Skip to comments.
COMPUTER VIRUS QUESTION: What Is THREAT "OSX/CLICKAGENT.FLA" Found In "opr0ETEF.tmp" File ?
VirusBarrier X6 Scan and Quarantine
| Aug 20, 2013
| Yosemitest
Posted on 08/20/2013 4:33:36 PM PDT by Yosemitest
What is THREAT "OSX/CLICKAGENT.FLA" found in "opr0ETEF.tmp" file ?
Notice the file name is using a ZERO after the "opr" .
It was found just now with a firewall activity alert.
Here's what the general information on the file says: Kind: Unix Executable File
Size: 66KB on disk (61,836 bytes)
Where: /Volumes/Untitled/Documents and Settings/(User Name)/Local Settings/Application Data/Opera/My Opera Web Browser/cache/g_0018
Created: Thursday, August 9, 2012 7:36 AM
Modified: Thursday, August 9, 2012 7:36 AM
It's under QUARANTINE now, and I'm looking to destroy it by "shreading" or "wiping" ?
Any suggestions?
TOPICS: Computers/Internet
KEYWORDS: computervirus; operawebbrowser; opr0eteftmp; oproeteftmp; osxclickagentfla; trojan
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-49 next last
To: Ron C.
Of Course, and the virus was locked down as soon as it was detected.
21
posted on
08/20/2013 5:15:16 PM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: OrangeHoof
From the file information data, Created: Thursday, August 9, 2012 7:36 AM is when I got it.
22
posted on
08/20/2013 5:16:30 PM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: AppyPappy
23
posted on
08/20/2013 5:20:19 PM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: MissMagnolia
You might want to
read this.
Once again, fraudulent developers are attempting to fool people into installing their adware by signing their filewhich pretends to be an Adobe Flash Player updatewith a Developer ID. This tactic is not new, but why try something new when the tried and true tactics are apparently still working?
This new adware has versions for both Windows and Mac OS X, and works as an extension for Chrome, Firefox and Safari to different extents based on the operating system. For Macs, because the installer is a Windows executable auto-extractor, theres no direct installation. (Continued)
24
posted on
08/20/2013 5:34:08 PM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
25
posted on
08/20/2013 5:36:00 PM PDT
by
phockthis
(http://www.supremelaw.org/fedzone11/index.htm ...)
To: Yosemitest
Cross-Platform Adware Poses as Flash Player Update
Posted on August 20th, 2013 by Lysa Myers
Once again, fraudulent developers are attempting to fool people into installing their adware by signing their filewhich pretends to be an Adobe Flash Player updatewith a Developer ID. This tactic is not new, but why try something new when the tried and true tactics are apparently still working?
FlashPlayer11
This new adware has versions for both Windows and Mac OS X, and works as an extension for Chrome, Firefox and Safari to different extents based on the operating system. For Macs, because the installer is a Windows executable auto-extractor, theres no direct installation.
This scam-extension appears to be found on a number of different types of websites, such as adult-themed and file-sharing sites. Once downloaded onto a users machine, it must then be installed in order to execute. Once its running, it places ads (sometimes pornographic in nature) into legitimate websites, which can make it appear that even childrens sites are serving these lascivious ads. The ads are not served by the usual mechanisms, so they are not blocked by ad-blockers.
The adware installer is signed by an Apple Developer ID belonging to martingrey@mailinator.com, which expires in a month (on September 22), at which point it will no longer be recognized as valid.
http://www.intego.com/mac-security-blog/cross-platform-adware-poses-as-flash-player-update/
26
posted on
08/20/2013 5:39:39 PM PDT
by
Jeff Chandler
(People are idiots.)
To: Jeff Chandler
27
posted on
08/20/2013 5:46:39 PM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: Yosemitest
28
posted on
08/20/2013 6:28:05 PM PDT
by
gura
(If Allah is so great, why does he need fat sexually confused fanboys to do his dirty work? -iowahawk)
To: gura
29
posted on
08/20/2013 6:30:16 PM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: Yosemitest
30
posted on
08/20/2013 6:39:15 PM PDT
by
deks
("...the battle...liberty against the overreach of the federal government" Ken Cuccinelli)
To: deks
Thanks for the recommendation.
31
posted on
08/20/2013 7:15:14 PM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: Yosemitest
32
posted on
08/20/2013 8:08:12 PM PDT
by
Vendome
(Don't take life so seriously, you won't live through it anyway)
To: Vendome
Now that's funny.
Like they painted on the bombs in the war
Don't run. You'll only die tired.
33
posted on
08/20/2013 8:37:08 PM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: Yosemitest
This “threat” has been in the Apple OSX definition file for over a year. Had you been just using OSX alone with no Anti-virus that disabled Apple’s own protections, OSX would have prevented it from being downloaded at all and warned you before it had to be quarantined.
34
posted on
08/20/2013 11:59:50 PM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: Yosemitest
It’s a minor variation on a known Trojan family. . . and a poor attempt at that. Looks like a “script-kiddie” effort, in that he didn’t even file off the serial numbers, so to speak, or try to make it Mac installable, given that it’s enclosed in a Windows auto-extract file! This can’t possibly affect a Mac in this format!
35
posted on
08/21/2013 12:07:35 AM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: gura
Guts, That link is for a Windows Rescue CD. . . this is on a Mac.
36
posted on
08/21/2013 12:09:16 AM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: Yosemitest
Oh, just delete the file. Put it in the trash can and empty the trash. No need for shedding or wiping.
37
posted on
08/21/2013 12:10:34 AM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: Swordmaker
I don't think it was that, so much as it might have come from a thumb drive, and was just now turned on while a scan was done.
Not too long ago, I took a thumb drive to a printers to print out as "shop manual book" for an older tractor for my dad, and it just now showed up on that drive.
But the Created: Thursday, August 9, 2012 7:36 AM date, I can't remember it the book was printed before then or on that day, or after.
38
posted on
08/21/2013 1:15:40 AM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: Swordmaker
The thumb drive is locked for read only.
It came from an older computer and was used through Parallels 6, and Windows XP.
But the file for the "Shop Manual" was purchased as a download for a large 175 page pdf file.
39
posted on
08/21/2013 1:19:13 AM PDT
by
Yosemitest
(It's Simple ! Fight, ... or Die !)
To: Yosemitest
It's a cross platform adware posing as a Flash Player update.
Malware authors are using it to trick people into installing their latest payload.
This I found by simply Googling "OSX/CLICKAGENT.FLA".
I would wipe it with your AV program and get rid of the .tmp file.
40
posted on
08/21/2013 6:02:27 AM PDT
by
Bloody Sam Roberts
(So Obama "inherited" a mess? Firemen "inherit" messes too. Ever see one put gasoline on it?)
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-49 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson