Virus for OS X?

E

eyan212

Guest
A friend of mine just called me to help with a problem on his eMac. He had just downloaded a internet content filter called "Safe Eyes" and now his mac was going nuts. Upon startup, the finder (or desktop) screen would go black and a message in blue text would read "you have one minute to use your computer. Please shut down all programs so you don't lose any data. Click to continue." (this is not an exact quote but it is pretty close) If you click it gives you 60 seconds to do whatever, everything seems to work, but after 60 seconds, the screen blacks out again (closing all the open programs) and displays the same message. This repeats endlessly. There is also a lock symbol on the desktop menu bar to the left of the apple. I uninstalled the Safe Eyes program by dragging it to the trash and also deleted a preferences file that I found. When that did not work I tried to boot from the OS X disc and that failed as well. I tried other boot modes and was not able to boot in safe, verbose or firewire mode. He has a Logitech keyboard not an apple one. Could that be causing the alternate boot problems? i.e. the computer doesn't recognize the commands. Could this be a virus? I hope not. He is using OS 10.4.6. Any help on this would be great. He just switched to mac on my recommendation and I want his experience to be a good one.


-Eyan212
Power mac G5 dual core 2.3 w/ 5.5 gigs RAM and internal TB hard drive space, airport, bluetooth and dual screens.
Power mac G4 dual 1.42 w/ 2 gigs RAM and 500 gigs internal hard drive space.
 
Joined
Jan 8, 2005
Messages
6,188
Reaction score
254
Points
83
Location
New Jersey
Your Mac's Specs
Mac Pro 8x3.0ghz 12gb ram 8800GT , MBP 2.16 2GB Ram 17 inch.
there was a security hole in 10.4.6 and this could be the problem because a worm (i think) was released for the old one after apple released and update and stated why. Have him update his os and tell him to always update when updates are released.
 
OP
E

eyan212

Guest
PowerBookG4 said:
Have him update his os and tell him to always update when updates are released.

Will this fix the problem or will it just prevent further problems?
 
Joined
Mar 9, 2004
Messages
9,065
Reaction score
331
Points
83
Location
Munich
Your Mac's Specs
Aluminium Macbook 2.4 Ghz 4GB RAM, SSD 24" Samsung Display, iPhone 4, iPad 2
Weird, that sounds exactly like the sasser virus for Windows...

He's not using the classic environment by any chance is he? There were a fair number of malicious viruses for OS 9 and older, but no really malicious ones for OS X.

The one virus that was discovered was more of a proof-of-concept. It certainly didn't do anything like that.

Perhaps it is a genuine application bug, but I've never heard of a shutdown countdown before.


Maybe he's still using his windows computer by accident? :)
 
OP
E

eyan212

Guest
Aptmunich said:
He's not using the classic environment by any chance is he? There were a fair number of malicious viruses for OS 9 and older, but no really malicious ones for OS X. Maybe he's still using his windows computer by accident? :)

He is not using classic. He is a new mac user and has no idea what classic is. I would not allow him to use his windows computer without wearing rubber gloves and a HazMat suit!

PLEASE HELP US!
 
OP
E

eyan212

Guest
I reformatted his hard drive. This was a crude solution that only worked because it was a new computer and he had nothing saved on it. There has got to be a better way to deal with this problem. I will continue to check this post for any further insight.
 
Joined
Oct 10, 2004
Messages
10,345
Reaction score
597
Points
113
Location
Margaritaville
Your Mac's Specs
3.4 Ghz i7 MacBook Pro (2015), iPad Pro (2014), iPhone Xs Max. Apple TV 4K
How did you get it to boot from the DVD to reformat it?
 
Joined
Feb 2, 2004
Messages
12,455
Reaction score
604
Points
113
Location
PA
Your Mac's Specs
MacBook
There are no viruses for OS X. And there hasn't been any yet.
There weren't really any "viruses" for OS 9 or earlier either, as most of those "viruses" were simply exploits of macros in applications like MS Word and MS Excel... and the exploits only did damage if and only if you used macros when those apps were open....but anyway....
The problem was (sorry to say) most likely user error. Those types of applications all have timers that will limit how long kids can use the computer, period. I would wager that he enabled this timer on the very account he was trying to use on startup. In other words, his admin account. If it was enabled, he would experience the same symptoms you described. These programs also at times give the illusion that you actually deleted the application, but in reality it is still active and running. This is to give the kids or 'protected' parties the idea that they are not being monitored and can go about their dubious tasks when they are in reality still being monitored.
Safe Eyes Website said:
In order to maintain the security in Safe Eyes that you have come to trust, three pieces of information are required to uninstall Safe Eyes: your username, administrator password and an uninstall code. Uninstall codes are tied to your specific Safe Eyes account and can only be used on the day it is issued. You can obtain an uninstall code below by entering your username and administrator password and clicking "Generate Uninstall Code". LINK
So, as you can see in your case, you never uninstalled it. This is why you couldn't access the various startup methods and that symptoms never ceased.
These are very powerful applications and from what I have seen cause more damage than good. Since your friend's machine is working now, I would suggest leaving any of that monitoring software off of it.
 
OP
E

eyan212

Guest
I brought my apple keyboard over to his house so I was able to boot off the DVD. His logitech keyboard was the problem there. The time outs were not caused by the Safe Eyes software. Whatever it was seemed to be "infecting" Finder. I just don't know.
 
Joined
Feb 2, 2004
Messages
12,455
Reaction score
604
Points
113
Location
PA
Your Mac's Specs
MacBook
eyan212 said:
I brought my apple keyboard over to his house so I was able to boot off the DVD. His logitech keyboard was the problem there. The time outs were not caused by the Safe Eyes software. Whatever it was seemed to be "infecting" Finder. I just don't know.
Again, the only thing that 'infected' the computer was the Safe Eyes software. :black:
eyan212 said:
I uninstalled the Safe Eyes program by dragging it to the trash and also deleted a preferences file that I found. When that did not work ....
It was not uninstalled completely or properly and that is likely what caused the issues you were having.
There currently are no viruses or malware for OS X.
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top