poor info. in the moment it looks like the firewall panic.

Note: if you are using a router the DNS servers are dimmed out, too.

[ Reply to This | # ]

We adjusted the article to clarify the gray DNS entries, as well as add a simpler method of detecting the malware.

As for root crontabs, I have yet to find a program that installs any on its own. Yes, experienced macosxhints readers may have them installed, but they will have put them there themselves.

For other "typical" OS X users, though, the root crontab is going to be empty. For the audience, I feel it's the best advice -- there really shouldn't be any root crontabs running on a system that the user didn't place there themselves.

If someone can provide a real-world example of a third-party app that installs its own root crontab, I would like to know about it -- and no, geeky Unix utilities and the like don't count. :)

-rob.

[ Reply to This | # ]

Yeah, agreed. And ruling out geeky unix type things, I can't say I know of anything that does use the crontab. I just thought it might be worth pointing out that you are actually deleting everything :)

---
Aluminum iMac 20" 2.4 GHz/3GB/300GB HD

[ Reply to This | # ]

Intel iMac, Mac OS X 10.4.10 - McAfee VirusScan v8.5 (formerly known as Virex).

I have the "VirusScan Schedule Editor" component set to do a DAT eUpdate every working day (I work for a university). Your "sudo crontab -l" produces the following output:

# Virex Schedule Editor Task 09282007101331946
32 10 * * 1,2,3,4,5 /usr/local/vscanx/VShieldScheduleLauncher -i 09282007101331946 >/dev/null 2>&1

Although I'm actually in IT support, I hadn't specifically known that it used cron to achieve its results.

[ Reply to This | # ]

Symantec Antivirus 10 (Corporate Edition) installs this root crontab:

#SqzS VERSION = 1.0.0
#SYMANTEC SCHEDULER CRON ENTRIES. THESE ENTRIES ARE AUTOMATICALLY GENERATED
#PLEASE DO NOT EDIT.
# Enc=1 Name="Update Virus Protection" EvType1=1 EvType2=0 Sched=2
0 17 * * 5 "/Library/Application Support/Symantec/Scheduler/SymSecondaryLaunch.app/Contents/schedLauncher" 1 "/Applications/Symantec Solutions/LiveUpdate.app/Contents/MacOS/LiveUpdate" " " "oapp" "aevt" "exAG" "-update LUdf -liveupdatequiet YES -liveupdateautoquit YES"
#SqzS END SYMANTEC CRON ENTRIES

[ Reply to This | # ]