David wrote :
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Sheesh!
on 2/16/2025, David supposed :
On 16/02/2025 11:34, FromTheRafters wrote:
David wrote :
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Sheesh!
I have it down to a fine art now! Just for kicks, I did a scan with
EtreCheck too - after I'd erased my drive. Would you like to see it?
It's not ramnit again is it? :)
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote <m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what good erasing the hard drive will do.
On Feb 16, 2025 at 10:17:56 AM MST, "David" wrote <m1eku4F4vrhU1@mid.individual.net>:
On 16/02/2025 15:33, Brock McNuggets wrote:
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote
<m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what good >>> erasing the hard drive will do.
Regardless of where it came from, ClamXAV reported it as malware.
Sure. From what I can tell, sitting harmlessly in an email until it was quarantined.
If
someone was/is using an Apple computer WITHOUT such an anti-malware
software running, they'd nver know that a Trojan had been installed on
their computer.
What makes you think it was installed?
*Understanding Trojan Viruses and How to Get Rid of Them*
//Basic online scenario—You log onto your computer and notice that
something’s just not right, but you can’t quite put your finger on it. >> Something just seems…a bit off. If you’ve found yourself in this
situation, or even thinking you are, there’s a real possibility you
could have a Trojan virus on your computer.
Did you have that?
Trojan viruses can not only steal your most personal information, they
also put you at risk for identity theft and other serious cybercrimes.
In this post, we’ll examine what Trojan viruses are, and where they come >> from. We’ll also cover how you can protect yourself and get rid of
viruses so you can stay safe and maintain peace of mind online.//
https://www.mcafee.com/learn/understanding-trojan-viruses-and-how-to-get-rid-of-them/
NOTE
****
Erasing one's hard drive SHOULD remove the Trojan! ;-)
It will... as will the anti-malware software.
On Feb 16, 2025 at 11:17:11 AM MST, "David" wrote <m1eod8F5hkeU1@mid.individual.net>:
On 16/02/2025 18:00, Brock McNuggets wrote:
On Feb 16, 2025 at 10:17:56 AM MST, "David" wrote
<m1eku4F4vrhU1@mid.individual.net>:
On 16/02/2025 15:33, Brock McNuggets wrote:
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote
<m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what good
erasing the hard drive will do.
Regardless of where it came from, ClamXAV reported it as malware.
Sure. From what I can tell, sitting harmlessly in an email until it was
quarantined.
The whole point of a Trojan is that they *DON'T* "sit harmlessly!"'
Did you ever run the app?
If
someone was/is using an Apple computer WITHOUT such an anti-malware
software running, they'd nver know that a Trojan had been installed on >>>> their computer.
What makes you think it was installed?
It's what Trojans *DO*!
They do not install themselves... just as in the lore for the Trojan Horse. They use social engineering to get the user to install them.
*Understanding Trojan Viruses and How to Get Rid of Them*
//Basic online scenario—You log onto your computer and notice that
something’s just not right, but you can’t quite put your finger on it. >>>> Something just seems…a bit off. If you’ve found yourself in this
situation, or even thinking you are, there’s a real possibility you
could have a Trojan virus on your computer.
Did you have that?
Yes, I have had! (Not now though, on my clean machine!)
What was happening?
Trojan viruses can not only steal your most personal information, they >>>> also put you at risk for identity theft and other serious cybercrimes. >>>> In this post, we’ll examine what Trojan viruses are, and where they come >>>> from. We’ll also cover how you can protect yourself and get rid of
viruses so you can stay safe and maintain peace of mind online.//
https://www.mcafee.com/learn/understanding-trojan-viruses-and-how-to-get-rid-of-them/
NOTE
****
Erasing one's hard drive SHOULD remove the Trojan! ;-)
It will... as will the anti-malware software.
You don't *USE* anti-malware software!!!
Your image showed otherwise:
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
On Feb 16, 2025 at 11:59:37 AM MST, "David" wrote <m1eqspF5v3rU1@mid.individual.net>:
On 16/02/2025 18:22, Brock McNuggets wrote:
On Feb 16, 2025 at 11:17:11 AM MST, "David" wrote
<m1eod8F5hkeU1@mid.individual.net>:
On 16/02/2025 18:00, Brock McNuggets wrote:
On Feb 16, 2025 at 10:17:56 AM MST, "David" wrote
<m1eku4F4vrhU1@mid.individual.net>:
On 16/02/2025 15:33, Brock McNuggets wrote:
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote
<m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what good
erasing the hard drive will do.
Regardless of where it came from, ClamXAV reported it as malware.
Sure. From what I can tell, sitting harmlessly in an email until it was >>>>> quarantined.
The whole point of a Trojan is that they *DON'T* "sit harmlessly!"'
Did you ever run the app?
I've no idea!
Seems unlikely you did.
If
someone was/is using an Apple computer WITHOUT such an anti-malware >>>>>> software running, they'd nver know that a Trojan had been installed on >>>>>> their computer.
What makes you think it was installed?
It's what Trojans *DO*!
They do not install themselves... just as in the lore for the Trojan Horse. >>> They use social engineering to get the user to install them.
Are you SURE about this?
Yes. Though other forms of malware might.
*Understanding Trojan Viruses and How to Get Rid of Them*
//Basic online scenario—You log onto your computer and notice that >>>>>> something’s just not right, but you can’t quite put your finger on it.
Something just seems…a bit off. If you’ve found yourself in this >>>>>> situation, or even thinking you are, there’s a real possibility you >>>>>> could have a Trojan virus on your computer.
Did you have that?
Yes, I have had! (Not now though, on my clean machine!)
What was happening?
Unexpected things occurring and sometime slow.
What type unexpected things?
Trojan viruses can not only steal your most personal information, they >>>>>> also put you at risk for identity theft and other serious cybercrimes. >>>>>> In this post, we’ll examine what Trojan viruses are, and where they come
from. We’ll also cover how you can protect yourself and get rid of >>>>>> viruses so you can stay safe and maintain peace of mind online.//
https://www.mcafee.com/learn/understanding-trojan-viruses-and-how-to-get-rid-of-them/
NOTE
****
Erasing one's hard drive SHOULD remove the Trojan! ;-)
It will... as will the anti-malware software.
You don't *USE* anti-malware software!!!
Your image showed otherwise:
YOU ARE CONFUSED AGAIN!
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
<snip>
How am I confused? Your image shows running of an anti-malware app.
Is your email stored on a server?
on 2/16/2025, David supposed :
On 16/02/2025 15:37, FromTheRafters wrote:
on 2/16/2025, David supposed :
On 16/02/2025 11:34, FromTheRafters wrote:
David wrote :
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Sheesh!
I have it down to a fine art now! Just for kicks, I did a scan with
EtreCheck too - after I'd erased my drive. Would you like to see it?
It's not ramnit again is it? :)
No. You SAW what it was! Trojan OSX.RustAgent
Can't find anything on that specific name. It looks like it was just a
couple of attempts to get you to make a mistake, if it had executed
there would have been more files to quarantine.
*Can trojans hide from antivirus*?
Of course, AV's are always playing catch-up to malware purveyors. There
has to be a bad thing, for there to be a thing to detect such bad thing.
//The Warezov mail worm used this technique and caused serious issues to
users. Rootkit technologies – that are generally employed by Trojans – >> can intercept and substitute system functions to make the infected file
invisible to the operating system and antivirus programs.//
What does this have to do with what was reported?
On Feb 16, 2025 at 12:36:30 PM MST, "David" wrote <m1et1uF5v3qU1@mid.individual.net>:
On 16/02/2025 19:19, Brock McNuggets wrote:
On Feb 16, 2025 at 11:59:37 AM MST, "David" wrote
<m1eqspF5v3rU1@mid.individual.net>:
On 16/02/2025 18:22, Brock McNuggets wrote:
On Feb 16, 2025 at 11:17:11 AM MST, "David" wrote
<m1eod8F5hkeU1@mid.individual.net>:
On 16/02/2025 18:00, Brock McNuggets wrote:Did you ever run the app?
On Feb 16, 2025 at 10:17:56 AM MST, "David" wrote
<m1eku4F4vrhU1@mid.individual.net>:
On 16/02/2025 15:33, Brock McNuggets wrote:Sure. From what I can tell, sitting harmlessly in an email until it was >>>>>>> quarantined.
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote
<m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>>>
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what good
erasing the hard drive will do.
Regardless of where it came from, ClamXAV reported it as malware. >>>>>>>
The whole point of a Trojan is that they *DON'T* "sit harmlessly!"' >>>>>
I've no idea!
Seems unlikely you did.
I may well have opened an email attachment (SPAM)
Just to be clear, not only opened the email but saved the attachment and then opened it? If so the malware app should have found that copy.
If
someone was/is using an Apple computer WITHOUT such an anti-malware >>>>>>>> software running, they'd nver know that a Trojan had been installed on >>>>>>>> their computer.
What makes you think it was installed?
It's what Trojans *DO*!
They do not install themselves... just as in the lore for the Trojan Horse.
They use social engineering to get the user to install them.
Are you SURE about this?
Yes. Though other forms of malware might.
Did you not read the McAffee link I sent you?
I did.
*Understanding Trojan Viruses and How to Get Rid of Them*
//Basic online scenario—You log onto your computer and notice that >>>>>>>> something’s just not right, but you can’t quite put your finger on it.
Something just seems…a bit off. If you’ve found yourself in this >>>>>>>> situation, or even thinking you are, there’s a real possibility you >>>>>>>> could have a Trojan virus on your computer.
Did you have that?
Yes, I have had! (Not now though, on my clean machine!)
What was happening?
Unexpected things occurring and sometime slow.
What type unexpected things?
Items disappearing?
Weird.
Trojan viruses can not only steal your most personal information, they >>>>>>>> also put you at risk for identity theft and other serious cybercrimes. >>>>>>>> In this post, we’ll examine what Trojan viruses are, and where they come
from. We’ll also cover how you can protect yourself and get rid of >>>>>>>> viruses so you can stay safe and maintain peace of mind online.// >>>>>>>>
https://www.mcafee.com/learn/understanding-trojan-viruses-and-how-to-get-rid-of-them/
NOTE
****
Erasing one's hard drive SHOULD remove the Trojan! ;-)
It will... as will the anti-malware software.
You don't *USE* anti-malware software!!!
Your image showed otherwise:
YOU ARE CONFUSED AGAIN!
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
<snip>
How am I confused? Your image shows running of an anti-malware app.
You need to re-read your post.
Oh, I see. You are correct *I* rarely use anti-malware software (though to say
I don't at all is not quite correct). But why change the topic to my system. I
am not concerned about mine.
Is your email stored on a server?
Yes, of course. Why do you ask?
With the malware being quarantined I suppose it is a nonissue.
David formulated on Sunday :
On 16/02/2025 15:33, Brock McNuggets wrote:
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote
<m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what
good
erasing the hard drive will do.
Regardless of where it came from, ClamXAV reported it as malware. If
someone was/is using an Apple computer WITHOUT such an anti-malware
software running, they'd nver know that a Trojan had been installed on
their computer.
*Understanding Trojan Viruses and How to Get Rid of Them*
Trojan virus is a misnomer. Trojans don't replicate, viruses and worms do.
On Feb 16, 2025 at 1:44:36 PM MST, "David" wrote <m1f11lF6rs0U1@mid.individual.net>:
On 16/02/2025 19:55, FromTheRafters wrote:
on 2/16/2025, David supposed :
On 16/02/2025 15:37, FromTheRafters wrote:
on 2/16/2025, David supposed :
On 16/02/2025 11:34, FromTheRafters wrote:It's not ramnit again is it? :)
David wrote :
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>
I've erased my hard drive, just in case!
Sheesh!
I have it down to a fine art now! Just for kicks, I did a scan with >>>>>> EtreCheck too - after I'd erased my drive. Would you like to see it? >>>>>
No. You SAW what it was! Trojan OSX.RustAgent
Can't find anything on that specific name. It looks like it was just a
couple of attempts to get you to make a mistake, if it had executed
there would have been more files to quarantine.
Phew!
*Can trojans hide from antivirus*?
Of course, AV's are always playing catch-up to malware purveyors. There
has to be a bad thing, for there to be a thing to detect such bad thing.
I wanted my friends here to be absolutely sure about that!
While I do sometimes run AVG or some other free malware checker, mostly I just
do not worry. Never had any issue (not since Classic Mac OS days).
--//The Warezov mail worm used this technique and caused serious issues to >>>> users. Rootkit technologies – that are generally employed by Trojans – >>>> can intercept and substitute system functions to make the infected file >>>> invisible to the operating system and antivirus programs.//
What does this have to do with what was reported?
It was simply an example of a Trojan that DID cause harm. Nothing more.
BDB wrote:
Erasing one's hard drive SHOULD remove the Trojan!
If I understand your (in)security 'strategy'...
... you behave 'stupidly' ie recklessly online, opening spam
receptively, visiting strange websites, and 'yet' you proclaim to one
and all that using 3rd party AV such as ClamXAV is not appropriate or necessary, while you DO regularly use it; and 'badmouth' such as
EtreCheck and its dev, while regularly or frequently employing it,
AND...
... your most frequently used anti-malware tactic is to 'regularly'
erase your hdd and reinstall from scratch.
That plan is not nearly as good as *not* allowing spam in your inbox and
if spam DOES arrive in the inbox, deleting it unopened and unread, and
not venturing into weird websites where you are led by your browsing
history 'directing' you to those kinds of places when you are looking
for anything. Following links from one of your favorite pastimes,
namely YT is not necessarily a good practice.
On Feb 16, 2025 at 1:55:22 PM MST, "David" wrote <m1f1lqF6rs1U1@mid.individual.net>:
On 16/02/2025 20:46, Brock McNuggets wrote:
On Feb 16, 2025 at 1:44:36 PM MST, "David" wrote
<m1f11lF6rs0U1@mid.individual.net>:
On 16/02/2025 19:55, FromTheRafters wrote:
on 2/16/2025, David supposed :
On 16/02/2025 15:37, FromTheRafters wrote:
on 2/16/2025, David supposed :
On 16/02/2025 11:34, FromTheRafters wrote:It's not ramnit again is it? :)
David wrote :
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>>>
I've erased my hard drive, just in case!
Sheesh!
I have it down to a fine art now! Just for kicks, I did a scan with >>>>>>>> EtreCheck too - after I'd erased my drive. Would you like to see it? >>>>>>>
No. You SAW what it was! Trojan OSX.RustAgent
Can't find anything on that specific name. It looks like it was just a >>>>> couple of attempts to get you to make a mistake, if it had executed
there would have been more files to quarantine.
Phew!
I wanted my friends here to be absolutely sure about that!*Can trojans hide from antivirus*?
Of course, AV's are always playing catch-up to malware purveyors. There >>>>> has to be a bad thing, for there to be a thing to detect such bad thing. >>>>
While I do sometimes run AVG or some other free malware checker, mostly I just
do not worry. Never had any issue (not since Classic Mac OS days).
Understood.
I'd like you to understand that I do not personally "worry" for myself.
The more knowledge I have, though, the better I can advise my real-life
family and friends.
Didn't you just wipe your hard drive?
--//The Warezov mail worm used this technique and caused serious issues to >>>>>> users. Rootkit technologies – that are generally employed by Trojans –
can intercept and substitute system functions to make the infected file >>>>>> invisible to the operating system and antivirus programs.//
What does this have to do with what was reported?
It was simply an example of a Trojan that DID cause harm. Nothing more.
On Feb 16, 2025 at 1:49:40 PM MST, "David" wrote <m1f1b4F6rs0U2@mid.individual.net>:
On 16/02/2025 19:52, Brock McNuggets wrote:
On Feb 16, 2025 at 12:36:30 PM MST, "David" wrote
<m1et1uF5v3qU1@mid.individual.net>:
On 16/02/2025 19:19, Brock McNuggets wrote:
On Feb 16, 2025 at 11:59:37 AM MST, "David" wrote
<m1eqspF5v3rU1@mid.individual.net>:
On 16/02/2025 18:22, Brock McNuggets wrote:
On Feb 16, 2025 at 11:17:11 AM MST, "David" wrote
<m1eod8F5hkeU1@mid.individual.net>:
On 16/02/2025 18:00, Brock McNuggets wrote:Did you ever run the app?
On Feb 16, 2025 at 10:17:56 AM MST, "David" wrote
<m1eku4F4vrhU1@mid.individual.net>:
On 16/02/2025 15:33, Brock McNuggets wrote:Sure. From what I can tell, sitting harmlessly in an email until it was
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote
<m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>>>>>
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what good
erasing the hard drive will do.
Regardless of where it came from, ClamXAV reported it as malware. >>>>>>>>>
quarantined.
The whole point of a Trojan is that they *DON'T* "sit harmlessly!"' >>>>>>>
I've no idea!
Seems unlikely you did.
I may well have opened an email attachment (SPAM)
Just to be clear, not only opened the email but saved the attachment and then
opened it? If so the malware app should have found that copy.
I confess that I do do that sometimes!
Fair enough... but had you the malware app should have caught that you did.
If
someone was/is using an Apple computer WITHOUT such an anti-malware >>>>>>>>>> software running, they'd nver know that a Trojan had been installed on
their computer.
What makes you think it was installed?
It's what Trojans *DO*!
They do not install themselves... just as in the lore for the Trojan Horse.
They use social engineering to get the user to install them.
Are you SURE about this?
Yes. Though other forms of malware might.
Did you not read the McAffee link I sent you?
I did.
Good man!
*Understanding Trojan Viruses and How to Get Rid of Them*
//Basic online scenario—You log onto your computer and notice that >>>>>>>>>> something’s just not right, but you can’t quite put your finger on it.
Something just seems…a bit off. If you’ve found yourself in this >>>>>>>>>> situation, or even thinking you are, there’s a real possibility you
could have a Trojan virus on your computer.
Did you have that?
Yes, I have had! (Not now though, on my clean machine!)
What was happening?
Unexpected things occurring and sometime slow.
What type unexpected things?
Items disappearing?
Weird.
Indeed. I have noticed all manner of things over the years!
Trojan viruses can not only steal your most personal information, they
also put you at risk for identity theft and other serious cybercrimes.
In this post, we’ll examine what Trojan viruses are, and where they come
from. We’ll also cover how you can protect yourself and get rid of >>>>>>>>>> viruses so you can stay safe and maintain peace of mind online.// >>>>>>>>>>
https://www.mcafee.com/learn/understanding-trojan-viruses-and-how-to-get-rid-of-them/
NOTE
****
Erasing one's hard drive SHOULD remove the Trojan! ;-)
It will... as will the anti-malware software.
You don't *USE* anti-malware software!!!
Your image showed otherwise:
YOU ARE CONFUSED AGAIN!
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
<snip>
How am I confused? Your image shows running of an anti-malware app.
You need to re-read your post.
Oh, I see. You are correct *I* rarely use anti-malware software (though to say
I don't at all is not quite correct). But why change the topic to my system. I
am not concerned about mine.
Even though you use Apple devices, you still need to exercise care if
you use the Internet.
True... but I do not engage in very risky behavior. I do use software outside of the App Store but mostly well respected software. I do not use pirated stuff.
Is your email stored on a server?
Yes, of course. Why do you ask?
With the malware being quarantined I suppose it is a nonissue.
It is /not/ quarantined - it has been erased!!! 🙂
Your image says it was quarantined (which is not the same as erased).
On Feb 16, 2025 at 2:16:40 PM MST, "David" wrote <m1f2toF6rs0U4@mid.individual.net>:
On 16/02/2025 21:07, Brock McNuggets wrote:
On Feb 16, 2025 at 1:55:22 PM MST, "David" wrote
<m1f1lqF6rs1U1@mid.individual.net>:
On 16/02/2025 20:46, Brock McNuggets wrote:
On Feb 16, 2025 at 1:44:36 PM MST, "David" wrote
<m1f11lF6rs0U1@mid.individual.net>:
On 16/02/2025 19:55, FromTheRafters wrote:
on 2/16/2025, David supposed :
On 16/02/2025 15:37, FromTheRafters wrote:
on 2/16/2025, David supposed :
On 16/02/2025 11:34, FromTheRafters wrote:It's not ramnit again is it? :)
David wrote :
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>>>>>
I've erased my hard drive, just in case!
Sheesh!
I have it down to a fine art now! Just for kicks, I did a scan with >>>>>>>>>> EtreCheck too - after I'd erased my drive. Would you like to see it? >>>>>>>>>
No. You SAW what it was! Trojan OSX.RustAgent
Can't find anything on that specific name. It looks like it was just a >>>>>>> couple of attempts to get you to make a mistake, if it had executed >>>>>>> there would have been more files to quarantine.
Phew!
*Can trojans hide from antivirus*?
Of course, AV's are always playing catch-up to malware purveyors. There >>>>>>> has to be a bad thing, for there to be a thing to detect such bad thing.
I wanted my friends here to be absolutely sure about that!
While I do sometimes run AVG or some other free malware checker, mostly I just
do not worry. Never had any issue (not since Classic Mac OS days).
Understood.
I'd like you to understand that I do not personally "worry" for myself. >>>> The more knowledge I have, though, the better I can advise my real-life >>>> family and friends.
Didn't you just wipe your hard drive?
I have! That has been my AV strategy for years!
(I've just explained that to Mike in another post).
Seems a bit extreme... and if you bring your data back what good is it doing?
//The Warezov mail worm used this technique and caused serious issues to
users. Rootkit technologies – that are generally employed by Trojans –
can intercept and substitute system functions to make the infected file
invisible to the operating system and antivirus programs.//
What does this have to do with what was reported?
It was simply an example of a Trojan that DID cause harm. Nothing more.
On 16/02/2025 19:44, Mike Easter wrote:
AND...
... your most frequently used anti-malware tactic is to 'regularly'
erase your hdd and reinstall from scratch.
I'm aware that you don't agree with my methodology - but it works! :-D
On Feb 16, 2025 at 2:26:56 PM MST, "David" wrote <m1f3h1F6rs0U6@mid.individual.net>:
...
Understood.
While I do sometimes run AVG or some other free malware checker, mostly I just
do not worry. Never had any issue (not since Classic Mac OS days). >>>>>>
I'd like you to understand that I do not personally "worry" for myself. >>>>>> The more knowledge I have, though, the better I can advise my real-life >>>>>> family and friends.
Didn't you just wipe your hard drive?
I have! That has been my AV strategy for years!
(I've just explained that to Mike in another post).
Seems a bit extreme... and if you bring your data back what good is it doing?
I don't bring my data back - I do a fresh, clean, install.
Your data is still on the Apple Cloud... meaning if you had malware there you still have the malware.
Straight from the Apple Server.
The process is called *Internet Recovery* (or **macOS Internet
Recovery**). It allows you to perform a **clean install of macOS**
directly from Apple's servers without needing installation media.
That is not your data.
To start **Internet Recovery**:
1. Turn off your Mac.
2. Turn it back on and immediately press and hold **Option (⌥) + Command >> (⌘) + R** until you see a spinning globe.
3. Follow the on-screen instructions to reinstall macOS.
This method installs **the latest macOS version compatible with your
Mac**. If you need the **original macOS version that came with your
Mac**, use **Shift (⇧) + Option (⌥) + Command (⌘) + R** instead.
Ref: (ChatGPT)
What value do you think that does for software saved in your user fold (malware or not)?
On Feb 16, 2025 at 2:13:27 PM MST, "David" wrote <m1f2nnF6rs1U2@mid.individual.net>:
On 16/02/2025 19:44, Mike Easter wrote:
BDB wrote:
Erasing one's hard drive SHOULD remove the Trojan!
If I understand your (in)security 'strategy'...
... you behave 'stupidly' ie recklessly online, opening spam
receptively, visiting strange websites, and 'yet' you proclaim to one
and all that using 3rd party AV such as ClamXAV is not appropriate or
necessary, while you DO regularly use it; and 'badmouth' such as
EtreCheck and its dev, while regularly or frequently employing it,
I have leared a great deal by my actions. I still cannot support the use
of EtreCheck when its developer has lied on LinkedIn and failed to
provide a proper postal address to the Canadian authorities.
Action on that is still in-hand.
AND...
... your most frequently used anti-malware tactic is to 'regularly'
erase your hdd and reinstall from scratch.
I'm aware that you don't agree with my methodology - but it works! :-D
That plan is not nearly as good as *not* allowing spam in your inbox and >>> if spam DOES arrive in the inbox, deleting it unopened and unread, and
not venturing into weird websites where you are led by your browsing
history 'directing' you to those kinds of places when you are looking
for anything. Following links from one of your favorite pastimes,
namely YT is not necessarily a good practice.
My biggest concern is that whilst most sensible folk are wary of
following links in email and social media, when they are
seeking help and advice - in what they perceive to be a *SAFE* place,
the Apple Support Communities (ASC) forums - they won't hesitate to
click on a link provided by one of the resident 'gurus'!
Any example of that leading to a bad result?
Etresoft, the developer of EtreCheck, has even admitted in forum posts
that he has deliberately 'fudged' links which he has provided in order
to "keep things simple" for the naive enquirers! That is truly "Bad
Form" in my opinion.
Ask him if you don't believe me!
On Feb 16, 2025 at 2:20:52 PM MST, "David" wrote <m1f35kF6rs0U5@mid.individual.net>:
On 16/02/2025 20:56, Brock McNuggets wrote:
On Feb 16, 2025 at 1:49:40 PM MST, "David" wroteI STILL do not have a great deal of faith in ClamXAV.
<m1f1b4F6rs0U2@mid.individual.net>:
On 16/02/2025 19:52, Brock McNuggets wrote:
On Feb 16, 2025 at 12:36:30 PM MST, "David" wrote
<m1et1uF5v3qU1@mid.individual.net>:
On 16/02/2025 19:19, Brock McNuggets wrote:
On Feb 16, 2025 at 11:59:37 AM MST, "David" wrote
<m1eqspF5v3rU1@mid.individual.net>:
On 16/02/2025 18:22, Brock McNuggets wrote:
On Feb 16, 2025 at 11:17:11 AM MST, "David" wrote
<m1eod8F5hkeU1@mid.individual.net>:
On 16/02/2025 18:00, Brock McNuggets wrote:Did you ever run the app?
On Feb 16, 2025 at 10:17:56 AM MST, "David" wrote
<m1eku4F4vrhU1@mid.individual.net>:
On 16/02/2025 15:33, Brock McNuggets wrote:Sure. From what I can tell, sitting harmlessly in an email until it was
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote
<m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>>>>>>>
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what good
erasing the hard drive will do.
Regardless of where it came from, ClamXAV reported it as malware. >>>>>>>>>>>
quarantined.
The whole point of a Trojan is that they *DON'T* "sit harmlessly!"' >>>>>>>>>
I've no idea!
Seems unlikely you did.
I may well have opened an email attachment (SPAM)
Just to be clear, not only opened the email but saved the attachment and then
opened it? If so the malware app should have found that copy.
I confess that I do do that sometimes!
Fair enough... but had you the malware app should have caught that you did. >>
It is dependent on the Clam engine.
True... but I do not engage in very risky behavior. I do use software outside
of the App Store but mostly well respected software. I do not use pirated >>> stuff.
Is your email stored on a server?
Yes, of course. Why do you ask?
With the malware being quarantined I suppose it is a nonissue.
It is /not/ quarantined - it has been erased!!! 🙂
Your image says it was quarantined (which is not the same as erased).
It WAS (supposedly) quarantined ..... BEFORE I erased my hard drive!
OK. Any reason to think it was not?
*Keep up, dear boy*! ;-) (in fun!)
So quarantined and then erased. Fair enough. :)
But if you did a backup and then brought your data back you brought it back.
On Sun, 16 Feb 2025 21:13:27 +0000, David <BD@invalid.email> wrote:
On 16/02/2025 19:44, Mike Easter wrote:
AND...
... your most frequently used anti-malware tactic is to 'regularly'
erase your hdd and reinstall from scratch.
I'm aware that you don't agree with my methodology - but it works! :-D
But does it REALLY work? Remember when you used to be extremely fearful
that wiping your drive didn't actually wipe every nook and cranny, and
that your malware could possibly "lurk" or "hide" (your words) in some
dark area of the drive, only to spring back to life at some time in the future?
On Feb 16, 2025 at 4:34:43 PM MST, "David" wrote <m1fb0jF87jmU3@mid.individual.net>:
On 16/02/2025 22:08, Brock McNuggets wrote:
On Feb 16, 2025 at 2:26:56 PM MST, "David" wrote
<m1f3h1F6rs0U6@mid.individual.net>:
...
Understood.
While I do sometimes run AVG or some other free malware checker, mostly I just
do not worry. Never had any issue (not since Classic Mac OS days). >>>>>>>>
I'd like you to understand that I do not personally "worry" for myself.
The more knowledge I have, though, the better I can advise my real-life
family and friends.
Didn't you just wipe your hard drive?
I have! That has been my AV strategy for years!
(I've just explained that to Mike in another post).
Seems a bit extreme... and if you bring your data back what good is it doing?
I don't bring my data back - I do a fresh, clean, install.
Your data is still on the Apple Cloud... meaning if you had malware there you
still have the malware.
Sadly, that is 100% true.
That, of course, is when ClamXAV might catch it - if/when I download
data from the iCloud.
Right. My point being that re-installing the OS is unlikely to help. Also unlikely to cause any real harm though... so if it makes you feel better / safer so be it. It is not like the old days where doing so was much of a hassle.
Straight from the Apple Server.
The process is called *Internet Recovery* (or **macOS Internet
Recovery**). It allows you to perform a **clean install of macOS**
directly from Apple's servers without needing installation media.
That is not your data.
No - that belongs to Apple!
Right.
To start **Internet Recovery**:
1. Turn off your Mac.
2. Turn it back on and immediately press and hold **Option (⌥) + Command >>>> (⌘) + R** until you see a spinning globe.
3. Follow the on-screen instructions to reinstall macOS.
This method installs **the latest macOS version compatible with your
Mac**. If you need the **original macOS version that came with your
Mac**, use **Shift (⇧) + Option (⌥) + Command (⌘) + R** instead. >>>>
Ref: (ChatGPT)
What value do you think that does for software saved in your user fold
(malware or not)?
I'm not 100% sure what you mean by that.
You are replacing files that are NOT you data... so it does not really help if
there are bad things in your data.
On Feb 16, 2025 at 4:45:54 PM MST, "David" wrote <m1fbliF87jnU1@mid.individual.net>:
...
Seems unlikely you did.
I may well have opened an email attachment (SPAM)
Just to be clear, not only opened the email but saved the attachment and then
opened it? If so the malware app should have found that copy.
I confess that I do do that sometimes!
Fair enough... but had you the malware app should have caught that you did.
I STILL do not have a great deal of faith in ClamXAV.
It is dependent on the Clam engine.
For the most part, yes ...... but Mark Allan can manipulate the software.
From what I understand he has a wrapper around the Clam engine. He does not modify the engine.
True... but I do not engage in very risky behavior. I do use software outsideIt WAS (supposedly) quarantined ..... BEFORE I erased my hard drive!
of the App Store but mostly well respected software. I do not use pirated >>>>> stuff.
Is your email stored on a server?
Yes, of course. Why do you ask?
With the malware being quarantined I suppose it is a nonissue.
It is /not/ quarantined - it has been erased!!! 🙂
Your image says it was quarantined (which is not the same as erased). >>>>
OK. Any reason to think it was not?
Response from the ASC forum.
THIS! https://i.ibb.co/Q7Chrdqh/Screenshot-2025-02-11-at-18-35-01.png
That does not answer the question.
*Keep up, dear boy*! ;-) (in fun!)
So quarantined and then erased. Fair enough. :)
<thumb>
But if you did a backup and then brought your data back you brought it back.
I don't know how one can get around that problem :-(
Any ideas?
Stop fearing it. Stop worrying. There is no 100% guarantee that Apple and third party apps will catch everything, but it is just not worth focusing so much time on. It is possible the NSA has targeted you and has cameras hidden in your home, but the chances are miniscule. Not worth looking in your vents for cameras. Same with malware. Enjoy other things.
Enjoy other things.
On 16/02/2025 19:55, FromTheRafters wrote:
*Can trojans hide from antivirus*?
Of course, AV's are always playing catch-up to malware purveyors. There
has to be a bad thing, for there to be a thing to detect such bad
thing.
I wanted my friends here to be absolutely sure about that!
//The Warezov mail worm used this technique and caused serious issues
to users. Rootkit technologies – that are generally employed by
Trojans – can intercept and substitute system functions to make the
infected file invisible to the operating system and antivirus
programs.//
What does this have to do with what was reported?
It was simply an example of a Trojan that DID cause harm. Nothing more.
On Feb 16, 2025 at 6:26:02 PM MST, "Gremlin" wrote <XnsB288CFDD9F0C2HT1@cF04o3ON7k2lx05.lLC.9r5>:
Oh, give it a rest, Gremlin. You’re so desperate to play "Gotcha!"
that you've completely missed the point again.
David was making a general point about malware evasion techniques, but instead of engaging in a meaningful discussion, you’re nitpicking over terminology like some self-important gatekeeper of IT trivia. Yes, a
worm and a Trojan are distinct classifications. Congratulations,
you’ve grasped Malware 101. Should we throw you a party?
The irony is that while you smugly correct David, you completely gloss
over the actual issue: malware—regardless of classification—can
evade detection, and users should be aware of that. But sure, keep
fixating on whether one particular example fits your pedantic little definitions instead of discussing anything of substance. It’s about as useful as arguing whether a square is a rectangle while your house is on fire.
So, unless you actually have something worthwhile to add to the
discussion, maybe sit this one out.
David <BD@invalid.email> news:m1eku4F4vrhU1@mid.individual.net Sun, 16 Feb 2025 17:17:56 GMT in alt.computer.workshop, wrote:
On 16/02/2025 15:33, Brock McNuggets wrote:
On Feb 16, 2025 at 3:25:12 AM MST, "David" wrote
<m1dso8F1e0qU1@mid.individual.net>:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Didn't that come from an email? And it was quarantined. Not sure what
good erasing the hard drive will do.
Regardless of where it came from, ClamXAV reported it as malware. If
someone was/is using an Apple computer WITHOUT such an anti-malware
software running, they'd nver know that a Trojan had been installed on
their computer.
FFS, You should have verified it wasn't a false positive before you took
such drastic measures.
*Understanding Trojan Viruses and How to Get Rid of Them*
Find yourself another article to read. There's no such thing as a trojan virus, David.
https://www.mcafee.com/learn/understanding-trojan-viruses-and-how-to-get-
rid-of-them/
Mcafee should be ashamed of themselves. I get dumbing things down for people, but holy shit, let's not make them fucking stupid in the process. Again, there is no such thing as a trojan virus. A trojan and a virus are not the same beastie. A virus can have a payload, or multiple payloads, but this doesn't turn it into a trojan. It's still very much a virus, because it self replicates. Trojans do not.
Erasing one's hard drive SHOULD remove the Trojan! ;-)
That's the same line of thought as throwing the baby out with the bath water. It's counter productive and solves nothing.
Plus, you may have had a false positive. You should always confirm before
you take any action. You should not be advising anyone on how to care for their machine when security of it is concerned; You do NOT know what the
fuck you are doing. You might as well be more like snit, open up a computer repair shop and fuck your clients gear up enough that another shop offers a David discount. <G>
On 16/02/2025 22:19, Kelly Phillips wrote:
On Sun, 16 Feb 2025 21:13:27 +0000, David <BD@invalid.email> wrote:
On 16/02/2025 19:44, Mike Easter wrote:
AND...
... your most frequently used anti-malware tactic is to 'regularly'
erase your hdd and reinstall from scratch.
I'm aware that you don't agree with my methodology - but it works! :-D
But does it REALLY work? Remember when you used to be extremely fearful
that wiping your drive didn't actually wipe every nook and cranny, and
that your malware could possibly "lurk" or "hide" (your words) in some
dark area of the drive, only to spring back to life at some time in the
future?
I did *NOT* specify *DRIVE* in that regard.
I was suggesting that malware can reside elsewhere within the physical >machine.
Please stick to the facts.
On Sun, 16 Feb 2025 23:49:39 +0000, David <BD@invalid.email> wrote:
On 16/02/2025 22:19, Kelly Phillips wrote:
On Sun, 16 Feb 2025 21:13:27 +0000, David <BD@invalid.email> wrote:
On 16/02/2025 19:44, Mike Easter wrote:
AND...
... your most frequently used anti-malware tactic is to 'regularly'
erase your hdd and reinstall from scratch.
I'm aware that you don't agree with my methodology - but it works! :-D
But does it REALLY work? Remember when you used to be extremely fearful
that wiping your drive didn't actually wipe every nook and cranny, and
that your malware could possibly "lurk" or "hide" (your words) in some
dark area of the drive, only to spring back to life at some time in the
future?
I did *NOT* specify *DRIVE* in that regard.
I don't think you have any idea what you've said. It's all good, though.
I was suggesting that malware can reside elsewhere within the physical
machine.
Yes, I saw that, as well.
Malware *CAN* reside in places other than the main hard drive. Here are
a few examples:
BDB wrote:
Malware *CAN* reside in places other than the main hard drive. Here
are a few examples:
In your world, there's a lot more 'magic' in your digital devices than
need be.
If your 'perception' is that what you 'see' is smoke and mirrors, it
must be pretty scary and/or confusing.
On 17/02/2025 23:08, Mike Easter wrote:
BDB wrote:
Malware *CAN* reside in places other than the main hard drive. Here
are a few examples:
In your world, there's a lot more 'magic' in your digital devices than
need be.
If your 'perception' is that what you 'see' is smoke and mirrors, it
must be pretty scary and/or confusing.
He is probably 'shell shocked' from when someone dropped a bowl behind
him when he was peeling potatoes in the RN and why he is petrified of everything.
"If you finish that lot by the end of your shift we will give you a ride
in an aeroplane".
On Sun, 16 Feb 2025 23:49:39 +0000, David <BD@invalid.email> wrote:
On 16/02/2025 22:19, Kelly Phillips wrote:
On Sun, 16 Feb 2025 21:13:27 +0000, David <BD@invalid.email> wrote:
On 16/02/2025 19:44, Mike Easter wrote:
AND...
... your most frequently used anti-malware tactic is to 'regularly'
erase your hdd and reinstall from scratch.
I'm aware that you don't agree with my methodology - but it works! :-D
But does it REALLY work? Remember when you used to be extremely fearful
that wiping your drive didn't actually wipe every nook and cranny, and
that your malware could possibly "lurk" or "hide" (your words) in some
dark area of the drive, only to spring back to life at some time in the
future?
I did *NOT* specify *DRIVE* in that regard.
I don't think you have any idea what you've said. It's all good, though.
I was suggesting that malware can reside elsewhere within the physical >>machine.
Yes, I saw that, as well.
David <David@home.today> news:m1n7rhFdoflU4@mid.individual.net Wed, 19 Feb 2025 23:29:53 GMT in alt.computer.workshop, wrote:
On 19/02/2025 23:10, T i m wrote:
On 17/02/2025 23:08, Mike Easter wrote:
BDB wrote:
Malware *CAN* reside in places other than the main hard drive. Here
are a few examples:
In your world, there's a lot more 'magic' in your digital devices than >>>> need be.
If your 'perception' is that what you 'see' is smoke and mirrors, it
must be pretty scary and/or confusing.
He is probably 'shell shocked' from when someone dropped a bowl behind
him when he was peeling potatoes in the RN and why he is petrified of
everything.
"If you finish that lot by the end of your shift we will give you a ride >>> in an aeroplane".
What a fertile imagination! :-P
"T i m" should write a book about his unfortunate life.
Tim should stop trying to jump on the bash David train, imo. He's such a BSer. The dude needs extensive hand holding assistance by Apd to do his home automation system. But, he claims he understands how a datasheet works. If you understand how to read a datasheet and select specific components for your project, you damn sure can figure out how to setup the mostly configuration files his home automation system uses. He accepts what Apd tells him, unless, it's about me. FFS, Apd freely shares the configuration and goes over the changes he's made to make the gear display data differently. There's absolutely no reason that Tim couldn't look at the before and after configuration files and figure things out. He *chooses not to do so*. And he provides a bullshit excuse for his laziness. Why would you run hardware in your home that you have to rely on others to help you configure it? Who the fuck actually knowingly makes themselves dependant in such a manner.
When Apd and FTR both told him that I'm just as capable of assisting, (FTR took it further and just wrote I'd have probably already reflashed it using my own binaries to save time; and he was right, that is the route I'd have taken because I have more fine tuning control over the process) he dismissed what they had to say, using the same bullshit excuse as snit; 'I'm just
going by what you've shown' really? If that was the case and you actually understood what I write about most of the time, I've *already shown my ability to assist*; You only need to be knowledgeable enough concerning the subject to see it.
That btw, is exactly what SC meant when he's told Snit that he wouldn't know what good code even looks like. That I've already just by having a
discussion that I do know what I'm talking about. All one needs to do is
have a grasp on the subject to see it. Clearly, Snit and Tim do not even see what they demand I 'show them'. FFS, I already have. They're just fucking blind, intentionally, to it. I'd have to resort to hand holding because they can't parse the technical discussions I've been involved in. Atleast SC
along with Apd and FTR have my back there. They see things as they actually are; not thru a tainted viewpoint.
David <BD@invalid.email> news:m1hrelFjft2U2@mid.individual.net Mon, 17 Feb 2025 22:27:33 GMT in alt.computer.workshop, wrote:
Malware *CAN* reside in places other than the main hard drive. Here are
a few examples:
I'm sure he's well aware of the methods you shared. You actually duplicated atleast one...You did this because you don't actually understand things concerning these machines on a technical level. For you, some of what can be done with them appears to be black magic or something. At some point, you assumed that some malware cannot be removed; once you have it, you have it it's a done deal. That's not actually true, and I've tried to explain this
to you several times. You ignore me though and continue on with it. It is somewhat annoying, but, I've learned to look over it.
1. **USB Drives and External Storage**: Malware can infect USB drives,
external hard drives, and SD cards. When these devices are plugged into
a computer, the malware can execute or copy itself onto the system.
Via auto run exploits if inserted into a windows based rig, otherwise firmware modification; but again, it'll be OS specific. And with Linux, it could even be distro specific. IE: works fine on say Linux Mint, but won't work on MXLinux. They're based on different bases and this does sometimes cause issues.
2. **Firmware**: Some sophisticated malware targets the firmware of
devices like the BIOS or UEFI (Unified Extensible Firmware Interface).
It can persist through reboots and even OS reinstalls, making it harder
to remove.
It doesn't have to be sophisticated to go that route, but, most of the time when they do firmware exploits, it's pretty advanced code with several payloads. That's been my experience anyway.
3. **Network Devices**: Certain malware can be embedded in devices like
routers, network-attached storage (NAS) devices, or printers. These
devices may have weak security and can serve as entry points for the
malware to infect connected computers.
