infected with Trojen-downloader .js.ifr-

I have mac running osx 105 with kaspersky internet security. All up to date. I have not downloaded anything not approved by apple and do not visit sites not approved or certificate. · days my computer was acting strange, files stops uploading on hightail. Then problems really started. I could not do a full scan, after about 3% it said scan complete, that was after 5 minutes, a full scan normally takes 1.7 hours. I opened in safe mode but kaspersky would not open message always said opening. I could not scan. I could however download files in safe so I re installed kaspersky. I then opened mac in normal mode and was able to install new virus. THEN I RAN A SCAN AND IT FOUND 2x trojen-downloader active threats. It removed them but all is not OK. I cannot access apple sites, my emails freaking out , all web `pages untrusted, BANK log in- fake web site, asks for personel details, I now cannot do full scan-, cannot go to apple updates message cannot connect, I am wrting this from a PC as I don’t dare play with my Mac until the right help arrives……


what do i do....

iMac, OS X Mountain Lion (10.8.5), kaspersky protection

Posted on Jun 3, 2014 7:23 AM

Reply
22 replies

Jun 3, 2014 12:42 PM in response to babowa

sorry your are not correct:- from OSX experts- and if you want to see snapshots over 100 of the damage this trojen has done to my mac just ask.



HEUR:Trojan.Script.Iframer. Characteristics ... “JS/Redirector” is a JavaScript Trojanthat redirects the browser to a malicious website. .... CD; Kaspersky - Trojan-Downloader.JS.

, Trojan.Script.Iframer, 58 279 262, 3.65% ... JS.Iframe.cxk, 1 376 898, 0.09%. 14, Trojan-Downloader.JS.Iframe.cyq, 1 079 163, 0.07%.



This trojen is not PC specific. Sorry to give you these facts -´ are you still to advice this is not a mac issue.


ay 4, 2014 - L Trojan virus is a seriously corruptive virus within any sort of operating system including Mac OS, has ability to make the victimized ... refers to the so-called potentially unwanted programs ( driver-by download). .... to Remove the Adware Completely How to RemoveJS:Downloader-ZY [Trj], Latest Manual Removal Guide ».



Jun 3, 2014 12:46 PM in response to thomas_r.

please direct me to the exact reference of the following---i am sorry all i received was out of date information published in 2013 about malware removal.....If you show me the exact reference to this specific mac trojen dowloader file js.ifr you claim to have made....then I will thank you.



HEUR:Trojan.Script.Iframer. Characteristics ... “JS/Redirector” is a JavaScript Trojanthat redirects the browser to a malicious website. .... CD; Kaspersky - Trojan-Downloader.JS.

, Trojan.Script.Iframer, 58 279 262, 3.65% ... JS.Iframe.cxk, 1 376 898, 0.09%. 14, Trojan-Downloader.JS.Iframe.cyq, 1 079 163, 0.07%.



This trojen is not PC specific. Sorry to give you these facts -´ are you still to advice this is not a mac issue.


ay 4, 2014 - L Trojan virus is a seriously corruptive virus within any sort of operating system including Mac OS, has ability to make the victimized ... refers to the so-called potentially unwanted programs ( driver-by download). .... to Remove the Adware Completely How to RemoveJS:Downloader-ZY [Trj], Latest Manual Removal Guide ».



Jun 3, 2014 8:40 AM in response to Guru J

Take a look here:


http://www.thesafemac.com/


(both the malware and adware sections).


You most likely got an email attachment with something that will affect Windows.


If you can't do anything with your Mac, use recovery (Command + R during bootup) to wipe your drive and reinstall the OS. Make a backup of your files first.


http://support.apple.com/kb/HT4718


And do not reinstall Kaspersky which is possibly the reason for this entire problem.

Jun 4, 2014 8:04 AM in response to Guru J

There is a rapidly-growing topic on Apple’s forums right now in which Australians seem to be having iOS devices getting locked remotely. The affected devices are displaying a message claiming that they have been hacked by “Oleg Pliss” and demanding that a $100 USD payment be sent to a particular Paypal account.

It’s unclear at this point exactly how this is happening, but it seems evident that the affected users are having their Apple IDs hacked. Typically, such hacks involve things like weak passwords falling to brute force attacks by a botnet or falling for a phishing attack. That doesn’t really explain the fact that all the affected users appear to be located in Australia, however. Perhaps the most likely possibility is that an Australian e-mail provider has been hacked, giving hackers the ability to reset the password of weakly-protected Apple IDs associated with those e-mail addresses. Regardless of how it’s happening, though, those Apple IDs are being compromised.

Once hackers have access to your Apple ID, they can remotely lock all your iOS devices with a message. They can also see any data stored in iCloud (calendars, contacts, e-mail, notes, etc). If you have a Mac with Back to My Mac enabled, they could potentially get remote access to that. They could also make purchases on your Apple ID. For all these reasons, it’s very important to protect your Apple ID.

Unfortunately, there are ways that a hacker can lock you out of your Apple IDpermanently. Hackers can change your security questions, which is a hassle to deal with but is technically recoverable. However, they could also enable two-factor authentication, and thus permanently lock you out of your Apple ID! Once two-factor authentication is enabled, Apple cannot help you regain access to your Apple ID.

If the idea of losing your Apple ID permanently doesn’t scare you, consider two things. First, all your purchases are tied to your Apple ID. Without your Apple ID, you could lose all your purchased music, movies and apps. More importantly, on devices running iOS 7 with Find My iPhone/iPad/iWhatever turned on, a hacker in control of the Apple ID can lock the user out of that device permanently! That’s right… your expensive iPad could be turned into an expensive doorstop. Restoring the device to factory settings will not be possible without the Apple ID, and Apple cannot unlock it for you.

Affected users will need to regain access to their Apple IDs. Reset the password, and make sure to change it to something very secure. Next, I strongly suggest that you enable two-factor authentication on your Apple ID. Doing so provides additional security, and should prevent the hacker from ever being able to take control of your Apple ID entirely away from you. When you enable this feature, be sure to store the recovery key very carefully! Write it down and put it in a safe, or store it in an encrypted (and well backed-up) place, such as your keychain.

Once your Apple ID is protected, a remotely locked device can be unlocked by following these directions from Apple:

http://support.apple.com/kb/ht1212

For those who might be upset at Apple at policies that make it difficult to regain access to a locked device, consider the opposite. Hackers used to be able to get access to Apple IDs by convincing an Apple tech that they were the owner of the account. Apple’s policies began to change abruptly after Mat Honan had his digital life effectively destroyed by hackers who gained access to his Apple ID.

Although it’s still unknown exactly what’s going on, Australian users of iOS devices should take heed and secure their Apple IDs, as well as the e-mail accounts associated with their Apple IDs. This is a good opportunity for people elsewhere to review the security of their Apple IDs as well.

Jun 3, 2014 12:31 PM in response to Guru J

IThis is exactly whats happening


Brief Definition

Trojan:js/medfos.B is classified as Trojan horse. Such type of Trojan attacks the vulnerability within JavaScript. Combined with uniform resource identifier (URI) method to perform search-redirection payload, Trojan:js/medfos.B manages to steal some confidential information such as accounts and log-in credentials.

Once being attacked by Trojan:js/medfos.b, one might run into the following troubles:

  1. CPU/ internal resource is consumed considerably most of the time.
  2. BSoD, freezes and browser crash might occur occasionally.
  3. Additional items such as web applications or Trojan horse will be detected before long.
  4. Installed anti-virus programs might be disabled to the extent not to ward off infections effectively.
  5. Some background running processes are affected to wantonly breed.

How Trojan:js/medfos.B spreads?

From the most Trojan:js/medfos.B affection cases, it has been learned that people found the Trojan horse was detected after some pop-up ads or browser hijacking/redirecting. As what has been made clear that Trojan:js/medfos.B attacks JavaScript which is commonly used as part of web browsers, it spreads itself online.

Jun 3, 2014 10:42 AM in response to babowa

If the trojen is still active surely when you back up files the trojen- downloader .jsifr will simply attach itself to the transfer.


How can esure the trojen is filtered out in the transfer to back up.


The worst thing i could do is spend a couple of days wiping my mac reinstalling all programs and files only to find my Mac crashes and cannot operate again.


I will do whatever it takes but i need to be sure.

Jun 3, 2014 11:12 AM in response to Guru J

Those items are not Mac malware. They are malicious JavaScripts, probably embedded in another site through some kind of website hack. Their intent would be to download trojans onto your computer, but they are not trojans themselves. Further, they probably would not download a payload that would work on a Mac, and even if they did, you would still have to open whatever was downloaded in order to be infected. And it would have to be malware not already blocked by Mac OS X.


So, long story short, those items weren't hurting you. However, from the sounds of it, Kaspersky has hurt you. Unfortunately, anti-virus software makers won't tell you this, but you should never allow anti-virus software to delete things from your computer! Doing so can cause problems, because some items shouldn't be deleted that way, and because anti-virus software isn't always correct about a file being malicious.


To figure out how to properly delete items that anti-virus software has found, see:


How to remove infected files


As for the problem with your system not working properly, Kaspersky tools have caused similar problems before. Sounds like Kaspersky may have damaged your system. My advice would be to:


1) Get rid of Kaspersky immediately. Be sure to use the uninstaller provided by the developer.


2) Restart the machine and test again. If it's still not working right, proceed to step 3. If everything works fine at that point, you're done.


3) Back up your computer, as a probably unnecessary precaution before step 4


4) Start up in recovery mode (hold down command-R at startup) and reinstall the system. This will simply install on top of your current system, replacing any missing or damaged files with fresh copies. Your other apps and documents won't be touched, unless something goes seriously wrong.

Jun 3, 2014 11:40 AM in response to thomas_r.

These are the facts. kaspersky quaranteened the trojens. I can send you snmap shots of the trojens found and all the damage the trojen was doing in real time. I have over 100 snap shots. I did not delete any files until the next day. Right now the kaspeksy is off and the computer is really freaking out, in safe mode when i go to apple site the trojjen is blocking every attepmt, the trojen will only me access to unregistered unlicenced sites. When i go to upload updates it frezzez the interenet. When i go to my bank account it directs me to a fake website and tries to access my persoenl data.


When i get to an offical site the trojen is interefering with the screen and the bview is all blurred. i have all sbapshots.


With respect if i did not delete files what you are saying abut kaspersky being the problem is simply not true. What if millions of people with macs get this trojen and they find out the only advice i got was kaspersky caused my computer to crash, fail to upload, direct to false websites, stop my internet from working and much more. The next day i deleted 2 files kaspersky suggested. these files were image files. To say image files caused my computer to crash is silly. If it was associated to program files maybe you have a point.


No you are wrong about this . i have had kaspersky for 4 years and never had 1 problem. I can send you PROOF THAT KASPERSKY IS NOT TO BLAME and these trojens exist and causing huge damage to my mac.


I look forward to soemone that knows wahts gpoing on . I think more people should take this trojen- downloader file a bit more serious before its too late to do anything abou it. remeber where you heard it first.

Jun 3, 2014 11:46 AM in response to babowa

not correct.....i use this computer for music production and only have logic 10 installed. I never open attachements and 100% secure, which nmakes this more serious, i think the trojen appeared when i downloaded music files on hightail. something weird happened and froze my compouter during upload.


this might help you in what i said to another meber who got their facts wrong:-


These are the facts. kaspersky quaranteened the trojens. I can send you snmap shots of the trojens found and all the damage the trojen was doing in real time. I have over 100 snap shots. I did not delete any files until the next day. Right now the kaspeksy is off and the computer is really freaking out, in safe mode when i go to apple site the trojjen is blocking every attepmt, the trojen will only me access to unregistered unlicenced sites. When i go to upload updates it frezzez the interenet. When i go to my bank account it directs me to a fake website and tries to access my persoenl data.


When i get to an offical site the trojen is interefering with the screen and the bview is all blurred. i have all sbapshots.


With respect if i did not delete files what you are saying abut kaspersky being the problem is simply not true. What if millions of people with macs get this trojen and they find out the only advice i got was kaspersky caused my computer to crash, fail to upload, direct to false websites, stop my internet from working and much more. The next day i deleted 2 files kaspersky suggested. these files were image files. To say image files caused my computer to crash is silly. If it was associated to program files maybe you have a point.


No you are wrong about this . i have had kaspersky for 4 years and never had 1 problem. I can send you PROOF THAT KASPERSKY IS NOT TO BLAME and these trojens exist and causing huge damage to my mac.


I look forward to soemone that knows wahts gpoing on . I think more people should take this trojen- downloader file a bit more serious before its too late to do anything abou it. remeber where you heard it first.

Jun 3, 2014 11:51 AM in response to babowa

this is of no help sorry...


mac users need to take my post more serious , i have snap shots to prove mac users need to take notice this.


I need more than just apple users advice to wipe my mac. WOW...that really doeas not hepl. If i do what happens if anyone wants to know more about the damage this trojen could do to millions of mac users.


Why is evryone not talking about the damage this trojen is doing. and has done to my computer. I have not had one bit of good advice...just direction to apple run pay sites i for malware deletion that all dont work.


This is real. so get real and dont fob me off with non sense.

Jun 3, 2014 12:07 PM in response to babowa

do you work for a consumer group, the commercial site you adviced me to go to, makes refernce to this type of trojen that switches off my anti virius. With respect have you read this commerical. it makes no reference to any trojen disabling your prtection and not allowing updates.


This information is not current and not relevant. It is standard malware detection. Please read the bottomn of erevy page, peronell attackes to give incorrect advice are discouraged. please read my posting again and you will see that your advice is not relevant.


All i want is someone to give me good advice . This trojen does not allow me access to logs and has password protected .pnp files so that kaseprsky cannot find the directory.


with respect if you dont have anything that relates to my post please dont waste my time and if you do i will consider that a perosnel attack on my human rights.


best wishes

Jun 3, 2014 12:22 PM in response to Guru J

HEUR:Trojan.Script.Iframer. Characteristics ... “JS/Redirector” is a JavaScript Trojanthat redirects the browser to a malicious website. .... CD; Kaspersky - Trojan-Downloader.JS.

, Trojan.Script.Iframer, 58 279 262, 3.65% ... JS.Iframe.cxk, 1 376 898, 0.09%. 14, Trojan-Downloader.JS.Iframe.cyq, 1 079 163, 0.07%.



This trojen is not PC specific. Sorry to give you these facts -´ are you still to advice this is not a mac issue.


ay 4, 2014 - L Trojan virus is a seriously corruptive virus within any sort of operating system including Mac OS, has ability to make the victimized ... refers to the so-called potentially unwanted programs ( driver-by download). .... to Remove the Adware Completely How to Remove JS:Downloader-ZY [Trj], Latest Manual Removal Guide ».

Jun 3, 2014 12:33 PM in response to Guru J

I look forward to soemone that knows wahts gpoing on .


Good luck with that. I actually know what this item is, and have told you what it is. You have, in a subsequent post, turned around and parroted back an abbreviated version of what I said quoted from some other site, so evidently you didn't fully understand what I had to say.


Since listening is a large part of understanding, and you seem not to be in a very listening sort of mood, I think I've responded here as much as I need to. I spent a good amount of time and thought composing my last reply, and I'm not going to waste my time doing that for you when it's not wanted.

Jun 3, 2014 12:51 PM in response to Guru J

avaScript OSA is a port of the Mozilla JavaScript 1.4.2 scripting system to the Macintosh in ... You can use JavaScript OSA as a scripting language in any Macintosh application supporting OSA ... Why Do I Need JavaScript?


The map needs javascript & displays ok here - you do have javascript enabled ... its almost useless as i can't do much without it enabled , such as use my gmail, etc. ... To view this demo, you'll need Safari 5 on Mac OS X or Windows, Safari on ...

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

infected with Trojen-downloader .js.ifr-

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.