Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: FarzadV
FarzadV Author
User level: Level 1
0 points

My MBP is Infected with iWorm , How Can I Remove It Without Reinstalling OS X ?

I've Installed an Adobe Product Downloaded By Torrent (because i'm living in Iran and i cannot buy any original application), and now i cannot connect to Apple Store to Update My OS X , I followed this Procedure Can't connect to Software Update server(swscan.apple.com) to remove this Malware , and removed /Library/LaunchDaemons/com.JavaW.plist and /Library/Application Support/JavaW items , but when i did this command = open -e /etc/hosts

i see different Texts in Hosts.file , What can I Do ?
I can't Reinstall my os x , because i don't have enough free space in my external Hard drive to backup my data , please help


Macbook pro 2010 , Yosemite 10.10.0

MacBook Pro, OS X Yosemite (10.10)

Posted on Nov 21, 2014 5:27 AM

Reply
Question marked as Best reply
User profile for user: Esquared
Esquared
User level: Level 6
12,385 points

Posted on Nov 21, 2014 5:46 AM

Here are instructions to restore the hosts file to its default state:

http://osxdaily.com/2014/04/12/restore-original-hosts-file-mac/

View in context
8 replies
User profile for user: richard3
richard3
User level: Level 2
305 points

Nov 22, 2014 10:56 AM in response to MadMacs0

I advised FarzadV to remove iWorm using anti-malware software for two reasons: Firstly, I know from experience that the average user isn't capable of manually removing malware without making errors. Secondly, it's possible that one or more of the three later strains of iWorm store their constituent files in different locations in order to evade detection.


According to the research that I performed before I made my original post, iWorm doesn't modify the file 

/private/etc/hosts
. Do you have any evidence that proves otherwise?

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,221 points

Nov 22, 2014 1:58 PM in response to richard3

richard3 wrote:


I advised FarzadV to remove iWorm using anti-malware software for two reasons: Firstly, I know from experience that the average user isn't capable of manually removing malware without making errors. Secondly, it's possible that one or more of the three later strains of iWorm store their constituent files in different locations in order to evade detection.

I'm only aware of two variants that had slightly different installer scripts. The original was included with several different Adobe products on PirateBay. That same variant appears to have come more recently with a pirate copy of Parallels. The second variant came disquised as software needed in order to view various TV videos. There have been rumors of a Flash Player update, but I have not run across one. Can you point me to samples of the other two please?

According to the research that I performed before I made my original post, iWorm doesn't modify the file 

/private/etc/hosts
. Do you have any evidence that proves otherwise?

It isn't iWorm itself, but the rather installer used with the pirated software that also installs iWorm. There are multiple examples cited here in the forum including the one the OP mentioned at the top Can't connect to Software Update server(swscan.apple.com)

Reply

My MBP is Infected with iWorm , How Can I Remove It Without Reinstalling OS X ?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up