I have a trojan on my mac. The trojan downloads illegal content until my hard drive is full. How do I remove the trojan?
I noticed that my hard drive was getting full to the point that my computer had no space left. OmniDiskSweeper told me where all the data was. When I went to that folder I saw a TON of illegally downloaded content. I immediately trashed it to get my drive space back, but noticed something was downloading these files again. ClamAV did not find anything and Sophos has been running very slowly. Does anyone know what this is or how to remove it?
Please read this whole message before doing anything.
This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.
These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.
Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.
Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then copy it. The headings “Step 1” and so on are not part of the commands.
Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.
Launch the Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.
Step 1
Triple-click the line of text below on this page to select it:
kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' | open -f -a TextEdit
Copy the selected text to the Clipboard by pressing the key combination command-C. Then click anywhere in the Terminal window and paste (command-V). A TextEdit window will open with the output of the command. If the command produced no output, the window will be empty. Post the contents of the TextEdit window (not the Terminal window), if any — the text, please, not a screenshot. You can then close the TextEdit window. The title of the window doesn't matter, and you don't need to post that. No typing is involved in this step.
Step 2
Repeat with this line:
{ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|org\.(amav|apac|cups|isc|ntp|postf|x)/{print $3}'; sudo defaults read com.apple.loginwindow LoginHook; sudo crontab -l; } 2> /dev/null | open -f -a TextEdit
This time you'll be prompted for your login password, which you do have to type. Nothing will be displayed when you type it. Type it carefully and then press return. You may get a one-time warning to be careful. Heed that warning, but don't post it. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.
Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.
Step 3
{ launchctl list | sed 1d | awk '!/0x|com\.apple|org\.(x|openbsd)/{print $3}'; crontab -l 2> /dev/null; } | open -f -a TextEdit
Step 4
ls -A /e*/{la,mach}* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts .la* 2> /dev/null | open -f -a TextEdit
Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.
Step 5
osascript -e 'tell application "System Events" to get name of every login item' | open -f -a TextEdit
Remember, steps 1-5 are all copy-and-paste — no typing, except your password. Also remember to post the output.
You can then quit Terminal.
Similar Messages
-
I have 5 computers authorized to use my iTunes. 2 of those computers do not exist and have had their hard drives destroyed. How do I remove those computer from my iTunes account?
Begin by opening the iTunes program and going to the iTunes Store via the iTunes Store button in the top right.
Once you're at the iTunes Store, click on the Sign In button at the top left corner (if you're not signed in) or on your account name in the same location (if you're already signed in).
This will bring you to your iTunes account. In the top box, you'll see a section labelled Computer Authorizations towards the bottom. Next to it is a button that reads Deauthorize All. Click it.
A window will pop up asking you to confirm that this is what you want to do. Continue.
In just a few seconds, all 5 computers on your account will be deauthorized.
Now, re-authorize just the computers that you still use and you'll be all set. -
I have a macbook pro and apple tv2. My problem is that my hard drive is full. What is my best option to empty movies off of my macbook but still access them through atv2?
ok. I do have a time capsule but if I move itunes on to it how do I sync my ipods and iphone? Or can I have my Itunes account on both and just move my movies to the time capsule?
-
I purchased a macbook air about 5 months ago and lately i keep recieving a warning that the hard drive or disk is full and that I will need to move items to trash in order to free up space on it. I purchased a external hard drive 1 TB but I'm very new to mac and ios and unsure as to how I'm suppose to transfer my files (video, pics, music etc.) from my mac over to the external hard drive in the correct way so I won't end up deleting them permenately or screwing anything up with my mac as far as the applications and programs being able to run. Am I supposed to just copy to the external hard drive and then move to and empty the trash? That's pretty much all I could come up with, but then what if i need or want to access that file again at a later time. Also, I have an i Phone and i pad so with i cloud it automatically syncs all my purcheses and if i delete something from itunes on my mac it deletes from my ipad.
