+ Post New Thread
Results 1 to 9 of 9
Mac Thread, Virus or No Virus? in Technical; Hi Last week on two seperate occasions i had the kaspersky av server dish out virus warnings. After investigating turns ...
  1. #1

    Join Date
    Oct 2007
    Location
    scotland
    Posts
    45
    Thank Post
    15
    Thanked 1 Time in 1 Post
    Rep Power
    0

    Virus or No Virus?

    Hi

    Last week on two seperate occasions i had the kaspersky av server dish out virus warnings. After investigating turns out the warnings were for the same user and for two different usb keys. Problem is she is running a mac at home and that the usb keys were brand new and only touched her mac and pcs in school.

    Kaspersky flagged up the following:

    E:\RECYCLER\recycld.exe

    Event Detection of viruses, worms, Trojans, hack tools happened on computer in the domain at Fri Sep 18 08:07:05 2009 File E:\autorun.inf: detected virus 'Worm.Win32.AutoRun.gsx'. User: , computer: localhost.

    My query is this, is kaspersky just wrongly flagging up an autorun exe as a virus or is it a virus? The user does not have any av at home on the mac.

    Are there any known mac viruses about?

    a Kaspersky search points me to here - Viruslist.com - Worm.Win32.Autorun.cpe but its for windows.

    On all domain pcs i have disabled autorun and exe being run via gpo.

    I dont know whether i need to chase this any more or put it down to kasperksy doing its job.
    Should i advise the staff member to get an av for a mac?
    The usb key is not useable on the computer as it does not load. I might give her a new usb key that way i will know it was clean when i gave it to her and the ones i give out do not have any software to load to run.

    Any pointers?
    miller

  2. #2

    featured_spectre's Avatar
    Join Date
    Nov 2008
    Posts
    12,501
    Thank Post
    1,684
    Thanked 2,053 Times in 1,491 Posts
    Blog Entries
    2
    Rep Power
    464
    Recycler is a problem for AVs to remove, even NOD32. To remove it I took the HDD out and put it in our linux machine, and removed it manually otherwise it would keep showing up. Worked each time (same with the Bro Act virus!).

    Hope that helps.

  3. #3


    Join Date
    Mar 2008
    Location
    Surrey
    Posts
    2,317
    Thank Post
    131
    Thanked 355 Times in 293 Posts
    Blog Entries
    4
    Rep Power
    142
    Quote Originally Posted by gmiller View Post
    My query is this, is kaspersky just wrongly flagging up an autorun exe as a virus or is it a virus? The user does not have any av at home on the mac.

    Are there any known mac viruses about?

    a Kaspersky search points me to here - Viruslist.com - Worm.Win32.Autorun.cpe but its for windows.

    On all domain pcs i have disabled autorun and exe being run via gpo.

    I dont know whether i need to chase this any more or put it down to kasperksy doing its job.
    Should i advise the staff member to get an av for a mac?
    The usb key is not useable on the computer as it does not load. I might give her a new usb key that way i will know it was clean when i gave it to her and the ones i give out do not have any software to load to run.

    Any pointers?
    miller
    No matter the computer, its always worth having AV. There are viruses now for all OSes as far as I'm aware - including a handful of proof-of-concepts for phones.

  4. #4
    AntonioRocco's Avatar
    Join Date
    Oct 2008
    Location
    South Yorkshire
    Posts
    270
    Thank Post
    11
    Thanked 114 Times in 95 Posts
    Rep Power
    41
    Hi

    "Are there any known mac viruses about?"

    Regardless of what anyone tells you No. AFAIK there have been some mac specific viruses 'created' in laboratory environments only. There has been a slight increase in mac specific trojan horses and malware. From zero to possibly five or six in the last 1-2 years? To be honest I don't keep a track of them as they are easily removed and don't hang around for long.

    This does not mean to say you should not protect mac clients in a Windows environment. Viruses can sit inert on a mac client and transfer across a network or memory stick or by some other means to infect PC clients very easily.

    In education it makes sense to add mac clients to your AV strategy. You have no control over what students get up to away from school. I've yet to meet a teenager that is not using BitTorrent, Kazaa or Limewire or something else to download or share information with someone else?

    Couple this culture with a memory stick and easy access to macs and PCs at school and you could have a recipe for disaster. I know of one location where the recent conflicker virus was introduced this way.

    The good news is the AV strategy you have in place seems to be working.

