Virus on Mac

We've got a customer who has a 2012 iMac running Lion 10.7.5, they are also running Virus Barrier X6 which is flagging up that the Mac has a 'P,3,script' threat

This keeps flagging up on various files, not being a Mac user myself i really could do with some assistance with this.

Thanks in advance.
afflik1923Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MurfurFull Stack DeveloperCommented:
Your request is too vague to give a measured response - can you provide some more info e.g. are there any other details in the warning message?
What files or what sort of files are being flagged?
Can you post the scan log file?
0
afflik1923Author Commented:
Ok here's a snip from the virus log

Status      Threat
Date      21/09/2013 13:20:53
Comment      Malware ' P,3,script' detected in file 'DeviceMatchingInfo.plist …'
Path      /System/Library/Image Capture/Devices/MassStorageCamera.app/Contents/Resources/DeviceMatchingInfo.plist
User      gayyee (501)

Status      Information
Date      21/09/2013 13:20:55
Comment      File 'DeviceMatchingInfo.plist …' was added to the quarantine zone
Path      /System/Library/Image Capture/Devices/MassStorageCamera.app/Contents/Resources/DeviceMatchingInfo.plist
User      gayyee (501)

Status      Threat
Date      21/09/2013 13:20:56
Comment      Malware ' P,3,script' detected in file 'DeviceMatchingInfo.plist …'
Path      /System/Library/Image Capture/Devices/Type8Camera.app/Contents/Resources/DeviceMatchingInfo.plist
User      gayyee (501)

Status      Information
Date      21/09/2013 13:21:02
Comment      File 'DeviceMatchingInfo.plist …' was added to the quarantine zone
Path      /System/Library/Image Capture/Devices/Type8Camera.app/Contents/Resources/DeviceMatchingInfo.plist
User      gayyee (501)
0
TMekeelCommented:
I have no direct experience with VirusBarrier, but those files match USB devices to cameras.  It looks like you can add that folder to the Trusted Items list and also remove the quarantine marker from Finder items in the program's options.
http://www.intego.com/manuals/en/rg/vbx6-reviewers-guide.html 

Run a permissions repair also on the drive, and get ESET or BitDefender.  It's the only AVs I've used on Macs that work properly.
0
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

strungCommented:
As TMekeel said, these are almost certainly false positives.

.plist files are Apple preference files, not executables. If you want, you can simply delete them. The OS will create them afresh as needed. You might lose some user settings for camera import in the process, but the user can re-create them.
0
MurfurFull Stack DeveloperCommented:
I am not familiar with VirusBarrier itself but what I find interesting is that I can't find any reference to a piece of malware with the name 'P,3,script' on any list of known nasties.

What may be happening is that the customer files are being caught out by heuristics i.e. the VirusBarrier scanner doesn't recognise the 'P,3,script' from its database of known safe and bad files but on analysis has decided that the functionality of the script behaves in a manner similar to malware and has therefore been marked as such while it is in fact a perfectly normal and safe function.

I would recommend downloading and using Avira (www.avira.com) - it is free and is known to be very good at finding malware and would possibly confirm that assessment or if not would, I hope, provide some more info on the threat.

To add to that, the VirusBarrier engine has actually been updated to VirusBarrier 2013 so you might want to look there too.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
afflik1923Author Commented:
Well the plot thickens a little, i had to repair the permissions, i then verified the disk and this has shown that the disk has corruption. I'm just running a repair now.
0
MurfurFull Stack DeveloperCommented:
Maybe as simple as corrupted camera driver files having the appearance of a piece of malware... keep us posted please!
0
afflik1923Author Commented:
Well i repaired the permissions and then ran a repair on the disk, this made no difference, however i found that there is a free update to Virus Barrier 2013, installed this and rebooted and now all is well.
0
MurfurFull Stack DeveloperCommented:
...and it's not even Friday yet! Happy days :)

The new scanning engine in VB 2013 will have an updated db and heuristic rules.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Mac OS X

From novice to tech pro — start learning today.