[OS X TeX] OT: effective Macintosh Trojan in the wild
Bruno Voisin
bvoisin at mac.com
Wed May 4 10:38:24 CEST 2005
Sorry for this OT post, but I've been faced for the first time this
morning with an effective Macintosh Trojan (I thought that
impossible) and thought it useful to report here, in case others are
faced with it.
In short, I've spent a couple of hours trying to get up and running
the PowerBook G4 15" of a colleague, with no luck. The OS is Panther
10.3.9. Since last Monday, the PowerBook is freezing several times a
day, with Norton Antivirus (installed on that particular Mac) popping
up a dialog about Hacktool.Underhand in a file swapfile1 that cannot
be repaired. Problem is, there's nothing about this Trojan at
Symantec's site, and no file swapfile1 on my colleague's disk
(looking for both visible and invisible files on the whole disk).
Turning finally to Google gives this <http://www.computing.net/mac/
wwwboard/forum/10972.html>, which corresponds exactly to the same
symptoms and is fairly recent (reports on the problem started May 2).
One post attributes the problem to NeoOffice, which is wrong since it
is not installed on my colleague's Mac. Apparently, the only solution
(apart from disconnecting physically from the net) is to boot another
Mac with Norton AV installed, connect the infected Mac in FireWire
disk mode and then sanitize it, which apparently means removing
several swapfiles and tmp files.
Bruno Voisin
--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
& FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>
More information about the macostex-archives
mailing list