1. Symantec/
  2. Security Response/
  3. OSX.Leap.A

OSX.Leap.A - Removal

Risk Level 1: Very Low

February 16, 2006
February 13, 2007 12:51:24 PM
Also Known As:
CME-4, OSX/Leap.A [Computer Associate, Leap.A [F-Secure], IM-Worm.OSX.Leap.a [Kaspersky , OSX/Leap [McAfee], OSX/Leap-A [Sophos], OSX_LEAP.A [Trend Micro]
Systems Affected:
Macintosh, Macintosh OS X

1. Delete the infected file

At the time of writing, the file infected by this worm has the following file name:


Delete this file. If this file has not been executed, no further action should be necessary.

2. Delete any associated files and restart the compromised computer

If the infected file has been executed, delete the following file:

/Users/[CURRENT USER]/Library/InputManagers/apphook.bundle

The compromised computer must then be restarted to remove the infection from memory.

  • [CURRENT USER] is the name of the user who was logged in when the infected file was executed.
  • The worm may infect other applications. If you suspect that an application has been compromised, it should be replaced from a clean backup copy.

Writeup By: Costin Ionescu

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube