Canadian Mac Forums at ehMac banner

1 - 20 of 28 Posts

·
Registered
Joined
·
155 Posts
Discussion Starter · #1 ·
I'm writing about viruses and Macs, and I'd like to say that there hasn't been a Mac virus since 2001 (the Simpsons virus).

Have I missed anything? Have there been any new virus threats that could affect Macs since then?

Note that I'm not including macro viruses, which target Microsoft Word.

Thanks,
Sandy
 

·
Premium Member
Joined
·
7,069 Posts
Simpson's Virus? What was that? I've only heard of that one that was on a few CDs and was more of a worm then a virus...
 

·
Premium Member
Joined
·
3,310 Posts
I think Chealion is refering to the StartUp Worm on the MacAddict CD.

I cant' remember what the date was for that but I believe it was pre-OS X. So that would be early 2001.
 

·
Premium Member
Joined
·
7,069 Posts
Heart - Thats what it was called...
It was actually much earlier then that Heart... more like 1997...

As for virus - A program that like a human virus copies itself destroying everything in its path.

Worm - Like a worm in a human (think those 7 foot tapeworms that are pulled from intestinal tracts), feed, infect but don't seek to destroy your computer, but simply multiply and spread.
 

·
Premium Member
Joined
·
10,287 Posts
Microsoft recently released an updated version of Windows Media Player for the Mac. Does that count as a virus? :D


Just kidding, Windows Media Player isn't too bad. Not too good neither but there is some content out there that I want and can now get cause its available.
 

·
Registered
Joined
·
1,060 Posts
At this time, there are no Mac OS X viruses.

Your Mac can get a PC virus, in the sense it can be a carrier of sorts, but you really can't be affected by it.

Earlier Mac OS viruses numbered in the single digits. Some worked in 68K environments only (meaning pre PowerMac circa 1993)

A few are PowerMac only virus, but even fewer than 68K viruses.

Macroviruses will only affect a Mac if Microsoft Word or Excel is running. Otherwise, there really aren't any to worry about.

There was the "Autostart Worm" from the mid to late nineties that only worked if AutoPlay CDs (Data CDs that is) was on in QuickTime preferences. This preference was usually off by default.

I've seen a virus on a Mac twice in my 15 years as a Mac User. Considering I have been a Mac techie type pretty much since 1995, I'd say there isn't alot of concern.

:cool:
 

·
Premium Member
Joined
·
7,069 Posts
So Sandy, this is going to be one short article... Consisting of very few words: What viruses? Also their are several anti-virus solutions in place *IF* a virus should strike the Mac world... eg. Norton Anti-Virus, the Anti-Virus available through .Mac, the history of very few virii ever occuring successfully in operating systems running UNIX.
 

·
Premium Member
Joined
·
5,247 Posts
The last one was the AutoStart 9805, which technically is a worm, and went public in 1998. A copy of the worm did inadvertently appear on the later MacAddict disk.

If you disabled QuickTime autostart for data CDs, it couldn't install. There are a bunch of freeware tools to kill it (and all the others).

Last time I checked, they were looking for 2 or 3 new viruses to bring the all-time Mac tally to 50, and we're still waiting. About 40 of the known viruses only work in System6 or earlier; and most of the rest only work if you have HyperCard installed (these days, that amounts to nearly no-one).

I think it's about time we started the campaign to decide which program Windows users should buy and install as a courtesy to Mac users, like we do for Wintel viruses. Any ideas?
 

·
Registered
Joined
·
1,060 Posts
gordguide suggested:
I think it's about time we started the campaign to decide which program Windows users should buy and install as a courtesy to Mac users, like we do for Wintel viruses. Any ideas?
How about Mac OS X?

Sure, it requires they upgrade alot of their hardware and software, but hey, in a year, they would be just throwing out their older computer anyway. This new upgrade would have staying power!

:D

:cool:
 

·
Registered
Joined
·
778 Posts
There was also a virus called "666" on the mac a couple of years ago. It would boot up and install an extension on your computer that looked like the Apple Monitor extension and would start to destroy everything on it.

Check this little link here
 

·
Lifetime membership
Joined
·
9,265 Posts
There was a virus called the NVIR B virus which affected system 7, I heard that if it was combined with NVIR A then the two would combine to create the NVIR C variety which at the time there wasn't a cure for.

I had the NVIR B virus on a SE hard drive that I bought in the past, I had a tough time killing it, Rebuilding the desktop of the hard drive and all of my floppies finally killed it.

There were some Hypercard virus's as well, But I never got one of those, I've been using Mac's since 1993 and I've only had one virus.
Knock on Beige eh?

