-
All replies
-
Helpful answers
-
Sep 28, 2015 8:42 PM in response to Weracby Werac,Sorry, that was meant to be PUA.OSX.IronCore
And my current anti-virus is Webroot.
Sarah
-
Sep 29, 2015 1:08 AM in response to Weracby lllaass,Just what symptoms are you seeing?
I could not find anything on that by Googling.
-
Sep 29, 2015 4:11 AM in response to lllaassby Werac,I have a Webroot Anti-Virus system and at the moment every time I start up within a minute or so it sends me a message saying it has found
PUA.OSX.IronCore. Then a scan isolates two or three files I am familiar with (just harmless word docs) that are now tagged by the antivirus system as being infected by the IronCore. I have googled it and apparently there are a few adware (malware) companies targeting macs with these malwares: mac apparently is not yet equipped to deal with them and neither are any anti-virus schemes. mac themselves recommended MalwareBytes program, which DID find and remove a trojan file with a name that was mentioned when I was googling these viruses. I thought I was set - but next time I started up there it was again.Apparently they come in to your computer attached to seemingly valid downloads (from sites such as softonic). See image of the two files thought to be troublesome - i have deleted them about five times so far but the screen just keeps bringing them up.

Thanks for taking the time!
Sarah
-
Sep 29, 2015 4:15 AM in response to Weracby Barney-15E,Most likely a false positive. Those files are used to remember the window layout in Finder.
-
Sep 29, 2015 5:17 AM in response to Barney-15Eby Werac,Thanks Barney.
What does false positive mean in this context?Webroot is overreacting to something?
Sarah
-
Sep 29, 2015 5:19 AM in response to Weracby lllaass,Try this:
http://www.thesafemac.com/arg-spigot/
Also see:
http://www.sentinelone.com/blog/osx-ironcore-a-or-what-we-know-about-osx-flashim itator-a/
The above is general for PUAs (Potentially Unwanted Applications,)
-
Sep 29, 2015 5:28 AM in response to Weracby seventy one,Downloading anything from Softonic is fraught with potential for malware. The same goes for Downlite, Zeobit, MacPaw and Cnet. You really do not need anti virus ... just browse with care and don't download from sites you don't know. Always check them out through these forums first.
-
Sep 29, 2015 5:59 AM in response to seventy oneby JimmyCMPIT,+1
this has become the rule with these sites rather than the exception.
-
Sep 29, 2015 12:26 PM in response to Weracby Linc Davis,Remove the worthless "Webroot" product by following the instructions on this page. If you have a different version of the product, the procedure may be different.
Back up all data before making any changes. Never install any "anti-virus" or "anti-malware" software again.
-
Sep 29, 2015 12:45 PM in response to Weracby Kurt Lang,It would be a bit interesting to see what these two files may be, and what size they have.
The file OS X uses to keep track of folder attributes is:
.DS_Store
These are different, and are not files OS X creates. Yours are named:
._DS.Store
-
Sep 29, 2015 1:01 PM in response to Linc Davisby Linc Davis,In case you're wondering why those perfectly innocuous files are named as they are, it's because they are on a flash drive in FAT format. The files are harmless. "Webroot" is harmful.
-
Sep 29, 2015 1:08 PM in response to Linc Davisby Kurt Lang,it's because they are on a flash drive in FAT format.
Ah. Missed the obvious clue there in the file path name.
-
Sep 29, 2015 3:00 PM in response to Weracby John Galt,Werac wrote:
And my current anti-virus is Webroot.Get rid of it.
"Webroot" may prove difficult to uninstall. Please read my first reply to this recent Discussion: Re: remove best buy webroot
"softonic" is not a trustworthy source of Mac software. Neither are any other "download aggregator" websites primarily supposed by advertising revenue, including but not limited to "C Net Download", "Download dot com", "Mac Update Dot Com", "Soft Pedia Dot Com" etc. Never obtain software from any of those sites, or any others not explicitly authorized by the respective software's developer. If in doubt, constrain your software purchases to the Mac App Store.
-
Sep 29, 2015 3:21 PM in response to Weracby Barney-15E,Werac wrote:
Webroot is overreacting to something?
More accurately, webroot is overreacting to nothing.