Zammy-Sam said:
Or maybe you are talking about your windows box? Give us some details on your system. A trojan doesn't really slow down the computer and norton pretty much sucks on macs.
One can presume that if unclefutz is posting to a forum on MacOSX.com, he is talking about an event on a Mac. Label me insane.
Unclefutz, I did a search on Google and found a Japanese posting about this same Norton report, also on a Mac. He wasn't able to track down an answer either. Not much help there.
There is, however, a Mac hacking group called CowFight that produces a tunnelling tool called "underhand". It allows a user to connect to a remote system through a Mac -- the advantage being that the hacker can do all sorts of nefarious no-goodness on, say, a government server without ever exposing his IP. So the Secret Service comes to YOUR door, not his. This tool needs to be installed by a user -- but it is possible that it piggy-backed on some other installation that you did. Their instructions for uninstalling the trojan (that IS what they call it) are:
A) Kill the trojan
1. Open Terminal (/Applications/Utilities/Terminal.app).
2. Type in top.
3. Note the PID # (number on the far left of the list) next to the process showing the name of the trojan server.
4. Press q to stop the 'top' process.
5. Type kill then space then the PID # you noted earlier to kill the running trojan.
B) Remove the trojan
1. Go to System Preferences then find the Login/Startup Items. In Panther it's located under the Accounts Pane.
2. Remove the listing for the trojan server
3. Go to ~/Library/Preferences in the Finder
4. Delete the trojan server application from this folder by moving it to the trash and emptying the trash as well (just for good measure).
I have NO idea if this is what you have, but the technique is sound. If the process doesn't show up on 'top', try 'ps auxww | grep underhand -i'. That should definitely peg it if it is there.
If you did not knowingly install this, it may mean that other processes are running that would allow a user to find your machine and possibly do other nasty stuff as well. Please check your sharing settings in the System Preferences panel and shut down all services that you KNOW you don't use. When you are done, hit the 'lock' icon at the bottom of the window. That will require you to enter the system password if you ever want to change a setting here. If you aren't sure what a listed service does and if you are on a home computer (not on a University network, for example), you almost certainly shouldn't have it running. I am not 100% sure here, but I believe that this window is just as good as monkeying around directly with ipfw, the firewall service.
After locking down your firewall, it might be a good idea to track down services that are running locally. You may want to post a copy of your running processes here, for other, more knowledgable Mac users to peruse. It would be best to reboot your Mac so that no other programs are running in the back ground, open a terminal (in the Utilities folder) and enter 'ps auxww'. That will spit out everything you are running. Copy and paste it into a new thread. Perhaps: "Is this a trojan?" or something like that.
You can also see if anyone is presently connected to your computer by running 'netstat' in a terminal window. The top part of the listing describes all incoming and outgoing connections on the Internet. If you recently checked your email or looked at some web pages, those connection will be there. It's best to shut down all programs that access the Internet, wait a few minutes and then run netstat. Many processes are completely legit, but if you have an unwelcome guest, he'll show up there.
I'm going to go out on a limb here and say I am getting alarmed at the number of people who think that because there are no known VIRUSES for Mac at present that there are no TROJANS, either. I am a recent refugee to Mac from Windows, but I've been working in Linux for a few years and I know for sure trojans are a risk for any machine. Well, maybe not the Vic-20. That machine was as safe as houses.