Possible Malware??

I have had the following issue with my Mac Air for a number of weeks now and have obviously no luck with discovering the issue or ow to get rid of it. Here is a snapshot of what my internet screens look like:
The bold blue words were never there before. Any help is appreciated. Thanks community.

1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
The test works on OS X 10.7 ("Lion") and later. I don't recommend running it on older versions of OS X. It will do no harm, but it won't do much good either.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.
You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1310 ' 0.5 0.25 50 1000 15 5120 1000 25000 6 6 5 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 1536 500 40 500 300 85 25 20480 262144 20 2000 524288 604800 5 1024 25 50 );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth SerialATA Extensions Applications Frameworks PrefPane Fonts Displays PCI UniversalAccess InstallHistory ConfigurationProfile AirPort 'com\.apple\.' -\\t N\\/A 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA|otp|htt|pace|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' OSBundle{Require,AllowUserLoa}d 'Mb/s:Mb/s:ms/s:KiB/s:%:total:MB:total:lifetime:sampled:per sec' 'Net in:Net out:I/O wait time:I/O requests:CPU usage:Open files:Memory:Mach ports:Energy:Energy:File opens:Forks:Failed forks:System errors' 'tsA|[ST]M[HL]' PlistBuddy{,' 2>&1'}' -c Print' 'Info\.plist' CFBundleIdentifier );f=('\n%s'{': ','\n\n'}'%s\n' '\nRAM details\n%s\n' %s{' ','\n'{"${k[22]}",}}'%s\n' '%.1f GiB: %s\n' '\n    ...and %d more line(s)\n' '\nContents of %s\n    '"${k[22]}"'mod date: %s\n    '"${k[22]}"'size (B): %d\n    '"${k[22]}"'checksum: %d\n%s\n' );c=(879294308 4071182229 461455494 216630318 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 2636415542 3694147963 1233118628 2456546649 2806998573 2778718105 842973933 1383871077 1591517921 676087606 1445213025 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 3374894509 1051159591 892310726 1707497389 523110921 2883943871 3873345487 );s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[4]} ' s/:$//;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[9]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of|yc/!{ s/^.+is |\.//g;p;q;} ' ' BEGIN { FS="\f";if(system("A1 42 83 114")) d="^'"${k[21]}"'launch(d\.peruser\.[0-9]+|ctl\.(Aqua|Background|System))$";} { if($2~/[1-9]/) { $2="status: "$2;printf("'"${f[4]}"'",$1,$2);} else if(!d||$1!~d) print $1;} ' ' $1>1{$NF=$NF" x"$1} /\*/{if(!f)f="\n\t* Code injection"} {$1=""} 1;END{print f} ' ' NR==2&&$4<='${p[7]}'{print $4} ' ' BEGIN{FS=":"} ($1~"wir"&&$2>'${p[22]}') {printf("wired %.1f\n",$2/2^18)} ($1~/P.+ts/&&$2>'${p[19]}') {printf("paged %.1f\n",$2/2^18)} ' '/YLD/s/=/ /p' ' { q=$1;$1="";u=$NF;$NF="";gsub(/ +$/,"");print q"\f"$0"\f"u;} ' ' /^ {6}[^ ]/d;s/:$//;/([^ey]|[^n]e):/d;/e: Y/d;s/: Y.