Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

threat by trojan.JS.Iframe.BKD on MacBookPro

Hello everybody, please pardon my english.

BitDefender Virus Scanner (properly downloaded by Apple Store) detected this threat on my Mac Book Pro running OX Yosemite 10.10.5.

It's among the Mobile Applications (in the mobile application folder) in my mac, it's a zip file named " com.sg.findItprohd.zip ", its size is 39,4MB.

Bit Defender was not able to remove it, I will not touch it as well until someone tells me how to do it.

I regularly synchronize my Iphone 4S on my Mac, of course I will not do it again until this stuff will be removed.

What is it?

How can I fix this awful situation?

(Please help me, I'm going to freak out...)

MacBook Pro, OS X Yosemite (10.10.5)

Posted on Sep 29, 2015 2:52 AM

Reply
37 replies

Sep 29, 2015 12:44 PM in response to esseG

The issues started one week ago, when I tried to watch a tv series episode in streaming on internet,


That is where your problems began. The webpage that alleged the existence of a "virus" on your Mac and subsequently prevented you from using Safari is a common scam perpetrated by criminals in an effort to extort money from you. Learn more about that by reading Phony "tech support" / "ransomware" popups and web pages.


Those scams should be expected to occur whenever you seek to download, stream, or otherwise obtain copyrighted digital content that is not normally distributed "for free". They are also very common on websites that appeal to prurient interests, including most "news" sites. However, it is possible for them to affect any website that accepts advertising, which means nearly every website on Earth. This support site is one of the very few that do not accept advertising.


You exacerbated the problem by downloading and installing "MacKeeper", which it seems you successfully eradicated, but then you continued down that path by installing "BitDefender" in an effort to identify the mythical "virus" that the scam web page alleged existed. You are now being encouraged to download and install yet another program for reasons that are completely unrelated to the problem you described. Those steps were needless, and at best a waste of your time. If you continue down that path, you will find a practically limitless number of equally useless apps to occupy your time.


In no case is it ever necessary to download or install anything, regardless of the source, including the Mac App Store, to either recover from or respond to the webpage you encountered. To do so is an inappropriate and unjustified response. Downloading and installing anything in an effort to prevent its reoccurrence is also an ineffective defense, and an invitation for additional trouble.

Sep 29, 2015 1:13 PM in response to John Galt

Your post Phony "tech support" / "ransomware" popups and web pages is very interesting and I think you've got the point of the problem.

That's what happened to me.


MacKeeper didn't eradicate anything, that's why I deleted it forever from my mac. It found a worm, which is known to be a "joke", a "scareware" or so. They only wanted me to buy their antivirus. Also, MacKeeper was very officious, it forced me to chat with "an expert" that wasn't a real person for sure, but probably a program. Ridiculous.


Do you think my computer is safe? I mean, this kind of situation do not actually mean anything?

Sep 29, 2015 2:17 PM in response to esseG

The purpose of those scam messages is to usually to convince you to either call someone or download some program that will in turn demand money from you — a credit card number or other form of payment. The conversation you had with MacKeeper and their attempt to get you to purchase their product is a typical result.


Another typical scheme is for the popup to indicate the urgent need to call a phone number, sometimes fraudulently called "Support for Apple" or similar words that sound vaguely authentic. The person who answers the call will attempt to convince you to pay a fee, or perhaps to grant authorization for remote access and control of your Mac, which can lead to other problems including identity theft. You did not do that.


The mere appearance of the scary-looking popup message does not in itself cause anything to be installed. The information it presented was completely false. All you need to do is make it go away. Real problems begin by downloading and installing various cure-alls — regardless of whether they are "free" or not — in an effort to address a problem that does not exist.

Sep 29, 2015 10:23 PM in response to John Galt

Yeah.. the point is: can a Mac be contaminated?

Yesterday I made a deep system scan with AppleStore's Bit Defender and it found another trojan and it's the reason I'm writing in this post.

I didn't anything outlaw (watching stuff on streaming, downloading stuff, clicking links here and there - these are not things I do everyday because I'm not stupid 😉 - I just did it a week ago and I learned the lesson)

I'm not asking what's the best antivirus, I would like to know why Bit Defender (that wants no money from me, as like MacKeeper) fond a new trojan.

I would like to know if are there really trojans or worms or virus for mac, around.

I use to think there were none.

