• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Trojan.fakeAV virus on Mac

Hi there, I have just installed the new NIS5 for mac on my macbook pro as I was concerned about a potential security threat. The system scan is showing a virus with the label Trojan.FakeAV housed in an MS office backup file, and when i click to delete it deletes the item but does not move it to quarantine. I was slightly unsatisified with the result of the deletion so I ran the scan again and NIS identified the same file again in the same folder, even after it had supposedly be deleted. I have suffered a number of security issues in the last couple of weeks which appear to be related to this (credit card compromisation and website hacking) so am keen to get rid of it asap - can anyone provide me with any advice? I am running Osx Lion. Thanks, Andy

Replies

Kudos0

Re: Trojan.fakeAV virus on Mac

Hi there, I have just installed the new NIS5 for mac on my macbook pro as I was concerned about a potential security threat. The system scan is showing a virus with the label Trojan.FakeAV housed in an MS office backup file, and when i click to delete it deletes the item but does not move it to quarantine. I was slightly unsatisified with the result of the deletion so I ran the scan again and NIS identified the same file again in the same folder, even after it had supposedly be deleted. I have suffered a number of security issues in the last couple of weeks which appear to be related to this (credit card compromisation and website hacking) so am keen to get rid of it asap - can anyone provide me with any advice? I am running Osx Lion. Thanks, Andy

Kudos0

Re: Trojan.fakeAV virus on Mac

The threat reported as Trojan.FakeAV is a Windows PC trojan (i.e., a program that doesn't do what it purports to do -- in this case a fake "antivirus" detector).  It can not run on nor harm your Mac.  Nevertheless, it is detected so that you don't pass it on via email, or the like, to other computers which ARE running Windows. Here's the Symantec writeup on it:

http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2007-101013-3606-99

(Note that the complicated looking instructions in the Removal section of that writeup refer to Windows computers.)

Typically this arrives as an attachment in a Spam email, and what apparently happens is that some email programs (perhaps Microsoft Outlook for Mac) cache that stuff in a way that Norton can't delete it.  You say you are getting reports that this is in a MS Office backup file.  If you mean that's on your Time Machine backup, then that is likely what has happened.

Here's a post from Symantec from 2010 talking about this, and suggesting that you could go into Time Machine, navigate to the reported file, and tell Time Machine to delete all backup copies of it:

http://community.norton.com/t5/Norton-for-Mac/Pesky-quot-Trojan-FakeAV-quot-won-t-go-away/td-p/288680

So if that matches the report you are getting then that's a way to get rid of it.  Or, since Norton has apparently deleted the original copy on your computer, you could just ignore what's in the Time Machine backups -- they'll eventually expire.  Again, this is not a threat that can run on your Mac, so no real worries.

I do not know if Symantec has made any progress upgrading the antivirus stuff in NIS for Mac so that it can delete such copies stashed in backups automatically.

--Bob

This thread is closed from further comment. Please visit the forum to start a new thread.