This is one place where you duplicated yourself. It's firmware, bro. Instead of doing a copy/paste, why don't you actually read the material and do what we were taught to do as children? Acquire more details; research the matter so that you have a solid understanding of what's being discussed. We used
to use actual books for that, but the internet made that task much easier. You still have to actually do it tho. :)
4. **RAM**: Some malware operates purely in the system's memory (RAM),
leaving no trace on the hard drive. This type of malware is often more
challenging to detect, as it can vanish after a reboot.
It still has to be loaded from a solid point to get into the RAM. And while it's in solid form, if you don't use the host OS, you can hunt it down. All Malware technically resides in RAM anyhow, they're programs like any other. They just do things that they shouldn't be doing. But, at the end of the day they are still programs, and can be treated the same as any other program.
It's not possible to make truely undetectable malware David, is the point, i'm trying to make here. It's quite possible to make it very difficult and not possible with certain tools; but as I'm sure you understand, there's
more than one kind of tool.
5. **Cloud Storage or Network Shares**: Malware can infect cloud storage
services or network shares. Once a device accesses these locations, it
may download or spread the infection to other systems.
That's a software issue. It's nothing new, and, I'd be hesitant to call that an actual method.
6. **Bootable Media**: In some cases, malware can reside on bootable
media, such as CDs, DVDs, or even within boot sector code, and can
execute before the operating system even loads.
I'm well aware. It was one of the keypoints I raised with snit when he tried his creative routine concerning some of what I wrote about a floppy hanging
a machine during boot if the bootsector didn't have pass along to HD based
os and transfer control. He conveniently leaves out my followup to my own post where I got specific and asked why he'd allow the machine to even attempt a floppy boot. Initially he claimed he was in charge of those machines, but!, the moment I asked why he'd do that, he was quick to change his tune and reverse course that he wasn't really in charge of them.
A boot sector virus is a bit of a pain to write too, because you are very limited on available physical space. If you're a complex critter, you have
to store the bulk of your code somewhere else, and load it later on. Or, reconfigure the host to do that for you. You can just remain a tiny boot sector virus and spread your code into other sectors that weren't in use,
but to protect your code, you went ahead and marked them as being in use so the host OS wouldn't go and trash you when someone saved or created a file, or did anything else to increase the space consumed. Even a swap file adjustment could wreck your code and screw you good. code wise.
These types of malware often require different approaches to detection
and removal since traditional antivirus tools mainly focus on scanning
hard drives.
This article you copy and pasted the contents from has issues, David. And it's flatout wrong concerning the limitations of AV or what they spend the bulk of their time scanning. Scanning for physical copies of malware is only a section of their code. In order to properly write a self replicating program that wasn't going to be tagged right off, you had to know how your adversaries worked; I'm far from the only Vxer at the time who reverse engineered the 'enemies' software. They do it to each other too, btw, they just don't come outright and say that because it's a total violation of various licensing agreements and they could actually be sued over it.
AV companies do reverse engineer all software they encounter; malware and legit software alike. They make no distinction other than to do a writeup on the Malware and remain silent on what they learned from reverse engineering their competitors. Multiple companies reverse engineered my BugHunter
program too; It's one of the reasons (the most important one imho) I wasn't worried about people thinking it had a logic bomb or micky. If it did, I'd have been exposed by all of the major players and destroy any chance I had
of redeeming myself and earning the respect as one of the mostly good guys.
I tried to explain this to Snit before, but, snit being snit wouldn't hear a fucking word of it. As you and I both know, even if you choose not to admit it in public, He's not a peer of mine and likely won't ever be. And, this pisses him the fuck off. I'm not the only one who's tech savvy that he's created a problem with. He does it in every technical newsgroup he joins. He singles people like me out. He wants to be seen as a peer on the technical fronts.
And, I'm sure he's here because of you. Infact, the initial interaction he had with me concerning 3D printing tech gave it away. Do you remember that? He shared a url to a website that specialized in 3D printers and asked if I could determine what kind of printer tech they were using. They openly
shared that information on the home page; I simply pointed that out to him, everybody who visited the site could see the same information as I was viewing. He was trying to talk down to me and do his thing. It didn't work out for him.
He's all about trying to bring up an 'ego' these days, doesn't want to discuss points by point basis, just wants to use chatgpt and troll. He's always been a troll mind you, but, he's not even trying to hide it these days. Still lies his fucking ass off, and still tries to project his known reading comprehension issues on me. He can't make the sale though, ffs, he just pulls things entirely from his asshole.
I think? I understand why you associate with him, but, David, he's not the one who's going to bring me down. Once again, you've selected someone to
help you out that can't stand toe to toe with me. He never could. If you'll recall, when the can we help him with his computer discussion started; I asked him some questions about it when it was running, and then I shared my initial diagnosis; that I don't think we have a mainboard problem, I think we're looking at a bad hard drive. If you'll recall, SC did not initially agree with my assesment. Which is understandable; he didn't know that I'm actually a multi cert comp technician who's built and serviced tens of thousands of machines during the course of my career.
I wasn't asking Snit those questions randomly, and I didn't take a shot in the dark guess on my diagnosis for the rig, I was going by decades of hands on experience; actually working on them for a living. Not doing it on the side from my house. I've done that too, on my off days, but I have an actual lab here to do that stuff with. It's basically a duplicate of everything I was able to access at the shop I worked for. My former employer insisted I
do this due to my health; some days I just couldn't go in and stay all day, but I could swing by and pickup a few machines to work on, to lighten the shops load.
Back then you really needed multiple computers to assist you with repairs. That's especially true today. You could get buy using the only PC you had if you were in a bind, but, it's much more efficient to have multiple machines available to you. You can assign tasks more efficiently that way. Especially with data recovery efforts, that can take hours to days and the machine
doing the task is tied up, focused entirely on that single project. It's not wise to try and use said machine while it's in the middle of data recovery. you may not get a 2nd chance to pull data if it's interrupted.
And, as you well know, my diagnosis was confirmed as being accurate, despite Snits efforts to stall and take his sweet time, deliberately ignoring my specific instructions and taking 'help' from anyone who posted. That
actually makes troubleshooting remotely a bit of a pain. Time is wasted, and it only adds to possible confusion for him. I tried to explain this to you and SC; but you guys refused to just lemme do my thing. I'd have had that confirmed diagnosis a lot sooner if you guys had remained on the sidelines.
I understand, you were both trying to help; but when you're actually serious about the trade, you don't do that.
It's too many chiefs and too few indians then, you understand? I'm not
trying to insult either of you, btw, I'm just reminding you of things. The two of you were basically, I think without even realizing it, helping Snit try to make me look incompetent. That was the actual reason he agreed to let me try and diagnose his machine via usenet; He didn't think I'd actually be able to. He thought I was BSing, just as he thought I wasn't actually Raid for a long time. Until well, enough proof was posted that he couldn't continue making that claim. It just wasn't working out. Now he's trying to sell the story that he never did that. Now he's trying to say I accused him of not posting as Raid or some completely unrelated bullshit; that wasn't what I accused him of. And you know that. I was rightfully accusing him of lieing and spinning things around. Which publically agree or not, you know damn well that's part of what he does here.
I do understand why SC disagreed with my initial diagnosis; that's where hands on experience comes into play, in my favor in this case. I've never been what you call a hobbyist level computer user. My experience isn't limited to fixing friends and family computers as time allowed. I actually did it, every day, for a living. I didn't even spend a solid hour doing my CompTIA testing, David. I was high at the time and I fucked around; but I still passed with 95% average. Had I actually dedicated myself to it, I'd have 0wned it outright. I'm not a hobbyist repair person friends and family call; I have considerably more hands on experience from repairing hardware
to software. FFS, I've rebuilt a corrupted windows registry hive by hand using a hex editor and writing little tools with ASIC to patch bytes. It
took me 3 fucking hours, but I did it. Why didn't I just reload it? Well, that machine ran a plasma cutter that used proprietary as fuck software with a dongle and he had no way to reinstall it; lost the cdrom a long time ago. And despite my efforts to find a suitable copy online that would
specifically run that hardware; It was deuces. So, if I couldn't keep the software in working condition, there was no point in going any further with the rig. It would either be able to run that huge plasma cutter or it wouldn't. And if it didn't, we didn't get paid for the job. Boss didn't like non paying jobs very much. It was in my best interest to repair whatever machine came onto my bench.
I didn't always have the luxury of rename windows directories and reload, or wipe and reload. Sometimes, the machine had very specific software that required you actually be a real Technician because you'd be doing what had
to be done to restore the OS and software, without reloading; because as I wrote above, that wasn't an option. I've always hated that 'fix' methodology too, because if you really know what the fuck you're doing, you should not have to resort to a clean reload. Anybody can wipe and reload a box, you do it all the fucking time.
SC probably thought I was getting ahead of myself. But, again, I remind you
I asked snit specific questions about the machines behavior and they weren't random ones. I was getting a feel for the status, mostly due to the way in which he described it began to fail on him. My decades of fixing these fucking things for a living is what lead me to that diagnosis. You have to understand, I've been repairing these rigs since before I was even a teenager; that's how I made money as a kid going to school. I didn't grow up, become an adult, and then decide 'hey I wanna work on computers and electronics' I was *already doing that* and had been since I was literally,
a little kid.
Snit will come along and accuse me of having a huge ego here, I've little doubt. But, I'm sure you know this has fuckall to do with any ego on my part. I'm simply being blunt candid and honest. There's no ego here, I have
nothing to prove.. My own known history did that for me. You read what chatgpt actually knows about me, you've even shared some of it's information on me here. I'm not an ego driven maniac that snits working so hard to paint me out as; when he could be more productive and work for a living.
If I was, you wouldn't have interacted with me beyond the first couple of emails between us. Snit's just using that as his latest bullshit excuse for his inability to keep up with me. A situation he put himself in, too, btw. I wasn't trying to 'compete' with him or anyone else here. I respect (greatly) two of the posters especially, and you know them both. And you know why I hold them in such high regard too.
They are, 100%, peers of mine. We're on the same level for the most part. Perhaps some skillset differences due to personal interest differences, but at the end of the day, they're just as competent as I am. I do not question the advice they provide others here when they choose to do so; I'm sure you've noticed that. I'm also sure you've noticed that when either of them
or both disagrees with me, I still remain respectful (er for the most part anyhow. I do have a sailors mouth, after all. And, I really am the same way irl as I am here online. There is no persona, it's just me) I don't try to dog either of them. We can have arguments, etc, and, still not take it personal. As an actual peer would.
Sorry for the long response, but, I don't have the free time I once had to fiddle fart and fuck around. So I tend to condense things. Hopefully you're okay with this and we can have reasonable adult conversations.
Gremlin is, as he does, lying his ass off. Look at the recent coding Apd is doing... with Carroll. THEY are showing skills. I see that even in quotes. Gremlin has shown NO code I have seen on that. Nor on other challenges. He posts code that might or might not even be his. I do not care.
