HolidayBuyer's Guide

Mac OS forum

General discussion

Need Help Resolving Leopard Trojan Horse Attack!

by pshefler / February 15, 2008 6:46 PM PST

I just got a new iMac with Leopard installed and clicked on a link that was very similar to this (that I found quoted at chinwong.com/index.php/site/comments/mac_attack/):

""OSX.RSPlug.A, has been found on a number of pornographic Web sites, the security company Intego reports.

?A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites,? Intego warns. When they arrive at these sites, they will see still photos, purportedly from free porn videos. But if they click on them, they will receive this message: ?Quicktime Player is unable to play movie file. Please click here to download new version of codec.?"

***It was not a porno site, but was in fact a google search result that was shown as linking to my website! It downloaded 5 "setup.exe" files, which I deleted, and forgot about. Then I went to create a .Mac account and it said I should do a Software Update, which I did for two updates (and for which I had to enter my administrative password) it ran the updates and said I'd have to restart, to which I said yes, but a Windows Crossover program was running at the time which cancelled the automatic restart, so I was prompted to quit the program and manually restart, which I did . When the computer restarted it said I had two updates that needed to be installed, which I thought was strange, as I thought they had already been installed, but I said okay to that anyway. Then it started progress bars and was taking a long time, saying, "writing files", which it did to 100%. Then it said "patching files" , and I thought that was really fishy, as I'd never seen anthing like that before on a Mac, so I shut the computer down. When I rebooted, I got the gray kernel panic window that says "you need to restart your computer. Hold down the power key for a few seconda or press the Restart button." in four different languages. I unplugged the computer and an external back-up drive.

What should I do now? I don't have any anti-virus software installed.

Any assistance would be more than greatly appreciated! I have tons of data on the drive that is not backed up! Many thanks in advance.

Discussion is locked
You are posting a reply to: Need Help Resolving Leopard Trojan Horse Attack!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Need Help Resolving Leopard Trojan Horse Attack!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Reboot the machine
by mrmacfixit Forum moderator / February 15, 2008 10:49 PM PST

this does not sound like the OSX.RSPlug.A trojan, it does not do any damage to your machine, just changes the DNS settings.

I suspect that you shut the machine down by pulling the power cord or holding the power button down for a while.
You may have noticed that the software update procedure for Leopard is different than the Tiger version. In Leopard, it does exactly as you saw. It downloads the files, restarts and then installs them. In Leopard you get to see the install process happening.

What you have done is shut the machine down in the middle of the install process which leaves the system in a very unstable, and possibly, unusable state.

Try to reboot the machine, it will attempt to rectify any problems, and see what happens.

Worst case scenario will be that you have to do an Archive and Install to put a new system on there. No biggie.

On the subject of Anti Virus. I really hope that you did not mean that you have NO anti-virus installed at all. Please tell us that you have complete AV coverage of your Windows setup.

Let us know how you got on.

P

Collapse -
Mac infection
by c.b.mullen / February 23, 2008 7:16 AM PST

To have a computer running without antivirus software is about the most ignorant thing you could ever do. You deserve all the infections you get.
You will probably have to do a reformat and clean install to be sure you have no remnants of the malware left on your machine.
Also, to have important data and files on your machine, and not backing them up, is also ignorant.
I hate to be so blunt, but you have asked for the problems you are experiencing. Whatever happened to common sense?

Collapse -
Wow,
by mrmacfixit Forum moderator / February 23, 2008 9:12 AM PST
In reply to: Mac infection

what AV do you recommend?

What does AV do?

Would your recommendation have caught this Trojan?

How should he clean his registry?

When should he do the clean install?


Help the guy out here, don't just shout at him

P

Collapse -
Don't be a ********
by 3rdalbum / February 23, 2008 11:21 AM PST
In reply to: Mac infection

The OP needs help - not blame.

I'm sorry to say that there are two things that might have happened:

1. You've picked up an infection and/or
2. You've left your operating system in a half-updated state.

If the latter, then booting into single-user mode *might* fix the problem. If it doesn't, or if you have indeed contracted some malware, then you'll need to reinstall the Mac OS.

Collapse -
Problem Fixed
by pshefler / February 23, 2008 12:49 PM PST
In reply to: Don't be a dickhead

My apologies for not posting this earlier. I forgot I had left this post unanswered. I called Apple Care support and they said - as the first respondent suspected - that there was no virus; that I had mistaken the unusual patterns for a virus and had caused the problem by shutting down the computer while it was trying to install an update. I kept getting something called a kernel panic (or something like that) screen, so they walked me through an archive and intsall and everything seems fine now. Apple Care said Mac OS X Leopard doesn't get viruses, but I'd be open to sugestions for what antivirus sotware to get. I was in the process of backing things up when this happened - I was trying to see if I needed an update because the automatic back-up that is supposed to come with Leopard wasn't working.

Thank you for all of your advice and support!

Collapse -
Glad you got back up and running
by mrmacfixit Forum moderator / February 23, 2008 10:20 PM PST
In reply to: Problem Fixed

It's always nice to get one right


You will find that ClamXAV, in the list provided by the link from the previous poster, is a decent AV program for OS X.

It's a good price too! Happy

P

Collapse -
Locked.
by R. Proffitt Forum moderator / February 24, 2008 9:49 AM PST
In reply to: Problem Fixed

To keep things civil I removed the harsh posts I could without damaging the discussion. I'm going to lock it since the issue has been resolved.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

HOLIDAY GIFT GUIDE 2017

Cameras that make great holiday gifts

Let them start the new year with a step up in photo and video quality from a phone.