I'm having a problem that's really worrying me and I'm wondering if someone cal help. I opened finder recently and in the "Shared" column on the left, there was a network I didn't recognize. It has the name of a website on it that I've never been to. When I click "Get info," it doesn't tell me anything. When i try to drag it to the trash, it says it can't be deleted. It's clearly some kind of virus, and it really worries me. Obviously I don't want to open it because I'm worried that would make things worse. Any idea waht this is or what I can do?
HELP! I think I got a virus
- Thread starter fakefake
- Start date
You can make sure that your files are safe. Go to System Preferences>Security and click on Firewall.
If it is not on, click on the Start button. Now click on the Advance button at the bottom of the screen. A new window will appear. Enable Stealth Mode and no one can see your computer.
If you do not want to share any of your folders, click on Block all incoming connections.
Click on Okay and you are set.
If it is not on, click on the Start button. Now click on the Advance button at the bottom of the screen. A new window will appear. Enable Stealth Mode and no one can see your computer.
If you do not want to share any of your folders, click on Block all incoming connections.
Click on Okay and you are set.
Satcomer
In Geostationary Orbit
Well on a Mac there's no chance of a virus on a Mac! However there are some trojans in cracked Mac software and on some p0rn sites. To prevent going to know trojan hosting systems by using the OpenDNS.com system to control your own DNS (follow this instructional video to see what I am talking about).
Now if you are really paranoid then try out the free OSX/OpinionSpy Free Detection + Removal Tool and the DNSChanger Removal Tool to see if you have seen either of the proof of concept trojans infected your p0rn or illegal Mac software downloading (get that free scanner at Free iWork trojan removal tool released).
Lastly if you take your portable Mac into strange networks don't rely of the consumer grade GUI firewall in OS X. In the OS X BSD core the 30+ year old ipfw is much more stronger as a firewall. However thankfully a developer created a GUI front end program to configure the command line ipfw called NoobProof (for beginners) or WaterRoof (for hardened pros). The ipfw will close all ports until you open the port you want to use that is explained in those programs.
Now if you are really paranoid then try out the free OSX/OpinionSpy Free Detection + Removal Tool and the DNSChanger Removal Tool to see if you have seen either of the proof of concept trojans infected your p0rn or illegal Mac software downloading (get that free scanner at Free iWork trojan removal tool released).
Lastly if you take your portable Mac into strange networks don't rely of the consumer grade GUI firewall in OS X. In the OS X BSD core the 30+ year old ipfw is much more stronger as a firewall. However thankfully a developer created a GUI front end program to configure the command line ipfw called NoobProof (for beginners) or WaterRoof (for hardened pros). The ipfw will close all ports until you open the port you want to use that is explained in those programs.
The weird shared network seems to come and go, and I can't even link it to anything I'm doing. It is titled as "b.scorecardresearch.com", which a search reveals is a web-tracking company. Presumably I have a tracking cookie, which isn't pleasant, but also not abnormal. But why is this showing up the same way as a shared computer would under Network? Is this what a trojan looks like on mac os? I'm using leopard, btw.
As far as the security stuff, I do generally use a firewall, but I've taken the extra advice above and tightened my security settings. Neither of the trojan scanners linked to in the previous post find anything, though I'm running a full Macscan now (nothing showing so far after 125,000 files scanned). Nothing seems abnormal about my computer's performance, so maybe I shouldn't worry, but I am really curious.
EDIT: Want to note that my laptop is six months old, and I have not used it to download files our applications that weren't from mainstream, known websites. I also don't have any unauthorized software.
As far as the security stuff, I do generally use a firewall, but I've taken the extra advice above and tightened my security settings. Neither of the trojan scanners linked to in the previous post find anything, though I'm running a full Macscan now (nothing showing so far after 125,000 files scanned). Nothing seems abnormal about my computer's performance, so maybe I shouldn't worry, but I am really curious.
EDIT: Want to note that my laptop is six months old, and I have not used it to download files our applications that weren't from mainstream, known websites. I also don't have any unauthorized software.
Did you do a search on your computer for a file similarly named?
Did you check Safari’s cookies and remove those that you don’t rely on for log in?
(Safari Menu>Preferences>Security>Show Cookies)
What do you have the cookie accept section set to?
Did you check Safari’s cookies and remove those that you don’t rely on for log in?
(Safari Menu>Preferences>Security>Show Cookies)
What do you have the cookie accept section set to?
I've cleared all cookies in Safari and Firefox (mostly use the latter). Safari is actually set to never accept cookies, but Firefox accepts them from sites I visit and allows third-party cookies. For the record, I don't go to any shady websites. My browsing habits are fairly boring – Google, nytimes.com, mainstream blogs and magazines, etc.
I did some searching for you and found that b.scorecardresearch.com is a javascript file that is actually called beacon.js
You can get it from visiting cnet, etc and it is similar to doubleclick cookies.
Scorecard’s web site: In order to identify browser-level behavior such as new versus repeat visitors to a website or page, we may drop cookies in support of our market research efforts. To opt-out of this browser-level tracking you can click here. If you choose to opt-out, a cookie will be placed on your computer instructing us to disable our ability to browser-level track of your website visitation while on a website with a ScorecardResearch beacon installed. However, if your browser does not accept cookies, or if you delete all of your cookies, then this browser-level tracking may occur. Additionally, this opt-out is only effective when you are using the Internet browser you were using when you opted-out.
You can get it from visiting cnet, etc and it is similar to doubleclick cookies.
Scorecard’s web site: In order to identify browser-level behavior such as new versus repeat visitors to a website or page, we may drop cookies in support of our market research efforts. To opt-out of this browser-level tracking you can click here. If you choose to opt-out, a cookie will be placed on your computer instructing us to disable our ability to browser-level track of your website visitation while on a website with a ScorecardResearch beacon installed. However, if your browser does not accept cookies, or if you delete all of your cookies, then this browser-level tracking may occur. Additionally, this opt-out is only effective when you are using the Internet browser you were using when you opted-out.
OK, thought this was over, but getting weirder. This morning I woke up and it was recognizing a different shared neighborhood: he.wikipedia.org. This is the Hebrew Wikipedia site, apparently, which I have certainly never been to.
Also, this only seems to happen when I'm connected to my home wifi router (and not always then). When I'm out at a coffee shop, I've never seen it. Our wifi router is password protected, and the neighborhoods don't seem to have anything to do with my browsing history or my roommate's. Could this be an ISP issue? I have my firewall on and it seems to be harmless, but it's a little unnerving to see an unrecognized network "sharing" your computer.
Also, this only seems to happen when I'm connected to my home wifi router (and not always then). When I'm out at a coffee shop, I've never seen it. Our wifi router is password protected, and the neighborhoods don't seem to have anything to do with my browsing history or my roommate's. Could this be an ISP issue? I have my firewall on and it seems to be harmless, but it's a little unnerving to see an unrecognized network "sharing" your computer.
All sharing services are unchecked, remote management is turned off and I am not authorizing any users. The recent servers file shows no items.
Maybe this is all normal and I'm just noticing, but I know I never saw these things until I switched ISPs and got a new router. I want to make sure there's not security issue.
Maybe this is all normal and I'm just noticing, but I know I never saw these things until I switched ISPs and got a new router. I want to make sure there's not security issue.
Just to give an example of what I'm talking about, here's a screenshot of one that showed up recently: http://tinypic.com/view.php?pic=ejx1df&s=4
One of my roommates has a Mac with leopard, and his doesn't show it when connected to the same router.
One of my roommates has a Mac with leopard, and his doesn't show it when connected to the same router.
Try this: Go to the Finder menu (click on your desktop) and select Preferences.
A window will appear. In General uncheck Connected Servers.
Go to the Sidebar icon and uncheck all the Shared items listed - if they are checked.
Close the window.
Do you use RSS feed?
A window will appear. In General uncheck Connected Servers.
Go to the Sidebar icon and uncheck all the Shared items listed - if they are checked.
Close the window.
Do you use RSS feed?
Connected servers was already unchecked. Unchecking shared items from the sidebar will make them disappear in the main Finder view, but it doesn't remove it from Network (when it's there, that is, which it isn't right now). I do use Google Reader in Firefox, but I don't have an app that downloads feeds to my computer.
I may go to the Apple Store this weekend and see if they have any idea. My worst fear is that there's a trojan that's sending out information at random times under a masked name.
I may go to the Apple Store this weekend and see if they have any idea. My worst fear is that there's a trojan that's sending out information at random times under a masked name.
Nothing in Library>Recent Servers and nothing in Trash. Safari was last updated on Aug. 3.
Something interesting, though. When I went to "Get Info" for Safari, it was allowing access for three things: System (read and write), Everyone (read only) and Wheel (read only). This last one is obviously strange. I deleted it from the list. Is it possible a bot secured access to Safari?
Also, Safari is my secondary browser (to Firefox). I usually only use it if I need to be logged into two Gmail accounts at a time.
Something interesting, though. When I went to "Get Info" for Safari, it was allowing access for three things: System (read and write), Everyone (read only) and Wheel (read only). This last one is obviously strange. I deleted it from the list. Is it possible a bot secured access to Safari?
Also, Safari is my secondary browser (to Firefox). I usually only use it if I need to be logged into two Gmail accounts at a time.
Those permissions are correct. Wheel is part of the OS X system.
FireFox, because it is an application you installed, will show three different names in the permissions of Get Info. You should be listed as read & write and the others as read only.
Some setting is pulling sites that you visit as a network connection. Since Firefox is your default browser, check those preferences, especially if you have add ons.
FireFox, because it is an application you installed, will show three different names in the permissions of Get Info. You should be listed as read & write and the others as read only.
Some setting is pulling sites that you visit as a network connection. Since Firefox is your default browser, check those preferences, especially if you have add ons.