odd results from Symantec AV and MacScan

Joined
Sep 25, 2010
Messages
4
Reaction score
0
Points
1
I'm on a Macbook running Mac OS X 10.5.8. Yesterday I ran a full Symantec scan (Symantec 10.2 with virus definitions from Sept. 21), which identified 10 files as Trojan horses. The files were all in archives and had names like Gmerrew, Gmailer, Greader, bof.jar and gsb2.jar. I browse and download fairly carefully (download only software from reputable sources, no visits at all to porn sites, Bittorrent, etc.), so I'm not sure where they came from. I had Symantec delete them, but I couldn't find much about them online so I wasn't sure if that was enough to take care of the problem.

I then ran a full scan with MacScan. It identified four email messages as being KeyBag. The files are now isolated in a folder on my desktop. I used Cmd-I to get information, and they look fairly normal to me; I know all the senders (Borders, spaceweather.com, a client I get email from all the time, and Facebook). I googled around a bit, and it sounds like other people have had false positive KeyBag IDs from MacScan as well.

I ran a full scan with iAntiVirus and it gave me a clean bill of health. I'd be inclined dismiss the whole thing as puzzling but probably harmless, except that the four email messages AND the files identified by Symantec were all created on the same day, late in May.

Could I have inadvertently downloaded some malware back in May that is messing things up this way? And if so, how could I find it? Does anyone know anything about the Gmerrew, etc., files?

Thanks for any insights you might have.

M
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
G'day and welcome to the forums.

Most AV software is run by switchers who have had the need for AV software drummed into them. Trash both of them as there are no viruses for Mac OS X. Windows viruses cannot run on a Unix platform. The only folk who believe in this antivirus software are Nortons and MacScan.

Think about it - why pay to download Windows virus definitions that cannot run on your Mac? Safe practices are the best protection.

Have a look at this link, which whilst some years old is still accurate as there are no Mac OS X viruses:-

http://reviews.cnet.com/8301-13727_7-10331147-263.html?tag=mfiredir
 
OP
M
Joined
Sep 25, 2010
Messages
4
Reaction score
0
Points
1
Thanks for the welcome and the advice! What about Trojan horses and other malware? I understand that some of these do exist for the Mac; are they adequately avoided by careful browsing? I'd be happy to believe that the two results I got are both bogus and leave it at that, except that they both point to files created on the same date, which makes me kind of curious.
 
Joined
Oct 20, 2006
Messages
1,517
Reaction score
34
Points
48
You have to give permission to install trojans etc. in a unix system. So they have to be in something you download and install.
 
OP
M
Joined
Sep 25, 2010
Messages
4
Reaction score
0
Points
1
Thanks! So it sounds like if I have not installed anything that did not come from a reputable software developer, and assuming that such software is indeed safe, I will just have to conclude that something weird but harmless happened on my system late in May that later triggered bogus results in both scans. Is that pretty much correct?
 
Joined
Nov 28, 2007
Messages
25,564
Reaction score
486
Points
83
Location
Blue Mountains NSW Australia
Your Mac's Specs
Silver M1 iMac 512/16/8/8 macOS 11.6
Who knows but extremely likely? I suspect these AV companies generate their own findings. After all whenever we see a Mac virus 'scare' it comes from an AV company.

The last, from memory, Trojan for a Mac was distributed by downloading iWork from a certain pirate site on the waterfront.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top