New Trojan Horses

Similar Messages

• New Trojan Horse Virus

  First, I am aware that the Mac has never had a virus and is not readily suceptible to them due to the quantity of Macs in service and the complexity of the Unix format. However, I also realize that the word "never" is relative and no one knows what the future holds.
  In light of the "apparent" new Trojan Horse Virus that has just surfaced, could someone answer the following questions for information only.
  There is a question as to whether this is a Trojan Horse or a Virus. Has that been cleared up?
  I have followed the discussions concerning the various virus programs for the Mac. There seems to be problems with all of them such that many are saying the problems do not justify installing these, in light of the low probability of a virus or trojan horse. There is also the question that is raised as to why some of these programs work great for some and poorly for others. One of these programs seem to surface more than others. It is CLAMX AV.
  My questions concerning CLAMX AV is:
  Does this program simply identify a virus or can it be configured to quarantine, or delete the virus completely?
  If it will delete the virus, can this be done automatically in the background or is there some interaction that has to be done on the part of the user?
  What primary issues concerning my Mac must be considered before installing the program?
  Thanks
  Herschel

  There is a good guide to Leap-A at http://www.macworld.com/news/2006/02/16/leapafaq/index.php
  If you want to see how easy or hard it is to catch have a look at http://www.macworld.com/news/2006/02/17/leapafollow/index.php
  Prerequisites (even before you get to the point where you have to help it along its way by actually deliberately opening the offending file) involve using iChat over a Bonjour (not just internet) network under OSX10.4 while connected to someone infected with it.
  THis is clearly not really going to be a significant issue in itself, though others may try to emulate its operations with "nastier" enhancements.
  (Just by the way, Macs have had viruses etc in the past under earlier OS's. The last one I actually saw was on a machine running OS7.5 in the mid 1990's. It had arrived on the victim's machine on a floppy disc containing pirated software from an educational institution. Prior to the mid 1990's I saw three other incidences of virus infection on Macs - all on machines used in the education sector)
  Cheers
  Rod

• Apple insider say there are Two new trojan horses threaten Mac software

  Yes it says pirates downloading iworks etc, and before you all ask no I don't have it.
  Either this is a scam or is this the first Mac trojan? Im woried as I have never had anything bad happen to my Mac. Shall i get anti virus? I dont use torrent sites any way, but if they can effect Mac programs could it affect my emails?

  As Terence says, a trojan is NOT a virus.
  It may seem like a minor distinction, but a virus can come onto a computer via an e-mail attachment, embedded into an email, or something loaded from the internet, CD/DVD, USB drive, etc., then replicate itself to, say, everyone in your address book, +all without any action by you+. There are hundreds of thousands of them for PCs. At the moment, for Macs there are exactly zero known viruses. None. Zip. Zilch. So don't panic.
  It is possible, though, for you to get one of these. It won't do any harm on your Mac, but if you send it to a PC user, it may spread. If you want, you can get anti-virus software for this purpose. The one I see recommended most is ClamXav, and is free. Like many Mac users, I don't run any.
  There is malware, including trojans, for Macs, though far fewer than for PCs. As reported, all these require some action by you -- and in those cases where they come with pirated software, you obviously would have to be a thief, too (poetic justice?).
  Here's a similar thread, with some recommendations: http://discussions.apple.com/thread.jspa?threadID=1797574

• Boonana Trojan Horse

  Suddenly I'm being warned about the ""Boonana Trojan Horse" that can affect Macs because it's "cross-platform, java based and spread through social networks like Facebook." My quotes because I don't want to cry "wolf" or spread false information and rumor. My first thought is that if this is a problem it would be showing up here in support. Interestingly a search only revealed a page that doesn't exist any more. (Why?) Is Apple not forthcoming in identifying this problem to protect its image as a virus-proof platform? Or is it really not important? I wouldn't have considered the former had that page not come up missing.

