more virus questions

B

b16ef8300

Registered
okay, I know that lately there has been A LOT of questions about viruses here...I for one am terrified of getting a virus and that was one of the major reasons that I made "the switch". Still, I have that PC owner - what kind of virus will I get today? - kind of mentality! I just did a scan with virex on 'all volumes' I also selected for virex to do an advanced scan to check for unknown viruses. the scan showed this at the end and now I'm throwing a fit...what does it mean? what do i do?

Summary report on /*
File(s)
Total files: ........... 242118
Clean: ................. 238809
Not scanned: ........... 3118
Possibly Infected: ..... 4
Non-critical Error(s): 3

Diagnose Scan completed at 2005-05-15 20:16:54 -0400

Lastly, I can not do an e-update for some reason with virex...it returns the following:

Virex is unable to connect to eUpdate server. Please try again later.


for what its worth...my machine seems to be operating normally!
Thanks!
 
Probably just windows viruses attached to email messages that will not harm your Mac. Does Virex tell you the paths of the infected files?
 
MBHockey said:
Probably just windows viruses attached to email messages that will not harm your Mac. Does Virex tell you the paths of the infected files?
Click to expand...


Virex does not tell the paths...or at least I don't see any...I was kind of hoping someone could tell me how to get the path info

Thanks for reassuring me that there is no real worry...at least for my mac!
 
Number one, it sounds like your Virex install is a little out of date. At the Virex knowledgebase, there are instructions on how to fix this problem.

I don't use Virex myself, but I'm sure someone here can give you actual advice on how to find out what the scan found. There must be some sort of log information in the program itself. It may be in a log file somewhere. In the meantime, I'd do a search (Finder > File > Find) for 'virex' and hope that some sort of log info comes up.

Finally, while it is true that at the moment there are no known viruses on OS X, to say that there is no malware is just plain wrong. There are at least two known trojans that I know about and Secunia has a lengthy list of vulnerabilities (some patched, some not) that affect the operating system, Safari, Firefox, iTunes and just about every other piece of software commonly in use on OS X. It is important that you keep your virus scanner up-to-date OR that you make regular visits to Secunia.org and watch your computer's processes and logs.

Edit: An article from another OS X support site on one such trojan can be read here.
 
Andrew Adamson said:
Edit: An article from another OS X support site on one such trojan can be read here.
Click to expand...

And more than a year later, still nothing for OS X, except rumors of attacks that prove to be unfounded, and occasional 'proof-of-concept' stories about test virii that cannot spread from one system to another.
It's a good security practice to keep watch for possible problems, but so far nothing has developed that can effectively attack the Mac running OS X, and certainly cannot spread to other Macs, even on the same network.

How's that for a 'head-in-the-sand' approach? :)
 
Dang it. I really should check my links before I post. The link I posted above was inside a different posting on MacOSXHints.com on a possible machine compromise. Now, naturally, I can't find the original forum thread in question. But here's another one:

http://forums.macosxhints.com/showthread.php?t=34803&highlight=trojan

So, let us review...

No viruses? Correct.

OS X is safer than Windows? Correct (in fact, you can bet your bippy on it).

No trojans? Incorrect.

No exploits of past and presently unpatched vulnerabilities. You are crazy if you even pretend this is true.

It will get worse before it gets better...? What if we keep telling users they have nothing to worry about because Mac is impervious to attack...? And if users ask us about messages about an out-of-date virus scanner and instead of giving them useful advice, we say, "It will be okay. You're on a Mac"...? You can do whatever you want, but I'm putting my money with the 'get worse' bookie. It is an ominous chorus many of the people on this board sing.
 
Andrew Adamson said:
No trojans? Incorrect.
Click to expand...

What is a trojan? It's a piece of malicious software that masquerades as legitimate software. This can happen on any platform. Heck, it happens even in non-computing environments via social engineering.

It will only be an issue if a) someone explicitly targets you, or b) you download dodgy software from some dodgy website. This is different from a virus, which normally works with very little to no user intervention.

As it stands, there isn't any well know piece of software on the Mac that contains known trojans, or installs spyware when you're not looking.
 
Viro said:
It will only be an issue if a) someone explicitly targets you or b) you download dodgy software from some dodgy website.
Click to expand...
Sometimes, it happens. We cannot expect all users to avoid dodgy sites or not download warez or succumb to social engineering. It's part of the landscape and while I do not agree with it, I have learned to accept it. If they get into problems as a result, I will still try to help them.

Viro said:
This is different from a virus, which normally works with very little to no user intervention.
Click to expand...
Most ordinary users don't know the difference. The words 'worm' and 'rootkit' and 'virus' and 'trojan' are all equally meaningless. That's why it bothers me when a user asks a question about a possible compromise (which could be caused by many kinds of malware) and someone immediately says, don't worry, there are no viruses on the Mac. It is absolutely not the point. The user comes away with a completely false sense of security. No matter how safe you feel, wearing a bullet-proof vest will do nothing to protect you from shooting yourself in the face.

Viro said:
As it stands, there isn't any well know piece of software on the Mac that contains known trojans, or installs spyware when you're not looking.
Click to expand...
Obviously. Were this not the case, we wouldn't be having this discussion. That doesn't mean that none exists. And it doesn't mean we should tell people that they will always be safe. Yet, that is exactly what people are doing here.

I mean, take a look at this thread. b16ef8300 does a virus scan of his computer and it reports four possible infections. Could be a Windows virus in an email attachment. Could be a rootkit. He comes here because he is understandably concerned and wants to know where he can find more information about those 'possible infections'. Has anyone offered any help on this? No. Instead, we get into a discussion about whether malware exists on Macs? Sweet corn buscuits! Does anyone find this a little telling?
 
I got this universal cross-platform virus in my e-mail some time ago:

>Dear recipient,
>You have just received a Belgian virus.
>1. Please delete all your files.
>2. Send this e-mail to all your friends.
>Thank you!

Nasty social engineering too ... not even UNIX is safe anymore!
 
Andrew Adamson said:
I mean, take a look at this thread. b16ef8300 does a virus scan of his computer and it reports four possible infections. Could be a Windows virus in an email attachment. Could be a rootkit. He comes here because he is understandably concerned and wants to know where he can find more information about those 'possible infections'. Has anyone offered any help on this? No. Instead, we get into a discussion about whether malware exists on Macs? Sweet corn buscuits! Does anyone find this a little telling?
Click to expand...

Thanks...Though everyone has confirmed that I am not crazy for being concerned...I still don't know how to resolve my 'potential' problem. I will look around to see what I can find and get back...I will admit I came here hoping for a quick answer without doing much of my own research...so sorry for that. I also want to add that I tought my virex was up to date because I have been performing softeware updates (which has been installing updates on for various things like iTunes, iSight, ....., and Virex). Perhaps I missunderstood what I was doing here too!

If anyone uses Virex (part of the ".Mac" package) Please let me know what you do...how often you scan...what kind of scan...or any other info you can offer.

thanks everyone!
 
You might want to try out ClamXav as well. It's free and it's based on the open sourced virus scanner ClamAV.
 
I just thought of something that perhaps everyone has overlooked. In my original post I said I used the advanced scan option that searches for potentially malicius code that is not yet named or said to be a virus. Should I just stick to scanning for the known stuff?
 
Again, I can't speak from experience, however... In general, the advanced scan option (usually called 'advanced heuristics') is what makes commercial anti-virus software valuable. It is a good idea to keep this on. I have no idea if this stuff actually does what they claim it does, but the idea is to catch viruses that are heavily camouflaged and even catch new viruses that use old techniques, rather than identifying them by checksums (which is the main method of identifying only the most common viruses).

I would suggest contacting Virex customer support. There must be some way to identify the files you found. Did you do a search for log files? Please do report back anything you find.
 
Which version of Virex are you using ? I have 7.6 which is not installed as part of .Mac and when I scan against the test files it finds them and lists them in the window at the bottom of the Virex window.

I too have been having update problems, but not from all Macs.
 
Okay...I found the path and trashed the files...it turns out it was those pesky Java Apps. Apparently a lot of the scans that return an indication of having some mali code is Java Apps. I happened to find what seems to be very common the "Exploit-ByteVerify trojan !!!" It is not harmful to macs!

I found the path by saving the scan report. opening it with text editor and using the FIND function to search for the word found. When a virus is detected the report says something like "Found the....blah blah virus blah.." So searching "found" will show you virus path (eventually...it took a while!) Below is a link that I used to help me with this problem:

http://discussions.info.apple.com/webx?14@405.ukNXa8SlVv3.5@.68a9de16

Also, for the record...I am using Virex 7.2.1 it came with .Mac which I purchased with my powerbook only 1 month ago. My latest update according to Virex was on March 16, 2005. This date was before my purchase. Other forums seem to indicate that this is the latest .dat file for Virex. I am assuming that I can not perform an eUpdate because there is nothing to Update.

When a new update is out PLEASE PLEASE PLEASE let me know!

Also for the record...I did not perform any of the update setting on Virex. When I set the preferences for .Mac with my name and password the settings in Virex were automatically done. I believe it is currently using HTTP for the server setting instead of FTP. I'll leave it that way until I get a chance to call apple or stop into a store or someone tells me otherwise

Thanks again everyone...I hope this clears up some things for some other folks out there!
 
Tommo said:
Which version of Virex are you using ? I have 7.6 which is not installed as part of .Mac and when I scan against the test files it finds them and lists them in the window at the bottom of the Virex window.

I too have been having update problems, but not from all Macs.
Click to expand...

I have not read anything about 7.6 in my quest to find a solution to my problem. However I have read some stuff about people using 7.5 not being able to use eUpdate. It looks as if changing/setting the sever setting in Virex to FTP fixes this problem. I also read a post that for what ever reason instructed the user to remove Virex (possibly 7.2) and install 7.5. there seems to be some other problems with 7.5 too. I would look and the forums at the following link...they were very helpful:

http://discussions.info.apple.com/webx?14@405.knppa5wcVBg.1@.3bb85b0c

You said that your problem only existed on some macs!?!? Are they all using the same OS? If so, check to see if any of the server setting differ....I'd be interested to see if there is any correlation between the working and non-working. I really don;t know much about mac though, I'm just going off of intuition.

I forgot to mention to everyone in my last post...Most people say not to use the "clean" option with Virex, but to instead remove the infected files manually.


Good luck!
 
There are no virses that can run on Mac. These are probably Windows viruses attached to things like .doc Word files and emails, which cannot affect your Mac. :)
Not sure about Virex not working on Tiger, because I dont have Tiger, nor do I have any need for an anti virus app. Virex has been known to cause problems to Apple laptops, like almost 100% CPU usage while running which results in the fan running constantly.
 
For. Crying. Out. LOUD.

riccbhard, you would be well advised to read page 2 of this thread before returning this whole matter to the farce that it was.
 
You must log in or register to reply here.
Back
Top