请选择 进入手机版 | 继续访问电脑版

苹果发烧友论坛

 找回密码
 注册
查看: 3276|回复: 11

[求助] 【重要,所有组员请进】手动删除新发现的OSX/OpinionSpy 木马

[复制链接]
发表于 2010-6-4 14:27:01 | 显示全部楼层 |阅读模式
由于我要赶火车,先把重点翻译过来。比较粗糙,见谅。请翻译组同学帮助关注此事件,并及时将有价值文章翻译过来。



病毒中文描述:

http://blog.csdn.net/afatgoat/archive/2010/06/02/5642110.aspx

查看自己是否中招:

http://blog.csdn.net/afatgoat/archive/2010/06/04/5646334.aspx



方法:

先查看自己是否中招,依上面方法。

删除方法:

进入应用程序目录。

找到PremierOpinion文件夹

【下面方法可能危险】

删除该目录,清空回收站。如若不能清空,在点击清空时按住option键,此时可能需要管理员帐户。重启你的Mac

再次检查是否继续中招中。。。。



原帖:http://www.macosxhints.com/article.php?story=20100603055412831

另有两片需要翻译:
http://www.guardian.co.uk/techno ... o-remove-opinionspy

http://www.macworld.com/article/ ... reware_spyware.html
(有包含病毒的软件列表)
 楼主| 发表于 2010-6-4 14:27:11 | 显示全部楼层
原文:


Manually remove the newly found OSX/OpinionSpy spyware


Jun 03, '10 07:30:00AM • Contributed by: MacUser06
[crarko adds: OK, there are some serious questions raised about the procedure described below. I suggest waiting for further corroboration before trusting it.]

Here is some background on the recent announcement about a piece of malware which has been found to affect Macs. The spyware in question is called OSX/OpinionSpy and it’s a new variant of Windows spyware that has existed since 2008.

This link (to The Guardian) offers a manual method to remove the spyware which was installed with the screen savers from 7art, or other infected applications which may have been installed.

To see if you're affected, run Activity Monitor (in /Applications/Utilities) and set it to show All Processes in the dropdown menu. Look for a process called 'PremierOpinion' which will be owned by root. If it's there, you've been affected.

To summarize the removal procedure:
        •        Go to the /Applications folder in the Finder.
        •        Find the PremierOpinion folder.
        •        [crarko adds: Possible dangerous step removed.]
        •        Move the PremierOpinion folder to the Trash and empty the Trash; if won't delete, choose 'Empty Trash' while holding the Option key. You may need an administrator password. Reboot the Mac after doing this.
        •        Check again in Activity Monitor to be sure the process 'PremierOpinion' is no longer there.
The submitter expresses thanks to Paul Mortgaat on the X4U mailing list for pointing out this tip.

[crarko adds: Thankfully, I haven't tested this one. I've removed one step in this procedure until it can be verified as not making the problem worse. And take a look at the procedure mentioned in this comment as a more comprehensive operation.]
回复 支持 反对

使用道具 举报

发表于 2010-6-4 15:13:06 | 显示全部楼层
回复 2# la.onger


手动删除新发现的OSX/OpinionSpy 间谍软件

2010 6月3日 上午 7点30分
提供者:MacUser06

【crarko注:OK, 下面所提出的处理流程还存在一些严重的问题,本人建议在相信并使用这个方法之前先等待进一步的佐证】

首先这里有一些关于近来宣布发现的一款感染Mac系统的恶意软件的背景说明。这款间谍软件叫做OSX/OptionionSpy, 它是一个自2008年就出现在Windows上的间谍软件的新变种。

该链接(指向Guardian)提供了一个手动删除该间谍软件的方法,该间谍软件会随着来自7Art的屏幕保护软件或者其他已安装并且被感染的应用程序一同被安装。

如果要检查是否被感染,打开活动监视器(路径:/应用程序/实用工具),在下拉菜里把它设置成显示所有的进程。查找一个拥有者是root的名叫“PremierOpinion”的进程。如果存在,那么系统被感染了。

总结的删除流程:
*从Find进入/应用程序
*找到文件夹PremierOpinion
!!!【crarko注:可能会造成危险的删除步骤被我删除了】
*把文件夹PremierOpinion移动至废纸篓并清空,如果不能清空,按住option键在点击"清空废纸篓",你可能需要输入管理员密码。然后重启Mac系统
* 然后再次打开活动监视器,确保PremierOpinion进程已经不存在了。

发布者对邮件列表X4U中的Paul Mortgaat指出这个小贴士表示感谢。

【crarko注:谢天谢地,我还没有测试过这个方法,我删除了此流程中的一个步骤,除非得到验证它不会把问题变的更糟。同时,可以把以上文章里提到的流程看作是一个更全面的操作过程。

原文:
Manually remove the newly found OSX/OpinionSpy spyware


Jun 03, '10 07:30:00AM • Contributed by: MacUser06
[crarko adds: OK, there are some serious questions raised about the procedure described below. I suggest waiting for further corroboration before trusting it.]

Here is some background on the recent announcement about a piece of malware which has been found to affect Macs. The spyware in question is called OSX/OpinionSpy and it’s a new variant of Windows spyware that has existed since 2008.

This link (to The Guardian) offers a manual method to remove the spyware which was installed with the screen savers from 7art, or other infected applications which may have been installed.

To see if you're affected, run Activity Monitor (in /Applications/Utilities) and set it to show All Processes in the dropdown menu. Look for a process called 'PremierOpinion' which will be owned by root. If it's there, you've been affected.

To summarize the removal procedure:
        •        Go to the /Applications folder in the Finder.
        •        Find the PremierOpinion folder.
        •        [crarko adds: Possible dangerous step removed.]
        •        Move the PremierOpinion folder to the Trash and empty the Trash; if won't delete, choose 'Empty Trash' while holding the Option key. You may need an administrator password. Reboot the Mac after doing this.
        •        Check again in Activity Monitor to be sure the process 'PremierOpinion' is no longer there.
The submitter expresses thanks to Paul Mortgaat on the X4U mailing list for pointing out this tip.

[crarko adds: Thankfully, I haven't tested this one. I've removed one step in this procedure until it can be verified as not making the problem worse. And take a look at the procedure mentioned in this comment as a more comprehensive operation.]

另:我不是翻译组成员,不过这个问题似乎比较紧急,所以就先动手了,希望大家都没中招。
希望没违反版规
回复 支持 反对

使用道具 举报

发表于 2010-6-4 15:14:17 | 显示全部楼层
我很惊奇地试验一下代码,没有返回任何消息..
回复 支持 反对

使用道具 举报

发表于 2010-6-4 16:11:39 | 显示全部楼层
本帖最后由 ssss3162 于 2010-6-4 16:14 编辑

我要赶飞机,留个位子。
回复 支持 反对

使用道具 举报

发表于 2010-6-4 18:05:00 | 显示全部楼层
经检查,未中招
回复 支持 反对

使用道具 举报

发表于 2010-6-4 22:43:08 | 显示全部楼层
已经查过还没有中毒。这个应该还不在大面积防毒的范围吧!已经习惯了没毒的安逸生活@-@
回复 支持 反对

使用道具 举报

发表于 2010-6-5 00:21:47 | 显示全部楼层
幸好没有中招,~~~一把汗啊
回复 支持 反对

使用道具 举报

发表于 2010-6-5 02:44:31 | 显示全部楼层
多谢提醒,已检查,一切还好.
回复 支持 反对

使用道具 举报

 楼主| 发表于 2010-6-7 10:27:39 | 显示全部楼层
回复  la.onger


手动删除新发现的OSX/OpinionSpy 间谍软件

2010 6月3日 上午 7点30分
提供者:M ...
凉开水 发表于 2010-6-4 15:13



感谢凉开水同学。

没有违规,翻译版并不是只有翻译组才可以发文的。
回复 支持 反对

使用道具 举报

发表于 2010-6-12 08:21:58 | 显示全部楼层
木有中招!
回复 支持 反对

使用道具 举报

发表于 2010-8-18 03:15:07 | 显示全部楼层
没返回任何信息,没中毒,继续裸奔生活。。。
回复 支持 反对

使用道具 举报

QQ|小黑屋|手机版|Archiver|苹果发烧友论坛 ( 京ICP备16012027号-3 )

GMT+8, 2017-12-13 09:20 , Processed in 0.014091 second(s), 8 queries , Xcache On.

Powered by Discuz! X3.3 Licensed

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表