This forum thread needs a solution.
Kudos0

Client's Mac Mini may have a Rootkit

Posted: 21-Nov-2009 | 9:13PM · 7 Replies ·

Hi! All,

I went out on a service call this afternoon for an elderly person who was having trouble her Mac.  The following symptoms were presented:

1.) Passwords were changed on the system.

2.) The once present security software was no longer anywhere to be found.

3.) The Mac OS firewall was disabled.

4.) File permissions on the system change at random with the user even accessing the files.

5.) The user is unable to install any updates to the system without a password even though the user did not pass protect the system since the user is the only one living in the residence.

 6.) The ISP detects unknown malware coming from the system; the ISP does not provide any security software to Mac system owners.

The Operating System is: Mac OS X 10.4.1 on a Mac Mini.  Please advise.

Replies

Kudos0

Re: Client's Mac Mini may have a Rootkit

Posted: 21-Nov-2009 | 9:13PM · Permalink

Hi! All,

I went out on a service call this afternoon for an elderly person who was having trouble her Mac.  The following symptoms were presented:

1.) Passwords were changed on the system.

2.) The once present security software was no longer anywhere to be found.

3.) The Mac OS firewall was disabled.

4.) File permissions on the system change at random with the user even accessing the files.

5.) The user is unable to install any updates to the system without a password even though the user did not pass protect the system since the user is the only one living in the residence.

 6.) The ISP detects unknown malware coming from the system; the ISP does not provide any security software to Mac system owners.

The Operating System is: Mac OS X 10.4.1 on a Mac Mini.  Please advise.

Kudos0

Re: Client's Mac Mini may have a Rootkit

Posted: 23-Nov-2009 | 7:39AM · Permalink

Is it really 10.4.1 or is it 10.4.11 ?
Tech83 wrote: 

The Operating System is: Mac OS X 10.4.1 on a Mac Mini.  Please advise.



Kudos0

Re: Client's Mac Mini may have a Rootkit

Posted: 23-Nov-2009 | 10:11AM · Permalink

From what I could see the OS was reporting Mac OS X 10.4.1 and not Mac OS 10.4.11;  I seen the update to the newer version was available but it is prevented from being downloaded and installed.
Kudos0

Re: Client's Mac Mini may have a Rootkit

Posted: 23-Nov-2009 | 10:28AM · Permalink

Have you scanned the machine using anything?  Even a free product? Do you have the machine in your possession?  Please email me at mike_romo@symantec.com and I'll see what we can do to help you out.

-mike

Kudos0

Re: Client's Mac Mini may have a Rootkit

Posted: 24-Nov-2009 | 7:14AM · Permalink

Of course, it would be interesting to be able to identify a specific piece of Mac malware on the system.

But, in the end that will not really change the fact that the system should be reinstalled from the original CD's with the Erase/Install option and then updated with the current combo update to OS 10.4.11 via Software Update. Any software or data should be restored from known good backups.

 Actually, even 10.4.11 may not be sufficient in terms of security, since Apple seems to have stopped releasing security updates for 10.4.x as of 11/2009

At this point, it might be wise to upgrade to 10.5.8 for PPC Macs, and 10.6.2 for Intel based Macs.

Kudos0

Re: Client's Mac Mini may have a Rootkit

Posted: 29-Nov-2009 | 10:55PM · Permalink

Hi! All,

Update:  I have been waiting to schedule another service call for my client; they have been out of town for a while; so hopefully soon I can let you know what the successful solution is.

Kudos0

Re: Client's Mac Mini may have a Rootkit

Posted: 14-Dec-2009 | 9:49PM · Permalink

Hi! All,

Thanks for the help; the user has decided to send the unit into Apple for repair.

This thread is closed from further comment. Please visit the forum to start a new thread.