Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

New Virus

by eric62 Feb 17, 2006 11:21AM PST

Though I don't Ichat, or open strange attachments, today's news about a viral attack on MacX brings me to ask: what, if any, anti-viral / firewall downloads should be done to protect one from these sophisticated ne'er-do-wells? I try to run a very clean machine stripped to the required basics; but if I should do a protection layer I will. Thanks, Eric

Discussion is locked

18 Posts
- Collapse + Expand Details
- Collapse -
Nothing to see here, move along. More false hype!
by mrmacfixit Forum moderator Feb 17, 2006 10:19PM PST

Sales of AV software for Mac must be down, so it's time for the monthly "sky is falling" news release.

Following from the Ambrosia website, the company that first mentioned it:
Quote
Ambrosia Software's Andrew Welch explains:
You cannot be infected by this unless you do all of the following:
1) Are somehow sent (via email, iChat, etc.) or download the "latestpics.tgz" file
2) Double-click on the file to decompress it
3) Double-click on the resulting file to "open" it
...and then for most users, you must also enter your Admin password.

It does not exploit any security holes; rather it uses "social engineering" to get the user to launch it on their system. It requires the admin password if you're not running as an admin user. It doesn't actually do anything other than attempt to propagate itself via iChat. It has a bug in the code that prevents it from working as intended, which has the side-effect of preventing infected applications from launching. It's not particularly sophisticated.
End Quote

So, for those inclined to hyperbole and panic: RELAX. You cannot simply "catch" a trojan as you would a "virus." There are zero Mac OS X viruses. This is not the first Mac OS X trojan and it won't be the last. Even if someone does send you the "latestpics.tgz" file, you cannot be infected unless you unarchive the file, then open it, and authorize it to run. Just trash it. As usual, do not install and run applications from untrusted sources. Do not run Mac OS X as "root." Same stuff as usual
OS X has a built-in Firewall, use it.
Back to sleep. Wake me when someone finds a real one

- Collapse -
Pithy Reply
by eric62 Feb 18, 2006 12:36AM PST

Well put; I'll lower my skirts now and come down from the piano bench...Love Mac; still getting used to the fact that 'it all works', and so intuitively. By 'required' I mean only this; if an application in MacX has a 'lesser duplicate' from the Classic enviornment, I'll trash it; eg, Itunes, Quicktime. Liking Adobe better for pdf files, I trashed Preview, knowing that older programs with static bases are typically outdone shortly by newer development companies. As my reward, my Ibook G3, 800mhz, 640mb sdram, 30 gig hd, [27.94] still has 21.2 gig free.
Thanks as always, Eric

- Collapse -
I see
by mrmacfixit Forum moderator Feb 18, 2006 1:19AM PST

Over time you will come to realize that you do not need to go back to Classic for anything and that ALL those programs can go away.

Happy, and safe, computing


P

- Collapse -
Well then,
by eric62 Feb 18, 2006 3:29AM PST

In light of this; I have an Applications folder in the HD named 'System Folder 9'; should I 'trash' it completely? Looking over the selection there appears to be nothing but either 'duplicates' or, perhaps Microsoft Word, which was designed by a sadist for people who can't seem to create their own documents.
Thanks again, Eric

- Collapse -
Yes, you can
by mrmacfixit Forum moderator Feb 18, 2006 4:16AM PST

delete the OS 9 applications folder and, if you are feeling really brave and are completely sure that you will never use Classic again, you can delete the OS 9 system folder.
Second thoughts, leave it there for the unexpected emergency

P

- Collapse -
Being judicious,
by eric62 Feb 18, 2006 10:36AM PST

maybe better yes, to leave the Systems File in place. I do notice though, from responses / exchanges throughout many Mac forums that this questions has many answers. The basic question I would have is what might reside within the Classic 9 System folder that is crucial to actual daily operation, regardless of one's current operating system. Posing, for example, an event where one day I awoke my Ibook to find I had no operating system; my instinct would be to reach for my Mac X Panther cd's and quickly run them to establish all in working order again. But; if there's something that Apple built into Classic that is truly fundamental to ALL later 'builds', then best left alone. Thanks for all, Eric

- Collapse -
(NT) (NT) Nothing in the OS 9 system is required for OS X
by mrmacfixit Forum moderator Feb 18, 2006 10:39PM PST
- Collapse -
Thanks
by eric62 Feb 19, 2006 11:55AM PST

Worked well, gained a few Gb points from lifting the extraneous load. Eric

- Collapse -
Followup
by Tom1 Feb 18, 2006 1:42AM PST

Have a mac mini 1 year. Best computer I've ever owned. What do you mean "Don't run Mac as "root"? How do I tell if Firewall is active?

