Am I infected by malware or trojan horse?

Similar Messages

• I think I have  some Malware/Trojan Horse on MacBook Pro. How to get rid of it?

  My MacBook Pro has worked perfect for the last 2 years, but over the last 2 days when I am on Chrome it has started clicking onto random websites when I click other links, and showing certain words as underlined and as hotlinks. I think I recognise that from having a PC as Malware or Trojan Horse? What is the best way to remove this as I have read through a few threads on here and they advise not downloading any anti virus software as it slows down your Mac instead of helping.
  <Post Edited By Host>

  You installed the "VSearch" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• My computer has been infected with a Trojan Horse.  It has completely taken over my Mac email account and was sending out malicious email to everyone in my address book.  At the same time it infected my iPhone---I am no longer able to receive or send emai

  My computer has been infected by a Trojan Horse.  It has taken over my Mac email account and began sending out malicious emails to everyone in my address book.  I cleared out my MAC address book and began using my AOL email account. It took a few days and then my AOL email account was infected and has now been send out malicious email to all my contacts for over a month.  It has also infected my iPhone--I am no longer able to send or receive emails on my iPhone.  Also, once the Trojan Horse began using my AOL email it completely blocked me from using my MAC account by sending never ending popups asking for my email password to access my MAC email account, but it never accepts my pass word.  The TH has also slowed down everything on my computer.  It's like I am working on an old PC with dial up connection instead of the high speed digital connection that I have.  The little color wheel spins constantly as I wait for sometimes over a minute for a page to pull up.  If it pulls up at all.  I have tried to use the 2 disks that came with my computer to completely remove everything on my computer and then reinstall all the programs, but I am not allowed to sweep my computer clean.  I thought maybe my disks that came with my computer were defective so I called Apple and they sent me 2 new disks.  I am not able able to clear my computer with the 2 new disks either.  I have done this before successfully so it's not something new to me.  I do remember when I believe my computer became infected:  I had googled an unusual sewing term, and I was opening what appeared to be legitimate sites, when all of a sudden a pop up appeared that said that my computer had been infected.  I immediately shut my computer off, but it was too late.  I downloaded a virus program for Mac, and it has never found a virus or problem at all.  I think it is part of this Trojan Horse, but I am unable to delete it from my computer.  It refuses to uninstall.  The Mac Trojan Horse is real and it is terrible.  If anyone has any suggestions for me I would be very appreciative,
  Beth
  vu

  Install ClamXav and run a scan with that. It should pick up any trojans.   
  17" 2.2GHz i7 Quad-Core MacBook Pro  8G RAM  750G HD + OCZ Vertex 3 SSD Boot HD 
  Got problems with your Apple iDevice-like iPhone, iPad or iPod touch? Try Troubleshooting 101

• Email phishing, malware, trojan horses, key stroke

  I have a iMac with the new Yosemite 10.10.1 SW installed. I received an email and clicked on a web link that was characterised as Phishing and I enterred private information. I have since truned off all online contacts that may be compromised. What is the likelyhood that when I went to this scam website and enterred information that Malware, Trojan Horse, Key stroke counting type SW was installed?  Would the new Yosemite OS prevented this from happening?

  Those sites are mostly designed for Windows PCs, so OS X should not be affected. Furthermore, OS X Yosemite uses Gatekeeper, which only allows to install apps from the Mac App Store and identified developers by default.
  If you want to be sure there is nothing bad in your Mac, you can use ClamXav and scan the hard disk.

• Trojan Horse Virus

  A little while ago, my macbook was very slow and I went into the Apple store and they recommended that I turn Norton Antivirus off. I did.
  A few months later (now) I ran it just for the heck of it to see if it found anything - and it did. Two or three Trojan Horse malware files. Looking at Nortons descriptions, I think that they were (I located and deleted them) all PC based virus BUT, I am wondering:
  1. I have Microsoft Office for Mac on my Macbook and I am wondering if those files might have been compromised by a PC virus?
  2. I am assuming that if these files have been compromised there is nothing that I can do about retrieving that information as it could be anywhere.
  3. If I have other PC based drives hooked up to my macbook wirelessly - were they vulnerable while I had these Trojan Horses on my Macbook?
  Thanks.
  A.

