How to remove Inqtana.A
| Published: | Feb 19, 2006 | |||
| Author: | lward | |||
| Related OS: | OS X | |||
According to Symantec "OSX.Inqtana.A is a proof of concept worm that runs on Macintosh OS X and spreads by exploiting a the Apple Mac OS X BlueTooth Directory Traversal Vulnerability". Symantec states the threat as being wild but easy to contain and remove.
The following information is obtained from the Symantec site:
Technical details
1. Creates the following files:
- w0rm-support.tgz
- com.openbundle.plist
- com.pwned.plist
2. Exploits the Apple Mac OS X BlueTooth Directory Traversal Vulnerability (as described in Bugtraq ID 13491) to create the following files:
- /Users/w0rm-support.tgz
- /Users/InqTest.class
- /Users/com.openbundle.plist
- /Users/com.pwned.plist
- /Users/libavetanaBT.jnilib
3. Creates the following folders, adding nonmalicious files used to run the worm:
- /Users/javax
- /Users/de
4. Creates the following two files, so that it starts when the Mac OS X starts:
- /Users/[USER NAME]/Library/LaunchAgents/com.pwned.plist
- /Users/[USER NAME]/Library/LaunchAgents/com.openbundle.plist
5. Searches for other Bluetooth-enabled devices to accept OBEX Push requests when the computer is restarted. If found, the worm attempts to send itself to the remote computer.
Note: The worm attempts to spread by using a time limited demo version of the Avetana library, which is bound to a Bluetooth address. As a result of this the worm may not be able to spread successfully.
Now that you've received that information, I'm sure you'd like to know how to be rid of it if you're computer is infected. I'll do what I did with the last threat, I'll paste the removal instructions that Symantec provides:
Removal instructions
1. Delete the following files:
- /Users/w0rm-support.tgz
- /Users/InqTest.class
- /Users/com.openbundle.plist
- /Users/com.pwned.plist
- /Users/libavetanaBT.jnilib
- /Users/[USER NAME]/Library/LaunchAgents/com.pwned.plist
- /Users/[USER NAME]/Library/LaunchAgents/com.openbundle.plist
2. Delete the following folders:
- /Users/javax
- /Users/de
Looks as thought people are finding more and more flaws in the security of OS X. Hopefully your machine has not been compromised, but if it has, I hope this will help you.
The worm information (technical and removal) was aquired from the Symantec Security Response center.
About lward
I'm looking for a friend who likes...oh wait, wrong entry! Lindsey has worked for Tucows for a long time--August of 1999, to be exact. Minus a little down time in 2001, but we wont talk about that. As of now, she's working on maintaining the Mac side of the site, as well as giving everyone the hot movie wallpapers and screen savers that seem to be popular. When Lindsey is not at Tucows, she likes to enjoy her few-and-far-between off-times playing games, being with friends and family, and making sure her cat Sugar is getting the massive amount of attention he demands......ermm, deserves.
In this episode, we'll be looking at setting up a Bluetooth accessory, we'll offer a few power-saving tips and we'll take a quick look at how copy and paste works on the Samsung Galaxy SII 4G. view it
In this episode, we'll be taking a look at some of the pre-installed apps on the Galaxy SII including the Android Market, Gmail, the browser and the camera. view it
In this episode, we'll be taking a look at some of the Android tweaks that Samsung has made with its TouchWiz interface. We'll also take a look at adding widgets and app shortcuts to our homescreens, including Samsung's own specialized apps and widgets. view it
In this episode, we're going to take a look getting the SII setup with our Google and other accounts so we can begin using it right away. view it
The Samsung Galaxy SII 4G, AKA the Samsung Galaxy Epic Touch 4G, is a top-tier smartphone. view it
In this episode, we’re going to offer a few battery saving tips so your phone will last the whole day and beyond plus we’ll take a look at how copy and paste works on the Photon 4G. view it
The Motorola Photon from Ting features App Shortcuts and Widgets from Android and Motorola. view it