Sep 30, 2015 4:13 AM in response to esseG

They are returning false positives, both BitDefender and MacKeeper, and then they will ask you to install the paid version. Which part of scam (MacKeeper) and useless on Mac (BitDefender are you not getting?


as for


I would like to know why Bit Defender (that wants no money from me, as like MacKeeper) fond a new trojan.

then contact BitDefender and ask.

Pete

Sep 30, 2015 5:52 AM in response to esseG

esseG wrote:


Yeah.. the point is: can a Mac be contaminated?


A few months ago I took a brand new Mac delivered from Apple, configured it with one very minimal User account, and ran nearly all the popular "anti-virus" programs on it, erasing and reconfiguring the Mac after the conclusion of each evaluation. Some of those products found allegedly malicious files. Some of them found hundreds. Some of them found none. Some of them corrupted the system, or installed what could reasonably be characterized as a "virus" in itself. All of them consumed system resources in varying degrees, including one that caused the Mac to become effectively unusable. Only one included an uninstaller that actually uninstalled all of its system-modifying components.


The point is: none of those products conveyed any benefit. They are the contamination you fear. Many of them were harmful. None of them will prevent a phony popup from appearing, fraudulently alleging your Mac is infected with some ick. The scam you encountered is no different than — and as old as — some uninvited salesman ringing your doorbell and sticking his foot in the door jamb until you agree to buy whatever garbage he is selling... even if it is "free".

Sep 30, 2015 6:15 AM in response to petermac87

I'm sorry, you see my english is very poor, I didn't get part of you question.


MacKeeper was for sure a scam (and also Scum) indeed. I uninstalled it as soon I noticed that, so quite soon.

For the moment, BitDefender didn't ask me to buy, or upgrade with fee the current version, and it's running since some days.

Probably, for sure, bit defender is useless, because Apple products should be immune to virus and other unpleasant stuff like this. (....Isn't it??)


False positives: yeah, some of my friends, longtime Mac users, told me the same.

It happens also in Medicine, which is my education subject.


So, that's what I'm figuring out: MacKeeper itself (and maybe Bit defender - I hope not - too) put something in my mac just to persuade me I need an antivirus.

But Apple products are immune, so I don't really need it.

The files they put in my computer is nothing and they won't really hurt the system.


I don't know if it's the truth, I'm just trying to be objective and to convince myself.


Do you agree?

Sep 30, 2015 6:27 AM in response to John Galt

Yes, that's what I'm starting to believe.

After all, my computer doesn't show issues, at least, I haven't noticed anything different.

It was only that an antivirus shown me a trojan in a folder, it could be actually NOT a trojan but a "joke", and I deleted the complete folder (= I had a spot in my hand, so I cropped the complete arm, hopefully the spot wasn't an infection just running all over my body).

I'm still only afraid of plugging my iphone for synchronize it.

Anyway, I will not enter any credit card number (I will use another computer for the moment, hahaha)

your advices were really useful and I thank you a lot.

Even the other guys were helpful.

Sep 30, 2015 6:34 AM in response to esseG

esseG wrote:


BitDefender Virus Scanner (properly downloaded by Apple Store) detected this threat on my Mac Book Pro running OX Yosemite 10.10.5.

It's among the Mobile Applications (in the mobile application folder) in my mac, it's a zip file named " com.sg.findItprohd.zip ", its size is 39,4MB.


There's been a lot of confusion here, so let's try to get back to the question at hand.


First, there's been some talk about whether or not to use Malwarebytes. There's nothing wrong with Malwarebytes, contrary to one particular opinion here. However, it won't do anything for you in this case, because this isn't Mac malware. Malwarebytes Anti-Malware for Mac currently only detects installed Mac malware or adware, and won't detect iOS malware at all.


Second, this looks like it's actually an old potentially malicious app that used to be in the iOS App Store more than two years ago. For information about this, see:


http://www.macworld.com/article/2037099/ios-app-contains-potential-malware.html


This file isn't a threat at all to your Mac, but if you still have this Simply Find It app on an iOS device that you sync with the affected Mac, you should remove the app from that iOS device. If it makes you feel better to do so, you could also restore the iOS device to factory settings, though I've seen no indication that this would actually be necessary with this malware.


You should also be able to safely remove this file from your Mac, if deleting from the iOS device and then syncing with the Mac doesn't remove it.

threat by trojan.JS.Iframe.BKD on MacBookPro

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.