Virus problem - is it Oople? Help please.

[SlowOne]

I've been trying to isolate a problem I have with my Mac, and after months of experiments I have isolated the problem to when I am using Oople. Can the Ooplers help me with any of this to confirm/deny my theory?

It started with my broadband usage tripling over a month with no major change in our pattern of using the Internet. I suspected the TV (recently internet enabled!) and then this PC, recently acquired for speedo timing updates. I disconnected the TV and stopped using the PC.

As nothing changed, I acquired some virus software for my Mac, and it found a couple of phishing files. I deleted them, but they 'came back'. After working with each site and every other area we access (iTunes, etc.) I have found that they only come back when I connect to Oople. While I don't connect to Oople with my Mac, the broadband usage is back to normal, and that's worked for the last few weeks.

I have since re-connected the TV, and used this PC to get on to Oople. In both cases, the broadband usage has stayed down, and this PC has no viruses. The Mac has been fine and the broadband usage is 'normal' providing I don't use Oople.

My question is - is that actually possible? Could one website only pass on phishing viruses to one type of laptop, or operating system? Or is it something else I am missing? Can someone help me with any ideas as to how these buggers get in only when I access this site?

Please don't get me wrong, I have no idea if there is a problem with Oople, and I am not saying there is anything wrong with the site. I am hoping that you guys know more than I do, and that you would be able to check my experiment and tell me if it makes sense, and if there is anything you can help me with.

If anyone has any ideas I'd be grateful.

[mark christopher]

did you not post mac's dont suffer this sort of problem?

[jimmy]

If they are coming back they aren't getting removed. I'm not a mac expert but maybe someone can help with mac specifics? I know I've heard of some new mac viri going around and no it's not from this website.

You don't have to visit any websites to get viri on your computer - if you are getting viri on there you've not got sufficient protection.

Have a look at an online site checker - this website is clean.

[jimmy]

What virus scanner are you using on your Mac?

[coleman758]

I use a mac all the time, And i've never had an issue with ANY virus in 5 years of having a Mac. I'm not running any antivirus either.

They are very very rare.

I have on MAJOR problem though with oOple....





I'm always on and i never get any work done!!

[Chequered Flag Racing]

Quote:

Originally Posted by jimmy

Have a look at an online site checker - this website is clean.

Just tried http://www.virustotal.com/ and it's saying o0ple is cleaner than my PC

[SlowOne]

Quote:

Originally Posted by mark christopher

did you not post mac's dont suffer this sort of problem?

I did, it's something that is new and getting posted on the Mac forums. They're not a virus that affects the Mac, they are little trojans that hijack your computer and go phishing for the hacker on his behalf, hence the increased broadband usage. It's nice to know that my 25 years as a minority has finally ended - Macs have gone mainstream!!

I'm using ClamXav, and it seems to work well in finding the little buggers. Good to hear that Oople isn't the problem, thanks Jimmy and Glenn. I'll go look elsewhere...

[showtime]

so what would be the best program to use to find & remove these trojans?
i'm on my windows laptop now but i use my mac at home a lot!
i'm using Sophos antivirus on my mac at the mo...

[terry.sc]

Drive by downloads, when a virus installs itself when you visit a website, is very much Windows specific. Although theoretically mac virii could bypass security, every one in the wild requires the user to enter their admin password to allow it to be installed. At some point you have most likely installed the software yourself by accident. The most popular ways of convincing someone to install malware are fake anti virus software or fake video codecs.
If you want to run anti virus software then ClamXav is as good if not better than anything from the big software vendors, although I only run it once or twice a year as a check.


If you have found malware then most are easy to remove, although you have to make sure it isn't running first so you can delete it. If the anti virus software doesn't remove it you can usually do it yourself.

Open Applications → Utilities → Activity Monitor, if it's there click on the malware that's running and click “Quit Process”

Then go to System Preferences → Accounts → Login Items, find the malware and delete it from the list, or else it will start running again whenever you turn the computer on.

Search for the malware on your hard drive, put it in the trash then empty the trash. If it won't delete, force the trash to empty by holding down the Option key and choose Empty Trash from the Finder menu.

A useful piece of software I use is Little Snitch http://www.obdev.at/products/littlesnitch/index.html which does the opposite of a firewall. It monitors everything going out from your mac to the internet, useful to find if anything is trying to contact servers. Little Snitch costs money, but if you run it as a free trial when it starts it runs for 3 hours, so you should be able to see if any malware is trying to call home within the first 3 hours of turning your computer on. Pay the fee and it remains on permanently, only allowing what you want to connect to the internet.

[SlowOne]

Terry, many thanks. I think I've fixed it.

ClamXav kept identifying a couple of files, which I deleted as you recommended. Eventually I discovered I could trace the files (non-tech user here!) and they turned out to be a couple of e-mails from reputable sources - or at least they looked like they were reputable! I've now deleted those e-mails and all is well.

When I think back on it, my experiments didn't reflect what was running when I went on to Oople. It's entirely possible that the Mail app was running, and I mistook correlation for causation.

There's an awful lot going on in the Activity Monitor - does the malware look obvious? I've pretty much left everything alone that I don't understand, but there were a couple of things running that I don't use any more, so they've been deleted. All is now as it was.

This is the first time in 26 years I have had any trouble with my Mac, and in the end it turned out to be no trouble at all. Oople is working fine too!

I'd like this to be a reason to upgrade from my G4 (now seven years old and still going fine) to a new MacBook, but I don't think it is! Thanks again everyone, all your help much appreciated.