Malicious script and un-authorized access

[Truth214]

Hello Everyone,

I hope this is the right place to post this. It's a security issue with my macbook pro which is running Snow Leopard 10.6.8.

When I startup my mac, my terminal starts on opening, starting yesterday whenever I startup terminal opens and runs an automated script which just lists the current version of java that is running on the machine. Even wierder, if I am connected to the internet the root user on terminal will become carlies-iphone-MyName-MacBook-Pro:- myname$

Needless to say I do not know who Carlie is .

I have downloaded Kapersky and Dr.Web Light both which found one thing which was promptly deleted, though the script and the user issue still occurs. I have also disabled java on safari and have taken that computer off the internet until a solution presents itself.

This is the script that runs:-

/System/Library/Frameworks/JavaVM.framework/Versions/A/Commands/java ; exit; carlies-iphone:- myname$ /System/Library/Frameworks/JavaVM.framework/Versions/A/Commands/java ; exit;

After which the process runs.

Any ideas on whats going on or how to stop it? Or is any more information needed?

Any help would be greatly appreciated,

Regards,
Chris

p.s. DrWebLight found this Program.ConduitToolbar.1 and Kapersky found a rar of gimp (painting program) to be a Trojan-Dropper.Win32.ZAccess.gh

p.p.s. java executable has been set to run at startup.

 

[Kaveman]

I'm sorry but once you have installed malicious software the only thing you can safely do is a clean install of everything.

How can you know what other nasty it has installed.

Backup your User Files and start again.

Always have a separate unused Admin Account, have your day to day Account set to Standard. Always be aware of what is really being installed when you enter your Admin Password.

 

[Truth214]

Hi Kaveman,

Thank you so much for your prompt response and I will definitely keep this option open if I cannot resolve the issue and I will definitely back up all my filed when I get home.

As an update I've disabled and stopped all java related workings for the duration and once the current virus scan has finished I will restart to see what occurs. Also I haven't downloaded anything that has asked for password access to install or open for a long time and this really has just popped up out of the blue, I can't help but think it is a Java issue rather than me downloading anything like that flashback hack that was around a few months ago.

 

[Kaveman]

Most modern exploits are about opening a backdoor to your computer. The use of Java is just to drop its payload.

Anything that has set itself to run on startup without your knowledge is highly suspect.

Your call.