Edit - Additional resources:

http://www.sophos.com/virusinfo/analyses/macnvirb.html

http://www.sophos.com/virusinfo/analyses/index_macexe.html

D :cool:

[ May 23, 2003, 01:55 PM: Message edited by: dolawren ]
 

·
Premium Member
Joined
·
152 Posts
Are you guys in denial? Or can anyone explain this one. Man I can’t believe it. Last Thursday I was viciously attacked by a hacker who either added a virus to my email or, and this is what it looked like to me, he had remote control of my computer. I was talking to sonmeone on the telephone when all of a sudden, one message at a time, the emails in my inbox started to disappear. It turned out that they were being moved to the “deleted items” folder so I still had them. I immediately unplugged the machine from the network and ran my virus checker, which I must add, obviously “sucks” because it found nothing. I thought I had it under control until the next day, my email folders (in the email database) started to disappear. This time I couldn’t find them so, once again I unplugged and spent the better part of the day trying to find them. To make a long story short, it looks like these clever b$£tards, and I mean b$£tards in the the most denigrating sense of the word, figured out a means of making the messages invisible file residing in the deleted items folder. I found this out when I cleared out that folder which appeared to have 10 items in it but the ensuing window indicated that 241 items were being erased. I feverously tried to cancel the action but to no avail. Gone!
Anyone have any ideas!
 

·
Registered
Joined
·
778 Posts
Greg,

Sounds to me you have something more like a trojan horse installed on your computer over a virus. What OS are you running?

If you have Mac OS X Installed, check for the term "vnc" on your computer. I would however suggest against using the search function in Mac OS X's finder and suggest you use the terminal to do a locate.

to do this, do the following:
-open up "Terminal.app" located in /Applications/Utilities
-at the prompt, type: sudo -s
-type in your password
-type in "/usr/libexec/locate.updatedb"
wait for a couple of minutes while it updates it locate databse
-once you have a command prompt. you can do search strings such as: locate vnc

Doesn't sound to me like you have a virus...
 

·
Premium Member
Joined
·
30,887 Posts
Doesn't sound like a virus and we recommend against anti-virus installs as it's a waste of productive time and on occasion causes grief during installs.

This sounds very much like a prank or someone has accessed you over a network - since you are studying I assume a school environment and if youa re on the net apparently that makes you game. :D

It's possible too your "rules" have been changed accidently or are corrupt resulting in messages being scanned as spam or sent to the delete folder based on a "rule".

Be careful on re-installing Outlook in OS9 as you could lose your email "messages" file entirely on an overwrite.
Stupid MS design :mad:

Good luck.

The last real Virus we've seen was the Seven Dust and only because it had "come along" as client worked their way up from OS7 to OS8.6 over the years.

Nothing current at all and a waste of productivity.



100% free webcam site! | Awesome chicks and it is absolutely free! | Watch free live sex cam - easy as 1-2-3
 

·
Premium Member
Joined
·
152 Posts
Well Gentlemen, I still don't know what happened and I don't possess your skill set. I'm on a TiBook running the latest OS X (10.2.6). I've never had a problem prior to this and yes I'm on the University network here in England. I went through the Terminal routine you suggested and this is what I got:
[bathpc-172-21-20-44:~] root# locate vnc
/Applications/Palm/HotSync Manager/Contents/Resources/English.lproj/HotSyncManager Help/hsadvncd.htm
/Applications/Palm/Palm/HotSync Manager/Contents/Resources/English.lproj/HotSyncManager Help/hsadvncd.htm
/usr/share/zsh/4.0.4/functions/_vnc
/Volumes/Home Drive/Personal/Software Downloads/VNCBeta3PPC/vncPatches
/Volumes/Home Drive/TRNSFR Mac OS X/Applications/Palm/HotSync Manager/Contents/Resources/English.lproj/HotSyncManager Help/hsadvncd.htm
[bathpc-172-21-20-44:~] root#
As I see it, most of it looks harmless to me but I'm, not sure about the middle part.
If you see something funny, please let me know.
By the way, I really appreciate your comments thus far and look forward to hearing any further comments.
Cheers
 

·
Registered
Joined
·
2,198 Posts
Greg,

From the terminal, try the following:

ps auxww > process.txt

This will dump a list of all the currently running programs/processes to process.txt. If you could post the contents of process.txt it would help in determining if you've got a trojan running....
 

·
Premium Member
Joined
·
152 Posts
Well I couldn't get the process.txt portion of your command line to work but here's what I got for the ps auxww portion of the command line.

