Half a million Mac computers 'infected with malware'... is this a legitimate concern?

Similar Messages

• Half a million Mac computers 'infected with malware'?

  I just read this: http://www.bbc.co.uk/news/science-environment-17623422
  It includes a link to this: http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml -- apparently details about “how to confirm if a machine is infected and how to remove the Trojan” – but it seems to jump straight in with “Manual disinfection is a risky process; it is recommended only for advanced users” – and instructions to remove the malware, rather than just checking to see if infected. I’m not an advanced user. Where do I find "Terminal"? Where do I begin, or just continue burying my head in the sand, believing that Mac is perfect?

  Where do I find "Terminal"
  The Utilities folder.
  Is there something going on wit your Mac that makes you believe that it's infected?  If not, then you're probably fine.
  Did you ever download and install Java for OS X Lion?  If not, then you're fine.
  Have you ran Software Update to download and isntall the 2 patches Apple has released in the last week?  If so, then you're fine

• How can you find out if your mac is infected with the flash back virus

  how can you find out if your mac is infected with the flash back virus?

  F-Secure's Flashback removal tool - http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_k.shtml - supposedly also works on OSX 10.5 and earlier.
  05 Apr 2012 How to Detect and Protect Against Updated Flashback Malware - http://tidbits.com/article/12918 - detection methods for multiple browsers and general information
  Leopard and earlier users see recommendations at: https://discussions.apple.com/thread/3872491

• Is my computer infected with Malware?

  I know it is unlikely since I am on the allegedly impenetrable OS of Mac, but a couple of things happened lately whilst I was browsing the internet on Safari that make me think I may have.
  A couple of days ago whilst I was using a site for streaming music, I clicked on a link, two specific songs in fact, and it immediately took me to a page warning me that the site may contain potentially harmful malware. This may have been my OS alerting me, I don't know.
  Following that, yesterday evening while I was browsing, I noticed a pop-up advert for a mobile phone company or something and I couldn't understand how it had appeared. So I clicked the back button on it and it seemed to go back momentarily to some site called sublimemedia.com and then return to the original pop-up that was causing me concern.
  To the best of my knowledge I did not click on anything that would have directed me this to pop-up, and it happened several times of it's own accord, sometimes opening a new page, and one time it seemed to redirect the tab I was in to a pop-up advert whilst opening a new page with the page I was originally looking at, if you know what I mean...
  I have Safari set so as to only open pop-ups from sites that I navigate to.
  So do I have some form of malware, adware, scareware on my computer and if so how do I get rid of it?
  I followed the instruction on this page.
  http://www.macworld.com/article/60823/2007/10/trojanhorse.html
  but it did not seem to detect anything untoward.
  I have also run ClamXav on everything and again my computer appears to be virus free.
  Message was edited by: STU9000

  A couple of days ago whilst I was using a site for streaming music, I clicked on a link, two specific songs in fact, and it immediately took me to a page warning me that the site may contain potentially harmful malware. This may have been my OS alerting me, I don't know.
  It was not the OS alerting you. The OS doesn’t send you messages in Web Pages. This is a simple “frighten the unwary computer user” web advert. Ignore it.
  I noticed a pop-up advert for a mobile phone company or something and I couldn't understand how it had appeared. So I clicked the back button on it and it seemed to go back momentarily to some site called sublimemedia.com and then return to the original pop-up that was causing me concern.
  This is exactly the same.
  I have Safari set so as to only open pop-ups from sites that I navigate to.
  It’s not perfect, I’m afraid and every now and then one will get past it.
  So, no you’re not infected with Malware, these are sneaky forms of web advertising.
  Regards
  TD

• URGENT - ARE LATEST VERSIONS OF FIREFOX DOWNLOADS INFECTED WITH MALWARE/ADWARE?