+//g;H;${ g;s/ \n (\n)/\1/g;s/\n +(M[^ ]+)[ -~]+/ (\1)/;s/\n$//;/( {8}[^ ].*){2,}/p;} ' 's:^:/:p;' ' !/, .+:/ { print;n++;} END{if(n<'{${p[12]},${p[13]}}')printf("^'"${k[21]}"'.+")} ' '|uniq' ' 1;END { print "/L.+/Scr.+/Templ.+\.app$";print "/L.+/Pri.+\.plugin$";if(NR<'{${p[14]},${p[21]}}') print "^/[Sp].+|'${k[21]}'";} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:.+//p;' '&&echo On' '/\.(bundle|component|framework|kext|mdimporter|plugin|qlgenerator|saver|wdgt|xpc)$/p' '/\.dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".","");print $0"$";} END { split("'"${c[*]}"'",c);for(i in c) print "\t"c[i]"$";} ' ' /^\/(Ap|Dev|Inc|Prev)/d;/((iTu|ok).+dle|\.(component|mailbundle|mdimporter|plugin|qlgenerator|saver|wdgt|xpc))$/p;' ' BEGIN{ FS="= "} $2 { gsub(/[()"]/,"",$2);print $2;} !/:/&&!$2{print "'${k[23]}'"} ' ' /^\//!d;s/^.{5}//;s/ [^/]+\//: \//p;' '>&-||echo No' '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[2]}'{$2=$2-1;print}' ' BEGIN { M1='${p[16]}';M2='${p[18]}';M3='${p[8]}';M4='${p[3]}';} !/^A/{next};/%/ { getline;if($5<M1) o["CPU"]="CPU: user "$2"%, system "$4"%";next;} $2~/^disk/&&$4>M2 { o[$2]=$2": "$3" ops/s, "$4" blocks/s";next;} $2~/^(en[0-9]|bridg)/ { if(o[$2]) { e=$3+$4+$5+$6;if(e) o[$2]=o[$2]"; errors "e"/s";next;};if($4>M3||$6>M4) o[$2]=$2": in "int($4/1024)", out "int($6/1024)" (KiB/s)";} END { for(i in o) print o[i];} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/) ' ' BEGIN{FS=": "} /^ {10}O/ {exit} /^ {0,12}[^ ]/ {next} $1~"Ne"&&$2!~/^In/{print} $1~"Si" { if(a[2]) next;split($2,a," ");if(a[1]-a[4]<'${p[5]}') print;};$1~"T"&&$2<'${p[20]}'{print};$1~"Se"&&$2!~"2"{print};' ' BEGIN { FS="\f";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1;} ' ' BEGIN { split("'"${p[1]}"'",m);FS="\f";} $2<=m[$1]{next} $1==9||$1==10 { "ps -c -ouid -p"$4"|sed 1d"|getline $4;} $1<11 { o[$1]=o[$1]"\n    "$3" (UID "int($4)"): "$2;} $1==11&&$5!~"^/dev" { o[$1]=o[$1]"\n    "$3" (UID "$4") => "$5" (status "$6"): "$2;} $1==12&&$5 { "ps -c -ocomm -p"$5"|sed 1d"|getline n;if(n) $5=n;o[$1]=o[$1]"\n    "$5" => "$3" (UID "$4"): "$2;} $1~/1[34]/ { o[$1]=o[$1]"\n    "$3" (UID "$4", error "$5"): "$2;} END { n=split("'"${k[27]}"'",u,":");for(i=n+1;i<n+4;i++)u[i]=u[n];split("'"${k[28]}"'",l,":");for(i=1;i<15;i++) if(o[i])print "\n"l[i]" ("u[i]")\n"o[i];} ' ' /^ {8}[^ ]/{print} ' ' BEGIN { L='${p[17]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n    "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n    [N/A]";"cksum "F|getline C;split(C, A);C=A[1];"stat -f%Sm "F|getline D;"stat -f%z "F|getline S;"file -b "F|getline T;if(T~/^Apple b/) { f="";l=0;while("'"${k[30]}"' "F|getline g) { l++;if(l<=L) f=f"\n    "g;};};if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F"\n    '"${k[22]}"'"T;printf("'"${f[8]}"'",F,D,S,C,f);if(l>L) printf("'"${f[7]}"'",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' 's/^.{52}(.+) <.