COMPUTER VIRUS QUESTION: What Is THREAT "OSX/CLICKAGENT.FLA" Found In "opr0ETEF.tmp" File ?

VirusBarrier X6 Scan and Quarantine | Aug 20, 2013 | Yosemitest

[Yosemitest]

What is THREAT "OSX/CLICKAGENT.FLA" found in "opr0ETEF.tmp" file ?

Notice the file name is using a ZERO after the "opr" .
It was found just now with a firewall activity alert.
Here's what the general information on the file says:
Kind: Unix Executable File

Size: 66KB on disk (61,836 bytes)

Where: /Volumes/Untitled/Documents and Settings/(User Name)/Local Settings/Application Data/Opera/My Opera Web Browser/cache/g_0018

Created: Thursday, August 9, 2012 7:36 AM

Modified: Thursday, August 9, 2012 7:36 AM

It's under QUARANTINE now, and I'm looking to destroy it by "shreading" or "wiping" ?

Any suggestions?

[Yosemitest]

Of Course, and the virus was locked down as soon as it was detected.

[Yosemitest]

From the file information data, Created: Thursday, August 9, 2012 7:36 AM is when I got it.

[Yosemitest]

Hat tip to Jerome Segura of Malwarebytes for information on this threat.

[Yosemitest]

You might want to read this.

Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file—which pretends to be an Adobe Flash Player update—with a Developer ID. This tactic is not new, but why try something new when the tried and true tactics are apparently still working?



This new adware has versions for both Windows and Mac OS X, and works as an extension for Chrome, Firefox and Safari to different extents based on the operating system. For Macs, because the installer is a Windows executable auto-extractor, there’s no direct installation. (Continued)

[phockthis]

sfl

[Jeff Chandler]

Cross-Platform Adware Poses as Flash Player Update

Posted on August 20th, 2013 by Lysa Myers

Once again, fraudulent developers are attempting to fool people into installing their adware by signing their file—which pretends to be an Adobe Flash Player update—with a Developer ID. This tactic is not new, but why try something new when the tried and true tactics are apparently still working?

FlashPlayer11

This new adware has versions for both Windows and Mac OS X, and works as an extension for Chrome, Firefox and Safari to different extents based on the operating system. For Macs, because the installer is a Windows executable auto-extractor, there’s no direct installation.

This scam-extension appears to be found on a number of different types of websites, such as adult-themed and file-sharing sites. Once downloaded onto a user’s machine, it must then be installed in order to execute. Once it’s running, it places ads (sometimes pornographic in nature) into legitimate websites, which can make it appear that even children’s sites are serving these lascivious ads. The ads are not served by the usual mechanisms, so they are not blocked by ad-blockers.

The adware installer is signed by an Apple Developer ID belonging to “martingrey@mailinator.com,” which expires in a month (on September 22), at which point it will no longer be recognized as valid.

http://www.intego.com/mac-security-blog/cross-platform-adware-poses-as-flash-player-update/

[Yosemitest]

Thank you.

[gura]

F-Secure Rescue CD

[Yosemitest]

It’s fixed, thanks.

[deks]

I will only update Flash by going to the Adobe web page (see link below), not when a popup window says “Update Available”

http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html

[Yosemitest]

Thanks for the recommendation.

[Vendome]

[Yosemitest]

Now that's funny.
Like they painted on the bombs in the war

Don't run. You'll only die tired.

[Swordmaker]

This “threat” has been in the Apple OSX definition file for over a year. Had you been just using OSX alone with no Anti-virus that disabled Apple’s own protections, OSX would have prevented it from being downloaded at all and warned you before it had to be quarantined.

[Swordmaker]

It’s a minor variation on a known Trojan family. . . and a poor attempt at that. Looks like a “script-kiddie” effort, in that he didn’t even file off the serial numbers, so to speak, or try to make it Mac installable, given that it’s enclosed in a Windows auto-extract file! This can’t possibly affect a Mac in this format!

[Swordmaker]

Guts, That link is for a Windows Rescue CD. . . this is on a Mac.

[Swordmaker]

Oh, just delete the file. Put it in the trash can and empty the trash. No need for shedding or wiping.

[Yosemitest]

I don't think it was that, so much as it might have come from a thumb drive, and was just now turned on while a scan was done.
Not too long ago, I took a thumb drive to a printers to print out as "shop manual book" for an older tractor for my dad, and it just now showed up on that drive.
But the Created: Thursday, August 9, 2012 7:36 AM date, I can't remember it the book was printed before then or on that day, or after.

[Yosemitest]

The thumb drive is locked for read only.
It came from an older computer and was used through Parallels 6, and Windows XP.
But the file for the "Shop Manual" was purchased as a download for a large 175 page pdf file.

[Bloody Sam Roberts]

It's a cross platform adware posing as a Flash Player update.

Malware authors are using it to trick people into installing their latest payload.

This I found by simply Googling "OSX/CLICKAGENT.FLA".

I would wipe it with your AV program and get rid of the .tmp file.