  Boonana, aka Koobface, has made its appearance on the Mac, that much is true. However, much as I try not to rely on information from the security companies, since they are in the business of trying to sell you AV software, I do tend to listen more carefully when they are dismissive. See the Intego announcement:
  http://www.intego.com/news/trojan-horse-os-x-koobface-a-affects-mac-os-x.asp
  Note that Intego states that the current implementation of this malware is so flawed. It is not currently a threat due to bugginess, but if it should be updated, it could be dangerous.
  Also, note the warning dialog shown in the Intego advisory. It's scary-looking enough that nobody in their right mind would click the Allow button. (Unfortunately, it would seem that many people on Facebook or Twitter are not in their right minds...)
  More on this topic can be found in my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus>, which I have updated to include this threat.
  null
  null

• What about trojan horse virus?

  The news today discussed a new trojan horse stealing passwords, etc.  Is there any fix or software to prevent damage or loss of data?

  If you're running an iMac G5, that's a PPC Mac (you're in the wrong forum, BTW) I don't think you have much to worry about. As far as I know, and I could be wrong, the Flashback Trojan, at least right now, is not interested in PPC Macs. It appears to be written to attack Intel Macs only. In any case, since this could change, disable Java in the browser you use, to be safe.

• I have received an email from a friend with a link which I clicked. It directed me to the google home page and I am now suspicious that it is a virus  or a Trojan horse. I would know what to do on my PC but am new to Ipad. How can I check?

  I have received an email from a friend with a link which I clicked. It took me to the google home page. I am now suspicious that my friend's email account has been hijacked and the link contained a virus or a Trojan horse. I would know what to do on my PC but am new to the IPad. Can any form of Trojan horse be planted on IOS 6 or am I worrying unnecessarily? Reassurance would be most welcome as I do use the IPad for checking bank details and web purchases. Thanks for any help.

  PC virus won't run on iPad.

• My computer has been infected with a Trojan Horse.  It has completely taken over my Mac email account and was sending out malicious email to everyone in my address book.  At the same time it infected my iPhone---I am no longer able to receive or send emai

  My computer has been infected by a Trojan Horse.  It has taken over my Mac email account and began sending out malicious emails to everyone in my address book.  I cleared out my MAC address book and began using my AOL email account. It took a few days and then my AOL email account was infected and has now been send out malicious email to all my contacts for over a month.  It has also infected my iPhone--I am no longer able to send or receive emails on my iPhone.  Also, once the Trojan Horse began using my AOL email it completely blocked me from using my MAC account by sending never ending popups asking for my email password to access my MAC email account, but it never accepts my pass word.  The TH has also slowed down everything on my computer.  It's like I am working on an old PC with dial up connection instead of the high speed digital connection that I have.  The little color wheel spins constantly as I wait for sometimes over a minute for a page to pull up.  If it pulls up at all.  I have tried to use the 2 disks that came with my computer to completely remove everything on my computer and then reinstall all the programs, but I am not allowed to sweep my computer clean.  I thought maybe my disks that came with my computer were defective so I called Apple and they sent me 2 new disks.  I am not able able to clear my computer with the 2 new disks either.  I have done this before successfully so it's not something new to me.  I do remember when I believe my computer became infected:  I had googled an unusual sewing term, and I was opening what appeared to be legitimate sites, when all of a sudden a pop up appeared that said that my computer had been infected.  I immediately shut my computer off, but it was too late.  I downloaded a virus program for Mac, and it has never found a virus or problem at all.  I think it is part of this Trojan Horse, but I am unable to delete it from my computer.  It refuses to uninstall.  The Mac Trojan Horse is real and it is terrible.  If anyone has any suggestions for me I would be very appreciative,
  Beth
  vu

  Install ClamXav and run a scan with that. It should pick up any trojans.   
  17" 2.2GHz i7 Quad-Core MacBook Pro  8G RAM  750G HD + OCZ Vertex 3 SSD Boot HD 
  Got problems with your Apple iDevice-like iPhone, iPad or iPod touch? Try Troubleshooting 101

• I think I have  some Malware/Trojan Horse on MacBook Pro. How to get rid of it?

  My MacBook Pro has worked perfect for the last 2 years, but over the last 2 days when I am on Chrome it has started clicking onto random websites when I click other links, and showing certain words as underlined and as hotlinks. I think I recognise that from having a PC as Malware or Trojan Horse? What is the best way to remove this as I have read through a few threads on here and they advise not downloading any anti virus software as it slows down your Mac instead of helping.
  <Post Edited By Host>

  You installed the "VSearch" trojan, perhaps under a different name. Remove it as follows.
  Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  This trojan is distributed on illegal websites that traffic in pirated content. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• I think I have a trojan horse, what to do?

  First off, I'm going to start by admitting that this is my fault.
  Last month I was ***** and cruising around looking at internet **** on my brand new 21.5 iMac. I think I tried to view a video on one of the sites and was prompted to download a required plugin, which I did. I believe that's how the trojan was allowed onto my machine.
  There was one site I decided to join for $19.99/month (one month only) and I filled out the online form including my cc information. The next day or so I received a phone call from the people who monitor my cc. They said there had been some unusual activity on my account. After reviewing, I found that about $800 in charges were made to my card by someone else. The card was cancelled and now, a couple weeks later, I have a brand new card.
  Fast forward a couple weeks to this last Sunday. I decided to buy some new floor mats for my wifes car ($117)and went online with the same computer to a web site for a well known company and this time I used my Paypal account to purchase the floor mats. The next morning I got an email from Paypal telling me that I had sent $20 to a company called Garena Online Private Limited. I contacted Paypal and started the process to dispute the charge and also changed my password.
  So, that's the background but now what should I do to get rid of the trojan horse? Is there some kind of virus protection software I need to run? I've been a Mac user since 1992 and this is the first time this has happened. TIA.

  http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0
  Tho seemingly from 2008 and archived, some info is old, but some was updated Oct 2010. Also use openDNS per http://discussions.apple.com/thread.jspa?messageID=13268959
  Wipe out the hard drive and Reinstall everything from scratch. If you don't have an external drive, you could use the Partition tab in Disk Utilty to shrink existing volume, and create a new empty 2nd volume. I would not use any backup software first (as it might include the trojan), but just manually copy your files by drag and drop in the Finder.
  For good overview of how to prevent it in future...
  http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174

• SPY script/ Trojan Horse active on my MAC BOOK PRO

  Hello, Since two days I have noticed a small pop up every other minute when I am connected to the internet (which I do wireless) in the left top corner. It is a small window that pops and disappears very fast, impossible to read what it says. Does anyone can help me with this? How do I find out what it is and even more important how can I delete/ remove it

  Just in case we actually are confronted by a Trojan, read this:
  From MacWorld, January 10, 2008:
  SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
  http://www.securemac.com/
  The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X. Called DNSChanger Trojan and also known as OSX.RSPlug.A Trojan Horse the software attacks users attempting to play a fake video file.
  Upon attempting to play the video, the victim receives the following message:
  “Quicktime Player is unable to play movie file.
Please click here to download new version of codec.”
  Upon running the installer, the user's DNS records are modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's DNS records stay modified on a minute-by-minute basis.
  SecureMac's DNSChanger Removal Tool allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

• Trojan Horse pakes?