+/\1/p' ' /id: N|te: Y/{i++} END{print i} ' ' /kext:/ { split($0,a,":");p=a[1];k[S]='${k[25]}';k[U]='${k[26]}';v[S]="Safe";v[U]="true";for(i in k) { s=system("'"${k[30]}"'\\ :"k[i]" \""p"\"/*/I*|grep -qw "v[i]);if(!s) a[1]=a[1]" "i;};if(!a[2]) a[2]="'"${k[23]}"'";printf("'"${f[4]}"'",a[1],a[2]);next;} !/^ *$/ { p="'"${k[31]}"'\\ :'"${k[33]}"' \""$0"\"/*/'${k[32]}'";p|getline b;close(p);if(b~/ .+:/||!b) b="'"${k[23]}"'";printf("'"${f[4]}"'",$0,b);} ' '/ en/!s/\.//p' ' NR>=13 { gsub(/[^0-9]/,"",$1);print;} ' ' $10~/$L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?'${k[32]}'$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ / [VY]/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' '/^find: /!p;' ' /^p/{ s/.//g;x;s/\nu/'$'\f''/;s/(\n)c/\1'$'\f''/;s/\n\n//;p;};H;' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */    /;p;' ' s/^.+ |\(.+$$//g;p;' '1;END{if(NR<'${p[15]}')printf("^/(S|usr/(X|li))")}' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR|^s/d;s/^.+: //p;' ' $3~/^[1-9][0-9]{0,2}(\.[1-9][0-9]{0,2}){2}$/ { i++;n=n"\n"$1"\t"$3;} END{ if(i>1)print n} ' s/{'\.|jnl: ','P.+:'}'//;s/ +([0-9]+)(.+)/\2'$'\t\t''\1/p' ' /es: ./{ /iOS/d;s/^.+://;b0'$'\n'' };/^ +C.+ted: +[NY]/H;/:$/b0'$'\n'' d;:0'$'\n'' x;/: +N/d;s/://;s/\n.+//p;' ' 1d;/:$/b0'$'\n'' $b0'$'\n'' /(D|^ *Loc.+): /{ s/^.+: //;H;};/(B2|[my]): /H;d;:0'$'\n'' x;/[my]: [AM]|m: I.+p$|^\/Vo/d;s/(^|\n) [ -~]+//g;s/(.+)\n(.+)/\2:\1/;s/\n//g;/[ -~]/p;' 's/$/'$'\f''(0|-(4[34])?)$/p' '|sort'{'|uniq'{,\ -c},\ -nr} ' s/^/'{5,6,7,8,9,10}$'\f''/;s/ *'$'\f'' */'$'\f''/g;p;' 's/:.+$//p' '|wc -l' /{\\.{kext,xpc,'(appex|pluginkit)'}'\/(Contents\/)?'Info,'Launch[AD].+'}'\.plist$/p' 's/([-+.?])/\\\1/g;p' 's/, /\'$'\n/g;p' ' BEGIN{FS="\f"} { printf("'"${f[6]}"'",$1/2^30,$2);} ' ' /= D/&&$1!~/'{${k[24]},${k[29]}}'/ { getline d;if(d~"t") print $1;} ' ' BEGIN{FS="\t"} NR>1&&$NF!~/0x|\.([0-9]{3,}|[-0-9A-F]{36})$/ { print $NF"\f"a[split($(NF-1),a," ")];} ' '|tail -n'{${p[6]},${p[10]}} ' s/.+bus /Bus: /;s/,.+[(]/ /;s/,.+//p;' ' { $NF=$NF" Errors: "$1;$1="";} 1 ' ' 1s/^/\'$'\n''/;/^ +(([MNPRSV]|De|Li|Tu).+|Bus): .|d: Y/d;s/:$//;$d;p;' ' BEGIN { RS=",";FS=":";} $1~"name" { gsub(/["\\]/,"",$2);print $2;} ' '|grep -q e:/' '/[^ .]/p' '{ print $1}' ' /^ +N.+: [1-9]/ { i++;} END { if(i) print "system: "i;} ' ' NF { print "'{admin,user}' "$NF;exit;} ' ' /se.+ =/,/[\}]/!d;/[=\}]/!p ' ' 3,4d;/^ +D|Of|Fu| [0B]/d;s/^ |:$//g;$!H;${ x;/:/p;} ' ' BEGIN { FS=": ";} NR==1 { sub(":","");h="\n"$1"\n";} /:$/ { l=$1;next;} $1~"S"&&$2!~3 { getline;next;} /^ {6}I/ { i++;L[i]=l" "$2;} END { if(i) print h;for(j=0;j<'${p[24]}';j++) print L[i-j];} ' ' /./H;${ x;s/\n//;s/\n/, /g;/,/p;} ' ' {if(int($6)>'${p[25]}')printf("swap used %.1f\n",$6/1024)} ' ' BEGIN{FS="\""} $3~/ t/&&$2!~/'{${k[24]},${k[29]}}'/{print $2} ' ' int($1)>13 ' p ' BEGIN{FS="DB="} { sub(/\.db.*/,".db",$2);print $2;} ' {,1d\;}'/r%/,/^$/p' ' NR==1{next} NR>11||!$0{exit} {print $NF"\f"substr($0,1,32)"\f"$(NF-7)} ' '/e:/{print $2}' ' /^[(]/{ s/....