Jun 03, '10 07:30:00AM • Contributed by: MacUser06
Here is some background on the recent announcement about a piece of malware which has been found to affect Macs. The spyware in question is called OSX/OpinionSpy and it’s a new variant of Windows spyware that has existed since 2008.
This link (to The Guardian) offers a manual method to remove the spyware which was installed with the screen savers from 7art, or other infected applications which may have been installed.
To see if you're affected, run Activity Monitor (in /Applications/Utilities) and set it to show All Processes in the dropdown menu. Look for a process called 'PremierOpinion' which will be owned by root. If it's there, you've been affected.
To summarize the removal procedure:
- Go to the /Applications folder in the Finder.
- Find the PremierOpinion folder.
- [crarko adds: Possible dangerous step removed.]
- Move the PremierOpinion folder to the Trash and empty the Trash; if won't delete, choose 'Empty Trash' while holding the Option key. You may need an administrator password. Reboot the Mac after doing this.
- Check again in Activity Monitor to be sure the process 'PremierOpinion' is no longer there.
[crarko adds: Thankfully, I haven't tested this one. I've removed one step in this procedure until it can be verified as not making the problem worse. And take a look at the procedure mentioned in this comment as a more comprehensive operation.]
