Just recently, a new trojan for OS X was discovered. Apparently it only affects Snow Leopard and Lion. Whether it does/doesn't affect Mountain Lion is still unknown. The trojan sits on your computer and hides, doing nothing so far. How do I check to see if this trojan has been installed on my system? If it is, how do I remove it?
MacOS – How to check to see if the computer is infected with the OSX/Crisis Trojan
macosmalware
Related Question
- Security – How to Detect and Remove Flashback Trojan on Mac
- MacOS – Has Mountain Lion changed file sharing setup or permissions
- MacOS – Clean reinstall of Mountain Lion deleted the iLife applications. How to get them back
- MacOS – How to erase the data from the Macbook without losing the recent OS
- macOS Snow Leopard – Install & Run OS X 10.8 Mountain Lion from External Hard Drive
- MacOS – How to fix app store Mountain Lion download that stops at 45%
- MacOS – Duplicate launchpad icons where can I find the apps
- MacOS – Tips to speed up a Mac Mini
Best Answer
Apparently, Intego has been investigating this trojan and has found that the trojan will only be on your machine if the following folder exists:
/Library/ScriptingAdditions/appleHID/
If it was installed with admin privileges, this files/folders will exist:
/System/Library/Frameworks/Foundation.framework/XPCServices/
/System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/MacOS/com.apple.mdworker_server
/System/Library/Frameworks/Foundation.framework/XPCServices/com.apple.mdworker_server.xpc/Contents/Resources/
/Library/ScriptingAdditions/appleHID/Contents/Resources/appleOsax.r
These files ping the IP address 176.58.100.37 every 5 minutes. It currently doesn't do anything, but at any point the trojan could activate and potentially cause problems. Intego also reports that Mountain Lion is not affected by the trojan. Intego's VirusBarrier will remove the trojan.