//;s/$/:/;N;/: [)]$/d;s/\n.+ ([^ ]+).$/\1/;H;};${ g;p;} ' '1;END { exit "find /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom -mtime -'${p[23]}'s"|getline;} ' ' NR<='${p[26]}' { o=o"\n"$0;next;} { o="";exit;} END{print o|"sed 1d"} ' ' {o=o"\n"$0} NR==6{p=$1*$5} END{if(p>'${p[27]}'*10^6)print o|"sed 1d"} ' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab kextfind top pkgutil "${k[30]}\\" echo cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom 'mdfind -onlyin' env pluginkit scutil 'dtrace -q -x aggsortrev -n' security sed\ -En awk 'dscl . -read' networksetup mdutil lsof test osascript\ -e netstat mdls route cat uname powermetrics codesign lockstat lpstat );c2=(${k[21]}loginwindow\ LoginHook ' /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'" 'L*/Ca*/'${k[21]}'Saf*/E* -d 2 -name '${k[32]} '~ $TMPDIR.. $ -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 $' -i '-nl -print' '-F \$Sender -k Level Nle 3 -k Facility Req "'${k[21]}'('{'bird|.*i?clou','lsu|sha'}')"' "-f'%N: %l' Desktop {/,}L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message CRne '0xdc008012|(allow|call)ing|Goog|(mplet|nabl)ed|ry HD|safe b|succ|xpm' -k Message CReq 'bad |Can.t l|corru|dead|fail|GPU |hfs: Ru|inval|Limiti|v_c|NVDA[(]|pa(gin|us)|Purg(ed|in)| err|Refus|s ful|TCON|tim(ed? ?|ing )o|trig|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o%cpu,comm,ruid' "' syscall::recvfrom:return {@a[execname,uid]=sum(arg0)} syscall::sendto:return {@b[execname,uid]=sum(arg0)} syscall::open*:entry {@c[execname,uid,copyinstr(arg0),errno]=count()} syscall::execve:return, syscall::posix_spawn:return {@d[execname,uid,ppid]=count()} syscall::fork:return, syscall::vfork:return, syscall::posix_spawn:return /arg0<0/ {@e[execname,uid,arg0]=count()} syscall:::return /errno!=0/ {@f[execname,uid,errno]=count()} io:::wait-start {self->t=timestamp} io:::wait-done /self->t/ { this->T=timestamp - self->t;@g[execname,uid]=sum(this->T);self->t=0;} io:::start {@h[execname,uid]=sum(args[0]->b_bcount)} tick-10sec { normalize(@a,2560000);normalize(@b,2560000);normalize(@c,10);normalize(@d,10);normalize(@e,10);normalize(@f,10);normalize(@g,10000000);normalize(@h,10240);printa(\"1\f%@d\f%s\f%d\n\",@a);printa(\"2\f%@d\f%s\f%d\n\",@b);printa(\"11\f%@d\f%s\f%d\f%s\f%d\n\",@c);printa(\"12\f%@d\f%s\f%d\f%d\n\",@d);printa(\"13\f%@d\f%s\f%d\f%d\n\",@e);printa(\"14\f%@d\f%s\f%d\f%d\n\",@f);printa(\"3\f%@d\f%s\f%d\n\",@g);printa(\"4\f%@d\f%s\f%d\n\",@h);exit(0);} '" '-f -pfc /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag $ -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true $ -execdir stat -f'$'\f''%Sc'$'\f''%N -t%F {} \;' '/S*/*/Ca*/*xpc*' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' /\ kMDItemContentTypeTree=${k[21]}{bundle,mach-o-dylib} :Label "/p*/e*/{auto*,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {/p*,/usr/local}/e*/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*{,/*} .launchd.conf" list '-F "" -k Sender hidd -k Level Nle 3' /Library/Preferences/${k[21]}alf\ globalstate --proxy '-n get default' vm.swapusage --dns -get{dnsservers,info} dump-trust-settings\ {-s,-d,} '~ "kMDItemKind=Package"' '-R -ce -l1 -n5 -o'{'prt -stats prt','mem -stats mem'}',command,uid' -kl -l -s\ / '--regexp --files '${k[21]}'pkg.*' '+c0 -i4TCP:0-1023' ${k[21]}dashboard\ layer-gadgets '-d /L*/Mana*/$USER' '-app Safari WebKitDNSPrefetchingEnabled' '-Fcu +c0 -l' -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' '-F \$Message -k Sender kernel -k Message CReq "'{'n Cause: -','(a und|I/O |gnment |jnl_io.+)err|disk.+abo','USBF:.+bus'}'"' -name\ kMDItem${k[33]} -T\ hfs '-n get default' -listnetworkserviceorder :${k[33]} :CFBundleDisplayName $EUID {'$TMPDIR../C ','/{S*/,}'}'L*/{,Co*/*/*/L*/}{Cache,Log}s -type f -size +'${p[11]}'M -exec stat -f%z'$'\f''%N {} \;' \ /v*/d*/*/*l*d{,.*.$UID}/* '-app Safari UserStyleSheetEnabled' 'L*/A*/Fi*/P*/*/a*.json' users/$USER\ HomeDirectory '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' ' -F "\$Time \$(Sender): \$Message" -k Sender Rne "launchd|nsurls" -k Level Nle 3 -k Facility R'{'ne "user|','eq "'}'console" -k Message CRne "[{}<>]|asser|commit - no t|deprec|done |ect pas|fmfd|Goog|ksho|ndum|obso|realp|rned f|/root|sandbox ex" ' getenv '/ "kMDItemDateAdded>=\$time.now(-'${p[23]}')&&kMDItem'${k[33]}'=*"' -m\ / '' ' -F "\$Time \$(RefProc): \$Message" -k Sender Req launchd -k Level Nle 3 -k Message Rne "asse|bug|File ex|hij|Ig|Jet|key is|lid t|Plea|ship" ' print{,-disabled}\ {system,{gui,user}/$UID} '-n1 --show-initial-usage --show-process-energy' -r ' -F "\$Message" -k Sender nsurlstoraged -k Time ge -1h -k Level Nle 4 -k Message Req "^(ER|IN)" ' '/A* -type d -name *.app -prune ! -user 0' -vv '-D1 -IPRWck -s5 sleep 1' -o );N1=${#c2[@]};for j in {0..20};do c2[N1+j]=SP${k[j]}DataType;done;l=({Restricted\ ,Lock,Pro}files POST Battery {Safari,App,{Bad,Loaded}\ kernel,Firefox}\ extensions System\ load boot\ args FileVault\ {2,1} {Kernel,System,Console,launchd}\ log SMC Login\ hook 'I/O per process' 'High file counts' UID {System,Login,Agent,User}\ services\ {load,disabl}ed {Admin,Root}\ access Font\ issues Firewall Proxies DNS TCP/IP Wi-Fi 'Elapsed time (sec)' {Root,User}\ crontab {Global,User}' login items' Spotlight Memory\ pressure Listeners Widgets Parental\ Controls Prefetching Nets Volumes {Continuity,I/O,iCloud,HID,HCI}\ errors {User,System}\ caches/logs XPC\ cache Startup\ items Shutdown\ codes Heat Diagnostic\ reports Bad\ {plist,cache}s 'VM (GiB)' Bundles{,' (new)'} Trust\ settings Activity Free\ space Stylesheet Library\ paths{,' ('{shell,launchd}\)} Data\ packages Modifications CUPS );N3=${#l[@]};for i in {0..8};do l[N3+i]=${k[5+i]};done;F() { local x="${s[$1]}";[[ "$x" =~ ^([\&\|\<\>]|$) ]]&&{ printf "$x";return;};:|${c1[30]} "$x" 2>&-;printf "%s \'%s\'" "|${c1[30+$?]