Viruses On Os X

[nixgeek]

I am really worried. Something really odd started to happen 2 hours ago. Everytime I try to open google.com or gmail.com, well anything with a rewrite with google.com in it, I get redirected to mediaplex.com !!! That sounds very much like the horrible mediaplex thing you get on the PCs.

I cannot access the google pop or smtp either. It's only focused on google for now but I am sure it's only a question of time before it spreads or something horrible happens.

I downloaded the Macsecure beta2 thing, but it's not working. I am told it has expired...

I cannot find any other spyware remover anywhere.

Can anyone help me ? I am freaking out.

Luce

The address for GMail is http://gmail.google.com.

I just did it on my Mac (google.com that is) and I got Google. It's possible that your browser for some reason is going to the cache for Google.com and gmail.com. Try and empty your cache, quit out ,and then relaunch your browser. Incidentallly, what browser are you using?

BTW, I just tried gmail.com and it sent me to the proper place.

So that you know, there aren't any spyware apps on the Mac currently. Most spyware companies take advantage of the ActiveX controls in IE in order to "compromise" a Windows system. They also fool people by making browser windows like like an actual Microsoft Windows Explorer window. Unsuspecting people click on it and it allows for the site to push down ActiveX controls for spyware apps in Windows.

Since Mac OS X is a UNIX-based system, it is currently very difficult if not impossible to have spyware or viruses installed unless the user VOLUNTARILY installs the maliscious software. This would have to be some installer that masqueraded as a video file or some other document that would be attractive to the unsuspecting user, not necessarily a webpage that says "You might have spyware!"

Remember that UNIX based systems are built with security in mind (UNIX is a 30 year old technology that has proven to be very secure in its lifetime). Windows, because of its design and ActiveX as well as Microsoft's negligence of vulnerabilities in their system when they are discovered, is unfortunately not as secure as Microsoft would like to make you think.

 

[luciole]

The address for GMail is http://gmail.google.com.

I know this, but it doesn't make any difference...

I just did it on my Mac (google.com that is) and I got Google. It's possible that your browser for some reason is going to the cache for Google.com and gmail.com. Try and empty your cache, quit out ,and then relaunch your browser. Incidentallly, what browser are you using?
BTW, I just tried gmail.com and it sent me to the proper place.

I have tried all this before posting here. It stays the same.
I am sure you got gmail.com... if your computer is not in any trouble.
I get the same crap with Netscape, mozilla, safari and I have not tried IE because I don't have it !

So that you know, there aren't any spyware apps on the Mac currently.

This is why I am asking here...

Since Mac OS X is a UNIX-based system, it is currently very difficult if not impossible to have spyware or viruses installed unless the user ....etc....

I know some of that too... I actually run most of the time on X11 as most of my softwares come from gnu. Before buying a mac, I only owned linux machines...

Thanks for your comments, though. I am not trying to alarm people stupdily, I did try a "few" things before posting this.

Luce

 

[WeeZer51402]

post your /etc/hosts file please, that may contain the answer...

 

[sourcehound]

I've noticed quite a few questions about people thinking that they might have a virus on OS X. Everyone should know that, so far, there are absolutely NO viruses for OS X. There are a few hundred for OS 9, but NONE for OS X.

Strange things occuring with applications are usually the fault of that application.

There are virus scanners for OS X such as Virex and Norton but they are only scanning for Windows viruses and the old OS 9 viruses, so there is not much use for them unless you want to take it upon yourself to protect PCs if you forward strange emails to people.

While there are no known viruses that affect OS X on a binary level, there are increasing issues with both Word and Excel Macro viruses. These can cause severe problems even in all-Mac companies, as they cause Word to crash and prevent Mac users from successfully emailing their documents to people they do business with. Over the last nine months, the rate of macro virus infection has been on the rise in the customers we support. The only way to deal with it is to purchase a commericial virus protection program (we won't endorse one over the other). ClamAVX is a good open-source alternative, but as it only identifies which files are infected, it's not very useful. ***Sigh***

Sourcehound, author of Mac HelpMate: http://www.machelpmate.com

 

[ex2bot]

Sourcehound, doesn't Word have macro virus protection enabled by default?

Are the viruses getting by this somehow. The comment text for this option says that if you open a file with a macro, Word will give you the option of opening it with or without the macro.

OTOH, I suppose if they make heavy use of macros, there might be no way of knowing if the macro is legit or not.

Doug

 

[mersyone]

whats cool about the MAC is it remains completely neutral to .EXE executable files (PC). If you download alot, then it's safest on a Mac. So those pesky viruses (.exe) that decide to run themselves are completely handicap in Mac's Operating Systems. I LOVE MY MAC! I HATE MY PC!

 

[contoursvt]

whats cool about the MAC is it remains completely neutral to .EXE executable files (PC). If you download alot, then it's safest on a Mac. So those pesky viruses (.exe) that decide to run themselves are completely handicap in Mac's Operating Systems. I LOVE MY MAC! I HATE MY PC!

Well its not that its neutral to .exe files. It just cannot run executable files that are from the x86 platform. Its like if I put a photoshop CD in my PC and try to install it. It wont work. Same thing the other way. Although the end result is that youre safe from PC execatable viruses.

 

[mosx86]

I am really worried. Something really odd started to happen 2 hours ago. Everytime I try to open google.com or gmail.com, well anything with a rewrite with google.com in it, I get redirected to mediaplex.com !!! That sounds very much like the horrible mediaplex thing you get on the PCs.