  It is VERY URGENT that the following is looked into by Mozilla Firefox and anyone else who uses this browser, as it would appear that the latest installation downloads from Mozilla Firefox (GB-EN) for versions 28.0 and 29 (and quite possibly previous versions) ARE THEMSELVES INFECTED with malware/adware. This is the only conclusion I can come to after repeated resets of my computers to factory settings, and everything is fine until I re-download Mozilla Firefox and select it as default browser, then the following happens when my Office 365 account is accessed:
  In Office 365, if I select the 'File' menu and 'Office Account', then click on the 'Manage Account' button, TWO tabs on the default browser (if it is Firefox) are opened and the SECOND tab is a malware/adware page, usually called something like www.74f.com or another URL or server with a number, and sometimes this has an email address on the adware page that opens. This only happens when Mozilla Firefox is the default browser - it does not happen in Internet Explorer. In IE, the second tab is the correct tab for the Account in Office 365.
  This has caused me to do repeated resets to factory default settings on my two laptops, one running Windows 8.1 64 bit and one running Windows 7 64 bit, and everything is fine when re-installation of all programs is complete and IE is the default browser. As soon as Mozilla Firefox is downloaded - the latest versions 28 or 29, and Firefox is set as the default browser, the malware/adware tab reopens in Office 365, as above.
  On doing a search on what www.74f.com is, it appears to be registered on servers in China.
  The malware/adware seems to be directly connected with the download and installation of the latest versions of Firefox. PLEASE INVESTIGATE URGENTLY - as although Firefox has always been my favourite browser, there is no way I am ever going to use it again unless this is solved, as I am fed up with doing factory resets of my computers to solve this. Each time I re-install Firefox it happens again, to a previously clean system.

  First - Relax
  So to clarify what the issue is. What apparently no one of our IT experts could figure out in a YEAR!
  If you trace everything with Procmon you will see that this is a simple issue of not putting Quotation marks around Command line arguments.
  That is what Office is executing as you click that "Manage Account" button.
  "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://o15.officeredir.microsoft.com/r/rlidOfficeManagementPortal?ver=15&app=outlook.exe&clid=111&p1=1&lidhelp=1111&liduser=1111&lidui=1111&MachineKey=11111-111-111111 66F
  So there is a MachineKey generated with a space in it.
  What happens if you execute this in cmd… Correct – Firefox will assume that 66F is a 2nd argument in this case a URL and translate it to www.66f.com after not finding a DNS record for 66F in the local environment.
  Of course ChinaHackers will figure this out too and maybe use this… but then I couldn’t find anything strange with the 66f website.
  As in this case: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" FirstTab 2ndTab
  This is not a Firefox issue MS should just bloody put his Urls in Quotation marks!
  "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" “http://o15.officeredir.microsoft.com/r/rlidOfficeManagementPortal?ver=15&app=outlook.exe&clid=111&p1=1&lidhelp=1111&liduser=1111&lidui=1111&MachineKey=11111-111-111111 66F”
  Now feel free to write Microsoft and tell them thanks for wasting 15min of my day.

• My mac is infected with viruses, Safari can not normally search for constantly appear commercials and some unknown site. What to do? antivirus free program that you recommend?

  my mac is infected with viruses, Safari can not normally search for constantly appear commercials and some unknown site. What to do? antivirus free program that you recommend?

  You may have installed the "VSearch" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Step 1
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  Step 2
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• Facebook will not let me sign in on my ipad2 saying I am infected with malware...***? It says I must remove the malware first to continue...how do I do that with an iPad?

  Tried to sign in on my Facebook account and it would not let me as it says my computer/device is infected with malware and I must remove the malware before I can continue...So how do I do that on an iPad? I was just signed in to FB an hour earlier on here and had no message then. Can someone help me figure this out please. I had no idea the iPad could also get malware....Thanks!

  What you may have got was an ad, that tells you you have malware, when in fact when you either click on the ad or try to X out of the ad, that's when it installs the malware on your computer. It's a trick. If it's indeed like that, that's when it's good for the iPad, since it can't get the junk they're trying to push out.