  I have some sort of Trojan horse on my iMAC (running Mavericks 10.9.5). When I check the console, there are 1000s of processes going on per second and they repetitively say:
  "10/13/14 7:51:53.579 AM proxyhost[22202]: 67.198.140.250:2122 - - [13/Oct/2014:07:51:53 -0700] "GET http://us-u.openx.net/w/1.0/sd?id=537073142&val=RUIDdzr1pcqq7bm659gajgpbbd5mgaxr 8t4yzbrfwht3uyidafrw9hqy==== HTTP/1.1" 302 401 895"
  10/13/14 7:51:53.505 AM proxyhost[22200]: Made direct (non-proxy) connection to syndication.exoclick.com:80
  10/13/14 7:51:53.000 AM kernel[0]: proc: table is full
  for example. The websites keep changing.
  I've scanned for malware with ClamXV and MacScan and found nothing. I have been blocked from my network. They said I have a trojan horse "pakes".
  Here is the etrecheck report (I'm no longer connected to the ethernet so the processes have stopped. I'm not sure if this matters for what people want to see):
  EtreCheck version: 1.9.15 (52)
  Report generated October 13, 2014 at 7:52:18 AM PDT
  Hardware Information: ?
    iMac (27-inch, Mid 2011) (Verified)
    iMac - model: iMac12,2
    1 3.4 GHz Intel Core i7 CPU: 4 cores
    8 GB RAM
  Video Information: ?
    AMD Radeon HD 6970M - VRAM: 1024 MB
    iMac 2560 x 1440
  System Software: ?
    OS X 10.9.5 (13F34) - Uptime: 2 days 19:28:14
  Disk Information: ?
    Hitachi HDS722020ALA330 disk0 : (2 TB)
    S.M.A.R.T. Status: Verified
    EFI (disk0s1) <not mounted>: 209.7 MB
    Macintosh HD (disk0s2) / [Startup]: 2 TB (1.19 TB free)
    Recovery HD (disk0s3) <not mounted>: 650 MB
    OPTIARC DVD RW AD-5680H
  USB Information: ?
    Apple Computer, Inc. IR Receiver
    Apple Internal Memory Card Reader
    Apple Inc. BRCM2046 Hub
    Apple Inc. Bluetooth USB Host Controller
    Apple Inc. FaceTime HD Camera (Built-in)
  Thunderbolt Information: ?
    Apple Inc. thunderbolt_bus
  Gatekeeper: ?
    Anywhere
  Problem System Launch Daemons: ?
    [failed] com.apple.security.syspolicy.plist
  Launch Daemons: ?
    [loaded] com.adobe.fpsaud.plist Support
    [loaded] com.adobe.SwitchBoard.plist Support
    [loaded] com.barebones.authd.plist Support
    [loaded] com.bombich.ccc.plist Support
    [running] com.bombich.ccc.scheduledtask.4CD02F29-DEED-4CEF-AB0E-270D9AAA53AB.plist Support
    [invalid] com.landesk.broker.plist
    [invalid] com.landesk.cba8.plist
    [invalid] com.landesk.ldwatch.plist
    [invalid] com.landesk.msgsys.plist
    [invalid] com.landesk.pds.plist
    [invalid] com.landesk.pds1.plist
    [loaded] com.landesk.pds2.plist Support
    [invalid] com.landesk.remote.plist
    [loaded] com.microsoft.office.licensing.helper.plist Support
    [loaded] com.oracle.java.JavaUpdateHelper.plist Support
  Launch Agents: ?
    [not loaded] com.adobe.AAM.Updater-1.0.plist Support
  User Launch Agents: ?
    [loaded] com.adobe.AAM.Updater-1.0.plist Support
    [loaded] com.adobe.ARM.[...].plist Support
    [loaded] com.adobe.ARM.[...].plist Support
    [running] com.bombich.ccc-user-agent.plist Support
    [loaded] com.google.keystone.agent.plist Support
    [not loaded] com.spotify.webhelper.plist Support
  User Login Items: ?
    Dropbox
  Internet Plug-ins: ?
    FlashPlayer-10.6: Version: 15.0.0.152 - SDK 10.6 Support
    Default Browser: Version: 537 - SDK 10.9
    AdobePDFViewerNPAPI: Version: 10.1.3 Support
    CouponPrinter-FireFox_v2: Version: Version 1.1.6 Support
    AdobePDFViewer: Version: 9.5.5 Support
    Flash Player: Version: 15.0.0.152 - SDK 10.6 Support
    QuickTime Plugin: Version: 7.7.3
    SharePointBrowserPlugin: Version: 14.1.4 - SDK 10.6 Support
    JavaAppletPlugin: Version: Java 7 Update 55 Check version
  Audio Plug-ins: ?
    BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9
    AirPlay: Version: 2.0 - SDK 10.9
    AppleAVBAudio: Version: 203.2 - SDK 10.9
    iSightAudio: Version: 7.7.3 - SDK 10.9
  iTunes Plug-ins: ?
    Quartz Composer Visualizer: Version: 1.4 - SDK 10.9
  User Internet Plug-ins ?
    WebEx64: Version: 1.0 - SDK 10.6 Support
    Aspera Web 3.3.3.81344: Version: (null) - SDK 10.6 Support
    npBcsMcTcIO: Version: (null) Support
    Picasa: Version: 1.0 - SDK 10.6 Support
  3rd Party Preference Panes: ?
    Flash Player  Support
    Growl  Support
    LANDesk Agent  Support
    TeXDistPrefPane  Support
  Time Machine: ?
    Time Machine not configured!
  Top Processes by CPU: ?
        4% WindowServer
        1% hidd
        1% Console
        1% notifyd
        0% Microsoft Word
  Top Processes by Memory: ?
    311 MB com.apple.IconServicesAgent
    205 MB mds_stores
    180 MB Finder
    172 MB Microsoft Word
    156 MB softwareupdated
  Virtual Memory Information: ?
    1.49 GB Free RAM
    3.57 GB Active RAM
    1.67 GB Inactive RAM
    1.25 GB Wired RAM
    2.74 GB Page-ins
    400 KB Page-outs
  Message was edited by: biomed2014