    Antonio Rocco (ACSA)

  5. #5
    somabc's Avatar
    Join Date
    Oct 2007
    Location
    London
    Posts
    2,337
    Thank Post
    83
    Thanked 388 Times in 258 Posts
    Rep Power
    112
    She must have got that virus from a PC OR it was already on the drive when she bought it OR she downloaded an infected file on the Mac and perhaps ran a virtual machine or bootcamp. It will not affect a mac at all as it is a windows virus (.exe).

    It is possible that macs (and linux) can be affected by a rootkit, trojan (perhaps from pirated software) or weak passwords although this is fairly unlikely. There are no known viruses or worms for OS X.

    eg. HP Proliant USB key riddled with worms ? The Register
    Last edited by somabc; 22nd September 2009 at 01:43 AM.

  6. #6

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,511
    Thank Post
    627
    Thanked 1,173 Times in 900 Posts
    Blog Entries
    15
    Rep Power
    524
    As mentioned this is certainly an infection, and one that wants looking after. It's one of a fair few Conficker-a-likes, and can prove to be a right pain in the backside for your network and/or workstations.

    Look out for any autorun.inf on USB pens. A couple of big brand ones might have them legally, but open them up and see whats inside. More often than not, you'll get what you have - it pointing to an EXE file in a fake Recycling bin folder. The two most common I'm picking up recently is recycld.exe and INFO/INFO2 files. These will spread like wildfire on USB pens via infected machines (almost certainly not macs) and, at risk of repeating someone else, the best solution is to get hold of a bootable linux live CD (Ubuntu is a good bet) and use that to boot any PC, and then to clean USB pens, Just boot up, insert pen drive, delete the autorun and recycld folders. Make sure you press ctrl+H to show hidden files.

    If you see a pen with lots of hidden .cmd .com or .exe files in the root, you have a more serious infection which is either akin to, or actually Conficker - and time to start serious quarantine and disinfection procedures.

    I've got a little cheat sheet for staff members with some website addresses to obtain trustable, free anti virus and anti-malware software for their home systems. It's surprising how many folks run Norton from buying it then never, ever update either it or the subscription (probably a good thing in the long run!) Although their home system isn't our responsibility, it makes you look good. After all, it's for the good of our networks

  7. #7

    Join Date
    Oct 2007
    Location
    scotland
    Posts
    45
    Thank Post
    15
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi Thanks for the answers. Will clean the keys and recommend the user gets an av for the mac.

    Anyone recommend a good one for a mac? I will search the forum in the meantime.

    Cheers
    Miller

    ** Update**
    Told staff member to download http://www.clamxav.com/ and run it - she has reported back this morning that there was some kind of autorun virus on her mac. A good warning to others about the possible transfer from unprotected macs to pcs via usb keys.

    Thanks again!
    Last edited by gmiller; 23rd September 2009 at 09:42 AM.

  8. #8
    kitsch's Avatar
    Join Date
    Sep 2009
    Location
    ox4 4le
    Posts
    37
    Thank Post
    2
    Thanked 3 Times in 3 Posts
    Rep Power
    11
    Quote Originally Posted by gmiller View Post
    Are there any known mac viruses about?
    I've had macs off and on since 1991 and they seem remarkably resilient to onslaughts both on and off the net. Have been on the internet for 10 years with NO problems at all as yet (apart from current mac beginning to get past it at 6 years old and not being able to update java to newest version).

    Oh, and Kaleidos has issues, but I'm not changing my computer yet just so I can access THAT properly at home!
    Last edited by kitsch; 24th September 2009 at 07:35 AM.

  9. #9
    gibbo_ap's Avatar
    Join Date
    Nov 2007
    Location
    Staffs, UK
    Posts
    937
    Thank Post
    233
    Thanked 81 Times in 64 Posts
    Rep Power
    37
    i always check bleepingcomputer.com if i dont know what something is



SHARE:
+ Post New Thread

Similar Threads

  1. Virus on Server
    By roughyed in forum Windows Server 2000/2003
    Replies: 9
    Last Post: 20th January 2009, 02:54 PM
  2. New Virus?
    By apeo in forum Windows
    Replies: 8
    Last Post: 10th October 2008, 02:12 PM
  3. Website Virus
    By karldenton in forum Web Development
    Replies: 6
    Last Post: 21st November 2007, 12:56 PM
  4. Virus Question
    By jlr58 in forum Windows
    Replies: 2
    Last Post: 27th June 2007, 09:06 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •