Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mac Infection with Trojan OSX_Flashbck_A?


  • This topic is locked This topic is locked
3 replies to this topic

#1 Unhappy

Unhappy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 29 March 2018 - 12:00 AM

On Mac mini (mid 2011) - El Capitan 10.11.6 - HouseCall freezes at 1 min 37 sec.  It says 0 threats detected.  But when I click "stop" (because it seems frozen), it shows me a "click to fix" page, with OSX_Flashbck_A listed many, many times. (I have a screenshot of that page.)

But a scan with MalwareBytes Free (with current definitions) doesn't detect anything, and their expert says the Flashback trojan isn't a current threat, and he thinks this could be a false positive.

I would be content with that, except that I did have a what seemed to be an Adobe Flash installer pop up on a webpage about a week ago when I tried to open a pdf file, and I was stupid enough to authorize it, but then there seemed to be something fishy — I can’t remember what — and I closed the webpage.  (I was using Firefox 59.)  So I think there could be something real going on here.  And before now (say a few weeks back), HouseCall has run without freezing or indicating any problem.

At some point, when the HouseCall app seemed frozen, and after I had done enough research to know that OSX_Flashbck_A really was (or had been) a known trojan, I tried clicking the Fix Now button, but nothing seemed to happen.  (The MalwareBytes guy said that I shouldn’t try to fix the problem, that it probably was a false positive, and HouseCall might do damage when trying to fix it, but by the time he posted that I had already tried the Fix Now button, apparently with no effect.)

I deleted the HouseCall app, and downloaded a fresh copy, but got the exact same result when I ran it (freezing at 1 min, 37 sec).  However, this time, when I clicked Stop (or maybe it was when I closed the program), a log file titled “Problem Report for HouseCall” popped up (and apparently was sent to Apple, as well).  If you are interested, I can post it.  However, I think the log may be more concerned with the fact that the HouseCall app quit unexpectedly than about the threat it may have detected.  

In general, the computer does seem to bog down a lot — or perhaps, more accurately, Firefox 59 bogs down a lot, and I’ve had to restart it more often.  However, my problems with Firefox tend to be self-inflicted — I run it with way too many tabs open.  Since updating to Firefox 59, the program reloads my session (and restores all my tabs) more quickly if I’ve had to quit Firefox, but it bogs down more, and I’ve had to restart it a lot more frequently.  In Activity Monitor, in the Memory tab, there are multiple instances of FirefoxCP Web Content in the Process Name column, and often one of them will become non-responsive.  I’m not sure if any of this is related to the possible Trojan problem, but I thought I’d mention it.

I would really like to be sure my computer is not infected, as I am doing my taxes on it.  I am worried that even if this is not Trojan OSX_Flashbck.A, which I’ve been told has not been seen since 2011, maybe the fake Flash installer I encountered installed some other trojan that is being detected (and misnamed) by HouseCall.  Are there other scans I can run?

Thank you!

PS - I backed up yesterday using both Time Machine and Carbon Copy Cloner.  So if I am infected, both those backups are infected.
 



BC AdBot (Login to Remove)

 


#2 Unhappy

Unhappy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 29 March 2018 - 01:14 PM

New disturbing development -- all the plain text files on my computer now have little DreamWeaver icons when viewed in Finder, and when I try to open them, they try to open with Adobe DreamWeaver.



#3 Unhappy

Unhappy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 30 March 2018 - 12:31 PM

I got help on the MalwareBytes forum, so I no longer need assistance. Thank you anyway!



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:40 AM

Posted 04 April 2018 - 12:19 PM

Thanks for letting us know!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users