Forum Moderators: travelin cat
""OSX.RSPlug.A, has been found on a number of pornographic Web sites, the security company Intego reports.
“A great deal of spam has been posted to many Mac forums, in an attempt to lead users to these sites,” Intego warns. When they arrive at these sites, they will see still photos, purportedly from free porn videos. But if they click on them, they will receive this message: “Quicktime Player is unable to play movie file. Please click here to download new version of codec.”"
***It was not a porno site, but was in fact a google search result that was shown as linking to my website! It downloaded 5 "setup.exe" files, which I deleted, and forgot about. Then I went to create a .Mac account and it said I should do a Software Update, which I did for two updates (and for which I had to enter my administrative password) it ran the updates and said I'd have to restart, to which I said yes, but a Windows Crossover program was running at the time which cancelled the automatic restart, so I was prompted to quit the program and manually restart, which I did . When the computer restarted it said I had two updates that needed to be installed, which I thought was strange, as I thought they had already been installed, but I said okay to that anyway. Then it started progress bars and was taking a long time, saying, "writing files", which it did to 100%. Then it said "patching files" , and I thought that was really fishy, as I'd never seen anthing like that before on a Mac, so I shut the computer down. When I rebooted, I got the gray kernel panic window that says "you need to restart your computer. Hold down the power key for a few seconda or press the Restart button." in four different languages. I unplugged the computer and an external back-up drive.
What should I do now? I don't have any anti-virus software installed.
Any assistance would be more than greatly appreciated! I have tons of data on the drive that is not backed up! Many thanks in advance, Peter
If I want virus information, I go to Symantec, rather than Intego.
</personal viewpoint alert>
Symantec say that the spread of this "virus" is extremely low.
However, I'm a bit confused about a few things in your post. What on earth is a Windows Crossover program?
Secondly, why would a .Mac account prompt you to install an update? I've not used .mac, but this seems unlikely. Can anyone else verify?
Thirdly, I doubt that you have OSX.RSPlug.A,. Why? Because that program is a Trojan Horse application that was around in October last year and it's debatable that it ever really got out into the wider Macintosh community much. Having said that, its effect was to mess about with DNS settings and, whilst I don't completely understand some of what you posted above, the odd result from the link you clicked on does appear potentially suspicious - despite .exe files being Windows only executable programs, which are unlikely to have any effect on your operating system.
This sounds to me more like an incomplete and/or corrupt software update installation. But obviously we can't be certain about that.
Either way, it seems to me that the most important thing here is to try and recover your data? What I would *personally* do is the following, but obviously your mileage may vary, so please do listen to a few opinions if you are unsure.
Do you have OS X on your external drive? If not, you could boot from your installation CD and install OS X onto the external hard drive.
Once you have OS X installed on the external hard drive, reboot the Mac and hold down the alt/option key. This allows you to choose which disk to boot from. Select the external hard disk.
Once you have fully booted up from the external disk, hopefully you will be able to see your Mac's internal hard disk. If so, you can start backing up your files onto the external hard drive, starting with the most important obviously. The important thing is that you have managed to get your data backed up. If you can't see your Mac's internal hard disk, you could try running the Disk Utility and run the First Aid repair (in your Applications/Utilities Folder) on your macs internal Hard drive. If this manages to fix and mount the internal hard drive, you can now back up your files. If you still can't get access to your internal hard drive, try running the First Aid again.
Another option to try and access your internal hard disk, is to get hold of another Mac and connect them with a Firewire cable. Then boot your Mac and hold down the 'T' key. This will boot your Mac as a 'target disk' - essentially turning it into an external hard disk. Once again, you can go through some of the above techniques to try and recover your files.
If this still doesn't work, I would suggest getting hold of a piece of software called Diskwarrior from a company called Alsoft. It has saved my bacon a few times.
Other than that, the only suggestion I can make is to take it along to a data recovery specialist. But hopefully it won't go that far.
Either way, if you manage to successfully recover your files, I would now recommend reformatting the internal hard disk (choosing the zero data option perhaps). Then install a fresh OS X system and start again.
For sanity's sake, you could then download a virus checker and run it on both the internal disk and the external backup disk. You just never know.
Good luck.
If it was not OSX.RSPlug.A, it behaved very similarly. I Googled the url I clicked on and it was recently blacklisted as a known and dangerous malware domain.
Crossover is a software program that allows you to run Windows programs on the Mac.
".Mac" did suggest checking to see if I had the latest software updates.
".Mac" did suggest checking to see if I had the latest software updates
It suggested that you check? OK, I can understand that. But how did you actually go about downloading the updates? If it was from the Software Update menu item, then there is next to zero chance that there was any virus activity going on.
Let us know how it all goes.