[bathpc-172-21-20-44:~] root# ps auxww
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
g4 440 15.3 2.0 102696 15808 ?? S 12:05AM 12:07.12 /Applications/iTunes.app/Contents/MacOS/iTunes -psn_0_2883585
g4 418 3.0 0.5 70740 3604 ?? S 12:04AM 0:53.29 /Applications/Palm/Palm Desktop/Contents/Resources/Palm Desktop Background.app/Contents/MacOSClassic/Palm Desktop Background /Applications/Palm/Palm Desktop/Contents/Resources/Palm Desktop Background.app/Contents/MacOSClassic/Palm Desktop Background -psn_0_917505
root 103 1.8 0.2 16196 1496 ?? Ss 12:03AM 0:10.02 configd
g4 428 0.7 0.8 76916 6276 ?? S 12:04AM 0:04.78 /Microsoft Office X/Office/Microsoft Database Daemon /Microsoft Office X/Office/Microsoft Database Daemon -psn_0_1966081
root 72 0.0 0.0 1316 100 ?? Ss 12:03AM 0:00.00 dynamic_pager -H 40000000 -L 160000000 -S 80000000 -F /private/var/vm/swapfile
root 154 0.0 0.1 15240 840 ?? Ss 12:03AM 0:00.25 /System/Library/CoreServices/SecurityServer -X
g4 175 0.0 0.4 69520 3168 ?? Ss 12:03AM 0:38.40 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Support/ATSServer
g4 179 0.0 4.1 122508 32028 ?? Ss 12:03AM 3:56.03 /System/Library/CoreServices/WindowServer -daemon
root 204 0.0 0.0 14968 364 ?? Ss 12:03AM 0:00.50 /sbin/autodiskmount -va
root 270 0.0 0.0 1308 164 ?? Ss 12:03AM 0:00.08 syslogd
root 281 0.0 0.0 13584 132 ?? Ss 12:03AM 0:00.01 /usr/libexec/crashreporterd
root 284 0.0 0.1 14516 948 ?? Ss 12:03AM 0:00.06 /usr/sbin/mDNSResponder
root 296 0.0 0.1 1956 504 ?? Ss 12:03AM 0:00.55 netinfod -s local
root 301 0.0 0.1 15220 876 ?? Ss 12:03AM 0:01.17 lookupd
root 323 0.0 1.3 28188 9908 ?? Ss 12:03AM 0:01.19 /System/Library/CoreServices/coreservicesd -preload AEServer
root 329 0.0 0.0 1296 80 ?? S 12:03AM 0:00.00 nfsiod -n 4
root 330 0.0 0.0 1296 80 ?? S 12:03AM 0:00.00 nfsiod -n 4
root 331 0.0 0.0 1296 80 ?? S 12:03AM 0:00.00 nfsiod -n 4
root 332 0.0 0.0 1296 80 ?? S 12:03AM 0:00.00 nfsiod -n 4
root 341 0.0 0.1 15008 588 ?? Ss 12:03AM 0:00.03 /usr/sbin/automount -f -m /Network/Servers -fstab -m /automount -static
g4 347 0.0 1.3 83740 10052 ?? Ss 12:03AM 0:02.77 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow console
root 351 0.0 0.0 1556 312 ?? Ss 12:03AM 0:00.78 ntpd -f /var/run/ntp.drift -p /var/run/ntpd.pid
root 360 0.0 0.0 1308 112 ?? Ss 12:03AM 0:00.00 inetd
root 367 0.0 0.6 20060 5084 ?? Ss 12:03AM 0:02.50 /usr/sbin/cupsd
root 369 0.0 0.0 13868 164 ?? Ss 12:03AM 0:00.03 cron
root 383 0.0 0.4 21868 3348 ?? S 12:03AM 0:00.57 DirectoryService
root 397 0.0 1.4 38120 10984 ?? S 12:03AM 0:11.17 /Library/Intego/integod
g4 404 0.0 0.2 14724 1412 ?? Ss 12:04AM 0:01.35 /System/Library/CoreServices/pbs
g4 410 0.0 1.0 75552 7812 ?? S 12:04AM 0:03.74 /System/Library/CoreServices/Dock.app/Contents/MacOS/Dock -psn_0_393217
g4 411 0.0 1.3 84372 10488 ?? S 12:04AM 0:02.39 /System/Library/CoreServices/SystemUIServer.app/Contents/MacOS/SystemUIServer -psn_0_524289
g4 412 0.0 1.2 87752 9760 ?? S 12:04AM 0:02.64 /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder -psn_0_655361
g4 420 0.0 0.3 67276 2608 ?? S 12:04AM 0:00.42 /Applications/Palm/Transport Monitor/Contents/MacOSClassic/Transport Monitor /Applications/Palm/Transport Monitor/Contents/MacOSClassic/Transport Monitor -psn_0_1048577
g4 422 0.0 0.3 69480 2472 ?? S 12:04AM 0:24.67 /Library/Application Support/Nikon/Nikon View 5/Nikon View Monitor Carbon /Library/Application Support/Nikon/Nikon View 5/Nikon View Monitor Carbon -psn_0_1310721
g4 424 0.0 0.3 70060 2680 ?? S 12:04AM 0:00.40 /Library/Application Support/SmithMicro/FAXstf X/Startup/Fax Server.app/Contents/MacOS/Fax Server -psn_0_1572865
g4 426 0.0 0.5 70856 3660 ?? S 12:04AM 0:52.35 /Applications/Palm/Palm/Palm Desktop/Contents/Resources/Palm Desktop Background.app/Contents/MacOSClassic/Palm Desktop Background /Applications/Palm/Palm/Palm Desktop/Contents/Resources/Palm Desktop Background.app/Contents/MacOSClassic/Palm Desktop Background -psn_0_1703937
g4 427 0.0 0.3 67288 2620 ?? S 12:04AM 0:00.43 /Applications/Palm/Palm/Transport Monitor/Contents/MacOSClassic/Transport Monitor /Applications/Palm/Palm/Transport Monitor/Contents/MacOSClassic/Transport Monitor -psn_0_1835009
g4 430 0.0 0.3 70324 2252 ?? S 12:04AM 0:00.39 /Users/g4/Documents/FAXstf X User Data/Modems/Greg Hildebrand/FaxJobMgr.app/Contents/MacOS/FaxJobMgr -psn_0_2097153
g4 431 0.0 0.3 68868 2080 ?? S 12:04AM 0:00.23 /Library/Application Support/SmithMicro/FAXstf X/Startup/Fax Assistant.app/Contents/MacOS/Fax Assistant -psn_0_2359297
g4 432 0.0 0.5 73552 4108 ?? S 12:04AM 0:08.58 /Applications/WeatherPop.app/Contents/Resources/WeatherPopApp.app/Contents/MacOS/WeatherPopApp -psn_0_2490369
g4 433 0.0 0.1 47900 1092 ?? S 12:04AM 0:00.23 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/Image Capture Extension.app/Contents/MacOS/Image Capture Extension -psn_0_2621441
g4 434 0.0 0.2 62268 1596 ?? Ss 12:05AM 0:00.26 /Applications/StuffIt Deluxe 7.0/MagicMenu.menu/Contents/Resources/MagicMenuHotKeyDaemon
g4 439 0.0 0.2 15828 1272 ?? Ss 12:05AM 0:00.11 /System/Library/PrivateFrameworks/InstantMessage.framework/iChatAgent.app/Contents/MacOS/iChatAgent
g4 448 0.0 3.4 114132 27032 ?? S 12:27AM 3:45.88 /Applications/Internet Explorer.app/Contents/MacOS/Internet Explorer /Applications/Internet Explorer.app/Contents/MacOS/Internet Explorer -psn_0_3276801
g4 451 0.0 1.8 85176 14196 ?? S 2:00AM 0:40.31 /Applications/Utilities/Terminal.app/Contents/MacOS/Terminal -psn_0_3670017
root 465 0.0 0.1 14048 576 std Ss 2:12AM 0:00.46 login -pf g4
g4 466 0.0 0.1 5872 780 std S 2:12AM 0:00.04 -tcsh (tcsh)
root 467 0.0 0.1 5872 792 std S 2:13AM 0:00.57 -bin/tcsh (tcsh)
root 468 0.0 0.0 1360 308 std R+ 2:14AM 0:00.00 ps auxww
root 1 0.0 0.0 1308 276 ?? Ss 12:03AM 0:00.03 /sbin/init
root 2 0.0 0.0 1844 184 ?? Ss 12:03AM 0:00.11 /sbin/mach_init
root 51 0.0 0.1 15400 816 ?? Ss 12:03AM 0:01.95 kextd
root 68 0.0 0.0 1292 104 ?? Ss 12:03AM 0:00.84 update
[bathpc-172-21-20-44:~] root#
This stuff doesn't mean much to me but maybe it'll help. Hopefully it's not too personal. Gee I feel so naked!
Cheers Greg
 
1 - 20 of 28 Posts
Top