- Collapse -
Log in as yourself
by mrmacfixit Forum moderator Feb 18, 2006 4:21AM PST

in the normal fashion.
Some UNIX/Linux enthusiasts log in a Root which give them unlimited power over the system.
To log in as root you have to start the machine up in Single User mode which is not the normal way to start the machine.

You log in as a user with Administrative privileges which is why it asks you for your password when you install stuff. This is normal.

For the firewall, go to the system preferences and click on Sharing. Inside there you will find a tab marked Firewall. Click it and turn on the Firewall.
You should not notice anything different about the operation of your machine.

P

- Collapse -
Firewall
by Tom1 Feb 24, 2006 2:12AM PST

I activated the firewall. thanks for info. I used the Symantec Security Check and it revealed in the Hacker Exposure Check results that I have an open port ICMP Ping, a network troubleshooting utility, and it should be closed. How do I do that?

I got as far as Sytem Preferences/ Internet and Network/ Network/ Configure...and then got lost.

- Collapse -
Close it in the firewall settings
by mrmacfixit Forum moderator Feb 24, 2006 7:32AM PST

Open the firewall settings in the File Sharing Pane.
Click on advanced and check Stealth mode.

This will effectively prevent any response to a ping. It's as if you machine does not exist.

If you find that some web sites do not work as before, you may have to compromise.
A Router will also effectively block access to your machine by hiding it and refusing to allow stuff through that was not requested.

P

- Collapse -
Closing ping utility
by Tom1 Mar 3, 2006 11:33AM PST

Have not had success in closing the port.
Went to System Preferences/Internet and Network/Sharing/Firewall (Firewall is ON)
10 ports are listed -- none checked
there is no "advanced" button visible to get to stealth mode as suggested

I have the latest Mac software OS X 10.3.9

Where have I gone wrong?

- Collapse -
Firewall
by mrmacfixit Forum moderator Mar 3, 2006 12:08PM PST

You are correct, there is no advanced button on the Firewall on OS 10.3.9 which is NOT the latest OS. That would be OS 10.4.5
If the firewall is on and none of the boxes are checked, you should be ok

P

- Collapse -
(NT) (NT) What are the "required basics"?
by mrmacfixit Forum moderator Feb 17, 2006 10:19PM PST
- Collapse -
Have I been infected?
by jimnorb Feb 24, 2006 12:18AM PST

I recently downloaded and began using Firefox and ClamAV because I wanted to see how well they functioned on my older iMac. The first time I did a scan for viruses, however, ClamAV discovered an infected file and during the same time period (more or less) there were two apps open in my dock-two that I had never seen before, namely, Terminal and Console. The infected file was identified as /classload.jar-4867-12e9d15a.zip:Java,ClassLoader.24564. Am I being overly paranoid about this situation? I trashed the file immediately.

- Collapse -
Maybe a little over Paranoid.
by mrmacfixit Forum moderator Feb 24, 2006 12:44AM PST

Terminal and Console are both legitimate programs found on every OS X Mac.
What did ClamAV say the file was infected with?
How up to date were the virus definitions?

It could have been a false positive, not unusual, and it may be that ClamAV uses terminal and console as part of the scan.
I'll have to check on that

P

- Collapse -
Incident update
by jimnorb Feb 25, 2006 12:12AM PST

As my original msg said, the filename was /classload.jar-4867-12e9d15a.zip:ClassLoader.24564
I had updated the ClamAV database just prior to the scan. I don't believe that my mac has misbehaved since the incident and am keeping my fingers crossed. Thanks

Back to Mac OS forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info