資訊來自 http://www.macworld.com
如果你不是通過apple官網下載的iwork 09, 請檢查
/System/Library/StartupItems 目錄下有沒有 iWorkServices
如果有,恭喜你中木馬了!
此木馬不會刪除你的檔,但是會偷偷安裝你不想要的東西,或者修改已經存在的程式。所以只是手動刪除這個service是不夠的。
唯一的清除方式是格式化硬碟,從光碟重裝系統,然後恢復你的檔----如果你有備份的話。
不過另外有網友說:偶記得安裝iwork的時候是不用輸入管理員密碼的,所以根目錄下的library應該是無法修改的,倒是帳戶目錄下的library應該檢查一下才是真的
不知道事實如何,有人可以幫忙證實一下嗎?
通常P2P download下來的程式,我都會先找這些程式或是ISO的MD5的值,
等download下來後,用md5程式來檢查MD5的值是否正確,
就知道程式有沒有被更改過。
1) (open Terminal.app)
2) sudo su (enter password)
3) rm -r /System/Library/StartupItems/iWorkServices
4) rm /private/tmp/.iWorkServices
5) rm /usr/bin/iWorkServices
6) rm -r /Library/Receipts/iWorkServices.pkg
7) killall -9 iWorkServices
As you might know, the download from official site and the download through P2P, such as Bit Torrent should be exactly the same since there is no crack needed for iWork suite but Serial Number.
If I intended to "try out" iWork 09 without trial limitations, I would get the trial version from official site and get the Text-File which has the Serial Number from Torrent site.
Official site's bandwidth is a lot faster anyways. You don't have to wait for seeds nor peers.
不是經由Apple下載的iWork '09(不論你是否有正版授權序號)
都有可能被植入木馬
建議最好的解決方式是重新安裝OS X
因為這隻木馬會下載其他的應用程式下來並安裝
他在安裝(或修改)任何應用程式都有能力躲避詢問使用者的步驟
因為他是用root層級在執行
當然你也可以把iWorkServices用red2000提供的方式移除掉
Update: Despite significant publicity surrounding this incident today, the infected iWork package remains active in the torrent community. In light of this continued activity, we have moved this report from Page 2 to our front page and are providing instructions for deactivating and removing the Trojan from infected systems.
1) (open Terminal.app)
2) sudo su (enter password)
3) rm -r /System/Library/StartupItems/iWorkServices
4) rm /private/tmp/.iWorkServices
5) rm /usr/bin/iWorkServices
6) rm -r /Library/Receipts/iWorkServices.pkg
7) killall -9 iWorkServices
不過木馬所下載並安裝或在電腦上修改的應用程式都沒有辦法一併處理
(如果有的話)
這不是一隻病毒
他不具有自行感染另外一台OS X電腦的能力
他還是需要藉由使用者安裝才會植入電腦
沒有經過Apple下載iWork '09試用版的朋友注意一下吧!
內文搜尋
從 APP 打開
X