New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

odd results from Symantec AV and MacScan


Post Reply New Thread Subscribe

 
Thread Tools
mhrovat

 
Member Since: Sep 25, 2010
Posts: 4
mhrovat is on a distinguished road

mhrovat is offline
I'm on a Macbook running Mac OS X 10.5.8. Yesterday I ran a full Symantec scan (Symantec 10.2 with virus definitions from Sept. 21), which identified 10 files as Trojan horses. The files were all in archives and had names like Gmerrew, Gmailer, Greader, bof.jar and gsb2.jar. I browse and download fairly carefully (download only software from reputable sources, no visits at all to porn sites, Bittorrent, etc.), so I'm not sure where they came from. I had Symantec delete them, but I couldn't find much about them online so I wasn't sure if that was enough to take care of the problem.

I then ran a full scan with MacScan. It identified four email messages as being KeyBag. The files are now isolated in a folder on my desktop. I used Cmd-I to get information, and they look fairly normal to me; I know all the senders (Borders, spaceweather.com, a client I get email from all the time, and Facebook). I googled around a bit, and it sounds like other people have had false positive KeyBag IDs from MacScan as well.

I ran a full scan with iAntiVirus and it gave me a clean bill of health. I'd be inclined dismiss the whole thing as puzzling but probably harmless, except that the four email messages AND the files identified by Symantec were all created on the same day, late in May.

Could I have inadvertently downloaded some malware back in May that is messing things up this way? And if so, how could I find it? Does anyone know anything about the Gmerrew, etc., files?

Thanks for any insights you might have.

M
QUOTE Thanks
harryb2448

 
harryb2448's Avatar
 
Member Since: Nov 28, 2007
Location: Nambucca Heads Australia
Posts: 16,912
harryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond repute
Mac Specs: iMac i5 2.7GHz OS X.9.4

harryb2448 is offline
G'day and welcome to the forums.

Most AV software is run by switchers who have had the need for AV software drummed into them. Trash both of them as there are no viruses for Mac OS X. Windows viruses cannot run on a Unix platform. The only folk who believe in this antivirus software are Nortons and MacScan.

Think about it - why pay to download Windows virus definitions that cannot run on your Mac? Safe practices are the best protection.

Have a look at this link, which whilst some years old is still accurate as there are no Mac OS X viruses:-

http://reviews.cnet.com/8301-13727_7...l?tag=mfiredir
QUOTE Thanks
mhrovat

 
Member Since: Sep 25, 2010
Posts: 4
mhrovat is on a distinguished road

mhrovat is offline
Thanks for the welcome and the advice! What about Trojan horses and other malware? I understand that some of these do exist for the Mac; are they adequately avoided by careful browsing? I'd be happy to believe that the two results I got are both bogus and leave it at that, except that they both point to files created on the same date, which makes me kind of curious.
QUOTE Thanks
Mac SK

 
Mac SK's Avatar
 
Member Since: Oct 20, 2006
Posts: 1,491
Mac SK is a jewel in the roughMac SK is a jewel in the roughMac SK is a jewel in the rough

Mac SK is offline
You have to give permission to install trojans etc. in a unix system. So they have to be in something you download and install.
QUOTE Thanks
mhrovat

 
Member Since: Sep 25, 2010
Posts: 4
mhrovat is on a distinguished road

mhrovat is offline
Thanks! So it sounds like if I have not installed anything that did not come from a reputable software developer, and assuming that such software is indeed safe, I will just have to conclude that something weird but harmless happened on my system late in May that later triggered bogus results in both scans. Is that pretty much correct?
QUOTE Thanks
harryb2448

 
harryb2448's Avatar
 
Member Since: Nov 28, 2007
Location: Nambucca Heads Australia
Posts: 16,912
harryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond reputeharryb2448 has a reputation beyond repute
Mac Specs: iMac i5 2.7GHz OS X.9.4

harryb2448 is offline
Who knows but extremely likely? I suspect these AV companies generate their own findings. After all whenever we see a Mac virus 'scare' it comes from an AV company.

The last, from memory, Trojan for a Mac was distributed by downloading iWork from a certain pirate site on the waterfront.
QUOTE Thanks

Post Reply New Thread Subscribe


« good free video converter for mac??? | Retrieving damaged open files after power surge(?) »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

All times are GMT -4. The time now is 02:17 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?