• Have had to re-download Mozilla due to malware - final step of installation asks if I will allow unknown publisher to make changes to computer - click YES and get message my computer is infected with malware - click NO and cannot open Mozilla

  Long story short, unwisely allowed unknown publisher to make changes to my computer (which I thought was related to my anti-virus protection) last night. In the process, seems I allowed malware (called antivirus8). Neither Explorer or Mozilla were available - seemed to have been wiped out by antivirus8 thing. Explorer came back up (with favorites still intact) after doing full scans and a few other things...but Mozilla did not. Uninstalled Mozilla and re-downloaded. Final step of installation asked if I wanted to allow an unknown publisher (and I'm sorry to say I don't remember exactly what it was...something with safe in the name, I think) to make changes to my computer. Clicked NO and still not able to access Mozilla...redid and clicked YES and immediately got message that my computer was infected with malware. Have used Mozilla for years...hate just having Explorer. Anti-virus program is Kaspersky...ran full scan and it did not detect a thing...so I really don't know what happened!

  Try running several malware scanners to see if Kaspersky missed anything. It is best to run several as each will pick up things that the others miss. Some scanners you can try are:
  * [http://www.malwarebytes.org/mbam.php Malwarebytes]
  * [http://www.superantispyware.com/ SUPERAntiSpyware]
  * [http://www.lavasoft.com/products/ad_aware_free.php Ad-Aware]
  * [http://www.microsoft.com/windows/products/winfamily/defender/default.mspx Windows Defender]
  * [http://www.safer-networking.org/en/home/index.html Spybot S&D]
  If the above malware scanners do not find any malware or can not clear it, you should consider posting in one of these forums for specialized malware removal help:
  * http://forums.spybot.info/
  * http://www.spywarewarrior.com/index.php
  * http://forum.aumha.org/
  * http://www.bleepingcomputer.com/forums/
  * http://www.spywareinfoforum.com/

• We have been blocked from Facebook with a message that says we have been infected with malware on our iPad 2, what can we do?

  We have been blocked from Facebook with a message that says we have been infected with malware on our iPad 2, what can we do?

  You don't have malware on your iPad. Report the issue to FaceBook: http://www.facebook.com/help/

• Do you have any exp. guys that your ipad3 infected with malware virus?

  Do you have any exp. guys that your ipad3 infected with malware virus?

  There is no malware for the iPad, unless you have jailbroken it. If you have not jailbroken it, whatever problem you are having that prompts you to ask about viruses is not caused by malware, guaranteed.

• I have macbook pro and am on OS X Yosemite 10.10.2 . I am having lot of warning message on my browser that my computer is infected with malware/spyware and use mackeeper. How do I solve this issue . This is happening more on chrome and Safari browser

  I have macbook pro and am on OS X Yosemite 10.10.2 . I am having lot of warning message on my browser that my computer is infected with malware/spyware and use mackeeper. How do I solve this issue . This is happening more on chrome and Safari browser

  There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.
  If you have trouble following those instructions, see below.
  Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
  The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
  Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:
  /Library/LaunchDaemons
  In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
            com.something.daemon.plist
  and
             com.something.helper.plist
  Here something is a variable string of characters, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
  If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
  /Library/LaunchAgents
  In this folder, there may be a file named
            com.something.agent.plist
  where the string something is the same as before.
  If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
  Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
  The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
  Open this folder:
  /Library/Application Support
  If it has a subfolder named just
             something
  where something is the same string you saw before, drag that subfolder to the Trash and close the window.
  Don't delete the "Application Support" folder or anything else inside it.
  Finally, in this folder:
  /System/Library/Frameworks
  there may an item named exactly
              v.framework
  It's actually a folder, though it has a different icon than usual. This item always has the above name; it doesn't vary. Drag it to the Trash and close the window.
  Don't delete the "Frameworks" folder or anything else inside it.
  If you didn't find the files or you're not sure about the identification, post what you found.
  If in doubt, or if you have no backups, change nothing at all.
  The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
  This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
  In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
  Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
            Install system data files and security updates (OS X 10.10 or later)
  or
            Download updates automatically (OS X 10.9 or earlier)
  if it's not already checked.

• How can I determine if my iMac is infected with Malware.  Internet is very slow at times.

  Some time ago I opened a link in an email from a friend and later found out that his email address had been hijacked.  The site the link took me to seemed innocuous, but ever since it seems that from time to time that my internet connection is very slow, as if there is not enough band width.  Is it possible that my computer is infected with some sort of malware?  How can I determine that?  If it is infected how can the malware be removed?

  Here is the report.
  Problem description:
  I clicked on a link in a email from a hacked email account and since then my internet connection runs very slow at times.  I am concerned that my iMac may be infected with some sort of Malware
  EtreCheck version: 2.1.6 (109)
  Report generated January 21, 2015 at 12:26:10 PM MST
  Download EtreCheck from http://etresoft.com/etrecheck
  Click the [Support] links for help with non-Apple products.
  Click the [Details] links for more information about that line.
  Click the [Adware] links for help removing adware.
  Hardware Information: ℹ️
    iMac (21.5-inch, Late 2009) (Technical Specifications)
    iMac - model: iMac10,1
    1 3.06 GHz Intel Core 2 Duo CPU: 2-core
    12 GB RAM Upgradeable
    BANK 0/DIMM0
    4 GB DDR3 1067 MHz ok
    BANK 1/DIMM0
    4 GB DDR3 1067 MHz ok
    BANK 0/DIMM1
    2 GB DDR3 1067 MHz ok
    BANK 1/DIMM1
    2 GB DDR3 1067 MHz ok
    Bluetooth: Old - Handoff/Airdrop2 not supported
    Wireless:  en1: 802.11 a/b/g/n
  Video Information: ℹ️
    NVIDIA GeForce 9400 - VRAM: 256 MB
    iMac 1920 x 1080
  System Software: ℹ️
    OS X 10.10.1 (14B25) - Time since boot: 1:8:36
  Disk Information: ℹ️
    WDC WD5000AAKS-40V2B0 disk0 : (500.11 GB)
    EFI (disk0s1) <not mounted> : 210 MB
    Macintosh HD (disk0s2) / : 499.25 GB (398.65 GB free)
    Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB
    PIONEER DVD-RW  DVRTS09 
  USB Information: ℹ️
    Apple Inc. Built-in iSight
    Apple Internal Memory Card Reader
    Apple Computer, Inc. IR Receiver
    Apple Inc. BRCM2046 Hub
    Apple Inc. Bluetooth USB Host Controller
  Gatekeeper: ℹ️
    Mac App Store and identified developers
  Kernel Extensions: ℹ️
    /Library/Extensions
    [loaded] com.symantec.kext.SymAPComm (12.7.1f4 - SDK 10.8) [Support]
    [loaded] com.symantec.kext.filesecurity (12.7f4 - SDK 10.8) [Support]
    [loaded] com.symantec.kext.fw (5.3.1f4 - SDK 10.8) [Support]
    [loaded] com.symantec.kext.internetSecurity (5.4f4 - SDK 10.8) [Support]
    [loaded] com.symantec.kext.ips (3.9.2f1 - SDK 10.8) [Support]
    [loaded] com.symantec.kext.pf (5.7.1f4 - SDK 10.8) [Support]
    /System/Library/Extensions
    [not loaded] com.seagate.driver.PowSecDriverCore (5.2.4 - SDK 10.4) [Support]
    /System/Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns
    [not loaded] com.seagate.driver.PowSecLeafDriver_10_4 (5.2.4 - SDK 10.4) [Support]
    [not loaded] com.seagate.driver.PowSecLeafDriver_10_5 (5.2.4 - SDK 10.5) [Support]
    [not loaded] com.seagate.driver.SeagateDriveIcons (5.2.4 - SDK 10.4) [Support]
  Launch Agents: ℹ️
    [running] com.brother.LOGINserver.plist [Support]
    [loaded] com.google.keystone.agent.plist [Support]
    [loaded] com.symantec.errorreporter-periodicagent.plist [Support]
    [loaded] com.symantec.nis.application.plist [Support]
    [running] com.symantec.uiagent.application.plist [Support]
  Launch Daemons: ℹ️
