Got a Trojan last night , fixed now.

I tried to click on a video on a website and it said i did not have the latest adobe flash player installed , so it asked did i want to install it i said yes , and it went though the install process , during the install it said something like MacCinema player

So i installed it , and i got a bit suspicious so i googled MacCinema and it turns out to be a Trojan.

I tried to follow a guide to remove it, but i don't know mac os-x very well so i decided to use my time machine backups , I found out that i could boot from the os-x dvd as if doing an install , but select restore from time machine , so it formatted my os-x partition and it restored to how it was 2 days ago, it took around 45mins , but at least it got rid of every piece of the Trojan

http://www.enigmasoftware.com/osx_jahlavd-trojan-disguised-as-maccinema-installer/

 

great! but it did ask for your password to install itself,right?

 

Yes it did, but lots of software does that.

 

Of course it did -and that comes down to user mistake.

No offense mate.

 

It was my fault , but it`s easily done, I thought it was a legit install.

Also i have made a number of posts about anti-virus/spyware protection and was told a number of time that it was not needed on os-x, so i felt over safe.

I just changed my password , thanks Xirurg

 

It's like letting a thief in your house by opening the door And actually, any software will ask for password,as it is a part of protection system-no software can access systems critical components w/o your permission. Thats one of the reasons that people say Mac OS is "prone" to viruses! you can't get one with just plugging flash drive in-you must allow the program to run!

 

The thief got in alright , but he did not have time to get away with anything, and now the locks have been changed , and i have bought a big DOG

 

yeah... especially websites, or anything in emails... if it wants to download and install anything (like a plugin) I manually go to the website where i can get it, not using any links or options given, and take care of it myself. Always safer that way...

especially in emails, never use any link out of an email, unless its from a friend sending you like a youtube link or something.. but other than that it can be spoofed links that look real, but take you to bad websites.

what most are doing now, and on Macs is quite a bad trojan, they just change out your DNS servers with their own. What is bad with that is DNS servers are used to find the location of any URL and take you to it, so they set up spoof sites, and their DNS servers pass you back the fake website. So if your DNS servers are changed, even if you manually type in [fakeurl]www.mybank.com[/fakeurl] and they have a spoof site set up for it, it will go to their spoof site even though it seems like you did everything right, you type in your user name and password, and they just got access to your bank account, and give you some error message about accounts being unavailable, check back later.... your computer never showing any overt signs of infection, but they continually being able to steal any data you use on multiple websites, and you not being able to really get to the websites.

 

Yeah, my DNS server 192. had 2 additional 85. servers added to the list.

I managed to remove them with help from a guide, but i decided to do a full wipe and restore to be on the save side.

 

OH MY!!!! Tinderbox.
I'm glad you were able to stop the intruder. So what kinda a "big dog" did you get.
Yeah my pharmacy software company won't let me install Adobe Flash drive on the server. I get a pop up saying Window System 32 does not recognize this program. But Flash does work on the client computer.
Lynn

 

Unfortunately as Macs get more and more popular, so will viruses. I think a day is coming in the not too distant future that Macs will require some kind of anti-virus protection.
I heard about that DNS exploit. I think I even posted a thread in the OT forum about it long ago that never got any replies. I don't remember too much about it now.
I'll have to see if I can dig that up as it might be very relevant to what doh123 said.

 

^people are saying that since 2002...

 

don't install software from random websites.

if you think you need some media player software, go look up media player software and download vlc media player or flash or whatever directly from the source.

mac's will never be secure from intentionally running malicious software and they never have been

lesson learned i hope?

 

For a second there the title had me thinking of something else.