How can I remove a Trojan.Ciusky.Gen.13 virus?

Yes you should uninstall your third party anti virus apps. Even modern Windows computers do not need third party anti virus apps. Protection is built into modern operating systems and all third party apps do is use system resources while providing no benefit.

This is what you need to do to protect your computer:

Effective defenses against malware and other threats

drewphdude wrote:

How can I remove a Trojan.Ciusky.Gen.13 virus? It seems to be reinstalling itself in my time machine back ups.

That is just a scary-sounding code-name that security companies like to use. Your antivirus should tell you what the actual file is. If you post the full path to that file, we can tell you exactly why it is nothing to worry about.

There is no AV software that is worth one cent of your money, or one moment of life on your Mac. They are all completely useless. Uninstall Bitdefender.

Companies often require AV software on their Macs for two reasons:

1) Their IT department doesn't know squat about Macs, or they'd realize AV software on a Mac is pointless.

2) They want their Macs to catch Windows malware that come in as email attachments so you (hopefully) don't forward them to their Windows users. But that's what the AV software on the Windows computers are for. So the Mac is being slowed down by useless AV software that is of zero benefit to that computer.

I have heard this before from Mac people, but then I did end up with a Trojan once that BitDefender picked up. Prior to that my hard drive was running very, very slowly. Since then I've been told by some professional Mac people that Macs can sometimes get viruses and that there are more Mac viruses being developed too.

I also have Malwarebytes which everyone seems to recommend.

It's hard to know what to believe anymore.

Vanessa

It's hard to know what to believe anymore.

Then let's try to break it down.

I have heard this before from Mac people, but then I did end up with a Trojan once that BitDefender picked up. Prior to that my hard drive was running very, very slowly.

And that's a perfect example of why AV software is useless. Even though BitDefender continually eats up system resources the entire time your Mac is running, it still didn't stop you from installing a Trojan, because it and any other AV software can't.

Why? Because when you download a Trojan, it's just an installer or app that hasn't done anything yet. It's no different to the AV software than any other of thousands of files that web browsers download to your computer every day.

Trojans need to be willingly installed by the user. Often, you don't know you're installing one because it's bundled in with something else you do want installed. Either way, even though you've downloaded the Trojan, there's still nothing for the AV software to "see".

Now you install it. Still no reaction from the AV software. The Trojan is either now already active, or you run the app after installing it (because it's disguised as something else you thought you wanted). And still no reaction from the AV software. Isn't this what it's supposed to do, you think to yourself?

No. Neither the OS or the AV software is going to stop you from using your computer as you see fit. Even if the AV software sees it (which it eventually did), it was a day late and a dollar short. The Trojan was already on your Mac and the AV software did nothing to stop its installation, or even warn you (at the time) it had been installed.

Since then I've been told by some professional Mac people that Macs can sometimes get viruses and that there are more Mac viruses being developed too.

These, um, "professionals" should turn in their credentials. You can't get something that has yet to exist on the Mac OS. A professional should never, ever, use the term "virus" as a catchall term. Malware (short for malicious software) is the correct generic term. It refers to any type of software you don't want on your computer, of which a virus would be one.

A general description for each:

Virus - can infect other directly connected computers or drives by copying themselves to them without any user interaction necessary. These do not exist in the Mac OS. A virus needs direct sight of the next device it's trying to install itself to.

Trojan - software that requires the user to do something to get it installed. There's lots of these. Especially on illegal file sharing sites where you download cracked versions of expensive, commercial software. Virtually a guarantee that if you install such software, it will also install some of the nastiest malware with it. Such as a keylogger, or back door. Adware actually falls under this category since most of it installs with other software you download from legal sites such as softonic.com and downloads.com. It's as annoying as all get out when it gets on your system, but at least it isn't dangerous. Though some of the ads generated by adware are outright fraudulent. Such as the plethora of scare tactic ads used by the makers of MacKeeper.

Worm - smarter than a virus. They can search out other computers on a network all on their own and attempt to infect the ones it finds. The only known (and now long dead) worm was Oompa-Loompa. Also known as Leap-A. It first had to installed by a user as a Trojan. It then looked for other users to infect across a network who were in your Messages account. With Unix in the way, it couldn’t install itself and would cause an admin password box to appear on the remote Mac. Deny access, and it couldn't do anything. The user had to be dumb enough to allow a process to continue without thinking about why an admin box appeared out of nowhere in the first place. While there were likely at least a few more, the official reported instances of infection by Oompa-Loompa was a grand total of 50 Macs.

For now, and has been the case almost entirely through OS X's existence, defeating malware is to use your brain. All known malware out there right now are Trojans. You have to download and install it. Gatekeeper recognizes some apps and will stop them from running, also posting a warning to delete the app/installer. Anything else will blow right through no matter what AV software you're running, or how many. They are useless. They are designed to try and stop automatic processes, such as the thousands of such viruses in Windows. Trojans bypass all of this. You choose to manually run an installer or app. It doesn't matter where it came from. The OS and AV software can only do so much to protect you from yourself. When you choose to run an app, either can only sit back and say, "Well, okay. You're the boss." Either may detect a problem after the fact, but it is of course too late, then.

At this time, all AV software is nothing more than a drain on system resources. If you’re thinking is to be preventative against new threats, that is also a waste of time. No system can stop the unknown. If you download and run a new, unknown threat, neither the OS or AV software will see a problem with it since it isn't recognized.

Reportedly, a virus that could affect the Mac OS has been created in research labs where they look for flaws in the OS, who then report their findings to Apple or Microsoft so the OS can be patched before crooks find these same openings. No Mac OS virus has ever been seen in the wild. At least, not yet.

Ok, I am still confused. Maybe this is because when I first got my computer in 2015, I was coming over from almost exclusively a PC background. In that environment it appeared to me that the anti-virus software was routinely blocking things. I got into PCs in 1982, and although I'm not 'techie' I am fairly experienced.

In my case I installed bitdefender because my computer wasn't working very well and I had spent hours on the phone with Apple. It was only after installing bitdefender and finding the alleged Trojan that things began to get any better. Before that, nothing Apple was doing seemed to make much difference.

On the other hand, I recently brought my Mac into an Apple technician where they recommended that I replace the hard drive - which I did, and the computer feels as if its working properly for the first time since I got it.

So I'm going back to my first question are you saying that there is no point in getting anything like bit defender because it can't block a trojan? If so, why does it work on a PC or doesn't it - and why has my Mac been so temperamental since almost day one? Or are these things unrelated or just coincidental?

What your experience with the hard drive tells me is the Mac came with a faulty drive out of the box. They're mass produced items that are expected to work when new. No manufacturer tests each drive for hours or days before sending it out. You got a bad one. It happens. Replacing it, per your note that the Mac suddenly worked as you would expect, fixed the issue.

As BobTheFisherman said, AV software is dead. Symantec themselves said that a couple of years ago. Viruses were the playground of morons who wanted to do nothing more than create havoc. That's not the main threat anymore. Criminals have moved virtually everything away from "destructive for no reason" to trying to get malware onto a system that will allow them to empty your bank account, or otherwise get lots o' money for little work.

You can't easily do that with any type of virus. You need the victim to install a Trojan. Such as a keylogger, or other, more complex app.

Hello again Vanessa444,

I'm not sure what the "Beastmaster" is, but I know that your antivirus software shouldn't be doing anything with it. Those are all internal Apple data structures. There is a greater risk in corrupting your backups than in protecting you from any viruses.

I can't say much about the problems with your Mac. You've only said a few hints about that. But those problems likely aren't that different from your virus problems. Few people really know anything about Macs. That includes people who sell antivirus software. It is simply impossible that a file having a path of "/Volumes/com.apple.TimeMachine.localsnapshots/Backups.backupdb/Beastmaster" can do any damage to your Mac. The Mac just doesn't work that way. All that any of those antivirus programs do is scan your hard disk, and apparently your backups, for any files that match their "signatures". Those "signatures" are often wrong and match files that aren't a problem. Even worse, they are almost always based on Windows software.

So, the answer of why antivirus software works well on a PC but doesn't on a Mac is pretty simple. How well would software that only protects against Mac malware work on a PC? Not very well, I would bet. Well, that is the way PC software works on a Mac. You might see one or two reports of someone claiming that it found something. But quite often, you will see Mac users running popular antivirus software right alongside the most popular Mac malware. The general consensus is that antivirus software causes more harm among Mac users than the malware. There are a couple of Mac anti-malware apps that are effective, but you don't hear much about those. That is because they are effective and don't cause much trouble. One of the biggest Mac security problems is fake software and scam software. Much of it claiming to be antivirus software.

This thread is a good example of the practical problems that Mac users face. If you did actually have adware or malware, it would be easy to identify and remove. But trying to get people to remove problem software, or convincing them that they've just been scammed, is very difficult.

Vanessa444 wrote:

/Volumes/com.apple.TimeMachine.localsnapshots/Backups.backupdb/Beastmaster

That is part of your Time Machine backup system, and that is not something your anti-virus software should be messing with. Deleting files from Time Machine can destroy your backups.

In this case, the file is being detected as Windows malware, which cannot affect your Mac, if that's actually what it is. Malwarebytes will not scan your Time Machine backups, and will not pester you about possible Windows malware, since it focuses on detecting Mac threats.

I suspect that the path shown above is not the full path, as it seems incomplete. However, regardless, it would be best if you simply set Bitdefender to ignore that file. Since it is, at worst, Windows malware, it can't hurt you.

Contrary to some of what has been said here, Macs DO get infected. There is plenty of actual malware out there, though far less than what is available for Windows. There are also all kinds of adware and junk software scams, which are far more common, but less dangerous than malware. Do not let anyone tell you that such threats do not exist on the Mac, or you will develop a false sense of security that will end up getting you in trouble.

On an ancillary note; around the time I got the Trojan, I believe someone may have hacked into my computer and was reading my email. I can't prove it though. Is it possible that someone installed a key logger without my knowledge? If so, is there a way to detect key loggers on Macs that you would recommend? Maybe that would explain how I got the Trojan in the first place?

Vanessa

There are two basic ways to get a keylogger installed. The user unwittingly installed it themselves (illegal copies of commercial software being a main source), or, someone else had direct access to your Mac and installed it in your absence.

A keylogger wouldn't install a Trojan, it is one.

If there is a keylogger on your Mac, they can be very difficult to find. To remove such an item, it would be easier, and 100% effective to manually backup all personal data to an external drive (emails, photos, other documents). Then erase the drive and reinstall the OS. Reinstall all third party apps from their original sources, only. Then manually place your personal data back on the drive.

Do not restore a Time Machine, or other full backup. That will just bring the malware back onto the drive, assuming it exists.

You don't need to. It's Windows only malware and can't do a thing to your Mac.

If you can do a search of your emails, and it's an attachment, simply delete that email so you don't accidentally forward it to a Windows user.

For Time Machine, just leave it. As TM needs room for newer backups, it will eventually be deleted by TM from the backup drive. Never try to manually remove anything from a TM drive. That's a really good way to destroy it.

It's a Windows only Trojan. Most likely somewhere on your Mac as an email attachment at one time, but now only found as a backup file on the TM drive. Ignore it.

Uninstall your anti virus app.

Kurt,

I'm getting the same double warning with Bitdefender, multiple times a day. How do I ignore it? I don't want to dump BitDefender either.

Thanks,

Vanessa