  Don't always believe what Norton tells you. It is incompatible with OS X.
  Norton Antivirus has a very long and illustrious reputation for mangling Mac OS X systems, sometimes to the point where a complete reinstall is necessary. Among other things, it installs kernel extensions which are known to cause kernel panics and system freezes; it contains known and documented bugs which can silently corrupt Adobe Photoshop and Adobe InDesign files, destroy a user's ability to authenticate as an administrator, and (on PPC systems) can cause Classic to stop functioning; and Symantec has on at least two occasions now released flawed .dat file updates which erroneously report certain critical Mac OS X files as "viruses." (Deleting these "viruses" causes damage to the system that in some cases renders it unbootable.)
  1. No
  2. Need more details about what you call 'compromised'
  3. Yes.
  No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
  It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download for Tiger and Leopard from (on no account install Norton Anti-Virus on a Mac running OS X):
  http://www.clamxav.com/
  The new version for Snow Leopard is available here:
  http://www.clamxav.com/index.php?page=v2beta
  (Note: ClamAV adds a new user group to your Mac. That makes it a little more difficult to remove than some apps. You’ll find an uninstaller link in ClamXav’s FAQ page online.)
  If you are already using ClamXav: please ensure that you have installed Apple Security Update 2010-005 and that your version of ClamXav is the latest available.
  However, the appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
  If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
  You can read more about how, for example, the OSX/DNSChanger Trojan works here:
  http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml
  SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
  http://macscan.securemac.com/
  The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
  (Note that a 30 day trial version of MacScan can be downloaded free of charge from:
  http://macscan.securemac.com/buy/
  and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
  A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:
  http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174
  Also, beware of MacSweeper:
  MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
  http://en.wikipedia.org/wiki/MacSweeper
  On June 23, 2008 this news reached Mac users:
  http://www.theregister.co.uk/2008/06/23/mac_trojan/
  More on Trojans on the Mac here:
  http://www.technewsworld.com/story/63574.html?welcome=1214487119
  This was published on July 25, 2008:
  Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
  The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
  In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.
  Net security groups say there is anecdotal evidence that small scale attacks are already happening.
  Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm
  A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites like Twitter etc), as reported here on December 9, 2008:
  http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm
  You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:
  http://www.securemac.com/
  There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!
  If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:
  http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/
  As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:
  http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613
  Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
  1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.
  2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program. A recent example is of malware distributed through innocent looking free screensavers: http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bund led-with-spyware/6560?tag=nl.e589
  3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through an AV application.
  4. Use Mac OS X's built-in Firewalls and other security features.
  5. Stop using LimeWire. LimeWire (and other peer-to-peer sharing applications and download torrents) are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking: http://news.bbc.co.uk/1/hi/technology/8420233.stm
  6. Resist the temptation to download pirated software. After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded. SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:
  http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg
  Also, there is the potential for having your entire email contact list stolen for use for spamming:
  http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1
  NOTE: Snow Leopard, OS 10.6.x, offers additional security to that of previous versions of OS X, but not to the extent that you should ignore the foregoing:
  http://www.apple.com/macosx/security/
  Apple's 10.6.4 operating system upgrade silently updated the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook.
  http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates
  Finally, do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.
  And if you are using iPhone Apps you are also at risk of losing all privacy:
  http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-tra nsmit-udid-pose-se/

• Resent trojan horse

  just wondering if there any resent trojan horse to be careful about or mac specific viruses

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
  Java is not included in OS X 10.7 and later. A discrete Java installer is distributed by Apple, and another one by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, if at all, only on well-known, password-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow these guidelines, and you’ll be as safe from malware as you can practically be, short of not using the Internet at all.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

• How to detect blackshades Trojan horse

  Today's news about a crackdown on the use of the Trojan horse malware called Blackshades has me worried my Mac might be already infected/affected. How can I find out if this malware is present on my Mac and if it is how can I remove it?

  HotJohnnieNYC wrote:
  Is there anything like it that can affect a Mac?
  There is malware that can affect the Mac. Although this has not always been the case, at this time, all Mac threats require you to open some app in order to become infected. Generally, this happens by tricking you into opening it.
  Once you open malware, most of it actually will not ask for any kind of permission. You will typically see the "this was downloaded from the internet, are you sure you want to open it" warning and that's it. It's actually quite rare that malware will request your admin password, as there are ways to infect the user account that are every bit as effective as gaining root access to infect the computer as a whole.
  Most malware is blocked directly by Mac OS X, but not all is. You cannot assume that Mac OS X will protect you. Similarly, if you install anti-virus software, you cannot assume that will protect you. No such protection is, or can ever be, 100% reliable.
  For more information on what the threats are and how to protect yourself, see my Mac Malware Guide.
  (Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)

• Can't find file for Trojan Horse on my MacBook

  Anyone seen this before?
  I have the Norton Antivirus Program installed on my MacBook.
  I believe an attack occurred while I was looking through the Apple Support Forums for help with a QuickTime problem and accidentally clicked on the following link: http:www.smacktalkpaintball.com/video/
  The Norton Warning came up and I hit the delete option and then set Norton to scan manually.
  The following came up at the end of the scan:
  Virus "bof.jar-51a4bd07-3d4b399d.zip" detected, Today at 7:24 AM. Repair failed.
  /Users/Owner/Li...bd07-3d4b399d.zip Trojan Horse infected
  I was not able to locate either of these files anywhere on my computer.
  I have two external hard drives that I use to back-up data, but neither of them were connected at the time of the attack, and nothing else was connected when I ran the virus scan.
  I do not have Windows installed on this MacBook - Mac OS X, Version 10.5.8,

  Norton was able to detect the Trojan whereas MacScan was not, but Norton was not able to remove it
  That sounds an unlikely outcome on both counts. Norton anti-virus is just that: anti-virus, and I would not trust it to deal with trojans.
  Are you sure you actually installed a Trojan?
  If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
  You can read more about how, for example, the OSX/DNSChanger Trojan works here:
  http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml
  SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
  http://macscan.securemac.com/
  The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
  (Note that a 30 day trial version of MacScan can be downloaded free of charge from:
  http://macscan.securemac.com/buy/
  and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

• Acrobat 9.5.4 update introduced Trojan Horse Generic31.COFB

  I allowed Acrobat 9 to update to 9.5.4 this morning.  During the process AVG identified Trojan Horse Generic31.COFB in the file JP2KLib.dll.  Is this a false positive or is this file truley infected right from Adobe?

  I contacted AVG technical support and verified this is a false positive from a virus definition update they pushed out overnight.  They will be sending out an updated virus definition update that will resolve this from being falsely detected.  Thanks.

• Trojan Horse pakes?