    [loaded] com.adobe.fpsaud.plist [Support]
    [running] com.fitbit.galileod.plist [Support]
    [loaded] com.google.keystone.daemon.plist [Support]
    [running] com.sec.faxdb.plist [Support]
    [running] com.symantec.deepsight-extractor.plist [Support]
    [loaded] com.symantec.errorreporter-periodic.plist [Support]
    [loaded] com.symantec.liveupdate.daemon.ondemand.plist [Support]
    [loaded] com.symantec.liveupdate.daemon.plist [Support]
    [invalid?] com.symantec.MissedTasks.plist [Support]
    [not loaded] com.symantec.nav.migrateqtf.plist [Support]
    [invalid?] com.symantec.Sched501-1.plist [Support]
    [running] com.symantec.sharedsettings.plist [Support]
    [running] com.symantec.symdaemon.plist [Support]
    [invalid?] com.symantec.symSchedDaemon.plist [Support]
  User Launch Agents: ℹ️
    [loaded] com.adobe.ARM.[...].plist [Support]
    [invalid?] com.google.GoogleContactSyncAgent.plist [Support]
  User Login Items: ℹ️
    Microsoft AU Daemon Application  (/Applications/Microsoft AutoUpdate.app/Contents/MacOS/Microsoft AU Daemon.app)
    Fitbit Connect Menubar Helper Application  (/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app)
  Internet Plug-ins: ℹ️
    o1dbrowserplugin: Version: 5.38.6.0 - SDK 10.8 [Support]
    Default Browser: Version: 600 - SDK 10.10
    Flip4Mac WMV Plugin: Version: 2.3.8.1 [Support]
    AdobePDFViewerNPAPI: Version: 11.0.10 - SDK 10.6 [Support]
    FlashPlayer-10.6: Version: 16.0.0.257 - SDK 10.6 [Support]
    Silverlight: Version: 5.1.30317.0 - SDK 10.6 [Support]
    Flash Player: Version: 16.0.0.257 - SDK 10.6 [Support]
    iPhotoPhotocast: Version: 7.0
    googletalkbrowserplugin: Version: 5.38.6.0 - SDK 10.8 [Support]
    QuickTime Plugin: Version: 7.7.3
    AdobePDFViewer: Version: 11.0.10 - SDK 10.6 [Support]
    CouponPrinter-FireFox_v2: Version: Version 1.1.6 [Support]
    GarminGpsControl: Version: 2.9.3.0 Release [Support]
    NortonInternetSecurityBF: Version: 1.11.0 - SDK 10.6 [Support]
    JavaAppletPlugin: Version: 15.0.0 - SDK 10.10 Check version
  User internet Plug-ins: ℹ️
    Google Earth Web Plug-in: Version: 7.1 [Support]
  Safari Extensions: ℹ️
    Norton Internet Security [Installed]
  3rd Party Preference Panes: ℹ️
    Flash Player  [Support]
    Flip4Mac WMV  [Support]
    Norton\nQuickMenu  [Support]
  Time Machine: ℹ️
    Skip System Files: NO
    Mobile backups: OFF
    Auto backup: NO - Auto backup turned off
    Volumes being backed up:
    Macintosh HD: Disk size: 499.25 GB Disk used: 100.60 GB
    Destinations:
    Seagate Backup Plus Drive [Local]
    Total size: 1.00 TB
    Total number of backups: 15
    Oldest backup: 2013-08-01 22:49:49 +0000
    Last backup: 2014-11-06 19:34:10 +0000
    Size of backup disk: Adequate
    Backup size 1.00 TB > (Disk used 100.60 GB X 3)
  Top Processes by CPU: ℹ️
        5% WindowServer
        1% Fitbit Connect Menubar Helper
        0% fontd
        0% AppleSpell
        0% launchservicesd
  Top Processes by Memory: ℹ️
    580 MB com.apple.dock.extra
    322 MB SymDaemon
    206 MB Google Chrome
    168 MB spindump
    155 MB mds_stores
  Virtual Memory Information: ℹ️
    7.46 GB Free RAM
    2.59 GB Active RAM
    1.51 GB Inactive RAM
    1.05 GB Wired RAM
    2.56 GB Page-ins
    0 B Page-outs
  Diagnostics Information: ℹ️
    Jan 21, 2015, 11:23:52 AM /Library/Logs/DiagnosticReports/rpcsvchost_2015-01-21-112352_[redacted].cpu_res ource.diag [Details]
    Jan 21, 2015, 11:18:14 AM Self test - passed

