Thread: New OS X Malware (Snow Leopard)
06-24-2011, 01:11 PM #1
New OS X Malware (Snow Leopard)
- Member Since
- Jun 24, 2011
The Mac in question has 2 user accounts and my SO (not a very sophisticated user) began getting dialogue box pop-ups about a week ago on her log-on - no issues with mine. Of course she only mentions this last night.
A box appeared every few minutes asking if you wanted to open a text editor file from Google. I opened a few of these (instead of canceling) and saved the payload which appears to be code to do with google ads. I have a saved copy at home I can post later if it helps. Opening the first file caused a toggle through of all open windows for about 10 seconds then nothing???
I looked at incoming/outgoing connections and traced a few to blacklisted ip addresses - 2 in China, 1 in Netherlands, etc. Around 4 or 5, not a ton. I have a screen shot of that output as well. After disconing the Mac from the internet, I searched on another computer for any trace of this from other users and found nothing. Tons of posts about MACdefender, which this is definitely not. Other machines on my network don't appear to be affected.
Am I infected? thus far I've flushed the DNS cache, cleared cookies, uninstalled firefox (thinking could be some sort of browser hijack). I also checked related /etc file and nothing unusual going on there. Help!
06-25-2011, 06:43 AM #2
Might be an idea to just create a new user account for her (him?) and copy docs across. Then delete the old account.
06-25-2011, 08:37 AM #3
If it's confined to just her user account, then an extremely simple way of handling this is to make a backup copy of her user Library, then delete the old. On re-logging into it, OS X will re-create a virgin copy and yer back in business. Just keep the copy around to recover things like Safari bookmarks and other data that may be stored there that she may want.
EDIT: Actually before going that far… have you checked her login items in the System Preferences to see if anything is suspect?
Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu).
Links: Onyx | EasyFind | Apple Hardware Test | How to test your hard drive | The Safe Mac » Adware Removal Guide | Uninstall MacKeeper
Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.
06-25-2011, 09:11 AM #4
- Member Since
- Oct 27, 2002
- Cleveland, Ohio
- MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By Lifeisabeach in forum Apple Rumors and ReportsReplies: 16Last Post: 11-22-2011, 05:20 PM
By damang111 in forum OS X - Operating SystemReplies: 2Last Post: 08-10-2011, 03:00 PM
By b-rad in forum OS X - Operating SystemReplies: 4Last Post: 08-09-2011, 02:33 AM
By solarsloth122 in forum Switcher HangoutReplies: 6Last Post: 01-02-2011, 06:15 PM
By E90Tony in forum Apple NotebooksReplies: 2Last Post: 04-10-2010, 06:09 AM