While browsing websites, my Mac unexpectedly shut down (turned off). I did not download anything (that I know of) while browsing websites, but did click a link or two on unfamiliar websites. My "Enable Java" was checked under "Security" in Safari.
After turning on the Mac manually, I received a message on the screen that stated the Auto-Protect feature was shut off during my last session, before the computer shut down. The message asked me if I wanted to turn Auto-Protect back on.
(I did not turn Auto-Protect off.)
I checked NAV, and sure enough, Auto-Protect was off. I thought this was weird, because the locked symbol was on. I had to unlock the padlock, type my password, and then turn the Auto-protect on, as well as restore some default preferences (under "configure")
I ran a manual virus scan for the entire system, but found nothing.
I fear that I may have malware, but I can't scan the computer using Norton's Symantec Security Check (because I have a Mac).
Thank you -- in response to your question, there were no other error reports from the system after I restarted.
And, there have been no further complications (that I know of) that have occurred since this incident. After I turned Auto-Protect back on, it seems to have stayed on.
What made me suspicious was (1) auto-protect was turned off, and (2) the notification that stated auto-protect was turned off was in a gray window with no Symantec or Norton logo. Also, there were no "close" or "minimize" or "maximize" buttons for the gray window. I'm not sure if this is just how NAV is, but I was suspicious because I'd never seen this before.
I sure hope that my mac has not been zombied... I've never heard of anything like this occurring on a Mac.
I'm 99% sure (I can't be 100% sure, because it's been a couple of days).
I'm not sure how/why Auto-Protect was turned off, but I suppose it must have been some kind of error (probably the same error that caused the computer to shutdown).
I usually have not seen any error messages. It's been happening sporadically, not immediately. There are other problems:
I discovered LiveUpdate has not run since Oct 25, which is surprising since I had a daily task scheduled, and was also regularly running manual scans, which prior to Oct 25 had been triggering LiveUpdates, but subsequent to Oct 25, the manual scans stopped running a LiveUpdate. So I ran a manual LiveUpdate yesterday, which updated the software and definitions, and ran a virus scan, which found a "downloader" type virus in the Java cache, which I deleted (although perhaps I shouldn't have).
Now that I manually updated the software, today when I run manual scans, the LiveUpdate seems to be working again.
Also, I'd like to have some idea how badly my computer may have been compromised, e.g. does the virus have a keylogger which affects the Mac, etc.? So is there any way for me to get more info on the virus the scan found? I know there are online virus definitions, but the name of the virus that the scan found was just some non-descriptive alphanumeric name that didn't match any of the names of the virus definitions.
If the name of the file was something similar to "30feb821-4039d91a", then this is a trojan that does not affect Macs, so deleting it should be sufficient. It isn't clear why it wasn't deleted automatically, so if it gets detected again I may ask you for some help in isolating this.
It seems unlikely that this Java cache file is related to the issue of AutoProtect turning off. Hopefully running LiveUpdate may have improved the situation, but if not, let me know and I'll try to get some more details.
That definitely fits the template for filenames created by the Trojan in question (sorry I don't have the Trojan's name handy, I am about to head out for a couple days but will look it up upon return.
While browsing websites, my Mac unexpectedly shut down (turned off). I did not download anything (that I know of) while browsing websites, but did click a link or two on unfamiliar websites. My "Enable Java" was checked under "Security" in Safari.
After turning on the Mac manually, I received a message on the screen that stated the Auto-Protect feature was shut off during my last session, before the computer shut down. The message asked me if I wanted to turn Auto-Protect back on.
(I did not turn Auto-Protect off.)
I checked NAV, and sure enough, Auto-Protect was off. I thought this was weird, because the locked symbol was on. I had to unlock the padlock, type my password, and then turn the Auto-protect on, as well as restore some default preferences (under "configure")
I ran a manual virus scan for the entire system, but found nothing.
I fear that I may have malware, but I can't scan the computer using Norton's Symantec Security Check (because I have a Mac).