• I was infected with Malware. I wanted to uninstall Firefox and reinstall. I did, but after the reinstall, the bookmarks, everything was still there.

  How can I ensure a clean install?

  Follow the removal instructions that '''ideato''' hyperlinked. Not everything that Trovi installed on your PC resides within Firefox folders; sometimes garbage like that goes so far as to infect the Registry and if you don't get rid of it all it will just reinstall itself into Firefox all over again on launch.
  MalwareTips.con is one of the best and most consistently correct websites I have found for dealing with Malware, ''as linked by ideato''.
  http://malwaretips.com/blogs/trovi-com-removal/

• Can the prefs.js file become infected with malware?

  I am trying to solve an issue with my computer and I have done scans with AdwCleaner. The scan results list my Firefox "prefs.js" files, both for my own user account and for the Guest account. IS there any chance of that file becoming infected with anything?
  Probably not I suppose, a false positive perhaps?
  That said, here is my issue in case anybody recognizes the symptoms and can help.
  After a fresh boot my Internet is abnormally slow, down by 90%.
  So far I have determined it is probably not hardware related not due to any background network activity.
  This does not happen if I boot into Safe Mode, or even if I boot into the "Guest" user account.
  I found a workaround: In device manager I "Disable" and then "Enable" the NIC (network adapter).
  After my "fix", Internet connection speed immediately jumps back up to my full normal speed.
  The speed slowdown never returns during that current session. It only returns after the next boot.
  Back around the first of the year I did have a run-in with "Conduit" and eliminated it. A month ago I had a run-in with "Iminent" and eliminated that as well. There are, however, a number of orphaned Registry keys relating to the "Iminent" encounter but no software or toolbars associated with those keys.
  Again, this problem only occurs after a fresh, full boot, only when booting to my own User Account, and is easily worked-around by re-enabling my NIC in device manager.
  Ring any bells?

  Some extensions do store data in prefs.js.
  Does your scanner indicate why it finds the file objectionable? Perhaps you can remove the problem material another way. For example, if you open the about:config preferences editor and look for any appearance of the word conduit and clear those out, maybe prefs.js will pass the next scan?
  (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter. Click the button promising to be careful.
  (2) Use the search box above the list to filter down to preferences containing relevant terms. For example, you could type or paste '''conduit''' and pause while the list is filtered.
  If there is a string-type preference you want to clear, you don't have to open it for editing and delete it. Instead, you can right-click > Reset it.

• Doh! MBP infected with Malware called "systemdoctor"

  Got my first Mac infection. Window pops up with the usual "your system is infected save it with our bogus malware" message. I can click 'no' once, but then it comes up a second time with only an "ok" option, and I'm unable to close Safari. The malware's called "systemdoctor."
  There are hints on how to remove it in PC world on the web, but can anyone walk me through how to cleanse my beautiful Apple machine of this vile plague?

  Welcome to Apple Discussions!
  This is not a malware like your typical PC malware. Chances are it is just a cookie activated popup window. Quit your web browser and reopen it. Check your web browser for cookies to sites you don't typically access, and remove them. Make sure that your popup window viewing is disabled. One of the odd design issues of Safari is that command-K toggles popup window visibility. Being that command-L lets you browse to another location, that command is just too close to the other one, and causes us to lose the popup blocking when we least expect to.
  This is not an "infection", it is just a bad cookie.