  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
  You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
  In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
  You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
  Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
  4. Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  8. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
  exec bash
  and press return. Then paste the script again.
  10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return  three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
  [Process completed]
  to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
  12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
  14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
  Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• Need to revert to my old OS on iPad. Cannot. Tried using old backup but this Trojan horse type software has corrupted my ability to do so. Tried emailing but it bounced back unacknowledged. I was sent notice that I can't get support. Christmas 2012 gift.

  New OS causing major problems. Forced to purge data and wipe iPad. Now my computer has changed. My software has changed on iPad. Tried using old backup from earlier date but Trojan horse software created by Apple has decided to stay.
  Have 16gig. IPad 2 bought December 2012 for Christmas but according to Apple I am out of Apple care and would need to pay for support. When has 1 year apple care become 9 months?
  Wasted an entire day trying to purge my older computer which is linked to this iPad. I reset my iPod and ended up deleting and wiping clean but it's not factory but the aggressive 7.2 which returned. I want my old OS back. Their software has destroyed my ability to use my iPad for the purposes I intended it for.
  I don't do social media other than Pinterest and I want the fluffy stuff gone. They need to forget trying to get me into the clouds and fix this iPad so I can use it for real world applications.
  You can only keep resetting so often. There has been hardware issues almost since purchase because it crashed several times even before updated fiasco.
  Help please.

  Ralph9430, thanks for responding but the fact that they don't support AppleCare on a unit less than a year old despite being an older version is wrong.
  It suppose to be from date of purchase so their not taking responsibility for the maiming of people's computers and their subsequent arrogance in not removing it is going to their undoing.
  We have purchased iPhones, Mac Pro, iPad, iPod touches in the nano, shuffle and touch versions in the past as well as the more solid 80gig version. I
  I am still using 3G model phone and I can no longer find apps to use with it because Apple feels I don't deserve new apps. 
  My children are using iPhone 4 and my daughter was seeking to upgrade to the newest model when it becomes available. They are social, I am not and I deserve the software I paid for. It should always be an option.
  I can tell you that this particular oversight is causing me to look elsewhere for future purchases and  I will not be recommending Apple to others as I have in the past.

• Flashplayer plug upgrade/install 11.6.602.180 failed because Trojan Horse

  flashplayer plug upgrade/install 11.6.602.180 failed because Trojan Horse was detected by my antiviral software.
  Please can you help?
  Prof_ST

  Hello Wojislav,
  Thank you for your prompt response. Yes, I can do that but don't you think that it would be preferable if the installer/update script didn't evoke this response? None of my other software updates does and while I would like to trust people, these days it gets harder and harder when folks are willing to lie and cheat at the drop of a hat and without compunction. It does not help either that false sites (Adobe mimics) have been installing Trojan Horses so it would be safer all around to remove that foible. It is just not very good. Or at least, it does not look very good, which amounts to the same thing at first glance.
  Thanks again for you concern.
  Prof_ST
  On Mon, 18 Mar 2013 00:06:45 +1000 Wojislav &lt;[email protected]&gt; wrote -
        Re: flashplayer plug upgrade/install 11.6.602.180 failed because Trojan Horse
    created by Wojislav in Installing Flash Player - View the full discussion   Modify antivirus 
  Script for automatic updates some programs identify as a Trojan horse
  you have to put in trusted sources adobe installer
  or simply do the following: disable antivirus, install adobe, Switch on antivirus
    Please note that the Adobe Forums do not accept email attachments. If you want to embed a screen image in your message please visit the thread in the forum to embed the image at http://forums.adobe.com/message/5154714#5154714
  Replies to this message go to everyone subscribed to this thread, not directly to the person who posted the message. To post a reply, either reply to this email or visit the message page: http://forums.adobe.com/message/5154714#5154714
  To unsubscribe from this thread, please visit the message page at http://forums.adobe.com/message/5154714#5154714. In the Actions box on the right, click the Stop Email Notifications link.
  Start a new discussion in Installing Flash Player by email or at Adobe Community
  For more information about maintaining your forum email notifications please go to http://forums.adobe.com/message/2936746#2936746.

