Malware/virus warning.

Similar Messages

• Malware virus/virus software

  I went into a website yesterday that after I was in gave a malware virus warning. I'm pretty ignorant on virus, trojans and malware as to what could be infected and how. I don't want to do banking or use anything that uses a password.By going into the site, could my computer have some malware? Is there a software program, other than clamx, that would help? I've used it to scan my address book, but not sure what else to scan.
  Thanks,
  Kris

  Kris Brown1 wrote:
  I went into a website yesterday that after I was in gave a malware virus warning.
  Unless you go to a site or use a utility that "scans" your system for malware & virus, then this is a dubious & misleading ad. usually the ads themselves link to the bad wares!
  I'm pretty ignorant on virus, trojans and malware as to what could be infected and how.
  Never run installer files or open files you don't know what they are, where it came from. Don't open spam msgs or notes from grandma that have "LOL" or "OMG" in the subject line - really what I mean is if there is language you don't normally hear them say or write normally, it's usually a trap.
  I don't want to do banking or use anything that uses a password.By going into the site, could my computer have some malware?
  never click on a link going to your bank, esp. from an email. always type the address. most banking sites support MFA - multi factor authentication, meaning you are asked some questions (personal you set up ahead of time, image captions, PINs, etc). make sure it's an https & not just http.
  esp. if you have an ATM card, you are no safer by not banking online. hackers can & have broken into banking systems, even accts of people that don't bank online or even own computers. I know people that don't bank period - all cash, cash paper payroll checks, & send money orders to pay bills.
  Is there a software program, other than clamx, that would help? I've used it to scan my address book, but not sure what else to scan.
  there are some commerical utilities, just like for windows. a virus or malware can bury itself into a system folder, system files, applications, documents, images are the main examples. really, pretty much anywhere. A full complete scan of the entire system drive is really the only way to "find" anything.
  I've done one of these scans once. found ONE file, a word doc from a windows user, a classmate from high school. we had worked on a project together.
  If you don't look at adult content, gamble, or try to file share, you are fine. if you install software, versiontracker.com & macupdate.com do an ok job of listing legit software. not all of it is really good software, but they typically don't post or allow apps that harbor malware.

• My Safari browser is blocked by a virus warning.  What can I do?

  My Safari browser is blocked by a virus warning.  What can I do?

  rrussell2 wrote:
  My Safari browser is blocked by a virus warning.  What can I do?
  It's not a virus or any type of malware, just a script on the web page you are viewing.
  Courtesy of Linc Davis:
  It's a JavaScript scam that only affects your web browser, and only temporarily.
  1. Some of those scam pages can be dismissed very easily. Press command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.
  2. From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Security
  and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.
  Close the malicious window or tab.
  Re-enable JavaScript and close the preferences dialog.
  3. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. From the menu bar, select
            Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
  to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.

• Safari affected, maybe, malware & virus worries

  About 4-5 days ago I was using Mozilla, and now I'm scared I picked up malware, so now mostly only on Safari.  Even so, I'm worried about doing online banking until I know what's up.  Despite that, I did online banking on Safari today, and the pages wouldn't load, or weren't clickable.  Also, I'm getting blank screens on Safari.  It all started after this happened a number of days ago, so I want to do a scan…. but newish to the Apple world, so don't want to screw things up even more (potentially) - by installing some incompatible malware/virus scanner.
  From the other day:
  has anyone's Macbook Pro ever been hacked? I was using Mozilla, just opened a twitter acct, was trying to cross link with G+, and all of a sudden all this weird stuff was happening: url bars erasing on its own (and fast), pages jumping from window to window, 2 unread msgs in Gmail later marked as read. I shut down and restarted. I don't know if it's a key stroke I did or if I may've been hacked. worried.
  Most recent thing today:  I just went to Dailymotion with Safari to watch a film/video.  This never happened on Mozilla (I have adblocker), but I got a popup window in the middle of the video offering something to speed up my mac:  I'm not sure if it was macdefender, but I think it actually mackeeper.  I quickly closed the Dailymotion tab…. and posted this message.
  I would like to do some kind of scan on my mac, but am worried about installing any kind of free software to do this.  I'd also want to remove the software when I'm done.  So, here's the thing.  I'm more of an everyday, casual macbook pro user (10.7.5 OSX, refurbished)… so if responses get too technical, I'm afraid I may not be able to understand everything.  Thank you… (also, the Apple store sells virus software, but they won't somehow vouch for it… what's up with that?  (I would be willing to buy the lower cost one))….
  Any help for this semi-Luddite would be greatly appreciated!  Thank you.

