Malware

P

Pachuzo

Registered
Please help. My Powerbook G4 has been infected, I believe with the FakeSmoke Trojan. I’m running OSX 10.4.11. Multiple annoying redirects occur, and all browsers I’ve tried – Safari, Opera, and Firefox – are riddled with multiple popups warning, “Windows Defender: Problem has been detected. Click Full Scan for check your computer,” and, “Windows Internet Security. Your Browser is under the threat of infection...” I’ve tried to decipher the security script on these popups (I’m not very html savvy) but I’ve found inserted script re-directing to the following:

http://beilnfire.com/download/a8949763f8525c9118c99613bd769e2c/f85b7b377112c272bc87f3e73f10508d
http://64.20.51.6/iee.js
http://64.20.51.6/ie.en.js
http://64.20.51.6/img/px.gif
http://gutaxiold.com/scn/699a1187e7...9376e534ba92/f85b7b377112c272bc87f3e73f10508d

I’ve deleted and re-installed each of my browsers, and I purchased and ran MacScan, but it didn’t find a problem and none of this helps. Is there anything I can do to remove this malware?
Thanks for anything you can recommend.
 
Open System Preferences and go to the Network section. See what's listed under your DNS server and verify that this is correct (you might need to contact your ISP to know what it should be). If in doubt, you can try temporarily (or permanently if you so choose) changing it to OpenDNS. OpenDNS's addresses are 208.67.222.222 and 208.67.220.220.

As another test, open Terminal (in /Applications/Utilities) and type "sudo crontab -l". It should probably say "no crontab for root". If it says something else, please post it so we can see. I recall some malware previously used crontab to repeatedly change your DNS server so you effectively could not change it back in System Preferences.
 
Thanks Mikuro. The DNS's listed are correct & belong to my ISP. I've tried switching to Open DNS's as suggested. When I type in the crontab command I get
* * * * * "/Library/Internet Plug-Ins/QuickTime.xpt">/dev/null 2>&1
Am keeping my eyes open for further re-directs or pop-ups.
thanks again.
 
Always beware from computer viruses. It can harm of your system with your program, file as well. So always use anti-virus to protect computer system or laptop.

Thanks
ITEZY
 
Pachuzo said:
Please help. My Powerbook G4 has been infected, I believe with the FakeSmoke Trojan. I’m running OSX 10.4.11. Multiple annoying redirects occur, and all browsers I’ve tried – Safari, Opera, and Firefox – are riddled with multiple popups warning, “Windows Defender: Problem has been detected. Click Full Scan for check your computer,” and, “Windows Internet Security. Your Browser is under the threat of infection...” ...

I’ve deleted and re-installed each of my browsers, and I purchased and ran MacScan, but it didn’t find a problem and none of this helps. Is there anything I can do to remove this malware?
Thanks for anything you can recommend.
Click to expand...
OMG. Your computer has not been infected. You do not have Windows Defender installed on your Mac. Windows Defender does not exist. Full Scan does not exist. The reason that MacScan found nothing is that there was nothing to find.

These are fake virus warnings that pop-up in your browser in an attempt to trick Windows users to visit websites infected with malware. If you visited these malware sites and and set one as your home page, then it would still not adversely affect your Mac. In the worse case, your ISP's DNS server may have been compromised. In that case, advice to switch your DNS to OpenDNS should fix the problem.

In any event, the takeaway message is that there is nothing wrong with your computer.
 
You must log in or register to reply here.
Back
Top