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net Sun, 16 Feb 2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly over reacted. It posed no real threat to you, and wiping your machine wasn't necessary. Trojans are not viruses or worms. They do not self replicate.
On 16.02.25 11:25, David wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
Master Brooks, why are constantly visiting porn sites? That is the
result. *LOL*
I've erased my hard drive, just in case!
More porn!
X-posting deleted.
On 17/02/2025 01:26, Gremlin wrote:
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net Sun, 16 Feb >> 2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly over reacted.
It posed no real threat to you, and wiping your machine wasn't necessary.
Trojans are not viruses or worms. They do not self replicate.
Will you explain, please, *WHY* that Trojan posed no threat?
This is what ChatGPT says about it:-
On 26/02/2025 07:35, Jörg Lorenz wrote:
On 16.02.25 11:25, David wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
Master Brooks, why are constantly visiting porn sites? That is the
result. *LOL*
I only do that on my old Mac - which is running Linux Mint!
I've erased my hard drive, just in case!
More porn!
X-posting deleted.
Why?
On Feb 16, 2025 at 4:58:55 PM MST, "David" wrote <m1fcdvF87jmU5@mid.individual.net>:
On 16/02/2025 23:52, Brock McNuggets wrote:
On Feb 16, 2025 at 4:45:54 PM MST, "David" wrote
<m1fbliF87jnU1@mid.individual.net>:
...
From what I understand he has a wrapper around the Clam engine. He does notI confess that I do do that sometimes!
Seems unlikely you did.
I may well have opened an email attachment (SPAM)
Just to be clear, not only opened the email but saved the attachment and then
opened it? If so the malware app should have found that copy. >>>>>>>>
Fair enough... but had you the malware app should have caught that you did.
I STILL do not have a great deal of faith in ClamXAV.
It is dependent on the Clam engine.
For the most part, yes ...... but Mark Allan can manipulate the software. >>>
modify the engine.
He does! Write and ask him - PLEASE!
Not going to contact him, but I did ask ChatGPT:
-----
The author of ClamXAV, ClamXAV Software, doesn’t typically alter the underlying ClamAV engine itself but customizes the way it interacts with macOS
to provide an easy-to-use interface and better integration with the system. ClamXAV leverages ClamAV for virus detection and scanning but wraps it in a macOS-friendly UI, often adding additional features like automatic updates, scheduled scans, and integration with system security mechanisms.
However, ClamXAV is based on ClamAV’s open-source engine, so while it might optimize or configure it to work better with macOS, the core ClamAV scanning engine remains largely unchanged.
-----
I asked what might change... and got this:
-----
When I say “largely unchanged,” I mean that the core functionality and scanning engine of ClamAV remain intact, but there could be some customization
in how the engine operates within ClamXAV. Specifically, the author or ClamXAV’s developers might make adjustments in the following areas:
1. Integration with macOS: The user interface (UI) and experience are tailored to work seamlessly with macOS, so they might modify how ClamAV interacts with macOS-specific features like the file system, permissions, or notification system.
2. Performance Tweaks: To improve efficiency or resource usage on macOS,
ClamXAV might apply certain optimizations or adjust default settings like memory usage, scan speeds, or scanning depth.
3. Customization of Signature Updates: ClamXAV likely handles the signature database differently, such as automating updates or setting custom preferences for when and how updates are fetched, which could differ from ClamAV’s default method.
4. Reporting and Logging: The way ClamXAV displays scan results, handles
alerts, or logs information might be modified for a smoother macOS experience.
This could include changing the format or type of reports or providing more user-friendly options for viewing scan results.
5. UI Customization: While ClamAV is a command-line tool, ClamXAV provides a graphical interface. The author might tweak how scans are initiated, how progress is displayed, and how the user can interact with the program.
In general, these are optimizations or alterations aimed at improving usability on macOS rather than changing ClamAV’s core detection and scanning
functionality.
-----
That fits my prior understanding.
OK. Any reason to think it was not?True... but I do not engage in very risky behavior. I do use software outsideIt WAS (supposedly) quarantined ..... BEFORE I erased my hard drive! >>>>>
of the App Store but mostly well respected software. I do not use pirated
stuff.
It is /not/ quarantined - it has been erased!!! 🙂Is your email stored on a server?
Yes, of course. Why do you ask?
With the malware being quarantined I suppose it is a nonissue. >>>>>>>>
Your image says it was quarantined (which is not the same as erased). >>>>>>
Response from the ASC forum.
THIS! https://i.ibb.co/Q7Chrdqh/Screenshot-2025-02-11-at-18-35-01.png
That does not answer the question.
Do you disagree with the person who wrote that message?
I do not think it is so black and white. Depends on your usage and desire.
*Keep up, dear boy*! ;-) (in fun!)
So quarantined and then erased. Fair enough. :)
<thumb>
But if you did a backup and then brought your data back you brought it back.
I don't know how one can get around that problem :-(
Any ideas?
Stop fearing it. Stop worrying. There is no 100% guarantee that Apple and >>> third party apps will catch everything, but it is just not worth focusing so
much time on. It is possible the NSA has targeted you and has cameras hidden
in your home, but the chances are miniscule. Not worth looking in your vents
for cameras. Same with malware. Enjoy other things.
It's my hobby! 🙂 I'm not afraid or fearful - I just don't like "bad guys"!
Enjoy your hobby.
I am getting ready to make some cookies... though might not do it tonight. We shall see. Made the dough already.
David explained :
On 17/02/2025 01:26, Gremlin wrote:
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net Sun,
16 Feb
2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly over
reacted.
It posed no real threat to you, and wiping your machine wasn't
necessary.
Trojans are not viruses or worms. They do not self replicate.
Will you explain, please, *WHY* that Trojan posed no threat?
This is what ChatGPT says about it:-
**Trojan.OSX.RustAgent** is a type of macOS malware written in the
Rust programming language. Rust is popular among malware developers
because it’s cross-platform, fast, and harder to reverse-engineer than
some older languages.
The **RustAgent** Trojan usually works by:
- **Gaining unauthorized access** to a macOS system.
- **Downloading and executing payloads** — additional malicious software. >> - **Collecting sensitive data** such as passwords or browser information.
- **Communicating with a command-and-control (C2) server** to receive
further instructions from attackers.
**How does it spread?**
- Fake app installers or cracked software.
- Phishing emails with malicious attachments.
- Drive-by downloads from compromised websites.
**How to check for it:**
1. Run a reputable antivirus/malware scanner for macOS.
2. Monitor your **Activity Monitor** for suspicious processes.
3. Check **~/Library/LaunchAgents** and **/Library/LaunchDaemons** for
strange files.
=
Perhaps you are not as clued-up on Macs as you think you are, Dustin!
The OS makes no difference here, you have a landmine which hasn't even
been stepped on yet. Delete such a trojan and you're done.
David pretended :
On 26/02/2025 09:52, FromTheRafters wrote:
David explained :
On 17/02/2025 01:26, Gremlin wrote:
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net Sun,
16 Feb
2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly
over reacted.
It posed no real threat to you, and wiping your machine wasn't
necessary.
Trojans are not viruses or worms. They do not self replicate.
Will you explain, please, *WHY* that Trojan posed no threat?
This is what ChatGPT says about it:-
**Trojan.OSX.RustAgent** is a type of macOS malware written in the
Rust programming language. Rust is popular among malware developers
because it’s cross-platform, fast, and harder to reverse-engineer
than some older languages.
The **RustAgent** Trojan usually works by:
- **Gaining unauthorized access** to a macOS system.
- **Downloading and executing payloads** — additional malicious
software.
- **Collecting sensitive data** such as passwords or browser
information.
- **Communicating with a command-and-control (C2) server** to
receive further instructions from attackers.
**How does it spread?**
- Fake app installers or cracked software.
- Phishing emails with malicious attachments.
- Drive-by downloads from compromised websites.
**How to check for it:**
1. Run a reputable antivirus/malware scanner for macOS.
2. Monitor your **Activity Monitor** for suspicious processes.
3. Check **~/Library/LaunchAgents** and **/Library/LaunchDaemons**
for strange files.
=
Perhaps you are not as clued-up on Macs as you think you are, Dustin!
The OS makes no difference here, you have a landmine which hasn't
even been stepped on yet. Delete such a trojan and you're done.
My point is that without an anti-malware software programme to catch
it, you'd never know that it was there - hiding!
It is best not to execute or even open email like this.
Unannounced X-posting is impolite.
Do, please, take a look at a post I've made on ucsm.
Unannounced X-posting is impolite.
On Feb 26, 2025 at 5:34:57 AM MST, "David" wrote <m28g3hF27d7U1@mid.individual.net>:
On 17/02/2025 00:18, Brock McNuggets wrote:
On Feb 16, 2025 at 4:58:55 PM MST, "David" wrote
<m1fcdvF87jmU5@mid.individual.net>:
On 16/02/2025 23:52, Brock McNuggets wrote:
On Feb 16, 2025 at 4:45:54 PM MST, "David" wrote
<m1fbliF87jnU1@mid.individual.net>:
...
I confess that I do do that sometimes!
Seems unlikely you did.
I may well have opened an email attachment (SPAM)
Just to be clear, not only opened the email but saved the attachment and then
opened it? If so the malware app should have found that copy. >>>>>>>>>>
Fair enough... but had you the malware app should have caught that you did.
I STILL do not have a great deal of faith in ClamXAV.
It is dependent on the Clam engine.
For the most part, yes ...... but Mark Allan can manipulate the software.
From what I understand he has a wrapper around the Clam engine. He does not
modify the engine.
He does! Write and ask him - PLEASE!
Not going to contact him, but I did ask ChatGPT:
I ask only because he will no correspond with me!
-----
The author of ClamXAV, ClamXAV Software, doesn’t typically alter the
underlying ClamAV engine itself but customizes the way it interacts with macOS
to provide an easy-to-use interface and better integration with the system. >>> ClamXAV leverages ClamAV for virus detection and scanning but wraps it in a >>> macOS-friendly UI, often adding additional features like automatic updates, >>> scheduled scans, and integration with system security mechanisms.
However, ClamXAV is based on ClamAV’s open-source engine, so while it might
optimize or configure it to work better with macOS, the core ClamAV scanning
engine remains largely unchanged.
-----
I asked what might change... and got this:
-----
When I say “largely unchanged,” I mean that the core functionality and >>> scanning engine of ClamAV remain intact, but there could be some customization
in how the engine operates within ClamXAV. Specifically, the author or
ClamXAV’s developers might make adjustments in the following areas:
1. Integration with macOS: The user interface (UI) and experience are
tailored to work seamlessly with macOS, so they might modify how ClamAV
interacts with macOS-specific features like the file system, permissions, or
notification system.
2. Performance Tweaks: To improve efficiency or resource usage on macOS,
ClamXAV might apply certain optimizations or adjust default settings like >>> memory usage, scan speeds, or scanning depth.
