Thread: OS X virus!!!!
04-27-2004, 12:06 AM #1WilliSGuestOS X virus!!!!
ok... first off, if anyone knows anything about this, or has advice on how to fix this, please let me know.... im not going to go around repairing permissions or doing some crons task... so dont bother suggesting it....im a little tense at the moment, so excuse my slight sarcasm in some of my comments in this post...
this is my issue:
I have a mail account at college (penn state), and just today i recieved 2 messages (see image 1) from some U.S. National Bank or something... anyway, i knew it was fake... and just wanted to see what the link took me to (figuring it was either a funny webpage which asked to you put in your card number/pin on your ATM card, or something silly like that.)
So i opened the email... (see image 2) and that is what it said.
so, i click on the link..which is http://188.8.131.52/swf/ (WARNING... I DO NOT KNOW WHAT THAT SWF FILE DOES, CLICKING ON IT MAY INFECT YOUR COMPUTER)
so..i figured it was a flash file... swf.. but i failed to notice that it was a directory and not just a .swf... so clicking on the link did nothing at all...
notice, there was 2 of these messages... one with that link, and one with the link to the ip address alone... i clicked on the other link, which produced image # 3
ok... now... obviously it was some sort of virus or something... but anyway, it seemed to do nothing (like every other virus ive found... i click them for fun because nothing has ever previously affected mac...so ive tried to open the .exe files and stuff, or send them to my friends on winxp and stuff and laugh at them lol... )
anyway... what now happens is:
i click on a link in my inbox and what displays is image #2.... so i click on some other emails... and what i notice is, the virus switches the link of one email with the next... so i go to click on a message from a friend, and up pops a message from a forum... i click on the message from a forum, and up pops a tracked package from a few weeks ago....i click on the tracked package, and up pops an email from someone else...and so on... each link has a new destination...... although all the emails are still there, the links dont match up to what the title to them says they should be.
holy hell, someone help me!!!!!!!
if someone tells me to repair permissions i will make sure you get a virus!
04-27-2004, 12:26 AM #2
Get a virus?! Not bloody likey -- I was a doz boy too long! but what you are seeing is very strange but not a doz class virus... But it's quite strange, IP where that came from and such may help
04-27-2004, 12:31 AM #3WilliSGuest
what are you telling me?
its not a virus? well its something.... go try to load the page with the IP/swf/ and tell me if it messes with your mail account ... if not, ill forward you the email, and you can give it a shot from there if you would like... but i guarantee you im not hallucinating or anything..and you can deny it all you want, but its on my computer...and i can give it to you to check out if you really want
04-27-2004, 12:32 AM #4Originally Posted by DualG5Lova
04-27-2004, 12:38 AM #5
Someone e-mailed you links look to e-mails weeks older? Dude, this has been set up by your "friends" in PSU I bet
04-27-2004, 12:43 AM #6WilliSGuest
its a university mail server.... psu.edu..
what are you getting at?
04-27-2004, 12:54 AM #7WilliSGuestOriginally Posted by witeshark
2. none of my "friends" at psu could manage to do anything like this.. for one thing, its a big time offence to do what the phish was intended to do... which was make an email that collects bank information... the email was obviously set up to have you enter in your account information to a website that looked identical to a bank website, but instead of send it to the bank, it would just collect it and send it to the maker of the virus.
3. unless you have anything important to say, im not in the mood to hear the "repair permissions and crons tasks" lecture, nor in the mood to explain that yes, it really is a problem... the "big bad osx fortress" isnt so hard to break into when i clicked on the link.. pretty much saying "hey! hack me plz!"..... so i would rather hear something from someone who may have stumbled upon this somewhere on the web, or had this same thing happen to them, rather than the possibilities of my friends breaking through osx..
no offense...but currently im in the "instant gratification" mode... if you cant help me fix it, i really dont care to hear the stories of the "doz dayz"
04-27-2004, 01:10 AM #8WilliSGuest
to add to the fun... the emails will not delete off the server
04-27-2004, 02:27 AM #9
Originally Posted by DualG5Lova
- Member Since
- Jul 21, 2003
- Coruscant, Galactic Republic
- 14" iBook G3 900/640/40 _ _ Power Macintosh G3 All-In-One 315/768/20 _ _ 20 GB iPod
A) Make sure no one else on campus is experiencing similar problems, thus indicating a problem/infection with the server itself.
B) Purchase a Mac-specific anti-virus application. If there is indeed a virus infecting your machine, it will be difficult to remedy without such an application.
"C" would be to perform a complete format and reinstall of the OS, which is obviously a last resort.
BTW - This is completely unrelated, but you wouldn't happen to know a girl by the name of Jennifer Curley that attends your school, would you?
04-27-2004, 04:39 AM #10
- Member Since
- Nov 04, 2003
- Southern Indiana
- Mac Pro Quad Xeon 2.66GHz 3GB RAM, G4 Quicksilver w/Sonnet 1GHz Encore ST, 1ghz G4 Powerbook
…and "D" BACKUP! BACKUP! BACKUP! (or is that D, E and F?)
04-27-2004, 08:42 AM #11
- Member Since
- Apr 09, 2004
- 15" MBP 2.16GHz ^ATI Radeon X1600 256MB ^100GB @ 7200 rpm ^2GB RAM ^Glossy Screen +iPod 4G 20 gigs
Talk to ur admin and see what he has to say. Good luck.
04-27-2004, 10:35 AM #12StarMantaGuest
....um, what do you have against repairing permissions? This seems to me exactly the sort of problems that that would fix.
That IP address isn't giving me any info on Network Utility's Whois, and it didn't respond when I clicked it... so whatever that was it's probably down.
It sounds more like your mail itself got corrupted somehow, rather than Mail.app.
04-27-2004, 10:54 AM #13WilliSGuest
i woke up this morning, after putting my G5 to sleep last night... when i hit the space bar, horizantal pink lines took up the entire screen... so i turned the computer off... then i powered it back up, and nothing worked... it was on, but no display.... i went and took a shower, came back, powered it on again, and its working....
i have no clue whats wrong.
btw... what i have against repair permissions is that it seems to be everyones solution to everything ... "oh your getting bad grades in school? try repairing permissions on your ibook..that might help"
anyway... i have repaired them...did not help
whatever it is, not only is on the server side, messing up my emails, but also on my side, affecting my computer in some weird way.
and no, i dont know jennifer.. sorry hehe
04-27-2004, 04:17 PM #14
- Member Since
- Aug 05, 2003
- I'm slowly sinking in the posts of Mac-forums
- PowerBook 12" Combo Drive/867 MHz/256 MB RAM/40 GB hard drive/Mac OS X 10.3.5/AirPort Extreme it sux
What the hell are you smoking? There are no Mac OS X viruses were not on doz! It's just a permission's issue. Repair your permissions and run cron tasks, it's just a fault!
No one says that... ever.
04-27-2004, 04:38 PM #15
- Member Since
- Jul 22, 2003
- Hamilton College
- 20" iMac C2D 2.16ghz, 13" MacBook 2.0ghz, 60gb iPod vid, 1gb nano
I just tried the page and nothing is loading on itDon't forget to use the new User Reputation System
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By Kenny Brennan in forum OS X - Operating SystemReplies: 6Last Post: 11-29-2010, 06:23 AM
By Sub-Zer0 in forum OS X - Operating SystemReplies: 1Last Post: 05-02-2009, 07:30 PM
By JamesLJ in forum OS X - Operating SystemReplies: 4Last Post: 03-14-2009, 04:47 PM
By Dylanyouto in forum Schweb's LoungeReplies: 26Last Post: 03-08-2009, 08:44 AM
By James- in forum Running Windows (or anything else) on your MacReplies: 11Last Post: 01-22-2008, 12:22 PM