recommend you start your own topic, since it's very unlikely that the Wirenet malware is involved in your case.
One thing I will say here, though, is that if a colleague has had physical access to your machine, and if you have good reason to believe that this colleague has done something malicious to your computer, there is only one reasonable solution: erase the hard drive and reinstall everything from scratch. There is no reliable method for detecting and removing whatever your colleague might have done, especially since it may not have involved any kind of malware at all, but just reconfiguration of built-in system components or already installed third-party software.
I don't know how, or if, you resolved this situation, but I just thought you deserved to know that you should be protected from this malware in the future. Apple updated XProtect yesterday, and now it blocks the samples of Wirenet.2 that I submitted to them on Thursday.
Trojan BackDoor.Wirenet.2
