1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Backdoor:OSX/Olyx.A

Backdoor:OSX/Olyx.A

Detection Names : Backdoor:OSX/Olyx.A
MAC.OSX.Backdoor.Olyx.A
Category:Malware
Type:Backdoor
Platform:OSX

Summary

Backdoor:OSX/Olyx.A connects to a remote server to receive further instructions, without knowledge or permission from the user.

Disinfection

Manual Removal

  • Open Activity Monitor, select startp and click Quit Process
  • Open Terminal then execute the following:

    • sudo rm -f /Library/Application Support/google/startp
    • sudo rm -f ~/Library/LaunchAgents/www.google.com.tstart.plist
    • sudo rm -f /tmp/google.tmp

Protection

Protect your Mac against threats with F-Secure Anti-Virus for Mac.

Additional Details

On installation, the malware drops and executes the following:

  • /Library/Application Support/google/startp

This component connects to a hard-coded IP address (located in Korea) to get additional commands.

 

Additional

The following launchpoint is created for the dropped file:

  • ~/Library/LaunchAgents/www.google.com.tstart.plist

The trojan also replace the following file with a copy of itself:

  • /tmp/google.tmp