PDA

View Full Version : ClamXAV found issue on my Macbook Pro: what is it?



mattymac
11-17-2015, 11:18 AM
Attached picture: what is this and how did I get it? I have not visited any abnormal sites, or any new sites.23257

harryb2448
11-17-2015, 04:28 PM
Installed any software such as Premium Opinion or similar?

And avoid downloading any software from CNET and Softonic. They ove loading you up with these little 'extras'.

lclev
11-17-2015, 04:45 PM
This is a tracking program that may or may not have other "talents". ClamXAV should have done a good job of removing it.

According to this site: http://www.hotforsecurity.com/blog/top-5-malware-for-mac-os-x-users-should-know-about-996.html

"The OpinionSpy family of spyware is usually installed by a number of freely-distributed applications such as screen-savers and audio / video converters. The installer utility of these applications will fetch the spyware package, install it and run is with root privileges. Trojan.OSX.OpinionSpy.A poses as a marketing research tool, but it does more than collecting users’ browsing habits and preferences: it also opens backdoors and shuffles through a great number of documents found on both local and remote drives. The Trojan poses a great danger to the user’s privacy and to the security of the stored data."

So you probably installed some innocent looking app that brought a nice "gift" along with it.

Lisa

chas_m
11-17-2015, 05:35 PM
ONLY download Mac apps from one of the rowing three places!

1. The Mac App Store
2. The developer's own website
3. MacUpdate.com

lclev
11-17-2015, 10:52 PM
Chas_m - just an FYI - nickyr pointed me to this article. It seems MacUpdate.com is given in to allowing "gifts" to be added their downloads:

https://blog.malwarebytes.org/news/2015/11/has-macupdate-fallen-to-the-adware-plague/

I have dropped them off my "nice" list.

Lisa

harryb2448
11-18-2015, 01:01 AM
chas and I had a little debate over this about six months or so ago and I could not find that article at the time. Good one Lisa.

chas_m
11-18-2015, 01:28 AM
The reason you couldn't find it six months ago, Harry, is because this article is from November. Six months ago, it wasn't happening.

Nonetheless, I'm disappointed to learn that MacUpdate may have bought into the junkware epidemic, and will take this up with the site owners at my first opportunity.

harryb2448
11-18-2015, 07:16 AM
This is the alert I was thinking of. Twelve months ago actually:-


http://www.antivirus-blog.com/news/mac-malware-distributed-via-download-com-macupdate-com/

mattymac
11-18-2015, 07:56 AM
Is it possible that I downloaded it from "savefrom", which downloads YouTube videos? That is the only place I can think of that I used recently that was not the usual three websites I browse.

lclev
11-18-2015, 12:15 PM
Anything is possible and as I have recently found out, MacUpdate could also be the culprit if you have downloaded from them.

Lisa