Trojan Virus Infected MacBook Pro....TR/Dldr.Matsnu.B Help

[CrazyMikesapps]

Hello,

I am a power MacBook Pro user for a website I run and video production and editing, basic stuff. I began having an issue with my processing while doing a bunch of processes, surfing, rendering, uploading...right this is a lot, but I mean like freezing for up to a minute, etc.

Long and short of it.

Been deleting crap off my hd and saw I had 377 GB of other stuff on my hd, wow!

I use MacKeeper, but had my Anti-Virus protection off, typical. I ran the Anti-Virus and found 2 emails that were infected with TR/Dldr.Matsnu.B, from what I can tell a trojan horse, but not much information out there for this or Mac viruses overall.

I have quarantined the files and deleted, however I am left with 377 GB of crap I cannot figure out how to delete.

My guess is to get critical files onto an alternate drive and reformat?

I have a backup from 1 week ago on an external, which is being checked right now for the viruses.

Anyone ever here of the virus above or have any knowledge of alternate choices or paths for me to follow.

Also if familiar do you know the main mission for this virus?

thank you

Mike

 

[mrplow]

Firstly get rid of MacKeeper. A quick search on these forums will give you lots of info. It's likely half of your problem.

The trojan detected in your email is a Windows Trojan (according to Symantec and Sophos). So while it's good that you won't be passing that onto and friends/family/colleagues using Windows, it's not doing any harm to your Mac.

So to your other issue. Where is this 377GB of data you want to be rid of?

 

[CrazyMikesapps]

Don't Know

mrplow,

thank you for the help much appreciated.

bad thing, I cannot find the data and I have been looking all over my computer.

the storage on system info is where I am getting the information, using again, MacKeeper it cannot find it and I am not as savvy on the deep file structure of a hd, but I think it is somewhere there

again, thank you for your time any additional words of advice very much appreciated.

Mike

 

[mrplow]

I can't stress this enough. Do yourself a huge favour and uninstall MacKeeper.

The 'other' category is basically everything that doesn't fall into the other headings. So zip files, caches, temp files etc etc.

Once you've deleted MacKeeper get Onyx (it's free, just download the version that matches the edition of OSX your running and run the automated scripts). This will clear out your temp files, caches etc and will probably make in roads into lowering your 'other' space used.

Now look to your downloads and documents folders and get rid of any unwanted or out-of-date files.

You may also want to run Disk Inventory X. It will graphically show you large files on your disk.

As with any kind of maintenance and system change - make sure you have a backup and if you have any doubt about deleting a particular file - don't

 

[CrazyMikesapps]

already deleted Crap Keeper

mrplow,

MacKeeper has been deleted from both our MacBook Pros, did a search and appreciate the tip.

Will take your other suggestions and see how to clean this mess up.

thank you

Mike

 

[mrplow]

Once you've had a good clean through it's worth firing up Disk Utility and doing a repair disk and a repair permissions.

Good luck. Welcome to the forums btw. Post back with your results please.

 

[CrazyMikesapps]

follow up

mrplow,

thanks again, heres the horror:

Reformatted hd and had to rebuild my programs, which is no big deal, but 1 password (hopefully this is a good pw manager?) gave me headaches. According to a senior tech at Apple, guy is great I had a DNS switcher, now the paranoia has set in.

I have used disk utility on my machine and Onyx as well as my wife's.

Question: We get a lot of email in our Microsoft Hosted Exchange that we run on our Mac's for business, I am checking out Kaspersky for 30 days, is this a waste. I get that Kasperky has to have the virus before we can be protected, but try to cover all bases.

BTW, the guy at Apple used a program beginning with a G that found all my data in a hidden directory at the root level, nasty.

We appear to be running okay, but still leery of this whole affair.

your thoughts suggestions would be appreciated.

thank you

Mike

 

[harryb2448]

There are no Mac OS X viruses. Folk pay good money to download Windows virus definitions for some reason. If you fell you must run AV software, download and install ClamXAV, which is freeware and will not bloat and slow your computer.


http://www.clamxav.com/download.php

 

[mrplow]

No disrespect but I'm utterly confused by your post.

I don't understand the sentence referring to a dns switcher or the one about a hidden root level directory or the line about kaspersky having to get a virus.

If you formatted your disk and started from scratch you can't possibly have anything wrong.

Sorry, again. I'd love to try and answer your questions but I'm really struggling to understand what you're trying to get at.

Going forward. If you have a fresh, newly installed system, apps installed, OSX up to date your sorted.

There's no need to run any anti virus as Harryb suggests.
The only reason I can see to run AV is to clean any emails of viruses if your going to forward them onto Windows users.

 

[CrazyMikesapps]

Getting it now!!!

harryb2448,

thank you for the tip, mrplow recommended the same. Did not plunk down any cash for Kaspersky and already deleted and got myself a copy of ClamXAV.

So Mac's cannot get a virus, but my machine, so in this case it the Trojan is to junk up my computer or to DNS switch?

thank you

Mike

 

[CrazyMikesapps]

Confused

mrplow,

I think I am confused because while I had an 2 infected emails I also had a huge hidden file on my computer in a directory at the root level.

Not sure, but I may have contributed to this by deleting necessary files from programs, stupidly while trying to recover space.

Being a former PC user, I guess I hear virus, have a huge hidden file with my missing memory and conclude they are related, not sure.

I am going to use ClamXAV for our email protection.

Sorry for the confusion, thanks for the help!

Mike

 

[mrplow]

The Trojan you detected only impacts Windows systems. It couldn't have been responsible for any issues on you Mac.

I suspect that, from what you've said, you may have had a few issues causing slow downs on your machine and your likely compounded the issue by delving into the system files and removing files you should never get involved with.

Now you've got a clean and tidy system I'd suggest the following:
1. Only get software from a reliable source
2. Run disk utility to repair permissions and repair disk once a month
3. Run onyx automated scripts once a month
4. Run software update once a month
5. Only concern yourself with files that you have created

Using those 5 steps you'll keep your Mac happy and healthy

 

[CrazyMikesapps]

Cool

mrplow,

yes, I am positive you are correct, I get a bit carried away deleting crap and your advice to only run trusted software, yes indeed.

I reloaded all software from disc or a fresh install on this current version.

I will live by your 5 rules and again much appreciated from across the pond.

Mike