Threats to security

» virus
» spyware and adware
» malware
» trust gauge

Guide to :

» improve system performance
» use firewalls
» protect your system
» secure your data
» choose the right antivirus software
» choose the best anti spyware program

Latest in trend:

» viruses

OSX.Lamzev.A

What is OSX.Lamzev.A?

How does it affect your PC?

How to remove OSX.Lamzev.A?

What is OSX.Lamzev.A?

Discovered on the13th of November 2008, OSX.Lamzev.A is a trojan horse created for Mac OSX system that opens a back door port and allows remote access on the infected computer.

How does it affect your PC?

When the Trojan is executed, it creates the following file: /Applications/ezmal

The Trojan then opens a command shell, which allows a user to select an application and a port number.The chosen application can then be used as a back door, which allows a remote attacker to gain access to the compromised computer.

The Trojan copies the executable file for the chosen application to the following location:
/Applications/[CHOSEN APPLICATION]/Contents/MacOS/2

It then creates the following file, which installs and runs the back door component whenever the chosen application is executed:
/Applications/[CHOSEN APPLICATION]/Contents/MacOS/1

Next, it creates the following file:
/tmp/com.apple.DockSettings

The contents of the above file are inserted into the following file so that the back door executes whenever the computer starts: ~/Library/LaunchAgents

The Trojan then deletes the /tmp/com.apple.DockSettings file.

How to remove OSX.Lamzev.A?

1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected file(s)
5. Delete the main executable
Delete the following file: /Applications/[CHOSEN APPLICATION]/Contents/MacOS/1
6. Restore the chosen application to its original location
Restore the following file to the original application filename: /Applications/[CHOSEN APPLICATION] /Contents /MacOS/2
7. Restore the CFBundleExecutable key in the Info.plist file
Open the following file: /Applications/[CHOSEN APPLICATION]/Contents/Info.plist
Under the CFBundleExecutable key, change the following content from: 1to:
[NAME OF EXECUTABLE FILE FOR CHOSEN APPLICATION FROM STEP 6]
8. Restore ~/Library/LaunchAgents from a clean backup

Tips and tricks

» spot a phishing mail
» identify fake websites
» prevent SPAM
» be a net surfer pro-Top Ten tips
» steps to secure your browser
» protect your organisation
» safe emailing tips
» system protection and spyware control
» WiFi Security

Free products & solutions

» antivirus softwares
» anti-spyware solutions
» online virus scanners
» spyware removal tools
» browser add ons
» malware scanners and anti-malware solutions

Product Reviews

» antivirus softwares
» antispyware softwares
» badwares