Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How to find and remove the OSX.RSPlug.A malware' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to find and remove the OSX.RSPlug.A malware
Authored by: leono on Oct 31, '07 01:03:08PM
Removing the root crontab altogether (with no review) is a pretty bad idea. You can see what's in the crontab with sudo crontab -l. I have no idea what the malware's crontab entry looks like, but maybe someone can reply and post it here?

If the malware's entry is the only line listed, it is safe to remove the crontab with sudo crontab -r. You can also edit the root crontab in the default editor (vi in Tiger) with sudo crontab -e. If you needed to delete a single line (the malware's) from a multiline file, you would

  1. Use the arrow keys to navigate to the line in question
  2. Type dd to delete the line
  3. Type :wq and press Return to Write the file and Quit
Hope this saves someone's bacon. I'd imagine that most people who have entries in the root crontab know what they're doing enough to not delete it in one shot, but you never know...

[ Reply to This | # ]
How to find and remove the OSX.RSPlug.A malware
Authored by: robg on Oct 31, '07 01:43:12PM

Good advice, agreed ... though I still can't come up with a single app that installs a root crontab under 10.4 or 10.5.

-rob.



[ Reply to This | # ]
How to find and remove the OSX.RSPlug.A malware
Authored by: hdms on Oct 31, '07 03:03:19PM

I had a look at my cron jobs using CronniX and opened Crontab for System.

In it was the system-level Macworld hint on scheduling repairing permissions, and also entries for the System Prefpane 'Deja Vu' backup utilty.

CronniX is perhaps the more user-friendly way to see and manage cron jobs.



[ Reply to This | # ]