3. Customization of Signature Updates: ClamXAV likely handles the >>> signature database differently, such as automating updates or setting custom
preferences for when and how updates are fetched, which could differ from >>> ClamAV’s default method.
4. Reporting and Logging: The way ClamXAV displays scan results, handles
alerts, or logs information might be modified for a smoother macOS experience.
This could include changing the format or type of reports or providing more >>> user-friendly options for viewing scan results.
5. UI Customization: While ClamAV is a command-line tool, ClamXAV >>> provides a graphical interface. The author might tweak how scans are
initiated, how progress is displayed, and how the user can interact with the
program.
In general, these are optimizations or alterations aimed at improving
usability on macOS rather than changing ClamAV’s core detection and scanning
functionality.
-----
That fits my prior understanding.
OK. I don' dispute any of that.
Good!
Folk 'advising' on the ASC forums invariably tell naive users to removeThat does not answer the question.OK. Any reason to think it was not?True... but I do not engage in very risky behavior. I do use software outsideIt WAS (supposedly) quarantined ..... BEFORE I erased my hard drive! >>>>>>>
of the App Store but mostly well respected software. I do not use pirated
stuff.
It is /not/ quarantined - it has been erased!!! 🙂Is your email stored on a server?
Yes, of course. Why do you ask?
With the malware being quarantined I suppose it is a nonissue. >>>>>>>>>>
Your image says it was quarantined (which is not the same as erased). >>>>>>>>
Response from the ASC forum.
THIS! https://i.ibb.co/Q7Chrdqh/Screenshot-2025-02-11-at-18-35-01.png >>>>>
Do you disagree with the person who wrote that message?
I do not think it is so black and white. Depends on your usage and desire. >>
anti-malware software from their Apple computer(s).
Makes sense. Naive users risk doing more harm than good.
*Keep up, dear boy*! ;-) (in fun!)
So quarantined and then erased. Fair enough. :)
<thumb>
But if you did a backup and then brought your data back you brought it back.
I don't know how one can get around that problem :-(
Any ideas?
Stop fearing it. Stop worrying. There is no 100% guarantee that Apple and >>>>> third party apps will catch everything, but it is just not worth focusing so
much time on. It is possible the NSA has targeted you and has cameras hidden
in your home, but the chances are miniscule. Not worth looking in your vents
for cameras. Same with malware. Enjoy other things.
It's my hobby! 🙂 I'm not afraid or fearful - I just don't like "bad guys"!
Enjoy your hobby.
Haha! 🙂 I surely do!
Again: good!
I am getting ready to make some cookies... though might not do it tonight. We
shall see. Made the dough already.
I am impressed with your culinary skills! :-)
I did make them. Now they are eaten and gone.
on 2/26/2025, David supposed :
On 26/02/2025 13:04, FromTheRafters wrote:
David pretended :
On 26/02/2025 09:52, FromTheRafters wrote:
David explained :
On 17/02/2025 01:26, Gremlin wrote:The OS makes no difference here, you have a landmine which hasn't
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net
Sun, 16 Feb
2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly
over reacted.
It posed no real threat to you, and wiping your machine wasn't
necessary.
Trojans are not viruses or worms. They do not self replicate.
Will you explain, please, *WHY* that Trojan posed no threat?
This is what ChatGPT says about it:-
**Trojan.OSX.RustAgent** is a type of macOS malware written in the >>>>>> Rust programming language. Rust is popular among malware
developers because it’s cross-platform, fast, and harder to
reverse-engineer than some older languages.
The **RustAgent** Trojan usually works by:
- **Gaining unauthorized access** to a macOS system.
- **Downloading and executing payloads** — additional malicious
software.
- **Collecting sensitive data** such as passwords or browser
information.
- **Communicating with a command-and-control (C2) server** to
receive further instructions from attackers.
**How does it spread?**
- Fake app installers or cracked software.
- Phishing emails with malicious attachments.
- Drive-by downloads from compromised websites.
**How to check for it:**
1. Run a reputable antivirus/malware scanner for macOS.
2. Monitor your **Activity Monitor** for suspicious processes.
3. Check **~/Library/LaunchAgents** and **/Library/LaunchDaemons** >>>>>> for strange files.
=
Perhaps you are not as clued-up on Macs as you think you are, Dustin! >>>>>
even been stepped on yet. Delete such a trojan and you're done.
My point is that without an anti-malware software programme to catch
it, you'd never know that it was there - hiding!
It is best not to execute or even open email like this.
Understood. But people *DO* open such email - and have no idea that
Apple is NOT protecting them!
How do you know that Apple is not protecting them from its execution?
Do, please, take a look at a post I've made on ucsm.
What is ucsm?
On Feb 26, 2025 at 7:21:54 AM MST, "David" wrote <m28mc2F2vqjU4@mid.individual.net>:
...
That does not answer the question.
Response from the ASC forum.
THIS! https://i.ibb.co/Q7Chrdqh/Screenshot-2025-02-11-at-18-35-01.png >>>>>>>
Do you disagree with the person who wrote that message?
I do not think it is so black and white. Depends on your usage and desire.
Folk 'advising' on the ASC forums invariably tell naive users to remove >>>> anti-malware software from their Apple computer(s).
Makes sense. Naive users risk doing more harm than good.
*MOST* users of Apple computers are somewhat naive about how computers
actually work!
Agree. True of all computers. And cars. And microwave ovens. Pretty much anything high tech.
*Keep up, dear boy*! ;-) (in fun!)
So quarantined and then erased. Fair enough. :)
<thumb>
But if you did a backup and then brought your data back you brought it back.
I don't know how one can get around that problem :-(
Any ideas?
Stop fearing it. Stop worrying. There is no 100% guarantee that Apple and
third party apps will catch everything, but it is just not worth focusing so
much time on. It is possible the NSA has targeted you and has cameras hidden
in your home, but the chances are miniscule. Not worth looking in your vents
for cameras. Same with malware. Enjoy other things.
It's my hobby! 🙂 I'm not afraid or fearful - I just don't like "bad guys"!
Enjoy your hobby.
Haha! 🙂 I surely do!
Again: good!
It's good having you as a pal on-line! :-D
You as well.
I am getting ready to make some cookies... though might not do it tonight. We
shall see. Made the dough already.
I am impressed with your culinary skills! :-)
I did make them. Now they are eaten and gone.
Wonderful! 🙂
They did not turn out quite as well as I hoped, but I am just learning and I was struggling with POTS pretty badly the day I decorated them. Whole body was
shaky. Had to take a lot of breaks. But in the end they were pretty and yummy.... so all is good.
On Feb 26, 2025 at 9:42:37 AM MST, "David" wrote <m28ujtF4dbkU1@mid.individual.net>:
On 26/02/2025 16:08, Brock McNuggets wrote:
On Feb 26, 2025 at 1:45:12 AM MST, "David" wrote
<m282koF31tU1@mid.individual.net>:
On 17/02/2025 01:26, Gremlin wrote:
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net Sun, 16 Feb
2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly over reacted.
It posed no real threat to you, and wiping your machine wasn't necessary. >>>>> Trojans are not viruses or worms. They do not self replicate.
Will you explain, please, *WHY* that Trojan posed no threat?
This is what ChatGPT says about it:-
**Trojan.OSX.RustAgent** is a type of macOS malware written in the Rust >>>> programming language. Rust is popular among malware developers because >>>> it’s cross-platform, fast, and harder to reverse-engineer than some
older languages.
The **RustAgent** Trojan usually works by:
- **Gaining unauthorized access** to a macOS system.
- **Downloading and executing payloads** — additional malicious software.
- **Collecting sensitive data** such as passwords or browser information. >>>> - **Communicating with a command-and-control (C2) server** to receive
further instructions from attackers.
**How does it spread?**
- Fake app installers or cracked software.
- Phishing emails with malicious attachments.
- Drive-by downloads from compromised websites.
**How to check for it:**
1. Run a reputable antivirus/malware scanner for macOS.
2. Monitor your **Activity Monitor** for suspicious processes.
3. Check **~/Library/LaunchAgents** and **/Library/LaunchDaemons** for >>>> strange files.
=
Perhaps you are not as clued-up on Macs as you think you are, Dustin!
It only is a threat if you run it...
Understood!
though you said you might have. NOT
shaming you for that -- this is how such malware is designed: to trick people
into running it and even giving it permissions.
Would *Apple* have noticed if I /had/ run it?
I am not sure it it would have caught it... but the scan likely would have.
Would it have been removed by Apple in an 'Update'?
I do not know.
On Feb 26, 2025 at 9:56:54 AM MST, "David" wrote <m28vemF4dbkU2@mid.individual.net>:
On 26/02/2025 16:51, Brock McNuggets wrote:
On Feb 26, 2025 at 9:42:37 AM MST, "David" wroteHuh? *WHICH* scan?
<m28ujtF4dbkU1@mid.individual.net>:
On 26/02/2025 16:08, Brock McNuggets wrote:
On Feb 26, 2025 at 1:45:12 AM MST, "David" wrote
<m282koF31tU1@mid.individual.net>:
On 17/02/2025 01:26, Gremlin wrote:It only is a threat if you run it...
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net Sun, 16 Feb
2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly over reacted.
It posed no real threat to you, and wiping your machine wasn't necessary.
Trojans are not viruses or worms. They do not self replicate.
Will you explain, please, *WHY* that Trojan posed no threat?
This is what ChatGPT says about it:-
**Trojan.OSX.RustAgent** is a type of macOS malware written in the Rust >>>>>> programming language. Rust is popular among malware developers because >>>>>> it’s cross-platform, fast, and harder to reverse-engineer than some >>>>>> older languages.
The **RustAgent** Trojan usually works by:
- **Gaining unauthorized access** to a macOS system.
- **Downloading and executing payloads** — additional malicious software.
- **Collecting sensitive data** such as passwords or browser information.
- **Communicating with a command-and-control (C2) server** to receive >>>>>> further instructions from attackers.
**How does it spread?**
- Fake app installers or cracked software.
- Phishing emails with malicious attachments.
- Drive-by downloads from compromised websites.
**How to check for it:**
1. Run a reputable antivirus/malware scanner for macOS.
2. Monitor your **Activity Monitor** for suspicious processes.
3. Check **~/Library/LaunchAgents** and **/Library/LaunchDaemons** for >>>>>> strange files.
=
Perhaps you are not as clued-up on Macs as you think you are, Dustin! >>>>>
Understood!
though you said you might have. NOT
shaming you for that -- this is how such malware is designed: to trick people
into running it and even giving it permissions.
Would *Apple* have noticed if I /had/ run it?
I am not sure it it would have caught it... but the scan likely would have. >>
The one you ran.
Would it have been removed by Apple in an 'Update'?
I do not know.
It's a shame that Apple will not talk about such things to us users!
Apple holds ALL the cards. :-(
They might have a list of what malware they catch, but I have never looked. Have you?
On Feb 26, 2025 at 10:30:42 AM MST, "David" wrote <m291e2F4cihU4@mid.individual.net>:
On 26/02/2025 17:11, Brock McNuggets wrote:
On Feb 26, 2025 at 9:56:54 AM MST, "David" wrote
<m28vemF4dbkU2@mid.individual.net>:
On 26/02/2025 16:51, Brock McNuggets wrote:
On Feb 26, 2025 at 9:42:37 AM MST, "David" wrote
<m28ujtF4dbkU1@mid.individual.net>:
On 26/02/2025 16:08, Brock McNuggets wrote:
On Feb 26, 2025 at 1:45:12 AM MST, "David" wrote
<m282koF31tU1@mid.individual.net>:
On 17/02/2025 01:26, Gremlin wrote:It only is a threat if you run it...
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net Sun, 16 FebWill you explain, please, *WHY* that Trojan posed no threat?
2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png >>>>>>>>>>
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly over reacted.
It posed no real threat to you, and wiping your machine wasn't necessary.
Trojans are not viruses or worms. They do not self replicate. >>>>>>>>
This is what ChatGPT says about it:-
**Trojan.OSX.RustAgent** is a type of macOS malware written in the Rust
programming language. Rust is popular among malware developers because >>>>>>>> it’s cross-platform, fast, and harder to reverse-engineer than some >>>>>>>> older languages.
The **RustAgent** Trojan usually works by:
- **Gaining unauthorized access** to a macOS system.
- **Downloading and executing payloads** — additional malicious software.
- **Collecting sensitive data** such as passwords or browser information.
- **Communicating with a command-and-control (C2) server** to receive >>>>>>>> further instructions from attackers.
**How does it spread?**
- Fake app installers or cracked software.
- Phishing emails with malicious attachments.
- Drive-by downloads from compromised websites.
**How to check for it:**
1. Run a reputable antivirus/malware scanner for macOS.
2. Monitor your **Activity Monitor** for suspicious processes. >>>>>>>> 3. Check **~/Library/LaunchAgents** and **/Library/LaunchDaemons** for >>>>>>>> strange files.
=
Perhaps you are not as clued-up on Macs as you think you are, Dustin! >>>>>>>
Understood!
though you said you might have. NOT
shaming you for that -- this is how such malware is designed: to trick people
into running it and even giving it permissions.
Would *Apple* have noticed if I /had/ run it?
I am not sure it it would have caught it... but the scan likely would have.
Huh? *WHICH* scan?
The one you ran.
*Most* folk do not do such things!
Correct.
Would it have been removed by Apple in an 'Update'?
I do not know.
It's a shame that Apple will not talk about such things to us users!
Apple holds ALL the cards. :-(
They might have a list of what malware they catch, but I have never looked. >>> Have you?
Yes, I have looked. Apple does NOT disclose the malware it captures.
Likely to not help the malware writing cretins out there.
ChatGPT says ....
//Apple generally does not disclose specific details about the malware
it detects or captures on its devices. The company focuses on protecting
users through built-in security features like XProtect, Gatekeeper, and
malware removal tools, but it doesn’t typically provide a public list of >> specific threats it has blocked or detected. However, Apple does provide
periodic updates about the types of security threats and vulnerabilities
it addresses in its security updates, which can give users an overview
of the kinds of risks its security systems are designed to protect against. >>
For example, Apple releases security advisories with each macOS update
that detail vulnerabilities and exploits it has patched. But as for
specifics about the malware itself, the company usually keeps that
information more general to avoid giving attackers detailed information
about its security measures.
If you're interested in more specific details on threats detected, you
might have to rely on security research reports from third parties or
security researchers who analyze malware trends on Apple devices.//
Do, please, take a look at a post I've made on ucsm.
What is ucsm?
Oh, I see, your crossposted group, nevermind.
*Why didn't you respond to this post of mine*?
=
Apple has total control over my Apple devices if fired by Apple software.
Does Apple still have access to my old 24 inch iMac which is running
Linux Mint?
It seems that it might!!! This is what Chat GPT helped me to find:-
david@david-iMac:~$ sudo efibootmgr
[sudo] password for david:
BootCurrent: 0000
Timeout: 5 seconds
BootOrder: 0000,0001,0080
Boot0000* Ubuntu HD(1,GPT,eecbee81-1d74-414b-9764-2f0e5f291cfc,0x800,0x80000)/ File(\EFI\ubuntu\shimx64.efi)
Boot0001* MX Linux HD(1,GPT,eecbee81-1d74-414b-9764-2f0e5f291cfc,0x800,0x80000)/ File(\EFI\MX\grubx64.efi)
Boot0080* Mac OS X PciRoot(0x0)/Pci(0x1f,0x2)/Sata(0,0,0)/ HD(2,GPT,91ee5c37-7d10-4bc0-ae45-429938a266c1,0x64028,0x3a2e1fe0)
Boot0081* Mac OS X PciRoot(0x0)/Pci(0x1f,0x2)/Sata(0,0,0)/ HD(2,GPT,1a03b12d-4501-4d31-9577-92ea1e134d85,0x64028,0x3a1ec0c0)
BootFFFF* PciRoot(0x0)/Pci(0x1d,0x0)/USB(0,0)/ HD(2,0,00000000000000000000000000000000,0x21c4,0x2800)/ File(\EFI\BOOT\BOOTX64.efi)
=
david@david-iMac:~$ dpkg -l | grep -i apple
ii cinnamon-control-center-data 6.4.1+xia all configuration applets for Cinnamon - data files
ii gir1.2-matepanelapplet-4.0:amd64 1.27.1-2build3 amd64 GObject
introspection data for MATE panel
ii gkbd-capplet 3.28.1-1build3 amd64 GNOME
control center tools for libgnomekbd
ii libayatana-indicator3-7:amd64 0.9.4-1build1 amd64 panel
indicator applet - shared library (GTK-3+ variant)
ii libetonyek-0.1-1:amd64 0.1.10-5build1 amd64 library for reading and converting Apple Keynote presentations
ii libimobiledevice-utils 1.3.0-8.1build3 amd64 Utitilies for communicating with iPhone and other Apple devices
ii libimobiledevice6:amd64 1.3.0-8.1build3 amd64 Library for communicating with iPhone and other Apple devices
ii libmate-panel-applet-4-1:amd64 1.27.1-2build3 amd64 library for
MATE Panel applets
ii libplist-2.0-4:amd64 2.3.0-1~exp2build2 amd64 Library for handling Apple binary and XML property lists
ii nvidia-prime-applet 1.4.4 all
An applet for NVIDIA Prime
=
david@david-iMac:~$ sudo fdisk -l
Disk /dev/sda: 465.76 GiB, 500107862016 bytes, 976773168 sectors
Disk model: CT500MX500SSD1
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: 75DF666E-BCDD-44B3-9D7D-D8B4362B7C30
Device Start End Sectors Size Type /dev/sda1 2048 526335 524288 256M EFI System /dev/sda2 526336 488648703 488122368 232.8G Linux filesystem /dev/sda3 488648704 976771071 488122368 232.8G Linux filesystem david@david-iMac:~$
=
Looks like I've got a bit of work to do to clean up the old iMac! ;-)
On Feb 26, 2025 at 1:45:12 AM MST, "David" wrote <m282koF31tU1@mid.individual.net>:
On 17/02/2025 01:26, Gremlin wrote:
David <BD@invalid.email> news:m1dso8F1e0qU1@mid.individual.net Sun, 16 Feb >>> 2025 10:25:12 GMT in alt.computer.workshop, wrote:
This is a screenshot:-
https://i.ibb.co/HLgy7hNf/Screenshot-2025-02-11-at-10-07-47.png
I've erased my hard drive, just in case!
Based on the content of your screenshot, you more than slightly over reacted.
It posed no real threat to you, and wiping your machine wasn't necessary. >>> Trojans are not viruses or worms. They do not self replicate.
Will you explain, please, *WHY* that Trojan posed no threat?
This is what ChatGPT says about it:-
**Trojan.OSX.RustAgent** is a type of macOS malware written in the Rust
programming language. Rust is popular among malware developers because
it’s cross-platform, fast, and harder to reverse-engineer than some
older languages.
The **RustAgent** Trojan usually works by:
- **Gaining unauthorized access** to a macOS system.
- **Downloading and executing payloads** — additional malicious software. >> - **Collecting sensitive data** such as passwords or browser information.
- **Communicating with a command-and-control (C2) server** to receive
further instructions from attackers.
**How does it spread?**
- Fake app installers or cracked software.
- Phishing emails with malicious attachments.
- Drive-by downloads from compromised websites.
**How to check for it:**
1. Run a reputable antivirus/malware scanner for macOS.
2. Monitor your **Activity Monitor** for suspicious processes.
3. Check **~/Library/LaunchAgents** and **/Library/LaunchDaemons** for
strange files.
=
Perhaps you are not as clued-up on Macs as you think you are, Dustin!
It only is a threat if you run it...
though you said you might have. NOT
shaming you for that -- this is how such malware is designed: to trick people into running it and even giving it permissions.
Because you are obsessed. You have obviously not the capabilities to differentiate digital threats and you tend to believe nonsense.
Especially things from "tools" that have to create results to make money.
This is what ChatGPT says about it:-
Another kind of reduced intelligence.
On 16 Feb 2025 23:52:17 GMT, Brock McNuggets
<brock.mcnuggets@gmail.com> wrote:
<snipped>
Enjoy other things.
Bacon baps with brown sauce and either hot tea with a drop of milk or American Cream Soda, for example.
Or a nice walk on a Summer's day watching the girls and fussing all
of the dogs.
Or a really good book in a soft chair in a warm home.
Or a really good book with that damned cat sleeping on your lap and preventing you from getting up to pee.
Or simply being with *her*, sitting quietly, knowing she's there but
not interrupting her.
There's loads of other things.
Ice cream could be nice. :)
I do not pay much attention to what people say of others. I know many are pulled in by arrogance and such... Trump has a of that. He is an authoritarian
fascist oligarch and a puppet but he has a cult following in the US.
David <David.is@home.today> wrote:
On 23/02/2025 02:22, Brock McNuggets wrote:
[....]
I do not pay much attention to what people say of others. I know many are >>> pulled in by arrogance and such... Trump has a of that. He is an authoritarian
fascist oligarch and a puppet but he has a cult following in the US.
Over the last couple of weeks he's shown the whole world that he is a
bully-boy. :-(
He’s shown us for years — but he’s getting worse.
It is good to see some of his past supporters start to see the light. Just hope it’s not too late. You’re not in the US. The situation here is appalling. Thousands being fired and then some begged to be rehired, lies about how that promotes “efficiency” when the firings are tied to investigations into Musk and other leaches on our economy, reduced safety standards and a crumbling stock market.
It really does seem Trump has been bought by Putin and Musk.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 546 |
| Nodes: | 16 (0 / 16) |
| Uptime: | 167:38:17 |
| Calls: | 10,385 |
| Calls today: | 2 |
| Files: | 14,057 |
| Messages: | 6,416,540 |
