1. /
  2. Security Response/
  3. OSX.Leap.A

OSX.Leap.A - Removal

Risk Level 1: Very Low

Discovered:
February 16, 2006
Updated:
February 13, 2007 12:51:24 PM
Also Known As:
CME-4, OSX/Leap.A [Computer Associate, Leap.A [F-Secure], IM-Worm.OSX.Leap.a [Kaspersky , OSX/Leap [McAfee], OSX/Leap-A [Sophos], OSX_LEAP.A [Trend Micro]
Type:
Worm
Systems Affected:
Macintosh, Macintosh OS X


1. Delete the infected file

At the time of writing, the file infected by this worm has the following file name:

latestpics

Delete this file. If this file has not been executed, no further action should be necessary.

2. Delete any associated files and restart the compromised computer

If the infected file has been executed, delete the following file:

/Users/[CURRENT USER]/Library/InputManagers/apphook.bundle

The compromised computer must then be restarted to remove the infection from memory.

Note:
  • [CURRENT USER] is the name of the user who was logged in when the infected file was executed.
  • The worm may infect other applications. If you suspect that an application has been compromised, it should be replaced from a clean backup copy.


Writeup By: Costin Ionescu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver