Jump to content

I seem to be infected with a virus?


ashd
 Share

5 posts in this topic

Recommended Posts

i'm not sure if this is in the right forum, but i appear to have some form of virus on my 'hackintosh',

 

Several day ago i noticed that occasionally, my mouse would start moving around oddly and right clicking, even if my hand wasnt in contact with the mouse, i thought this was either my mouse playing up the first few times, and after several days the movement seemed to be more 'human' than 'mouse-messing-up', so i attributed it to someone possibly vnc-ing to me, so i passworded my vnc server.

 

It seemed to stop after this for a while, however a few hours later it happened again, so i started to get a bit worried, and shutdown the vnc server. Although i havn't had the mouse going berzerk and right clicking since everywhere, in amsn conversation windows i have open, the text '®http;//195.218.117.44/upd.exe' is being randomly sent, after correcting the link and downloading it, it was a 10.2kb file that required the visual basic runtime to work (i tried running it in wine and it spurted out an error about not having the runtime dll), i am fairly sure this is a virus, obviously not the same file affecting os x, but someone or something definately appears to be attempting to do something... does anyone have any ideas what is going on?

 

i'm running 10.4.6 on an amd64, without any security updates...

thanks in advance

Link to comment
Share on other sites

zip the file and send it to your favorite antivirus company to examine it. but unless you know if it's a legit virus or not, no one can say. Btw, my stupid USB optical mouse moves without my permission too. i just pound it on desk once and it behaves.

Link to comment
Share on other sites

Rather than lay blame on what or why you even downloaded the file,,,,,

 

Firstly disconnect you network cable from PC or turn it off in System Prefrences.....

 

Second stay in system prefrences and open sharing, make sure that all services are turned off (unchecked for the moment).

 

Next click firewall button, then start,,,,, click on Advanced button, check all three buttons, Stealth, UDP, Firewall Logging......

 

Make sure that internet sharing is NOT on (3rd Tab)......

 

Now either turn on your Network Card and follow next step's, or if you have a second PC or Laptop use this one......

 

I found on other torrent site's like http://isohunt.org there is a Antivirus Package by Norton (10.0 or 10.1), because I run Messeneger and office 2004, this is the perfect Virus package for OSX because I recieve files from Windows users.

 

Once that is installed then, scan computer,,,,,,,,, ALL DRIVES....

 

Has it picked up anything ?

 

Where did you download that VB script to ? delete it........

 

Also a very good program to install on hackintosh is Liitle Snitch, this is a very good software based firewall...... it reports and let you's decide what applications use the internet. I would not connect my PC or Powerbook to net without this software. Its shareware (cheap) but there's is plenty of codes out there serialz.com or somthing.....

 

Also check you router ?

Does it have a buit in Firewall ?

Is it turned on ?

 

Hope this helps,

Link to comment
Share on other sites

i have turned on my firewall etc. and installed little snitch, my firewall is a w2k3 server running routing and remote access with it's basic firewall on, there are two ports forwarded to my hackintosh, VNC and bittorent, and port 80 (http) is allowed through to itself.

I am fairly knowledgable when it comes to this sort of thing, i'm not the kind to go downloading 200kb versions of windows from limewire etc, I've run copies of windows XP (SP2 ofcourse) and 2003 with no antivirus software for months without incident; i can't spot any processes in activity monitor that look abnormal.

 

The link to the exe that keeps on being sent i only ran from my desktop, knowing it wouldnt really be able to do alot in wine, and i was right, it didn't even manage to execute. So it doesnt really solve why on earth this random, albeit broken, link keeps getting sent, i have not done anything to my knowledge that would run malicious code (minus that exe, which i ran AFTER the strange occurances), the only thing i can think of that has even a slight possibility of being malicious is iSerial reader, which has been on here for months with no apparent problem. I suppose using the root account for everything hasn't been one of my brightest ideas, however i am fairly confident with running as root having not experienced any problems before this. I know there are one or two proof of concept viruses out there for os x but i havn't heard of any that behave like this.

 

I've just installed ClamXav and will try a scan using that...

Link to comment
Share on other sites

I have been runnning iSerial myself for about a year without problems......

 

I would remove windows, switch off servers,,,,,,,,

 

Connect apple to internet through internet router,,,,, Leave windows off for the min;

 

Does it still happen ?

 

Im sorry but no OS should be connected to the internet, with antivirus and a firewall.......

 

Make a virus boot disk with latest defintions on it and boot from it.

 

Scan all your machines

 

Sorry I cannot be of more help,,,,,,

Link to comment
Share on other sites

 Share

×
×
  • Create New...