I cannot access the google pop or smtp either. It's only focused on google for now but I am sure it's only a question of time before it spreads or something horrible happens.

I downloaded the Macsecure beta2 thing, but it's not working. I am told it has expired...

I cannot find any other spyware remover anywhere.

Can anyone help me ? I am freaking out.

Luce

Luce-

Do you notice any odd applications running when you do a top command or list all of your processes? Also, you might try looking in the Activity Monitor.

Does the redirect only happen when you try to go to google or for other websites as well? You might double check the proxy setup in Network.

Also, if you have multiple accounts on the machine, does this also occur in those accounts? And/or have you tried creating a new account to see if this occurs?

 

[slur]

The previous post is the best advice. Make a new account, try different browsers, etc.

Also, it may not be your Mac, but your cable or DSL modem that's been hacked. Or the DNS server you connect to might be poisoned. Do all computers have the same problem at your location?

I don't remember whether or how the Mac caches DNS, but it should be pretty much like BSD does. Also, do you see any weird entries if you look in NetInfo Manager, in the "Machines" section? That's one place where such redirects can be set.

Finally, you can try doing an Archive/Install of your system - preserving Accounts and Network settings, which although it may take a while, is a reasonable step if all else fails.

 

[Porce]

I have a copy of Norton AntiVirus 9.0 that came free with my iBook (currently running 10.4.3). The iBook is my main computer but I occasionally use a USB drive to go between two other computers, one WinXP and one WinME. Obviously there are no Mac OS X viruses, but I got it free, so I was about to install it (I've had the iBook since July, but just found the disc again today), but I read some anti-Norton comments in this thread- what's wrong with NAV?

 

[g/re/p]

Norton Antivirus should be OK, but Norton System Worksor any other Norton maintenance apps should be avoided at all costs.

My advice, however, would be to download
ClamXav at http://www.clamxav.com/ instead.

 

[perfessor101]

what's wrong with NAV?

NAV 9 is not compatible with OS X 10.4.x. You will have to purchase the NAV 10 upgrade for Tiger compatibility. There have been reports of application conflicts and kernel panics caused by NAV 10, but I cannot verify the accuracy of those reports.

Symantec has stopped all development of Mac products other than NAV and there is no Tiger compatible version or upgrade for any of the other Norton products.

 

[powermac]

Recently, a friend of mine (windows user) got a virus, the one that got on AIM and sent messages to people on his buddy list. It would send a message to you like he was starting a chat. Then it would have a link to view some pictures. So I figured it was something wrong, I pressed the link anyway. It opened a browser window with non-sense symbols and at the top is had something about can't find DOS mode or something. Come to find out, he spread this virus to his windows friends, who had to reformat and reinstall to get it off.

 

[Lt Major Burns]

here is proof of audacity doing sneaky things. this is a small box that normally resides WAY off screen (it takes time to arrive into exposé) labelled "invisble"

it is not possible to click it, as it rushes off back to where it came but appears to be blank. why is there? what is it doing? is it malware?

 

[slur]

You can locate this window probably using Activity Monitor. Choose in the popup menu at the top "Windowed Processes" and look at the items contained within the list. One of those processes spawned that window. Try quitting some of them and see what happens. If the window goes away you've found your culprit.

 

[devilsapprentic]

I'm in the unfortunate position in which the IT dept are demanding an Antivirus/Spyware/Firewall program is put on the macs, but having read many many reviews on all of them am now terrified about which one to use. I have read that Symantec's causes so many problems and it is not compatible with Panther, I have read bad reviews of Mcafee & Sophos's software, and the IT guys aren't happy with ClamXAV as it is a freeware.
What I'm trying to say is HELP!!!
I am aware of the lack of virii & spyware for mac, but it is a mixed mac/pc network and they don't want us accumilating a library of virii that is ready to attack the rest of the network.

Any ideas which antivirus might be of any use? Otherwise its byebye ethernet cable!!

 

[rei1974]

Yes I think you should be safe using Mac OS X. No viruses, is actually quite fun compared to the Windows world...

 

[fryke]

devilsapprentic: Since you're aware that you won't probably get any Mac viri on your Macs, simply decide for one product. There's no antispyware for Mac, but a Firewall is integrated already and you can choose any antivirus software you want, in order to make those guys happy.

 

[mosx86]

I'm in the unfortunate position in which the IT dept are demanding an Antivirus/Spyware/Firewall program is put on the macs, but having read many many reviews on all of them am now terrified about which one to use. I have read that Symantec's causes so many problems and it is not compatible with Panther, I have read bad reviews of Mcafee & Sophos's software, and the IT guys aren't happy with ClamXAV as it is a freeware.
What I'm trying to say is HELP!!!
I am aware of the lack of virii & spyware for mac, but it is a mixed mac/pc network and they don't want us accumilating a library of virii that is ready to attack the rest of the network.

Any ideas which antivirus might be of any use? Otherwise its byebye ethernet cable!!

I've had no issues with either Norton v10 or Sophos (though I haven't used Sophos with Tiger). There is a built in firewall on the Mac and I don't know of any anti-spy ware utilities.

 

[rei1974]

Surely the fact that Mac is built upon unix makes it much more safer to spyware, trojan, etc...