[HOWTO] - Opener or Other Malware

bobw

bobw

The Late: SuperMacMod
To alert you anytime an item, such as Opener is put in your startup items.
Found this on another site;

A rather simple safeguard is to keep an eye on two OS X folders: Library/StartUp Items and System/Library/StartUp Items. If you find something called "opener" in the one of the folders, then you have a problem... You can check them manually or you can use one of the Folder Action scripts provided by Apple as part of OS X. Using a folder action will automate the process and help you keep an eye on future additons to the folders.

Here is how to do it:

1. Go to Library/Scripts/FolderActions.

2. Locate Enable Folder Actions.scpt.

3. Double-click the script.

4. Click the "Run" button and close the script window. Now you can run folder action scripts on your Mac!

5. Go to Library/StartUp Items.

6. Control-click the folder icon and choose Attach a Folder Action from the drop-down menu.

7. In the dialog box find and select Library/Scripts/Folder Actions/add-new item alert.scpt.

8. Go to System/Library/StartUpItems.

9. Repeat steps 6 and 7.

Now whenever anything new is added to either of the folders you will automatically get an alert
and you can check whether the culprit is "opener" or something that is (hopefully) benign.
 
bobw said:
7. In the dialog box find and select Library/Scripts/Folder Actions/add-new item alert.scpt.

8. Go to System/StartUpItems.

9. Repeat steps 6 and 7.

Now whenever anything new is added to either of the folders you will automatically get an alert
and you can check whether the culprit is "opener" or something that is (hopefully) benign.
Click to expand...


shouldn't #8 be System/Library/StartUpItems?

Also - how can i test it?
 
Yeah that's the path i used, i assumed it was a typo.

To test it, just drag a file into those folders, you'll get a nice pop up telling you something has been added to which folder, and asking if you would like to view it.
 
Of course, that's assuming you run your local account as an admin account which would allow you to do so... I run under a regular account and authenticate as needed.

MBHockey said:
Yeah that's the path i used, i assumed it was a typo.

To test it, just drag a file into those folders, you'll get a nice pop up telling you something has been added to which folder, and asking if you would like to view it.
Click to expand...
 
You must log in or register to reply here.
Back
Top