• My NB505-N500BL with windows 7 got a Trojan Horse Virus..

  Hello all,
  OK.. I bought this NB505-N500BL, Serial # a couple years ago, it has Windows 7 Operation system.   I loaned it out to a friend who promptly got a Trojan Horse Virus then sent it back to me.  I cannot find the original CD that came with this computer and I didn't make a recovery disc for it when I bought it.. (silly me)..
  Question:   How do I fix this problem? IS it worth fixing?  can I do it by buying a recovery disc from Toshiba OR do I need to buy new hardware?     
  Thanks..   Frank

  mini notebook NB505-N500BL
  Your support page is here - http://support.toshiba.com/support/modelHome?freeText=2871355
  From your user guide located here - http://support.toshiba.com/support/staticContentDetail?contentId=2865070&isFromTOCLink=false
  Before you start recovery plug in power supply for the entire process:
  You can recover the original factory image (returning the computer
  to its out-of-box state) using the utilities stored on your computer’s
  internal storage drive or using recovery DVDs/media, if you have
  created such media. To recover using the first method, follow the
  procedure below. To recover using the second method, see
  “Restoring from recovery DVDs/media” on page 60.
  To recover the original factory image using the utilities on your
  computer’s internal storage drive:
  1 Make sure the computer is turned off.
  2 Press and hold the 0 (zero) key on your keyboard while
  powering on the computer.
  Getting Started 51
  Recovering the Internal Storage Drive
  3 If your system offers a choice of Windows® 7 32-bit or 64-bit
  operating system, select one at this time. If not, skip to step 4.
  4 A warning screen appears, stating that when the recovery is
  executed all data will be deleted and rewritten. Click Yes to
  continue.
  (Sample Image) Warning screen
  5 When the Toshiba Recovery Wizard opens and the Selecting a
  process screen displays, select Recovery of Factory Default
  Software and then click Next.
  (Sample Image) Selecting a Process screen
  52 Getting Started
  Recovering the Internal Storage Drive
  6 The Recovery of Factory Default Software screen appears.
  Select Recover to out-of-box state.
  (Sample Image) Recovery of Factory Default Software screen
  7 Click Next.
  A confirmation message displays reminding you that all data
  will be lost during the recovery process. Be sure to save your
  work to external media before proceeding (see “Backing up
  your work” on page 93).
  8 Click Next to begin the recovery.
  When the process is complete, a message displays indicating
  that the internal storage drive has been recovered.
  9 Press any key on the keyboard to restart the computer.
  S70-ABT2N22 Windows 7 Pro & 8.1Pro, C55-A5180 Windows 8.1****Click on White “Kudos” STAR to say thanks!****

• Email phishing, malware, trojan horses, key stroke

  I have a iMac with the new Yosemite 10.10.1 SW installed. I received an email and clicked on a web link that was characterised as Phishing and I enterred private information. I have since truned off all online contacts that may be compromised. What is the likelyhood that when I went to this scam website and enterred information that Malware, Trojan Horse, Key stroke counting type SW was installed?  Would the new Yosemite OS prevented this from happening?

  Those sites are mostly designed for Windows PCs, so OS X should not be affected. Furthermore, OS X Yosemite uses Gatekeeper, which only allows to install apps from the Mac App Store and identified developers by default.
  If you want to be sure there is nothing bad in your Mac, you can use ClamXav and scan the hard disk.