  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  Don't be put off merely by the seeming complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can read it yourself without disclosing the contents to me or anyone else.
  You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
  In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
  You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
  Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
  4. Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */   /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p) if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' /^ +[NP].+ =/h;/^( +D.+[{]|[}])/{ g;s/.+= //p;};' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' '" L*/P*/*loginit*' 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,Inter,iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D13 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 14 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  8. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
  exec bash
  and press return. Then paste the script again.
  10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return  three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
  [Process completed]
  to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
  12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
  14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
  Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• Virus warning

  I just received a virus warning from a website www.thesafemac.com. It just popped up when I did a search on Google.  It also gave a phone number of 1-888-261-6418 to call.   I couldn't get out of that site either.  I had to close close out Safari.  I cleaned my History and Safari/Preferences/Privacy/Cookies.  I also ran updates.  Is this Apple warning me?
  If this website is not Apple why are they warning me and not Apple?  If it is some non affiliated Apple outside source what gives here? 
  How do I know that I have a virus, malware, trojan or whatever besides some outside source telling me there is something lodged in my computer?  My firewall is on and so the rest of the security settings.
  In searching the community section for answers there is nothing whether to call Apple support in order to authenticate the warning and if they can eradicate the virus.  I bought Apple with security in mind.  How can an outside source (?) be warning me of a virus on my computer when I am not in www.thesafemac.com?
  Now I am not sure to trust Apple. Yes, there are the possibilities. 
  There is also no information on how much it is going to cost me for the virus or whatever search and eradication. My protection plan is expired and I was told by an Apple store that there is no such thing as extending or purchasing more warranty.
  Thank you.
  Mac Book Pro Early 2011 with Yosemite Version 10.10.2

  These sites are scams. Ignore and move on. Do not click anything on the site or call any phone numbers. It is unlikely you have any problems on the computer.
  In the event you have a problem exiting the page:
  Helpful Links Regarding Malware Problems
  If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide and AdwareMedic.
  Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
  The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
  Fix Some Browser Pop-ups That Take Over Safari.
  Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
  Quit Safari
  Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
  Relaunch Safari
  If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
  This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.

• Virus warning on my i book g4

  very time i try to go on line i well get a warning like. virus warning immediate action required. then give me three options to fix the problem.the first two options do not work the last one I have to call 1800 785 8145. My i book get infected how i can fix the i book

  Hello,
  This is not the first time of come across this kind of 'Virus' Like Stevejobsfan123 has rightfully stated these are indeed advert scams that get you to pay a lot of money for premium rate numbers and often install malware on your computer. If your iBook is useable and it's only effecting Safari, I would be inclined to clear your history and reset Safari or any other web browser you are using on your iBook. Install ClamXAV for Mac and scan your directories for any viruses.
  Lucky for us Mac users, a lot of these scams are aimed at installing software on PC's and their for wouldn't do any harm to your iBook. If you have a PC on your home network which shares it with the iBook, be sure to scan and update your ant-virus on your PC.
  Best of luck

• Virus Warning on Flash update

  Hi
  I keep getting a virus warning when I try to DL your flash update (from adobe site). I am trying to get the windows version for XP. This has been going on a couple weeks now and I have not installed it. I saw others have had virus warnings with Flash after installing.
  NOD says it is a trojan possibly similar to the win32 genetik
  Thanks,
  B

  pwillener wrote:
  The main problem with these kind of infections is that people do not pay enough
  attention on what they are downloading or installing.
  Always download Flash Player updates only from the original Adobe or Macromedia site!
  Always download Windows updates only from the original Microsoft site!
  This goes for all software: always download software updates only from the original manufacturer's site!
  I always download from the site both adobe and microsoft and that darn virus got me too! So it was not their fault
  this one is a doozy. It is a dropper type trojan. I even wiped my computer and it found a way within a week to re-activate
  itself.It had embed invisable code when it arrived so don't know if that had anything to do with it. It also opened a second portal
  and changed the registry. The only thing that killed that picking sorry bisket eater was that microsoft antimalware tool. The first
  go round I couldn't even download that for I was locked out. It had disabled javascript and removed my start button even and
  was unable to get system restore to work.. After wiping my computer finally I was able to download the microsoft anti-malware
  tool and finish it off for it was still lurking in my system. It took me a month of battling that sorry virus to kill it out of my entire system.
  It was ALIVE I TELL YA.,Thank God for Microsoft! I had good virus protection and a firewall and it got me anyways so it helps to also
  know what to do.

• Australian federal police malware/virus - firefox

  2 days ago I bought a brand new MacBook Pro, last night I tried to open Firefox and the Australian Federal Police Malware/Virus blocked the page asking for $300. I turned it off by holding down the power button. i turned it on today and firefox opened and couldn't recover the current page 'AFP' and now all seems fine. I'm aware there probably is still something in the background. How do I find out and how do I get rid of it. All of the instructions I can find online are for PC or for Mac but using the safari browser.
  PLEASE HELP

  Thanks for the checkmark, but now I must post an addendum thanks to an apparent dumb move by Mozilla today.
  They released Firefox v23 and removed the option to disable JavaScript via Preferences->Content, so...
  I haven't fully tested this yet (since I haven't found any of those infected sites yet), but in order to disable JavaScript in Firefox you must now type "about:config" without the quotes in the address (URL) bar. It will give you a warning about voiding the warrantee, whatever that's supposed to mean, just agree to "be careful".
  Now type "javascript.enabled" without quotes in the search window and double-click the word "true" in the Value column of the first line with that Preference Name, changing it to "false".
  After backing out of the infected page go through the last two steps again changing "false" to "true" to re-enable JavaScript.

