Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Malware infection (screenshot)

hwojtek

hwojtek

macrumors 68020
Original poster
Jan 26, 2008
2,274
1,277
Poznan, Poland
When I turned my computer on today, I noticed a strange activity at boot up. LittleSnitch has blocked an outgoing connection (see attachment).

The app has indeed been lurking in a hidden ".Install" folder in my home directory. It was installed a day ago at 10:56 pm (no trace of it in my logs, at least not that I can spot them). The rest can be seen on the screenshot. I didn't download nor run anything at the time (actually I was reading theatlantic.com). Any ideas?
I have now zipped this app, removed it from startup items (yes, it was run from there). If anyone is interested I can email the contents.
 

Attachments

  • Screen Shot 2013-02-24 at 10.22.15 AM.PNG
    Screen Shot 2013-02-24 at 10.22.15 AM.PNG
    88.1 KB · Views: 327
Last edited:
wrldwzrd89

wrldwzrd89

macrumors G5
Jun 6, 2003
12,110
77
Solon, OH
I'm not sure what that is, but it sure is an interesting find. I suspect you're right about it being possibly malicious and not to trust it.
 
Drew017

Drew017

macrumors 65816
May 29, 2011
1,254
11
East coast, USA
hwojtek said:
When I turned my computer on today, I noticed a strange activity at boot up. LittleSnitch has blocked an outgoing connection (see attachment).

The app has indeed been lurking in a hidden ".Install" folder in my home directory. It was installed a day ago at 10:56 pm (no trace of it in my logs, at least not that I can spot them). The rest can be seen on the screenshot. I didn't download nor run anything at the time (actually I was reading theatlantic.com). Any ideas?
I have now zipped this app, removed it from startup items (yes, it was run from there). If anyone is interested I can email the contents.
Click to expand...

It's probably not a virus… maybe just some malware or a program that was installed with another app.

Mac Virus/ Malware FAQ
 
Last edited:
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,556
950
hwojtek said:
When I turned my computer on today, I noticed a strange activity at boot up. LittleSnitch has blocked an outgoing connection (see attachment).

The app has indeed been lurking in a hidden ".Install" folder in my home directory. It was installed a day ago at 10:56 pm (no trace of it in my logs, at least not that I can spot them). The rest can be seen on the screenshot. I didn't download nor run anything at the time (actually I was reading theatlantic.com). Any ideas?
I have now zipped this app, removed it from startup items (yes, it was run from there). If anyone is interested I can email the contents.
Click to expand...
Have you installed any apps related to CableVision?

Registrant:
Cablevision Systems Corporation
1111 Stewart Avenue
Bethpage, NY 11714-3533
US

Domain Name: OPTONLINE.NET
Click to expand...

It's not malware.... or "maleware"! :D
 
hwojtek

hwojtek

macrumors 68020
Original poster
Jan 26, 2008
2,274
1,277
Poznan, Poland
The only app I ran this evening was a trial of "PDF Protector" which I've found redundant regarding I bought the Acrobat X Pro along with my Adobe CS. I have then removed the program.
Point is, stuffing an app with a cryptic name into a hidden folder is just not fair. I would take this for granted if the app was documented and had a clear way of removing it. But if not LittleSnitch, I wouldn't ever know I have a parasite on my computer.
And no, I do not have anything even remotely related to CableVision.
 
GGJstudios

GGJstudios

macrumors Westmere
May 16, 2008
44,556
950
hwojtek said:
The only app I ran this evening was a trial of "PDF Protector" which I've found redundant regarding I bought the Acrobat X Pro along with my Adobe CS. I have then removed the program.
Point is, stuffing an app with a cryptic name into a hidden folder is just not fair. I would take this for granted if the app was documented and had a clear way of removing it. But if not LittleSnitch, I wouldn't ever know I have a parasite on my computer.
And no, I do not have anything even remotely related to CableVision.
Click to expand...
It's possible the app was bundled with another app you installed, as that happens frequently. Yes, I agree they should let you know what you're installing, but the simple solution is to simply delete anything associated with that app. The most effective method for complete app removal is manual deletion:

You may want to change your thread title to something more descriptive, since this obviously isn't a virus. There has never been a Mac OS X virus in the wild, and only a handful of trojans, which are easily avoided by practicing safe computing. See the link that Drew017 posted for more details.

To edit your thread title, click the "Edit" button on your original post, then click "Go Advanced" and you will see where to edit the thread title.
 
hwojtek

hwojtek

macrumors 68020
Original poster
Jan 26, 2008
2,274
1,277
Poznan, Poland
Peace said:
Are you sure 69.118.252.2 isn't your router ?
Click to expand...

No, as LittleSnitch resolved it properly, this is ool-4576fc02.dyn.optonline.net - a network as on the "other side of the planet" as it gets, at least from my standpoint ;)

And yes, I have removed it properly, I am quite proficient in terminal and grep ;)
 
madmin

madmin

macrumors 6502a
Jun 14, 2012
827
6,019
Hi sorry to hear about this. It would help to know a bit more...

Where did you install PDF Protector from ?

Do you have Gatekeeper and XProtect enabled ?

Is Java disabled in your browser ? Which do you use ?

thanks for posting
 
hwojtek

hwojtek

macrumors 68020
Original poster
Jan 26, 2008
2,274
1,277
Poznan, Poland
I seriously have no idea where from… I clean my downloads quite regularly, maybe a peek into my browser history would help, but I am not at this computer ATM.
Gatekeeper - no.
XProtect - yes.
Java - disabled.
Flash - mostly disabled, I run Click2Plugin.
Safari - most recent, so 6.0.2, I believe.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom