Jump to content


On my Mac: Viruses


  • Please log in to reply
51 replies to this topic

#41 yo-mike

yo-mike

    Livin' in 2007

  • Members
  • PipPipPipPipPip
  • 1031 posts

Posted 01 November 2007 - 10:57 PM

View PostDark_Archon, on November 1st 2007, 06:45 PM, said:

New trojan for OS X that requires the user to:
1. Go to a shady pr0n site
2. download a codec nobody has ever heard of from them
3. mount the disk image
4. launch the installer
5. imput an administrator password
6 click through multiple screens to proceed with the install

before installing where it then sets up a couple fake DNS servers and a cron job that makes sure they aren't changed. If anybody actually follows through with all that, they deserve to have their computer infected with a trojan.

As it doesn't install itself or self propagate, it still isn't a virus which to my knowledge still doesn't exist for OS X.

Heh, heh..

It's not like we didn't see this coming.

In my case, this isn't the case.

The files that were corrupted were .jpeg or .jpg. I forgot, they're toast now.
The files were Classic Mac OS picture files that were for example pictures in of the program which I use on occasion.

So I'm in the clear of this "pr0n" site crap.

Problem is: Disinfectant is abandonware, ClamXV is half***ed, and VirusBarrier X4 is good, but now I'll be looking for a third party seller of the product or multi-package at a lower cost than Intego.

Thing is: If you download Classic Ware of any kind, it helps to scan the stuff before you open it, and thus have your Expander set accordingly.

Malware for OS X will  become more prevalent  at any rate.  It's just  going to  be in
our best interest to be prepared no matter what sites  you visit.

Malware is doubtlessly being  written  for  OS  X.  As I post.  Mark  my words.

AMD Phenom II X4, Win 7 64

Kubuntu Rocks Better


#42 yo-mike

yo-mike

    Livin' in 2007

  • Members
  • PipPipPipPipPip
  • 1031 posts

Posted 01 November 2007 - 11:17 PM

Thanks though for the heads up on this trojan horse info, Dark_Archon.

I visited the CodeBook forum a while back, and the boards there are being totally thrashed by spammers using the crap "pr0n" BS in the articles you linked to...... Beware, be cautious Mac users. Someone doesn't like us.

AMD Phenom II X4, Win 7 64

Kubuntu Rocks Better


#43 Smoke_Tetsu

Smoke_Tetsu

    Uberspewer

  • Members
  • PipPipPipPipPipPipPip
  • 3318 posts
  • Steam Name:Tetsu Jutsu
  • Steam ID:smoke_tetsu
  • Location:Cyberspace

Posted 02 November 2007 - 12:05 AM

I wouldn't lose any sleep over it.
--Tetsuo

Alex Delarg, A Clockwork Orange said:

It's funny how the colors of the real world only seem really real when you viddy them on the screen.

the Battle Cat said:

Slower and faster? I'm sorry to hear such good news?

Late 2012 27 inch iMac, Core i7 Quad 3.4GHz, 16GB RAM, Nvidia GeForce GTX 680MX 2GB, 3TB HDD - Mavericks

Late 2009 27 inch iMac, Core i5 2.6GHz, 12GB RAM, ATI Radeon 4850HD 512MB, 1TB HDD - Mavericks

Mac Mini, PowerPC G4 1.4Ghz, 1GB RAM, Radeon 9200 32MB, 256GB HDD - Leopard

Dell Inspiron 1200 Notebook: 1.2GHz Celeron, 1.2GB RAM, Intel GMA915, 75GB HDD - Ubuntu

Generic Black Tower PC, Dual Core 64-bit 2.4GHz, 4GB RAM, GeForce 9600 GT 512MB - Windows 7


#44 yo-mike

yo-mike

    Livin' in 2007

  • Members
  • PipPipPipPipPip
  • 1031 posts

Posted 02 November 2007 - 12:07 AM

Thanks. But, I can't fall asleep anyway. :lol:

AMD Phenom II X4, Win 7 64

Kubuntu Rocks Better


#45 Dark_Archon

Dark_Archon

    Master Blaster

  • Members
  • PipPipPipPipPipPip
  • 1792 posts
  • Location:Rochester, NY

Posted 02 November 2007 - 07:04 AM

If a site asks you to download anything with a name like "extremecodec" or something like that, you should know that there is a problem. In fact, I don't know why people would download anything a random site asked them to.
Mac Pro 2.66 Ghz NVIDIA GeForce 8800 GT 7 GB RAM SONY DW-D150A SuperDrive

#46 the Battle Cat

the Battle Cat

    Carnage Served Raw

  • Admin
  • 17435 posts
  • Location:Citadel City, Lh'owon
  • Pro Member:Yes

Posted 02 November 2007 - 11:16 AM

View Postteflon, on November 1st 2007, 05:29 PM, said:

simple solution to this problem then is to not go to shady pr0n sites and download things... stick to the well lit ones.

I run into this trojan horse a lot.  As the admin of another forum that is forced to block spam by having the admin (me) review every registration by hand, arriving at a website that hosts this trojan is much more easy and insidious than clicking on a link to a pr0n site and opting to download their codec to view pr0n.  Many times, when checking a link in a user account signature or even the domain his email is coming from, I get REDIRECTED to a pr0n site with an obvious pr0n DNS and many times the download begins immediately without my permission.  I have always suspected strongly that it was malicious, now I know for sure.  Thanks for the heads up.
Gary Simmons
the Battle Cat

#47 yo-mike

yo-mike

    Livin' in 2007

  • Members
  • PipPipPipPipPip
  • 1031 posts

Posted 02 February 2008 - 05:36 PM

::Bump::

Well, Finally! I nailed the last of of the NVIRA/B in the head, I had to reinstall Classic- it must have infected the default Mac OS 9 Applications and/or System 9 Folder. I tried to delete the System 9 folder and wasn't allowed to by the 'System'. I deleted Applications OS 9 folder though, got out my install disk 1 and reinstalled Classic. No more beeping!

