I think I have a keylogger virus of some sort
Hi
I recently bought somthing from ASOS with my credit card and then the next day that credit card was used for things which I did not authorise, luckily american express sorted it out. I think I have some sort of keylogger virus or osmething becasue ASOS is a trusted website (right???) so I don't think anything went wrong there.
Any ideas on how to scan for it or get rid of it???
Cheers.
Malware should not be your first thought here. There's almost certainly some other explanation. However, if you want to set your mind at ease, get Sophos and do a scan with that. And take a look at my Mac Malware Guide.
As to what the problem is, most likely the card number was stolen some time previously, and the fact that it was used the day after a particular purchase is likely to be nothing more than coincidence. There are many opportunities for credit card numbers to be stolen, and at this point it may be impossible for you to ever learn how it was stolen. Just cancel the card and have a new one issued.
Similar Messages
-
Hi everybody, I am in Turkey on a long assignment, I need help solving a big problem on my macbook pro os 10.9.3. The other week my wife visited some website and now we have a redirect virus of some sort, and every other time when we click on a link or anywhere on the page we are redirected to this casino web site, https://casino.7bets10.com/tr/?from=hy9yKXD43jSC-8Oxbw4femNd7ZgqdRLk-dHJpeG9uaXR l. Its the same whether on Chrome or Safari. Does anyone have a solution, thank you!
1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off merely by the seeming complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. All it does is to collect information about the state of the computer. That information goes nowhere unless you choose to share it. However, you should be cautious about running any kind of program (not just a shell script) at the behest of a stranger. If you have doubts, search this site for other discussions in which this procedure has been followed without any report of ill effects. If you can't satisfy yourself that the instructions are safe, don't follow them. Ask for other options.
Here's a summary of what you need to do, if you choose to proceed:
Copy a line of text in this window to the Clipboard.
Paste into the window of another application.
Wait for the test to run. It usually takes a few minutes.
Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts 51 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' \*AutoCad \*dropbox \*GoogleDr\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 ` route -n get default|awk '/e:/{print $2}' ` 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;5p;6p;8p;12p;' ' {sub(/^ +/,"")};NR==6;NR==13&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/root/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1000) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/ { next;} /(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[9]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/ { next;} /%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]" "$1;b=b$1;} END { if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|POSIX sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' /^ +[NP].+ =/h;/^( +D.+[{]|[}])/{ g;s/.+= //p;};' ' /^ +B/{ s/.+= |(-[0-9]+)?\.s.+//g;p;} ' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' 's/0/Off/p' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil PlistBuddy whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '-c Print /L*/P*/loginw*' '-c Print L*/P*/*loginit*' '-c Print L*/Saf*/*/E*.plist' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' '-c Print\ :'${p[35]}' 2>&1' '-c Print\ :Label 2>&1' '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' -i4TCP:0-1023 com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' );N1=${#c2[@]};for j in {0..8};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;A2 0 $((N1+1)) 2;C0;A1 0 $N1 1;C0;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D13 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 14 2 48 43;D13 4 5 32 1;D22 4 4 50 0;D13 14 3 49 5;D12 26 48 59 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
7. Launch the built-in Terminal application in any of the following ways:
Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
8. If you see an error message in the Terminal window such as "syntax error," enter
exec bash
and press return. Then paste the script again.
9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.
11. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start Time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
12. When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.
Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed. -
I Think I have a keylogger on my mac. Need Help!!!
ok so i was watching a youtube video, and I clicked a link by accident in the bottom. a grey screen came up and it looked like java was trying to do something. I quit safari and turned off my internet, however, I am worried about this. I followed the instructions seen in this thread: https://discussions.apple.com/thread/4243511?start=0&tstart=0
and I got these results:
1:
No output
2:
org.macosforge.xquartz.privileged_startx
com.oracle.java.Helper-Tool
com.google.keystone.daemon
com.adobe.fpsaud
3:
org.macosforge.xquartz.startx
net.culater.SIMBL.Agent
com.oracle.java.Java-Updater
com.hp.messagecenter.launcher
com.google.keystone.system.agent
com.valvesoftware.steamclean
com.facebook.videochat.mileswaldman.updater
4:
/Library/Components:
/Library/Extensions:
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
AudioMixEngine.framework
HPSmartPrint.framework
Mono.framework
NyxAudioAnalysis.framework
PluginManager.framework
iLifeFaceRecognition.framework
iLifeKit.framework
iLifePageLayout.framework
iLifeSQLAccess.framework
iLifeSlideshow.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
Flash Player.plugin
JavaAppletPlugin.plugin
QuakeLivePlugin.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
Silverlight.plugin
disabled
flashplayer.xpt
googletalkbrowserplugin.plugin
iPhotoPhotocast.plugin
npgtpo3dautoplugin.plugin
nsIQTScriptablePlugin.xpt
o1dbrowserplugin.plugin
/Library/Keyboard Layouts:
/Library/LaunchAgents:
com.google.keystone.agent.plist
com.hp.messagecenter.launcher.plist
com.oracle.java.Java-Updater.plist
net.culater.SIMBL.Agent.plist
org.macosforge.xquartz.startx.plist
/Library/LaunchDaemons:
com.adobe.fpsaud.plist
com.apple.remotepairtool.plist
com.google.keystone.daemon.plist
com.oracle.java.Helper-Tool.plist
org.macosforge.xquartz.privileged_startx.plist
/Library/PreferencePanes:
Flash Player.prefPane
JavaControlPanel.prefPane
/Library/PrivilegedHelperTools:
/Library/QuickLook:
iWork.qlgenerator
/Library/QuickTime:
AppleAVCIntraCodec.component
AppleHDVCodec.component
AppleIntermediateCodec.component
AppleMPEG2Codec.component
AppleProResCodec.component
DVCPROHDCodec.component
FCP Uncompressed 422.component
IMXCodec.component
/Library/ScriptingAdditions:
MumbleOverlay.osax
SIMBL.osax
/Library/Spotlight:
Microsoft Office.mdimporter
iWork.mdimporter
/Library/StartupItems:
/etc/mach_init.d:
/etc/mach_init_per_login_session.d:
/etc/mach_init_per_user.d:
Library/Address Book Plug-Ins:
SkypeABDialer.bundle
SkypeABSMS.bundle
Library/Fonts:
Crosshairs.ttf
Garm3nFont.ttf
Library/Frameworks:
EWSMac-GC.framework
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
FacebookVideoCalling.bundle
Library/Keyboard Layouts:
Library/LaunchAgents:
com.facebook.videochat.mileswaldman.plist
com.valvesoftware.steamclean.plist
Library/PreferencePanes:
Library/QuicKeys:
Abbreviations
Clips
Equation Functions
Global Variables.qkvariables
Imported Supporting Items
Instant Shortcut.qkshortcutd
PlugIns
Saved Searches
Shortcuts
Toolbars
Trigger Functions
5:
iTunesHelper, VMware Fusion Start Menu, USBOverdriveHelper, Dropbox, HP Product Research
could someone decipher these for me? do I have a keylogger?
thank youIt's best to describe the problem in as much relevant detail as possible, rather than what you think is causing it or how you think it should be solved.
-
How do I reset Safari..? I think I have a Trovi virus - anyone have any ideas..?
Since installing Yosemite, I now seem to have a Trovi virus in my Mac. I'm trying to reset Safari as part of the process to rid the computer of this virus. I can't seem to find where to do this now. Recent updates has changed where to find the reset safari tab. Anyone have any ideas on this or the Trovi Virus..?
You may have installed the "SearchProtect" trojan. Remove it as follows.
Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
Back up all data before proceeding.
Triple-click anywhere in the line below on this page to select it:
/Library/LaunchDaemons/com.perion.searchprotectd.plist
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with an item named "com.perion.searchprotectd.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
Restart the computer and empty the Trash. Then delete the following items in the same way:
/Applications/SearchProtect
~/Library/Application Support/Firefox/searchplugins/MyBrand.xml
~/Library/Application Support/Google/Chrome/External Extensions/fjadmdmahkpbhgbmmkiiaanlnlekelmn.json
~/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/[email protected]
~/Library/Internet Plug-Ins/TroviNPAPIPlugin.plugin
~/Trovi
Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
Quit and relaunch Safari. From the menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall any extensions you don't know you need, including any that have the word "Trovi" or "palmall" in the description. If in doubt, uninstall all extensions.
Reset the default search engine and home page to what it was before.
"SearchProtect" may be distributed along with two other applications: "MacKeeper," which is a scam, and "ZipCloud," which, if not actually a scam, has a dubious reputation. Ask if you need instructions to remove those items.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. -
I think I have a safari virus.
Hi Guys,
I know the title seems a little over exaggerated but recently I have had an alarming affiliate redirection take over safari. When I do a google search no mater what I search every link is a redirect through six pages of the same affiliate redirect crap to end up at a blank page. I have to cut and past the link under the description in the search results directly into the title bar to get where I want to go. The dodgy links only last for 2 heading clicks at a time then its normal but if you search something else there back for another 2. This is really frustrating. I view/download alot of **** as I have an affiliate site of my own but I am concerned that alot of people may encounter this issue causing a grey cloud over the virus free mac slogan. Any ideas guys???Whilst no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions, the appearance of Trojans that can infect a Mac seems to be growing.
SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
http://macscan.securemac.com/
The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X.
Upon running the installer, the user's DNS records are modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's DNS records stay modified on a minute-by-minute basis.
SecureMac's DNSChanger Removal Tool allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:
http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174
Also, beware of MacSweeper:
MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
http://en.wikipedia.org/wiki/MacSweeper
On June 23, 2008 this news reached Mac users:
http://www.theregister.co.uk/2008/06/23/mac_trojan/
More information on Mac security can be found here:
http://macscan.securemac.com/
The MacScan application can be downloaded from here:
http://macscan.securemac.com/buy/
You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.
More on Trojans on the Mac here:
http://www.technewsworld.com/story/63574.html?welcome=1214487119
The latest news on the subject, from July 25, 2008, is:
Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.
Net security groups say there is anecdotal evidence that small scale attacks are already happening.
Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm
There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. -
hello,
My mail program is acting very odd last 2 days.
I am getting spammed with Postmaster -return to sender messages in my inbox.
the weird thing is that i delete the messages from my inbox, then i delete my trash folder, when i delete from trash they go back to my inbox.
And if i reboot mail, they are also back in my inbox.
I cant work like this, please help!!Can you try making a new user to test?
Have you done these two lately...
Using Disk Utility in Mac OS X 10.4.3 or later to verify or repair disks...
http://docs.info.apple.com/article.html?artnum=302672
About Disk Utility's Repair Disk Permissions feature...
http://docs.info.apple.com/article.html?artnum=25751
If worried about a virus...
Most don't need it on Macs, but here ya go on the Mac side...
ClamXAV, free Virus scanner...
http://www.clamxav.com/
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
HenWen/Snort combo, that is a free MAJOR Firewall...
http://seiryu.home.comcast.net/henwen.html
Then the venerable old Brickhoues/Flying Buttress Firewall...
http://personalpages.tds.net/~brian_hill/downloads.html
WaterRoof is a firewall management frontend with bandwidth tuning, NAT setup, port redirection, dynamic rules tracking, predefined rule sets, wizard, logs, statistics and other features.
http://www.macupdate.com/info.php/id/23317
Monitor net usage...
http://mac.softpedia.com/get/Dashboard-Widgets/Information/Videotron-Internet-Us age-Monitor.shtml -
I recently found several of my folders were emtpy. Out of desperation I looked in the Trash, and found that all my files are somewhat systematically being moved to the trash. All the files are MS (I use Office for Mac), including Adobe. Has anyone experienced this? What's the "fix"?
I found another thread discussing a problem similar to yours:
https://discussions.apple.com/message/22613149#22613149 ("Files in my trash bin which I didn't put")
One of the people who responded, thomas_r., is a virus expert and has an excellent website -- thesafemac.com -- all about Macs and viruses. He did not think a virus would cause this.
So I'd definitely recommend making a backup (or preferably two, since hard drives eventually fail), and you could upgrade to Mavericks (especially since Snow Leopard appears to be no longer supported by Apple) -- but based on Thomas's reply, I don't think a virus is causing this. -
I recently purchased songs and my itunes does not have it anywhere in site. How can i retrieve my new music?
http://www.apple.com/feedback/kaywerty wrote:
A rather long winded way of asking if anybody knows if it's possible to have multi-windows open
It's not possible.
Suggestions here -> Apple Product feedback -
I keep getting advertising pop-ups arriving, even though I have 'Block pop-up windows' selected, and now every time I open Safari, I get a different web-page. I still have the same homepage selected on the Preferences page.
Have I got a virus of some sort, and what can I do??There are no viruses for Mac OS X, so you don't have one. But it is possible that you have a Trojan Horse which redirects you to different pages other than those you select. You should download and run DNSChanger Removal Tool, which will remove it if you have it. You must restart your Mac to complete the process.
Mulder -
I think I have opened the sobig.f virus in my hotmail account and it keeps seding emails to my contacts. How do I stop it, and will it effect any of my other transactions like internet banking/shopping, is it safe To continue using my ipad ?
This isn't due to malware. There is no known malware capable of infecting an iPad that has not been jailbroken (ie, hacked to allow apps from outside the App Store).
As lizdance40 says, your Hotmail account has been hacked remotely. Change the password immediately. Hotmail accounts are popular targets, but as long as you choose a good password, and make sure that password is not the same as a password you use with any other account, you should be safe.
I disagree with lizdance40's statement that you have to abandon the account and create a new e-mail address. If a hacker is able to get back in even after changing the password, the problem is not with the account itself. There's another vulnerability of some kind somewhere. Perhaps the account allows hackers to leave a "back door" to get back in (such as with GMail's delegation feature), in which case any such feature needs to be reviewed and have settings changed. Perhaps you are checking mail in an insecure manner while on an insecure network (ie, a wireless network that requires no password). Perhaps you are using a password on multiple accounts, and a different account has been compromised. Perhaps a hacker has used knowledge gained by prior access to your account to achieve "social hacking" (ie, convincing a tech to give him access because he has "forgotten the password"). There are many scenarios, but there's no good reason to abandon the account entirely. -
I'm not sure but I think my mac has a virus. I'm expecting a lot of die-hard replies saying there are no viruses for mac, I used to be the same until this happened.
My mac (Powermac G5) slowed down - a lot - and applications stopped working in certain user areas, files have been deleted leaving some final cut projects useless (hours and hours of work lost) and I get a kernal panic every time I try to reinstall OSX from the DVD.
I figured it was probably just a hardware problem but then something very strange happened - I switched user areas and after the cube animation of changing user area, there was a poor animation of a sheep deficating on my screen which then ran off and dissapeared.
The only explination that I can come up with is a virus - why else would the animation appear? I'm pretty sure a hardware problem would not cause such a thing.
The plot thickens - This computer has never been connected to the internet, and the only disks that I've put into it have been software disks (that have been used on other machines with no ill effect) and disks with files from other macs (which obviously have not been infected with viruses), however, I do have Norton Antivirus installed on the machine.
I didn't install it myself, I would never do such a thing, I recieved the computer from my university and it came pre-installed. The only conclusion that I can come up with is that because I haven't updated Norton or paid any money for updates, it released a virus to make me panic and pay up for a update that I wouldn't need unless this useless software was installed.
Anyone got any thoughts or ideas on what I can do to resolve this problem? I could send the computer back but I'm using it daily for college work. I have tried to uninstall Norton but I'm not convinced its really gone. I can't be completely sure that the problems are being caused by Norton but I'm fairly certain that they are.I figured it was probably just a hardware problem but then something very strange happened - I switched user areas and after the cube animation of changing user area, there was a poor animation of a sheep deficating on my screen which then ran off and dissapeared.
No virus. That's an easter egg for some applications. Not sure which, but I remember hearing about it.
As for files "deleted", that could just be a corrupted spotlight index. That will cause files to disappear. Sometimes repairing permissions and then rebuilding the Spotlight index will fix the issue. Sometimes it means the hard drive is dying and needs your data recovered to a backup as soon as possible. -
What can I do if I think I have a virus?
QuestionWhat can I do if I think I have a virus?
AnswerSkip this and contact a professional
If you'd like to skip this guide and contact a professional, CLICK HERE.
There are a few steps you can take if you think you have a virus.
Use anti-virus software
One of the first things you should do is scan your computer with anti-virus software. Many Toshiba computers come with software for this purpose. You may choose to use an alternative, but you should only have one anti-virus program installed at a time.
Run your anti-virus program and ensure it's fully updated. Once it's updated, preform a full scan of your computer.
Disconnect accessories
If that doesn't help, you should disconnect any accessories connected to your computer. It's possible that the symptoms that you think are due to a virus could be due to an accessory.
Uninstall new software
An error with a new program might be causing problems that you think are being caused by a virus. To check this, uninstall any new programs that you installed near the time your computer's symptoms first appeared.
Perform system restore
If none of the previous suggestions helped, you might consider performing a system restore. This will return your computer's system files to a previous state. System settings will revert, and programs installed since the restore point was created might need to be reinstalled. Your documents shouldn't be changed.
For more information on performing a system restore, see one of the following articles:
How To: Understanding System Restore, Refresh, Reset, and, Recovery options in Windows 8 + Video
How To: Perform a system restore in Windows 7
Contact a professional or perform a system reset
Lastly, you might want to return your computer to factory default conditions. This is sometimes called a system reset or a system recovery. Note that this will remove all of your software and data that you added including applications, documents, photos, etc.
If you don't want to reset your computer and you'd like to contact a professional, CLICK HERE.
If you do want to proceed with a system reset, the system reset will remove the virus. For more information, see the following article:
How To: Understanding System Restore, Refresh, Reset, and, Recovery options in Windows 8 + VideoSome processes are critical, but many can be interrupted without any problem.
You can monitor your ongoing processes by going to Applications/Utiltities/Activity Monitor; pay particular attention to Disk Activity and Network. To interrupt a process, highlight the process, and tap "Quit Processes." This will interrupt or stop the runaway process. -
I think I have a virus or bot on my MacBook. Random e-mails have been sent from my e-mail overnight. I use comcast.net. Any suggestions for removing the bot.
Let me guess, one or more of your friends has asked you why you're sending them solicitations for phony pharmaceuticals or shady software?
These emails did not originate from your MacBook. What happens is that one or more of your friends has a Windows computer with your email address stored in its Address Book (or whatever Windows calls it). Their computer gets infected with a program that examines email addresses stored on it and used yours as the "return address" on the spam it's spewing forth, to disguise the actual source.
At present, there are no such known programs that run on Macs. Therefore, there is nothing to remove on your MacBook. All you're guily of is sending an email to someone with a Windows computer, who is lacking the anti-malware utilities that are a practical requirement for Windows.
Summary: There's nothing you can do.
Lesson: Friends don't let friends run Windows. -
I think I have a virus/spyware/adware???
Hello!
Last week while I was on www.google.com searching images, my Safari download manager popped up and began downloading "soft_58s7.exe". I immediately deleted it and assumed that I had clicked on an image that took me to a link that gave me a virus. I continued on using google, and when searching something completely different the download occurred again, and again. Each time I deleted the file from my computer by locating it in Finder and dragging it to the trash.
However, not I get random pop-ups everyone once in awhile while using sites that I know do not have pop-ups (Google search, aol.com, facebook). So I think I have a virus.
I also tried to download ProtectMac Antivirus, but it tells me that it cannot be downloaded because there is another antivirus software on my computer that it is not compatible with. I checked my applications and there was an app called "VirusProtect", which I drug to the trash as well. However I still received this message that ProtectMac could not be installed because of another antivirus application. I believe that I either did not uninstall VirusProtect correctly, which I need help doing because the icon is no longer there, or this is also an effect of the virus.
Please help!!
Im on a MacBook, running OS X 10 .5.8
Thank you!
I think this is also an effect of the virus because I have no virus protection on my com.exe files are Windows executables that do not run on Macs, and simply downloading one will not give you a virus. Random pop-ups in your browser may occur but as long as you dismiss them there should nothing of concern.
You cannot delete virus protection software by dragging it to the Trash. You must use the appropriate uninstaller that is included with the software.
Also see:
Do You Need Anti-Virus Protection for Your Mac?
According to Rich Mogull's article, Should Mac Users Run Antivirus Software?,
"The reality is that today the Mac platform is relatively safe. There are hundreds of thousands of viruses and other malicious software programs floating around for Windows, but less than 200 are known to target the Mac, and many of those are aimed at versions of the Mac OS prior to Mac OS X (and thus have no effect on a modern Mac).
It's not that Mac OS X is inherently more secure against viruses than current versions of Windows (although it was clearly more secure than Windows prior to XP SP2); the numerous vulnerabilities reported and patched in recent years are just as exploitable as their Windows equivalents. But most security experts agree that malicious software these days is driven by financial incentives, and it's far more profitable to target the most dominant platform."
Mr. Mogull is a computer security expert. I recommend reading the entire article as it is quite informative.
For additional information on viruses, trojans, and spyware visit The XLab FAQs and read the FAQs on viruses and spyware. -
I am having trouble with my mac book air. I think I have a virus because everytime i click on a link it openes up popup windows and other things. How do I reset teh computer?
Please post a screenshot that shows what you mean. Be careful not to include any private information.
Start a reply to this message. Click the camera icon in the toolbar of the editing window and select the image file to upload it. You can also include text in the reply.
Maybe you are looking for
-
Clob datatype with pipelined table function.
hi i made two functions one of them which use varchar2 data type with pipelined and another with clob data type with pipelined. i am giving parameters to both of them first varch2 with pipelined is working fine. but another is not. and i made diff ty
-
Can you get the original bytes/format from a BufferedImage
Applications allows users to select file and then the contents of the files are embedded into an mp3 file, but also allow images to be dragged or copy and pasted and in vertainn cases I only recieve the image as an Image DataFlavor (new DataFlavor("i
-
Could I install creative cloud and keep cs5.5 on windows 8.1 system?
I have a user that teaches CS5.5 and would also like to have Creative Cloud installed on his laptop using windows 8.1 , can the two co-exist? thank you
-
Using CASE in the join statement in the AND clause. Where's the problem?
All, I have my code, where based on the case statement, I would like to restrict the number of records in my JOIN condition. It's the CASE statement that I have used, that's giving me the problem. Not sure, what the problem is. The error says (in my
-
Blank records are showing as '0' in Analytical View
Hi, How to avoid blank records not to be shown as '0' in Analytical View? Can you please help me on this? For your information: from the above image, there's no data for column 3 for Fiscal Period 005 - 012 but it's displaying as '0' rather tha