'Dockset' Trojan? Source Code
As per 'intego' and 'sophos' [03 Dec 2012], supposedly, a Mac Trojan, now labeled 'OSX/Dockster', exists on an unidentified (URL) Dalai Lama dedicated website. So, if you have recently been to the 'not specifically identified URL' Webpage, consider running the Code below.
AppleScript 'Dockset.scpt' Source Code
Below is AppleScript Source Code, which can be copied, and then pasted into 'AppleScript Editor.app' [located in the '/Applications/Utilities/' Folder] and 'Run' selected; or, save the Code as a double-clickable 'Applet' (or Application).
-- Dockset.scpt, determines existence of .Dockset and mac.Dockset.deman File(s).
-- Written on Mac Mini 1.1, MacOS X 10.6.8, 04 December 2012

-- Application Variables.
set {nStr01, nStr02, nStr03, nStr04, nStr05, nStr06, nStr07, nStr08, sStr01, sStr02} to {"The invisible '.Dockset' File does not exist,", "", "", "", "", "", "", "No mac.Dockset.deman File exists in any" & return & " '/LaunchAgents/' or '/LaunchDaemons/' Folder.", ".Dockset", "mac.Dockset.deman"}

-- Test for invisble .Dockset File.
if ((do shell script ("cd ~/; ls -la")) contains sStr01) then set nStr01 to "The invisible '.Dockset' File does exist,"

-- Test for mac.Dockset.deman File, in three (3) /LaunchAgents/ Folders.
if ((do shell script ("cd ~/Library/LaunchAgents/; ls -la")) contains sStr02) then set nStr02 to "~/Library/LaunchAgents/" & return
if ((do shell script ("cd /Library/LaunchAgents/; ls -la")) contains sStr02) then set nStr03 to "/Library/LaunchAgents/" & return
if ((do shell script ("cd /System/Library/LaunchAgents/; ls -la")) contains sStr02) then set nStr04 to "/System/Library/LaunchAgents/" & return

-- Test for mac.Dockset.deman File, in three (3) /LaunchDaemons/ Folders.
if ((do shell script ("cd ~/Library/LaunchDaemons/; ls -la")) contains sStr02) then set nStr05 to "~/Library/LaunchDaemons/" & return
if ((do shell script ("cd /Library/LaunchDaemons/; ls -la")) contains sStr02) then set nStr06 to "/Library/LaunchDaemons/" & return
if ((do shell script ("cd /System/Library/LaunchDaemons/; ls -la")) contains sStr02) then set nStr07 to "/System/Library/LaunchDaemons/"

-- Display results of searching LaunchAgents and LaunchDaemons Folders.
if (((count nStr02) > 0) or ((count nStr03) > 0) or ((count nStr04) > 0) or ((count nStr05) > 0) or ((count nStr06) > 0) or ((count nStr07) > 0)) then set nStr08 to "The 'mac.Dockset.deman' File exists in Folder(s):" & return

display dialog nStr01 & " in the Users Home Folder." & return & return & nStr08 & nStr02 & nStr03 & nStr04 & return & nStr05 & nStr06 & nStr07 buttons {"OK"} default button "OK"
A compressed File [titled 'Dockset.app.zip', 30 KB in Size] of the Application version, of the Source Code above, can be downloaded here.

After one 'run's the Source Code or launches the 'Applet', a Dialog Box, such as those shown below, will appear stating the File(s) existence or not.
or
But, what if you are told the '.Dockset' and / or 'mac.Dockset.deman' File(s) exist on your Macintosh?
If so, then continue to the next Source Code Listing.
AppleScript 'DocksetView.scpt' Source Code
Below is AppleScript Source Code, which can be copied, and then pasted into 'AppleScript Editor.app' [located in the '/Applications/Utilities/' Folder] and 'Run' selected; or, save the Code as a double-clickable 'Applet' (or Application).
-- 'DocksetView.scpt', opens the Folders of '.Dockset' and / or 'mac.Dockset.deman' Files.
-- Written on Mac Mini 1.1, MacOS X 10.6.8, 04 December 2012

-- Application Variables.
set {nStr01, sStr01, sStr02} to {"", ".Dockset", "mac.Dockset.deman"}

-- If invisble '.Dockset' File exists - rename the File and open its Parent Folder.
try
if ((do shell script ("cd ~/; ls -la")) contains sStr01) then
(do shell script ("cd ~/; mv .Dockset Dockset; open ~/"))
set nStr01 to "'.Dockset' was renamed 'Dockset' in Folder:" & return & "/Users/" & ((do shell script ("whoami")) as string) & "/" & return & return
end if
end try

-- Open any '/LaunchAgents/' Folder which may contain the 'mac.Dockset.deman' File.
try
if ((do shell script ("cd ~/Library/LaunchAgents/; ls -la")) contains sStr02) then
(do shell script ("open ~/Library/LaunchAgents/"))
set nStr01 to nStr01 & "'mac.Dockset.deman' was found in Folder(s):" & return & "~/Library/LaunchAgents/" & return
end if
end try
try
if ((do shell script ("cd /Library/LaunchAgents/; ls -la")) contains sStr02) then
(do shell script ("open /Library/LaunchAgents/"))
set nStr01 to nStr01 & "/Library/LaunchAgents/" & return
end if
end try
try
if ((do shell script ("cd /System/Library/LaunchAgents/; ls -la")) contains sStr02) then
(do shell script ("open /System/Library/LaunchAgents/"))
set nStr01 to nStr01 & "/System/Library/LaunchAgents/" & return
end if
end try

-- Open any '/LaunchDaemons/' Folder which may contain the 'mac.Dockset.deman' File.
try
if ((do shell script ("cd ~/Library/LaunchDaemons/; ls -la")) contains sStr02) then
(do shell script ("open ~/Library/LaunchDaemons/"))
set nStr01 to nStr01 & "~/Library/LaunchDaemons/" & return
end if
end try
try
if ((do shell script ("cd /Library/LaunchDaemons/; ls -la")) contains sStr02) then
(do shell script ("open /Library/LaunchDaemons/"))
set nStr01 to nStr01 & "/Library/LaunchDaemons/" & return
end if
end try
try
if ((do shell script ("cd /System/Library/LaunchDaemons/; ls -la")) contains sStr02) then
(do shell script ("open /System/Library/LaunchDaemons/"))
set nStr01 to nStr01 & "/System/Library/LaunchDaemons/" & return
end if
end try

-- Display results of locating and opening the Folders of '.Dockset' and / or 'mac.Dockset.deman' Files.
if ((count nStr01) > 0) then
set nStr01 to nStr01 & return & "Trash the above listed File(s). You may have to enter an Administrative Password to complete the process."
else
set nStr01 to "Files '.Dockset' and / or 'mac.Dockset.deman' were not found."
end if

tell me to activate
display dialog nStr01 buttons {"OK"} default button "OK"
A compressed File [titled 'DocksetView.app.zip', 30 KB in Size] of the Application version, of the Source Code above, can be downloaded here.

After one 'run's the Source Code or launches the 'Applet', either a no File(s) found Dialog Box will appear; or, the affected Folders' Windows will open, and a Dialog Box will appear stating which ones were opened.
or
If any Folders' Windows are opened, locate the 'Dockset' and / or 'mac.Dockset.deman' File(s) and drag them, individually, to the Trash.

When dragging a 'mac.Dockset.deman' File from any of the '/Library/LaunchAgents/', '/Library/LaunchDaemons/', '/System/Library/LaunchAgents/, and / or '/System/Library/LaunchDaemons/' Folders, you will be asked for an Administrators' Password, in order to complete the deletion process.

And finally, reboot your Macintosh.
Return to AppleScript Code
©2008 - 2099, Alle Rechte vorbehalten, SJWL