I still have the old clone of the drive that was infected and maybe I'll make a podcast about it with the beeping noise..

regards,
yo-mike

AMD Phenom II X4, Win 7 64

Kubuntu Rocks Better


#48 yo-mike

yo-mike

    Livin' in 2007

  • Members
  • PipPipPipPipPip
  • 1031 posts

Posted 20 March 2008 - 11:04 PM

The only thing that Finally did it was an archive and install of OS X.
I hope you're reading and learning, because I did it. Restore Classic just doesn't work.
You can read about it on the Mac OS X Hints forum in the classic OS 9 forum. Yes, I know you can search. It's pretty well laid out to read. (dang, that's a good site!)

AMD Phenom II X4, Win 7 64

Kubuntu Rocks Better


#49 Neroon

Neroon

    Newbie

  • Members
  • 6 posts

Posted 26 May 2008 - 07:44 PM

View Postyo-mike, on February 3rd 2008, 01:36 AM, said:

::Bump::

Well, Finally! I nailed the last of of the NVIRA/B in the head, I had to reinstall Classic- it must have infected the default Mac OS 9 Applications and/or System 9 Folder. I tried to delete the System 9 folder and wasn't allowed to by the 'System'. I deleted Applications OS 9 folder though, got out my install disk 1 and reinstalled Classic. No more beeping!

I still have the old clone of the drive that was infected and maybe I'll make a podcast about it with the beeping noise..

regards,
yo-mike


What you should do is really just remove Classic and dont put it back it.  :)
I also find a serious flaw in your argument that classic is better at finding viruses than Mac OS X. I will ask you one simple question to give you a hint of what I mean is wrong:
How many Viruses for other operating systems (like Windows viruses for once or even the non existant Mac OS X viruses) can you find with software running in Classic?

#50 yo-mike

yo-mike

    Livin' in 2007

  • Members
  • PipPipPipPipPip
  • 1031 posts

Posted 26 May 2008 - 08:23 PM

Hi!
Welcome to IMG forums Neroon.

View PostNeroon, on May 26th 2008, 09:44 PM, said:

What you should do is really just remove Classic and dont put it back it.  :)
Actually I find I still have use for it. Besides, reinstalling it after you uninstall it is the pits.
I'll not go through that again. I have more than enough room on my HD for 350 MB and plenty for Mac OS 9 Apps.


View PostNeroon, on May 26th 2008, 09:44 PM, said:

I also find a serious flaw in your argument that classic is better at finding viruses than Mac OS X.
Modern Virus ware doesn't detect legacy viruses (generally) They're also to darn resource hungry and a royal pita to
uninstall. (To name a few problems)


View PostNeroon, on May 26th 2008, 09:44 PM, said:

I will ask you one simple question to give you a hint of what I mean is wrong:
How many Viruses for other operating systems (like Windows viruses for once or even the non existant Mac OS X viruses) can you find with software running in Classic?
I don't use Disinfectant legacy AV for Windows, Mac OS X, or Linux.... Disinfectant can't run in the Classic
environment of OS X.

Thanks for reminding me about this! I'll need to start scanning me packages again (When I do) Ol' OS 9er B&W insn't hooked up online currently. But this is a good reminder from Neroon to keep a heads up! I also has me Norton's for OS 9. :whistling:

This newbie's a good one! Don't let him go tBC!

AMD Phenom II X4, Win 7 64

Kubuntu Rocks Better


#51 Frigidman™

Frigidman™

    Eye Sea Yew

  • Admin
  • 4265 posts
  • Steam ID:frigidman
  • Location:East mahn, East!
  • Pro Member:Yes

Posted 27 May 2008 - 08:55 AM

Yeah, I fail to really see the point in saying that the Virus Checker in OSX is crap compared to one in OS9, when the files being checked are classic files. Classic/Windows files cannot hurt OSX in any form or fashion, so why should the virus checker in OSX care? Why bloat it with useless garbage it will never use?

Kind of like blaming OSX for not checking viruses in VirtualPC. I mean, its running on the Mac, the files are on the mac volume... so why doesn't it have the five billion virus definitions for all windows and dos versions so that it can check for those?


Sorry, there is no "GLOBAL-ENTIRE-HISTORY-OF-MANKIND VIRUS CHECKER".
If there is one, expect to pay a heaping load of cash for it...


I never ask my OSX to check the PC files I download. I never browse or use the internet with my PC, I use the mac first, then all files are in a shared folder. The PC loads up, uses AVG and scans that folder, then gives the thumbs up on copying anything over to be run.

I can understand why you would want an all-in-one, but we never get what we want. If you think you can make one, go ahead. I think the other five people in the world who may want the same thing will pay you for it.

-Fm [1oM7]
"I'm not incorruptible, I am so corrupt nothing you can offer me is tempting." - Alfred Bester


#52 yo-mike

yo-mike

    Livin' in 2007

  • Members
  • PipPipPipPipPip
  • 1031 posts

Posted 27 May 2008 - 11:13 AM

Mac OS X AV Ware should be equipped to scan for legacy viruses. There weren't that many anyway.

AV Ware should be able to do just what it's supposed to do on any Mac that supports it. Same for Spy Ware removal.

That's why there's updates for definitions.

Anything else you care to argue about? Maybe a year old thread of your choosing?

AMD Phenom II X4, Win 7 64

Kubuntu Rocks Better