Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 1992 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Eblaster software removal and other issues

RolandSC

Anyone got experience of how to remove Eblaster and bolt ons from Mac system? It was installed by someone checking up on the users and was thus a "permitted" install. I don't believe the software provider when they say it is remotely removed, plus they have been getting text messages off of the Iphone when it connects to the Mac which wasn't a feature of the software. FInal thought the mail reports, now seen, do not look like the ones in the web advertising.

I suspect then that a version that is much more aggressive has been installed and is still running. Is it right to be worried? How can I manually check for this or any other threats come to that? WIll Sophos product find it and kill it? DO Trojans like this spread across a Mac network as easily as they do in the Windows world?

Questions questions.

:1003133


This thread was automatically locked due to age.
Parents
  • 0

    Eblaster is not currently detected by Sophos -- however, if it is truly a trojan version, we would appreciate receiving a sample of the installer for analysis.

    As far as manual analysis goes, I suggest you check your processes in Activity Monitor, and download Lingon to check and see if any background processes are being triggered.

    Another useful step would be to install Little Snitch to watch/block network access on a per-process basis.  You could also use FSEventer to watch what processes are accessing what files on the system; this will definitively show you any odd activity that might still be happening, and what files are implicated.

    To answer your last question, Trojans don't spread across networks; that is left mostly to worms.  Worms tend to do this by exploiting a security hole -- the software you're talking about does all of its work with the administrator's permission.

    :1003139
Reply
  • 0

    Eblaster is not currently detected by Sophos -- however, if it is truly a trojan version, we would appreciate receiving a sample of the installer for analysis.

    As far as manual analysis goes, I suggest you check your processes in Activity Monitor, and download Lingon to check and see if any background processes are being triggered.

    Another useful step would be to install Little Snitch to watch/block network access on a per-process basis.  You could also use FSEventer to watch what processes are accessing what files on the system; this will definitively show you any odd activity that might still be happening, and what files are implicated.

    To answer your last question, Trojans don't spread across networks; that is left mostly to worms.  Worms tend to do this by exploiting a security hole -- the software you're talking about does all of its work with the administrator's permission.

    :1003139
Children
No Data