I'd appreciate any kind of input i think im just a little lost here. I have to say i love my Mac and wouldn't trade it for anything (except maybe a macbook pro w/more memory)... Is there something I'm missing???To free up hard drive space the best bet is to move data files that you don't need access to all the time. Likely candidates are music, video, and photos. Things like word processing and spreadsheet files can also be moved but they tend not to be very large and so don't free up much space. The problem with moving the above mentioned files is that iTunes and iPhoto need to know where the files are stored.
Here's an article explaining how to move the iTunes folder. You can move the iPhoto library using the Finder but there is a slight complication. Start iPhoto, open the Preferences and click on the Advanced tab. The first option is "Copy items to the iPhoto Library". If this option is checked, copy the iPhoto library to your external folder (drag it from the Pictures folder to your external drive) and then delete it from your Picture folder. If this option is not checked, it is a bit more complicated and we'll need to talk a bit. -
MY mac mini hard drive is failing. I am no longer under warranty. Do you know how much it cost to have Apple replace the hard drive? or How I can replace it myself?
You can do it yourself. I did on my 2009 Mini
http://www.ifixit.com/Device/Mac_Mini
Also, this place sells HSDs and has install videos.
http://eshop.macsales.com/installvideos/ -
i sent my 17inch mac pro to apple to install a new hard drive and my mountain lion was not on it when i got it back, using the same apple id i tried to re download it but it says i have to pay
never mind i got it by going into my account and veiwing hidden items and there it was
-
My mac Doesn't seem to see my external hard drive (seagate 1tb) I have it usb'd in to the back of my computer, but when I open time machine...it does not see it. Help...please
Yes...at least I thought it was....I have 10.6.8.
That's the whole issue. I want to run/install photoshop elements but I have to have 10.8. for that. So...be fore I install an upgrade (Yosemite is getting BAD press) I thought I'd check my back up...it's not there...I have the seagate plugged in and the usb into the back of the mac...when I try to turn the time machine "ON" it says airport device not found not ....
By the way...I REALLY appreciate the help here.... -
I have a mac pro 1.1. the main hard drive failed. How do I reload OS X 10.7 back in my computer. the app store will not let me reinstall this os. My computer is not compatible OS x 10.8?
You need to first install the OS your Mac came on the bundled gray disks. Assuming it's Snow Leopard, you could then login into the App Store using your same Apple ID and password to download and install Lion.
If your Mac is a bit older and came with Leopard, 10.5.x, you can bypass that and install Snow Leopard from your retail disk. The only software you'd need to install separately from the gray disks would be the optional software, such as the iLife suite and other titles not included on the retail SL disk. -
created a movie in IMOVIE and transferred it to dvd but cannot get it to play on my dvd player. i downloaded the free Burn program since i don't have idvd on my new mac the dvd comes up disk error or cannot read. I am using a dvd-r dvd and my dvd player says that it uses this type of dvd. Any suggestions. I spoke to an Apple Support person who helped me burn the dvd but it still didn't work...help???
There's a difference between a data DVD, and a DVD-Video. I believe you made a data DVD, which can't be played in a video player. The Burn feature of the Finder can't author a DVD-V, just data discs.
I assume you made a Project, and put clips from your Event Library into the Project. But then, how did you output your Project, using the SHARE menu?
When I pull down iMovie '11s SHARE menu, "iDVD..." is one of the options. It's the job of iDVD to make the menu that appears when you insert a DVD into your player (that says the title, and chapters, and extras, etc.). You need software that will made a DVD-V disc. Lacking that, you might be able to go to Share/Export Movie... or Share/Export using QuickTime... to get your video into a format that software like Roxio's Toast could burn. -
Ok so I have a MacBook Pro that has 750 gigs of space but I keep getting an error message that my scratch hard drive us full. When I look at the storage it's saying that I have 1.5 available gigs of space and when I dig deeper it shows that it's not video, audio or document but it's other. What can it be and what can I do about it?
See here for answer about the OTHER which is taking up space:
http://pondini.org/TM/30.html
and here:
http://pondini.org/OSX/DiskSpace.html
See Kappys excellent note on the rest of “other” files taking up your space:
What is "Other" and What Can I Do About It? -
Why is my new Mac telling me my hard drive is full? It says I have 100 gigs used and I should have another 400 gigs of storage left. What is up?
Are you using FileVault perchance?
FileVault-protected Home shows less capacity than what's available on the hard disk...
http://support.apple.com/kb/TA24068 -
My excellent, but old Mac Book Pro only has a 160 GB hard drive. I've only got 6 GB remaining. I know I have multiple copies of MS Office for Mac installed and only need the latest. is there an uninstaller I can use to get rid of the early versions? Any potential issues if I do that? I use a 1TB drive for Time Machine back ups.
Thank you.http://www.bing.com/search?q=uninstall+MS+Office+2004+for+Mac
http://support.microsoft.com/kb/871017
http://support.microsoft.com/kb/312172
OWC www.macsales.com can help you upgrade your hard drive to SSD or larger hdd, and I would clone your system to another external as well as with TimeMachine.
MacBook Series Forums
https://discussions.apple.com/community/notebooks?view=discussions
Mac OS X Forum
https://discussions.apple.com/community/mac_os?view=discussions -
I have one HDMI port on my television that is currently used for my hard drive/free view box. What kind of adaptor can I buy so I can have the hard drive and my apple tv device plugged into the same HDMI PORT? Is it a switch or a splitter? And where is it best to buy one? Thanks!
Welcome to the Apple Community.
You need an HDMI switch. -
can I move all my photo that I can see on iPhoto from my Mac hardrive and put them on an external hard drive and still be able to see them as thumbnails in iPhoto? Thanks! The reason, I need to know if I can do this is b/c I am running out of HD space!sp
Make sure the drive is formatted Mac OS Extended (Journaled)
1. Quit iPhoto
2. Copy the iPhoto Library from your Pictures Folder to the External Disk.
3. Hold down the option (or alt) key while launching iPhoto. From the resulting menu select 'Choose Library' and navigate to the new location. From that point on this will be the default location of your library.
4. Test the library and when you're sure all is well, trash the one on your internal HD to free up space.
Regards
TD -
I'm trying to back up 10.6.8 (snow leopard) and all my files before upgrade to Mavericks. I have an old but sturdy external hard drive...how many GB available will I probably need to back up the whole thing? thanks!
You will need a separate partition unless you plan to use the entire drive. You will need an amount of space somewhat larger than the total space now used on your startup drive. If you select the startup drive's Desktop icon, then press COMMAND-I to open the Get Info window. Used space will be shown in the topmost panel. Add a GB or two to that number to determine how much space you'll need for the backup.
Do not backup on a drive that has any files you want to keep. You can make a bootable backup as follows:
Clone using Restore Option of Disk Utility
1. Open Disk Utility in the Utilities folder.
2. Select the destination volume from the left side list.
3. Click on the Restore tab in the DU main window.
4. Select the destination volume from the left side list and drag
it to the Destination entry field.
5. Select the source volume from the left side list and drag it to
the Source entry field.
6. Double-check you got it right, then click on the Restore button.
Destination means the external backup drive. Source means the internal startup drive.
Maybe you are looking for
-
How to display Internal Table in ALV?
Hi all, can anyone teach me the simple way to insert my internal table records to ALV by providing me the sample codes from the start of declaration to the end? Below is how i define my internal table: DATA: DOM_NAME(40) TYPE C, P_TABLE(40) TY
-
GL Account Short vs. Long Text
Where is the short text vs. long text used in the system for GL account descriptions? There is not enough room right now in the short text field for our account descriptions so we are concerned what the implications of using the same names across mu
-
when you download a tv show from iTunes you, you can't burn a disc. i have a client who would like to encode their video podcast the same way. any thoughts on how to do this?
-
Strange finder icon in my dock!
I have a strange Finder icon in my dock that looks like it has a glass box over it. I know it definitely is not supposed to look like that. I have tried the following: - Restarting - Moving Dock from side to side to bottom - Changing wallpaper - Chan
-
Can't find version 1.0 ANYWHERE!
I'm trying to downgrade because of all the video and sound problems with it stopping after 30 seconds and continuing with no sound. I have found old updater links but apple.com says i'm lost because that site no longer exists. I need help! Are we bas