V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
JEFFMEME
V2EX  ›  macOS

中招了,请问这些目录文件可以删除么

  •  
  •   JEFFMEME · 2014-11-06 14:03:25 +08:00 · 7187 次点击
    这是一个创建于 3676 天前的主题,其中的信息可能已经有所发展或是发生改变。
    中招了,请问这些目录文件可以删除么,大家是如何处理的

    python WireLurkerDetectorOSX.py
    WireLurker Detector (version 1.0.0)
    Copyright (c) 2014, Palo Alto Networks, Inc.

    [+] Scanning for known malicious files ...
    [!] Found malicious file: /Library/LaunchDaemons/com.apple.machook_damon.plist
    [!] Found malicious file: /usr/bin/WatchProc
    [!] Found malicious file: /usr/bin/itunesupdate
    [!] Found malicious file: /Library/LaunchDaemons/com.apple.watchproc.plist
    [!] Found malicious file: /Library/LaunchDaemons/com.apple.itunesupdate.plist
    [!] Found malicious file: /System/Library/LaunchDaemons/com.apple.appstore.plughelper.plist
    [!] Found malicious file: /System/Library/LaunchDaemons/com.apple.MailServiceAgentHelper.plist
    [!] Found malicious file: /System/Library/LaunchDaemons/com.apple.systemkeychain-helper.plist
    [!] Found malicious file: /System/Library/LaunchDaemons/com.apple.periodic-dd-mm-yy.plist
    [!] Found malicious file: /usr/bin/com.apple.MailServiceAgentHelper
    [!] Found malicious file: /usr/bin/com.apple.appstore.PluginHelper
    [!] Found malicious file: /usr/bin/periodicdate
    [!] Found malicious file: /usr/bin/systemkeychain-helper
    [!] Found malicious file: /usr/bin/stty5.11.pl
    [+] Scanning for known suspicious files ...
    [!] Found suspicious file: /etc/manpath.d/
    [+] Scanning for infected applications ... (may take minutes)
    [-] Nothing is found.
    [!] WARNING: Your OS X system is highly suspicious of being infected by the WireLurker.
    [!] You may need to delete all malicious or suspicious files and/or applications above.
    18 条回复    2014-11-09 10:03:53 +08:00
    JEFFMEME
        1
    JEFFMEME  
    OP
       2014-11-06 14:10:53 +08:00
    http://www.v2ex.com/t/144122?p=2 这里提供的工具检测到的
    devon
        2
    devon  
       2014-11-06 14:58:34 +08:00
    ➜ WireLurkerDetector git:(master) python WireLurkerDetectorOSX.py
    WireLurker Detector (version 1.0.0)
    Copyright (c) 2014, Palo Alto Networks, Inc.

    [+] Scanning for known malicious files ...
    [-] Nothing is found.
    [+] Scanning for known suspicious files ...
    [-] Nothing is found.
    [+] Scanning for infected applications ... (may take minutes)
    [-] Nothing is found.
    [+] Your OS X system isn't infected by the WireLurker. Thank you!
    Fatcoder
        3
    Fatcoder  
       2014-11-06 15:03:32 +08:00
    可以删除了,全部, 我刚才跟你情况差不多
    JEFFMEME
        4
    JEFFMEME  
    OP
       2014-11-06 15:30:56 +08:00
    @Fatcoder 嗯 有几十个。。和系统文件超级像。。被我改了名确认后删了就好了。。
    tonyleen
        5
    tonyleen  
       2014-11-06 15:48:46 +08:00
    看来以后还是要少去maiyadi下载了.
    sherblue
        6
    sherblue  
       2014-11-06 15:52:27 +08:00
    没中招,^ ^
    WireLurker Detector (version 1.0.0)
    Copyright (c) 2014, Palo Alto Networks, Inc.

    [+] Scanning for known malicious files ...
    [-] Nothing is found.
    [+] Scanning for known suspicious files ...
    [-] Nothing is found.
    [+] Scanning for infected applications ... (may take minutes)
    [-] Nothing is found.
    [+] Your OS X system isn't infected by the WireLurker. Thank you!
    lesswest
        7
    lesswest  
       2014-11-06 16:59:21 +08:00
    python WireLurkerDetectorOSX.py
    WireLurker Detector (version 1.0.0)
    Copyright (c) 2014, Palo Alto Networks, Inc.

    [+] Scanning for known malicious files ...
    [-] Nothing is found.
    [+] Scanning for known suspicious files ...
    [-] Nothing is found.
    [+] Scanning for infected applications ... (may take minutes)
    [-] Nothing is found.
    [+] Your OS X system isn't infected by the WireLurker. Thank you!
    lesswest
        8
    lesswest  
       2014-11-06 17:00:39 +08:00
    com.apple.systemkeychain-helper.plist 这个能看到你的密码吗?
    wzxjohn
        9
    wzxjohn  
       2014-11-06 17:11:46 +08:00
    修改了别人写的一个脚本,添加了一些原来没删掉的文件,
    curl -sL https://qaq.moe/killer.sh | bash
    直接执行这个脚本可以删除并备份所有所有找到了的可疑文件。
    Dreista
        10
    Dreista  
       2014-11-06 22:24:34 +08:00
    @wzxjohn 哈哈哈,QAQ.moe
    wzxjohn
        11
    wzxjohn  
       2014-11-06 22:30:14 +08:00 via iPhone
    @Dreista 当时挑了好久注册的~我注册时包括什么weibo.moe qwq.moe之类的都没注册呢?
    Dreista
        12
    Dreista  
       2014-11-06 22:37:41 +08:00
    wzxjohn
        13
    wzxjohn  
       2014-11-06 22:57:20 +08:00
    @Dreista 也不错啊~
    jox
        14
    jox  
       2014-11-06 23:05:25 +08:00
    。。。。。。。。。。。。。。。都是想都不想就把管理员权限交给别人么?
    aisin
        15
    aisin  
       2014-11-06 23:07:59 +08:00
    vem
        16
    vem  
       2014-11-07 17:30:06 +08:00
    manpath.d 也可以都删掉?
    vem
        17
    vem  
       2014-11-07 17:38:48 +08:00
    找到的文件都删掉了 重启之后 貌似没什么问题
    JEFFMEME
        18
    JEFFMEME  
    OP
       2014-11-09 10:03:53 +08:00
    @vem manpath.d这个是假的, 系统自己的是 manpaths.d
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1630 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 25ms · UTC 00:01 · PVG 08:01 · LAX 16:01 · JFK 19:01
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.