Computer Hope
Software => Computer viruses and spyware => Topic started by: vlogg5 on September 28, 2010, 12:17:15 PM
-
Hi,
I have a prospective client with 2 infected Macs (that is a first for me).
I have never worked on Macs and have some general questions.
If I attach a Mac hdd via usb ide sata adapter to a pc will it recognize the drive?
If yes, do I have to run special antivirus software or will SA, Mbam, etc. work?
I think the amswers are no and yes but just wanted to check. I live and work in a small
town and there is no Mac support here.
Thanks
-
Well I don't use Mac, but am quite horrified the number of user's that think they are immune to viruses, but then forget about all the spyware, rougeware, dns changers, and trojans that can affect them. Malicous creaters take advantage of any 'false' sense of security.
One fake anti-virus for Mac I know of is the MacSweeper...
MacSweeperSetup.dmg - 1.5 MB (1,600,201 bytes)
MacSweeper.app - 2.6 MB (2,563,303 bytes)
A SWF flash file and javascripts are used to track traffic and clicks.
The buttons "Ignore" and "Remove" are useless since it will continue to display another message box, and this time the user has no other option but to click "OK".
Clicking "Ok" triggers the downloading of MacSweeperSetup.dmg. Inside this DMG file is the rogue application - MacSweeper.app.
MacSweeper does not require root admin password to execute and it remains in Download folder unless the user manually drag it to another location.
MacSweeper, Cleanator, Clenator and Kivvisoftware websites are sharing same name server IP address which this application links through. Cleanator is a rogue application that works in Windows platform.
Most of the files inside MacSweeper.app are images file (in PNG file format).
Database.plist contains thousands of cookie data.
The TODO.txt list and bad english/spelling is a dead giveaway it's up to no good, for example (censored):
"18. When update in process arert of new version can come, and f*ck everithing"
The file MacSweeper inside MacOS folder is a binary file in universal binary format (Java code marker at the beginning: CA FE BA BE). Which means, this could work both in PPC and x86. While Mac and PC can't normally affect each other, it might be setup to use java as a bridge between these rouge applications.
During the scanning process, it drops the following temporary files:
/private/tmp/com.MacSweeper.found.tmp
/private/tmp/com.MacSweeper.found2.tmp
It then uses these files to display the scan result. This application does not scan for unwanted files, instead it is giving you list of legitimate information installed in your system.
• Shows commercial adverts
• Connects itself to the internet
• Stays resident in background
• Fake virus / privacy warnings
• Attempt forced purchase of junkware
The user is forced to purchase a serial to clean the 'fake' warnings, then displays (again poor spelling):
Thank You! You made me a bit hapier :)
Search with Finder or Spotlight for 'macsweeper', if it isn't listed, it's not on the Mac.
I'm not qualified on this forum location to offer advice for you to clean it (not malware expert labeled), but if it's looks like that's the one, it might give you some idea how to remove by knowing what it's doing.
-
Hi,
I have a prospective client with 2 infected Macs (that is a first for me).
I have never worked on Macs and have some general questions.
If I attach a Mac hdd via usb ide sata adapter to a pc will it recognize the drive?
If yes, do I have to run special antivirus software or will SA, Mbam, etc. work?
I think the amswers are no and yes but just wanted to check. I live and work in a small
town and there is no Mac support here.
Thanks
Windows will recognize it as an unknown partition. I use HFSExplorer http://hem.bredband.net/catacombae/hfsx.html (http://hem.bredband.net/catacombae/hfsx.html) to browse and copy files from Mac partition but it operates in read-only mode.
Latest Mac Boot Camp installs drivers for HFS+ partitions. This works only if you run Windows on your Mac (probably these Macs have Windows on them as second OS).
Try to hold the Alt button just after you started/rebooted a Mac. If you see OS choice menu, load into Windows and see for a Mac partition. If it is not there, try to update Boot Camp (it should be in the tray).
Regarding to AVs for Mac: there are some free http://www.protectmymac.com/free-antivirus-software-mac.html (http://www.protectmymac.com/free-antivirus-software-mac.html). ClamXav is very popular but I think it worth to try F-Secure which won't be free soon.
I forgot to mention MacDrive. It opens Mac partition in read/write mode but it's not free - $49.99 :(
Lood luck!
-
Hi guys
As for me for protecting mac i prefer use ProteMac NetMine http://protemac.com/NetMine/ (http://protemac.com/NetMine/)
.It's really good tool.Try
-
VLOGG5 , please do not take advice from the above 3 posters , wait for a malware expert to help you
go to below complete and post 3 logs , the expert needs them
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Scratch that as well. The Malware Removal guide is Windows-Only.
Please wait for a Malware Specialist.
-
VLOGG5 , please do not take advice from the above 3 posters , wait for a malware expert to help you
go to below complete and post 3 logs , the expert needs them
http://www.computerhope.com/forum/index.php/topic,46313.0.html
all the three logs need programs that only run on windows.
-
Scratch that as well. The Malware Removal guide is Windows-Only.
Please wait for a Malware Specialist.
all the three logs need programs that only run on windows.
thank you both for that ;) as we all go through life we learn something new every day ;) it is a never ending process and it will stay in our memory banks for ever ;D