• Safari is blocked with virus warning

  I lost control with Safari
  There is a window popping, with an Virus Warning
  It's impossible access to the Preferences nor to reinitialize or open a new Window
  Even if I Quit Safari, Force to quit or restart the computer the issue persists
  What can I do ?
  Martine

  Don't call any numbers, don't grant any access to your computer, Tatie.
  There are at least two schools of thought expressed by experienced users here in this Apple community regarding malware and popups.
  One school primarily uses free application(s); the second school requires no additional software and just some simple steps on your part.
  Read these (of many threads) discussions.
  Yosemite OS X & MacKeeper I can't unistall
  Got a malware on OS X Yosemite, how do I get rid of it?
  "Ransomware" web pages
  Pop up problems in Safari on OS X Yosemite!
  See these Apple notes:
  Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support
  Safari 8 (Yosemite): Security pane of Safari preferences
  OS X Yosemite: Protect your Mac from malware

• I was told by comcast that we had a computer in the house with a malware virus, they even said that they were going to terminate our service if we did not get it fixed. Now this week we hear that there is a trojan malware virus, how do we get rid of it?

  I was told by comcast that we had a computer in the house with a malware virus, they even said that they were going to terminate our service if we did not get it fixed. Now this week we hear that there is a trojan malware virus, how do we get rid of it?

  Hello,
  Flashback - Detect and remove the uprising Mac OS X Trojan...
  http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
  In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
  /Library/Little Snitch
  /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
  /Applications/VirusBarrier X6.app
  /Applications/iAntiVirus/iAntiVirus.app
  /Applications/avast!.app
  /Applications/ClamXav.app
  /Applications/HTTPScoop.app
  /Applications/Packet Peeper.app
  If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
  http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
  http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
  Check now whether your Mac is infected by Backdoor.Flashback.39!
  http://public.dev.drweb.com/april/

• I had a pop up which turned out to be a malware virus on my iPad how do I get rid of it

  I had a pop up which turned out to be a malware virus on my iPad how do I get rid of it

  I didn't know you could even get one with an iPad.  Are you sure it installed something?  I see them pop up for my computer occasionally but they will pop up for any computer whether or not they can actually do anything or not.
  I'll let more experienced heads answer this one but they will certainly want to know the name of what it was you saw, unless it really is a case of nothing to worry about.

• Installing CS5 triggers Virus Warning

  Hi All,
  I have recently installed CS5 onto a brand new computer, running Windows 7, which has not been connected to the internet yet. During my first attempt at installation, my Bitdefender virus protection warned that 'Adware.Rotator.L' was located during the installation process.
  The programmes (Indesign etc) then failed to open, again with the virus warning appearing'.
  Having read through the forums, I then reinstalled CS5 with the virus software turned off, as recommended. Im now able to use the software without issue, however only when the Virus Protection is turned off. When I turn bitdefender back on, the programme (Indesign etc) crashes on opening
  Any suggestions on how to proceed?

  Adobe also advises to disable such virus detection software while installing Adobe software. Reenable the virus protection when installation is completed.
            - Dov

• Virus Warning Symantec SB and Reader X

  I get a virus warning since I installed Symantec Endpoint Protection Small Businness version. Everytime I open Adobe Reader X the virus warning pops up.
  There are a bunch of cache files in C:\Users\username\AppData\Local\Adobe\Acrobat\10.0\Cache that get the warning, all with the file extension .sve. The first file that popped up was rdlang_rdlang.sve. It probably has something with the language (swedish in my case) so those who have an English Adobe Reader will probably have the extension .eng.
  Is this a real virus or is it Symantec who has to fix the problem? Probably the later i think..

  If this is a known good application being detected as a threat, you can file a False Positive report with the Symantec Security Response folks.
  https://submit.symantec.com/false_positive/
  Best,
  Thomas

• HT4650 My computer turns to a white screen. In the center it blinks a suitcase with a question mark in the center. I can not access my desktop. Is this a malware virus?

  My computer turns to a white screen. In the center it blinks a suitcase with a question mark in the center. I can not access my desktop. Is this a malware virus?

  Hi, likely neither.
  What shows for boot choices if you hold alt or option key on startup?
  Bootup holding CMD+r, or the Option/alt key to boot from the Restore partition & use Disk Utility from there to Repair the Disk, then Repair Permissions.

• Anyone have malware-virus message from 1-855-868-9738?

  Anyone have malware-virus message from 1-855-868-9738 ?

  Do not call the number.
  Force quit Safari, then restart Safari while holding the Shift key.