PDA

View Full Version : Macbook with fake antivirus


anth
05-13-2011, 04:48 PM
Got a MacBook with some fake anti-virus, and I will be the first to admit I'm not a Mac guy, I have tried scanning with Clamx but with out any luck, if there are any Mac gurus that can lend some advice and how to clean this Mac I would greatly appreciate it.

anth
05-13-2011, 05:12 PM
Well I think I got it stop the process and move it trash- emptied trash restarted the computer, is that simple?

Avgsmoe
05-13-2011, 05:19 PM
Well I think I got it stop the process and move it trash- emptied trash restarted the computer, is that simple?

Yes but also remove auto start

User preference pane login items use the "-"

iisjman07
05-13-2011, 07:15 PM
Well I think I got it stop the process and move it trash- emptied trash restarted the computer, is that simple?

That's what I heard; it's not exactly a rootkit.

anth
05-13-2011, 11:40 PM
That's what I heard; it's not exactly a rootkit.

So you are saying that's all I had to do?, anything else to cleaning the fake ant-virus?

iisjman07
05-14-2011, 06:36 AM
So you are saying that's all I had to do?, anything else to cleaning the fake ant-virus?

I heard somebody say you should boot into Safe Mode to stop the program loading when you login (killing it's process has the same effect), then you can drag it into the bin and empty it.

dracken
05-17-2011, 12:20 PM
Yeah you can just kill the process and delete the files to get rid of it. I have had about four of these in the shop so far.

callthatgirl
05-21-2011, 05:55 PM
We just got our first Mac virus call. Was pretty simple to repair manually and remotely.

Benchtech
05-21-2011, 06:15 PM
We just got our first Mac virus call. Was pretty simple to repair manually and remotely.

These are not viruses, just saying!!! more like scare ware than anything.

Refer to this semi-heated thread: http://www.technibble.com/forums/showthread.php?t=27410

callthatgirl
05-21-2011, 06:42 PM
It can be called scare ware, but the pc people aren't picking up on that term nor the general public, so the best way to say it is "Virus".

And it doesn't matter what is it for pricing, virus, scareware, fakeware, stupidware, it's going to cost money for us to remove it, repair it, kiss it good bye!

That porn was very interesting btw...much better than the pc porn I see with some of our attacks.

Benchtech
05-21-2011, 08:09 PM
It can be called scare ware, but the pc people aren't picking up on that term nor the general public, so the best way to say it is "Virus".

And it doesn't matter what is it for pricing, virus, scareware, fakeware, stupidware, it's going to cost money for us to remove it, repair it, kiss it good bye!

That porn was very interesting btw...much better than the pc porn I see with some of our attacks.

This is why your lovable =)

callthatgirl
05-22-2011, 09:32 PM
ah, thanks :p

For those that do blogs or email newsletters and who can remove the mac viruses, this is probably a good topic to tell your network about. I did a blast last Sunday and this week I will alert again about how the client got the "virus" and how it infected her computer and how it was removed by us and how long it took.

I had 100 people open the mac virus link from my newsletter to my blog last week, it's definately of interest to people.

callthatgirl
06-01-2011, 01:56 AM
2 more in today. Anyone else seeing more come in?

jccrcomputers
06-01-2011, 11:46 AM
I haven't had any of these yet, but would recommend other techs to start installing Sophos Free Mac Edition, because its actually very good and hardly uses any system resources at all. I know this isnt a virus but I think Sophos does catch this one.

dracken
06-01-2011, 09:38 PM
Apple released a patch to fix the issue on tuesday. There is a new variant of Mac defender that bypasses the apple security fix today.

comprx
07-28-2011, 03:17 AM
I had a virus on a mac come in the other day all it does is randomly play audio like "Congratulations! you've won!" I had this on a few PCs as well. This one honestly eluded me on the Mac, I thought I got rid of it but the client called me a day later stating that it was still happening. (first time for everything :( )

How I attempted to remove this:
Killed the processes
removed the startup process
deleted the app
emptied the trash.
installed and ran Sophos (it found it and removed it)

Then rebooted a few times letting it run for about 30min each time attempting to see if it would come back. I didn't have it show, but the client did.

Did I miss something? I own a mac, but I am not as well versed on the inner workings as I am on a pc.

anonymous Mac Tech
07-28-2011, 01:25 PM
I'm thinking its more than likely not malware. Haven't really seen anything like it myself, but you'll have to narrow it down to if it is a system process or user process. Does anything show on the screen when this happens?

comprx
07-28-2011, 04:23 PM
No nothing shows on the screen. When I found it on a pc it was utilizing a hidden VNC server. The client of course had not ever even heard of VNC.

On both the PC and the Mac the Antivirus found it but it required more manual cleaning as well. Only problem was that on the Mac I was unsuccessful

anonymous Mac Tech
07-28-2011, 05:50 PM
Do you remember the names of the processes you killed and the app showing in login items?

comprx
07-28-2011, 06:33 PM
No I do Not. It was a couple of weeks ago and she hasn't had time to bring the mac back in.