  I have some sort of Trojan horse on my iMAC (running Mavericks 10.9.5). When I check the console, there are 1000s of processes going on per second and they repetitively say:
  "10/13/14 7:51:53.579 AM proxyhost[22202]: 67.198.140.250:2122 - - [13/Oct/2014:07:51:53 -0700] "GET http://us-u.openx.net/w/1.0/sd?id=537073142&val=RUIDdzr1pcqq7bm659gajgpbbd5mgaxr 8t4yzbrfwht3uyidafrw9hqy==== HTTP/1.1" 302 401 895"
  10/13/14 7:51:53.505 AM proxyhost[22200]: Made direct (non-proxy) connection to syndication.exoclick.com:80
  10/13/14 7:51:53.000 AM kernel[0]: proc: table is full
  for example. The websites keep changing.
  I've scanned for malware with ClamXV and MacScan and found nothing. I have been blocked from my network. They said I have a trojan horse "pakes".
  Here is the etrecheck report (I'm no longer connected to the ethernet so the processes have stopped. I'm not sure if this matters for what people want to see):
  EtreCheck version: 1.9.15 (52)
  Report generated October 13, 2014 at 7:52:18 AM PDT
  Hardware Information: ?
    iMac (27-inch, Mid 2011) (Verified)
    iMac - model: iMac12,2
    1 3.4 GHz Intel Core i7 CPU: 4 cores
    8 GB RAM
  Video Information: ?
    AMD Radeon HD 6970M - VRAM: 1024 MB
    iMac 2560 x 1440
  System Software: ?
    OS X 10.9.5 (13F34) - Uptime: 2 days 19:28:14
  Disk Information: ?
    Hitachi HDS722020ALA330 disk0 : (2 TB)
    S.M.A.R.T. Status: Verified
    EFI (disk0s1) <not mounted>: 209.7 MB
    Macintosh HD (disk0s2) / [Startup]: 2 TB (1.19 TB free)
    Recovery HD (disk0s3) <not mounted>: 650 MB
    OPTIARC DVD RW AD-5680H
  USB Information: ?
    Apple Computer, Inc. IR Receiver
    Apple Internal Memory Card Reader
    Apple Inc. BRCM2046 Hub
    Apple Inc. Bluetooth USB Host Controller
    Apple Inc. FaceTime HD Camera (Built-in)
  Thunderbolt Information: ?
    Apple Inc. thunderbolt_bus
  Gatekeeper: ?
    Anywhere
  Problem System Launch Daemons: ?
    [failed] com.apple.security.syspolicy.plist
  Launch Daemons: ?
    [loaded] com.adobe.fpsaud.plist Support
    [loaded] com.adobe.SwitchBoard.plist Support
    [loaded] com.barebones.authd.plist Support
    [loaded] com.bombich.ccc.plist Support
    [running] com.bombich.ccc.scheduledtask.4CD02F29-DEED-4CEF-AB0E-270D9AAA53AB.plist Support
    [invalid] com.landesk.broker.plist
    [invalid] com.landesk.cba8.plist
    [invalid] com.landesk.ldwatch.plist
    [invalid] com.landesk.msgsys.plist
    [invalid] com.landesk.pds.plist
    [invalid] com.landesk.pds1.plist
    [loaded] com.landesk.pds2.plist Support
    [invalid] com.landesk.remote.plist
    [loaded] com.microsoft.office.licensing.helper.plist Support
    [loaded] com.oracle.java.JavaUpdateHelper.plist Support
  Launch Agents: ?
    [not loaded] com.adobe.AAM.Updater-1.0.plist Support
  User Launch Agents: ?
    [loaded] com.adobe.AAM.Updater-1.0.plist Support
    [loaded] com.adobe.ARM.[...].plist Support
    [loaded] com.adobe.ARM.[...].plist Support
    [running] com.bombich.ccc-user-agent.plist Support
    [loaded] com.google.keystone.agent.plist Support
    [not loaded] com.spotify.webhelper.plist Support
  User Login Items: ?
    Dropbox
  Internet Plug-ins: ?
    FlashPlayer-10.6: Version: 15.0.0.152 - SDK 10.6 Support
    Default Browser: Version: 537 - SDK 10.9
    AdobePDFViewerNPAPI: Version: 10.1.3 Support
    CouponPrinter-FireFox_v2: Version: Version 1.1.6 Support
    AdobePDFViewer: Version: 9.5.5 Support
    Flash Player: Version: 15.0.0.152 - SDK 10.6 Support
    QuickTime Plugin: Version: 7.7.3
    SharePointBrowserPlugin: Version: 14.1.4 - SDK 10.6 Support
    JavaAppletPlugin: Version: Java 7 Update 55 Check version
  Audio Plug-ins: ?
    BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9
    AirPlay: Version: 2.0 - SDK 10.9
    AppleAVBAudio: Version: 203.2 - SDK 10.9
    iSightAudio: Version: 7.7.3 - SDK 10.9
  iTunes Plug-ins: ?
    Quartz Composer Visualizer: Version: 1.4 - SDK 10.9
  User Internet Plug-ins ?
    WebEx64: Version: 1.0 - SDK 10.6 Support
    Aspera Web 3.3.3.81344: Version: (null) - SDK 10.6 Support
    npBcsMcTcIO: Version: (null) Support
    Picasa: Version: 1.0 - SDK 10.6 Support
  3rd Party Preference Panes: ?
    Flash Player  Support
    Growl  Support
    LANDesk Agent  Support
    TeXDistPrefPane  Support
  Time Machine: ?
    Time Machine not configured!
  Top Processes by CPU: ?
        4% WindowServer
        1% hidd
        1% Console
        1% notifyd
        0% Microsoft Word
  Top Processes by Memory: ?
    311 MB com.apple.IconServicesAgent
    205 MB mds_stores
    180 MB Finder
    172 MB Microsoft Word
    156 MB softwareupdated
  Virtual Memory Information: ?
    1.49 GB Free RAM
    3.57 GB Active RAM
    1.67 GB Inactive RAM
    1.25 GB Wired RAM
    2.74 GB Page-ins
    400 KB Page-outs
  Message was edited by: biomed2014

  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
  You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
  In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
  You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
  Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
  4. Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  8. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
  exec bash
  and press return. Then paste the script again.
  10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return  three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
  [Process completed]
  to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
  12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
  14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
  Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• New Trojan Horses

  Last night, I made the mistake of downloading an app called "Wine" and "Winebottler". These are apps that allow Windows programs to be played on Macintosh without installing Windows. I ended up with 13 new OSX Trojan Horses on my Macintosh. These apps kept on installing add ons to the iTunes Store. I knew I was in trouble immediately, I guess, by instinct.I had also installed Wineskin for the same purpose, but I don't think that was the problem as I found no Trojan Horses associated with this app. I had my security set to download from App Store and Trusted Developers only. I am now going to upgrade my security to download from App Store only now, but I don't know for sure if that will help.
  Luckily, I had Kaspersky on my Mac, and it kept on finding Trojan Horses on a full scan. I had firevault on and iCloud on. I am wondering now if my iCloud account is infected. I am currently erasing my whole hard drive and reinstalling. I will not turn on iCloud until I get some advice. For those that are unaware, I know we are in a cyberwar. I don't know where these apps originated, but I wanted the community to know this. I've used Macintosh since the first day it was available in 1984. I've never had troubles with viruses and Trojan Horses like this, except for two that were found by Kaspersky a couple of months ago and were easily found, isolated and disinfected. Not these. Most were easily disinfected: all but two. I had to restart the computer and Kaspersky got rid of them. Kaspersky is a great program, but I wasn't sure if it got rid of everything, which led me to erase and reinstall.
  Please inform my about how secure iCloud is against attached viruses or should I delete my account.

  etresoft wrote:
  straycat23 wrote:
  I downloaded from WineHQ.org.
  I doubt that because WineHQ doesn't have any Mac versions of Wine available. They distribute Linux binaries and source. If you downloaded a Mac version, it must have come from somewhere else.
  As soon as I downloaded it and the Winebottler, I knew I had problems.
  Why?
  I took your earlier advice: left OS10.9.1 in place and turned iCloud back on. I hope I made the right decision. I did not delete Kaspersky because OSX did not delete the Trojan or prevent it from being downloaded. Kaspersky did.
  But you are in a catch-22 situation here. These forums are full of people reporting problems with computers and antivirus is a very common cause. By comparison, there are far fewer people reporting problems with trojans. Are these programs really trojans? And even if they are, would they cause as much trouble and be as difficult to remove as antivirus? I doubt it
  As far as I can tell WineHQ must be a trusted developer, because that is how my computer is set as I previously stated.
  I would definitely consider WineHQ to be trustworthy (more so than antivirus vendors) but they definitely do not have an Apple Developer ID that would enable them to distribute software past Gatekeeper. Someone malicious may have repackaged Wine, added trojans, and signed it with a Developer ID. The only way to address that problem is to identify where you got the software so that the illicit Developer ID can be revoked.
  I did not download these programs to play games. That's for Millenials. I downloaded these because Windows is a disaster, and I didn't want to load Windows on my computer. There are Windows programs that there is no equivalent in Mac.
  It doesn't matter why you downloaded them. If they are Windows programs, you are going to have to run Windows. Wine is a cool project, but very little software actually works on it.
  I also deleted Adobe Flash Player as was advised in another thread. Now I can't see instructions in YouTube. Does the App Store have a recommended flash player to see You Tube?
  Download Adobe Flash directly from Adobe and installer. Then download the Click2Flash Safari extension: http://hoyois.github.io/safariextensions/clicktoplugin/ so you can avoid Flash, if possible. If you ever get any Flash popup asking for an update, always close it - always. Then go to the Adobe Flash site yourself and see if there is an update and download it.
  I downloaded the program from WineHQ. It's in my history. I went back and looked today. I don't think Linux has an iTunes version. I downloaded a program I didn't request that attached itself to iTunes. This is how I knew I had problems.
  I appreciate all the advice: dismissive or not. It did give me confidence there's nothing wrong with my computer. I just don't have faith in Mac like I used to. I'm guessing that the trojans were not real, but I'm glad I had a device to delete the false positives, if for no other reason than it made me feel better. Any website can be attacked by hackers. Maybe that's what happened to WineHQ.

• Trojan Horse Removal

  I have Norton AntiVirus for Mac which runs a full scan once a month. My recent scan shows 4 trojan horses all with the same name in the Java/Cache/6.0/33 file. Norton is unable to remove, quarantine or fix these. I've Googled the virus and no results show up so I don't know if this is a true Tojan Horse or a problem with Norton detection. I have Apple Care so can take the laptop in to the Apple store but not sure if it's necessary yet. The laptop does connect to a wireless drive at my office that is Windows based. Any ideas are welcome - Thanks.

  OMGosh... I think I may know this one. (I generally don't speak mac or pc). I'm a first time mac user for now three weeks. last weekend, after surfing all day, my PB had some scary box open with "DANGER" blah blah... than lots of horse blah blah..."INFECTED"
  I freaked out and asked my husband and he told me to get off line! and started out to the store with "I told you so" to get some virus soft w.
  Than I remembered that I read something about how Apple is safest and doesn't get virus or something. so I searched for a bit but couldn't get a quick answer on line. so, I grabbed my PB and ran to the nearest Apple store.
  After quick look, apple guys said that it was all a bloody marketing scam to scare people to buy their soft w. He was right, as soon as we rebooted, all was fine. He explained something about why apple isn't open to these sickness like PC...blah, blah... I didn't understand and I was looking at all the pretty apples that I had already planned on switching my entire house with... LOL. My husband would have an attack of some sort.
  So, I hope this is the same case for you. My husband still don't believe or understand why apple isn't open to same thing as PC. To his defense, I have seen soft w. for virus for mac. so..... can someone answer if I need to purchase virus SW like my husband PC?
  AND please to all the SMART apple guys out there, simple yes or no in English would be so appreciate it. Not that I hear "blah blah" when u speak apple, but I just want to understand what II need to know. THANK U APPLE GUYS!! UR AWSOME.

• Do SpyEye, Zeus Trojan horses affect Mac OSX?

  I received a mail Nov 12 from a known address. The only content was a link, which seems to be related to SpyEye, which I found (afterwards) is a trojan horse version of Zeus.
  Stupidly I clicked it and then looked. No further clicks...But I also replied to the mail.
  What I saw were different job possibilities, one of which was to post links for Google....?
  My Sophos virus/malware scanner did not report anything, and when I became aware I immediately continued to scan the computer and Sophos did not find anything.
  Does anyone know if these trojans can/will affect Mac OSX  v. 10.5.8?
  Thanks, G

  How can I tell if my computer is...: Apple Support Communities

• New Trojan Horse Virus

  First, I am aware that the Mac has never had a virus and is not readily suceptible to them due to the quantity of Macs in service and the complexity of the Unix format. However, I also realize that the word "never" is relative and no one knows what the future holds.
  In light of the "apparent" new Trojan Horse Virus that has just surfaced, could someone answer the following questions for information only.
  There is a question as to whether this is a Trojan Horse or a Virus. Has that been cleared up?
  I have followed the discussions concerning the various virus programs for the Mac. There seems to be problems with all of them such that many are saying the problems do not justify installing these, in light of the low probability of a virus or trojan horse. There is also the question that is raised as to why some of these programs work great for some and poorly for others. One of these programs seem to surface more than others. It is CLAMX AV.
  My questions concerning CLAMX AV is:
  Does this program simply identify a virus or can it be configured to quarantine, or delete the virus completely?
  If it will delete the virus, can this be done automatically in the background or is there some interaction that has to be done on the part of the user?
  What primary issues concerning my Mac must be considered before installing the program?
  Thanks
  Herschel

  There is a good guide to Leap-A at http://www.macworld.com/news/2006/02/16/leapafaq/index.php
  If you want to see how easy or hard it is to catch have a look at http://www.macworld.com/news/2006/02/17/leapafollow/index.php
  Prerequisites (even before you get to the point where you have to help it along its way by actually deliberately opening the offending file) involve using iChat over a Bonjour (not just internet) network under OSX10.4 while connected to someone infected with it.
  THis is clearly not really going to be a significant issue in itself, though others may try to emulate its operations with "nastier" enhancements.
  (Just by the way, Macs have had viruses etc in the past under earlier OS's. The last one I actually saw was on a machine running OS7.5 in the mid 1990's. It had arrived on the victim's machine on a floppy disc containing pirated software from an educational institution. Prior to the mid 1990's I saw three other incidences of virus infection on Macs - all on machines used in the education sector)
  Cheers
  Rod

• Trojan Horse Generic 11.PWW in my AIR download!

  Last week I downloaded and installed the latest version of
  Adobe (vers. 9) from the Adobe.com site. However, it wouldn't run
  and gave me a message that ran along the lines "Your software has
  been successfully installed. However, it might run slower than
  normal because your disc needs defragmenting," plus some advice to
  defrag the disc then run the program again. Well my disc was fine
  as I'd run a defrag a day earlier. All the same I defragged it
  again then re-tried the new Adobe program. Same message. So I
  uninstalled the whole thing and did a new d/load and install. Same
  problem still. Finally I gave up on it and uninstalled it. What's
  the point of having it if I can't use it?
  Well today I ran my anti-virus program (AVG 8) and it found
  this:
  Infection Trojan horse Generic11.PWW
  And the path:
  C:\Documents and Settings\Owner\Local Settings\Application
  Data\Adobe\Reader 9.0\Setup Files\AIR\Adobe AIR Installer.exe
  This Trojan is now locked away in the AVG virus vault. What
  beats me is how this is still hanging around on my comp after I'd
  uninstalled, run CCleaner etc. I'm not a geek though so if anyone
  can advise then I'd be glad for it.
  Also, having browsed some recent AIR topics and seeing the
  problems people have been having, I'd like to know if anyone else
  has picked up a trojan in AIR in their virus scans. I'd appreciate
  any feedback, because until I can be sure this problem is fixed I'm
  not d/loading any new versions of the main Adobe s/ware.
  Many thanks,
  Mike

  Hi Luis,
  I downloaded the Adobe Reader v.9 s/ware again to see if
  things were now different, but the problems persist. Because it
  might be helpful to you I took screen shots of the following, which
  in respect of issues tell the story well enough:
  the download confirmation (while on the Adobe.com download
  page),
  the Run query box prior to running it that confirms it's
  ready to be run,
  the Setup Successful box with its confirm of a successful
  install but an advisory that the program might not launch as
  quickly as possible as my disk needs defragmenting,
  the defragment disk report which shows my disk doesn't need
  defragmenting,
  the download page of an official govt. site where I wished to
  download some .pdf format application forms,
  the Mozilla Crash Report that I got as soon as I clicked on
  the download link in the above page, and
  the "Adobe Reader 9.0 has encountered a problem and needs to
  close" box that I got when I tried to read one of the same .pdf
  files (downloaded via another comp that doesn't have Adobe 9.0).
  Please note that same .pdf file reads fine on my PC which runs
  Adobe v 7.
  Summary: the newly installed Adobe v. 9.0 wrongly says that
  my disk needs defragmenting; it crashes my Mozilla v.3 browser as
  soon as I try to download a .pdf file from a safe (Capital City
  Govt. Dept) website; it cannot read .pdf documents but has to close
  - even though those documents clearly show with the usual "Adobe"
  icon, showing that Adobe reader is installed on the laptop.
  I have uploaded all of those screen shots to a photobucket
  site and am sending you a private message with the link. I hope
  this will help. Meanwhile, because I never had a Mozilla crash
  prior to installing Adobe v 9.0, I am uninstalling this software
  again to avoid any more possible crashes. I have also used the
  Mozilla Crash Report facility to advise them that I had installed
  Adobe 9.0 only minutes prior to the crash and would uninstall the
  new s/ware and see if that fixes the problem. (Because the fact is
  that there may be another issue involved.)
  Meanwhile if there is any way to download an older version of
  Adobe reader I'd like to have it. My Adobe 8 was excellent.
  Many thanks for taking the time to review this for us. (As
  I'm surely not the only one.) I understand that as it's freeware,
  Adobe has no liability or onus to do anything so your helpful
  approach is brilliant.
  EDIT to add: On second thoughts I'll leave the new Adobe 9.0
  installed. Makes more sense as there's no way to try any fixes if I
  uninstall it :)