}" "$x";};A0() { Q=6;v[2]=1;id -G|grep -qw 80;v[1]=$?;((v[1]))||{ Q=7;sudo -v;v[2]=$?;((v[2]))||Q=8;};v[3]=`date +%s`;date '+Start time: %T %D%n';printf '\n[Process started]\n\n'>&4;printf 'Revision: %s\n\n' ${p[0]};};A1() { local c="${c1[$1]} ${c2[$2]}";shift 2;c="$c ` while [[ "$1" ]];do F $1;shift;done`";((P2))&&{ c="sudo $c";P2=;};v=`eval "$c"`;[[ "$v" ]];};A2() { local c="${c1[$1]}";[[ "$c" =~ ^(awk|sed ) ]]&&c="$c '${s[$2]}'"||c="$c ${c2[$2]}";shift 2;local d=` while [[ "$1" ]];do F $1;shift;done`;((P2))&&{ c="sudo $c";P2=;};local a;v=` while read a;do eval "$c '$a' $d";done<<<"$v";`;[[ "$v" ]];};A3(){ v=$((`date +%s`-v[3]));};export -f A1 A2 F;B1() { v=No;! ((v[1]))&&{ v=;P1=1;};};eval "`type -a B1|sed '1d;s/1/2/'`";B3(){ v[$1]="$v";};B4() { local i=$1;local j=$2;shift 2;local c="cat` while [[ "$1" ]];do F $1;shift;done`";v[j]=`eval "{ $c;}"<<<"${v[i]}"`;};B5(){ v="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d$'\e' <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F$'\e' ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`egrep -v "${v[$1]}"<<<"$v"|sort`;};eval "`type -a B7|sed '1d;s/7/8/;s/-v //'`";C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { B4 0 0 63&&C1 1 $1;};C4() { echo $'\t'"Part $((++P)) of $Q done at $((`date +%s`-v[3])) sec">&4;};C5() { sudo -k;pbcopy<<<"$o";printf '\n\tThe test results are on the Clipboard.\n\n\tPlease close this window.\n';exit 2>&-;};for i in 1 2;do eval D$((i-1))'() { A'$i' $@;C0;};';for j in 2 3;do eval D$((i+2*j-3))'() { local x=$1;shift;A'$i' $@;C'$j' $x;};';done;done;trap C5 2;o=$({ A0;D0 0 N1+1 2;D0 0 $N1 1;B1;C2 31;B1&&! B2&&C2 32;D2 22 15 63;D0 0 N1+2 3;D0 0 N1+15 17;D4 3 0 N1+3 4;D4 4 0 N1+4 5;D4 N3+4 0 N1+9 59;D0 0 N1+16 99;for i in 0 1 2;do D4 N3+i 0 N1+5+i 6;done;D4 N3+3 0 N1+8 71;D4 62 1 10 7;D4 10 1 11 8;B2&&D4 18 19 53 67;D2 11 2 12 9;D2 12 3 13 10;D2 13 32 70 101 25;D2 71 6 76 13;D2 45 20 52 66;A1 7 77 14;B3 28;A1 20 31 111;B6 0 28 5;B4 0 0 110;C2 66;B2&&D0 45 90 124;D4 70 8 15 38;D0 9 16 16 77 45;C4;B2&&D0 35 49 61 75 76 78 45;B2&&{ D0 28 17 45;C4;};B2&&{ A1 43 85 117;B3 29;B4 0 0 119 76 81 45;C0;B4 29 0 118 119 76 82 45;C0;    };D0 12 40 54 16 79 45;D0 12 39 54 16 80 45;D4 78 46 91;D4 74 25 77 15&&{ B4 0 8 103;B4 8 0;A2 18 74;B6 8 0 3;C3 75;};B2&&D4 19 21 0;B2&&D4 40 10 42;D2 2 0 N1+19 46 84;D2 44 34 43 53;D2 59 22 20 32;D2 33 0 N1+14 51;for i in {0..2};do A1 29 35+i 104+i;B3 25+i;done;B6 25 27 5;B6 0 26 5;B4 0 0 110;C2 69;D2 34 21 28 35;D4 35 27 29 36;A1 40 59 120;B3 18;A1 33 60 121;B8 18;B4 0 19 83;A1 27 32 39&&{ B3 20;B4 19 0;A2 33 33 40;B3 21;B6 20 21 3;};C2 36;D4 50 38 5 68;B4 19 0;D5 37 33 34 42;B2&&D4 46 35 45 55;D4 38 0 N1+20 43;B2&&D4 58 4 65 76 91;D4 63 4 19 44 75 95 12;B1&&{ D4 53 5 55 75 69&&D4 51 6 58 31;D4 56 5 56 97 75 98&&D0 0 N1+7 99;D2 55 5 27 84;D4 61 5 54 75 70;D4 14 5 14 96;D4 15 5 72 96;D4 17 5 78 96;C4;};D4 16 5 73 96;A1 13 44 74 18;C4;B3 4;B4 4 0 85;A2 14 61 89;B4 0 5 19 102;A1 17 41 50;B7 5;C3 8;B4 4 0 88;A2 14 24 89;C4;B4 0 6 19 102;B4 4 0 86;A2 14 61 89;B4 0 7 19 102;B5 6 7;B4 0 11 73 102;A1 42 86 114;j=$?;for i in 0 1 2;do ((i==2&&j==1))&&break;((! j))||((i))||B2&&A1 18 $((79+i-(i+53)*j)) 107+8*j 94 74||continue;B7 11;B4 0 0 11;C3 $((23+i*(1+i+2*j)));D4 $((24+i*(1+i+2*j))) 18-4*j 82+i-16*j $((112+((3-i)*i-40*j)/2));done;D4 60 4 21 24;D4 42 14 1 62;D4 43 37 2 90 48;D4 41 10 42;D2 48 36 47 25;A1 4 3 60&&{ B3 9;A2 14 61;B4 0 10 21;B4 9 0;A2 14 62;B4 0 0 21;B6 0 10 4;C3 5;};D4 9 41 69 100;D2 72 21 68 35;D2 49 21 48 49;B4 4 22 57 102;A1 21 46 56 74;B7 22;B4 0 0 58;C3 47;D4 54 5 7 75 76 69;D4 52 5 8 75 76 69;D4 57 4 64 76 91;D2 0 4 4 84;D2 1 4 51 84;D4 21 22 9 37;D0 0 N1+17 108;D4 76 24 38;A1 23 18 28 89;B4 0 16 22 102;A1 16 25 33;B7 16;B4 0 0 34;D1 31 47;D4 64 4 71 41;D4 65 5 87 116 74;C4;B4 4 12 26 89 23 102;for i in {0..3};do A1 0 N1+10+i 72 74;B7 12;B4 0 0 52;C3 N3+5+i;((i))||C4;done;A1 24 22 29;B7 12;B3 14;A2 39 57 30;B6 14 0 4;C3 67;A1 24 75 74;B4 1 1 122||B7 12;B4 0 0 123;B3 23;A2 39 57 30;B6 23 0 4;C3 68;B4 4 13 27 89 65;A1 24 23;B7 13;C3 73;B4 4 0 87;A2 14 61 89 20;B4 0 17;A1 26 50 64;B7 17;C3 6;A1 4 88;D5 77 44 89;D4 7 11 6;D0 0 N1+18 109;A3;C2 39;C4;} 4>&2 2>/dev/null;);C5
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad and start typing the name.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:
[Process started]
        Part 1 of 8 done at … sec
        Part 8 of 8 done at … sec
        The test results are on the Clipboard.
        Please close this window.
[Process completed]
The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.
Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it and go to the next step. You'll have incomplete results, but still something.
12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak for themselves, not for me. The test itself is harmless, but whatever else you're told to do may not be. For others who choose to run it, I don't recommend that you post the test results on this website unless I asked you to.
Copyright © 2014, 2015 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

Similar Messages

I opened an email that I later identified on hoaxbusters as depositing malware. I have malwarebytes on my laptop, but nothing similar on my iphone4 what app should I buy? If I run it, will it find or fix the possible malware?

I opened an email on my phone that I later identified on hoaxbusters as depositing malware. I have malwarebytes on my laptop, but nothing similar on my iphone4. What app should I buy? If I run it, will it find or fix the possible malware?

The creeps that generate this code figured that the iPhone since is is selling so well would be a great market for them even if iOS makes it impossible for their code to do anything practical unless it is jail broken first.
For additional information on jailbreaking, read http://en.wikipedia.org/wiki/IOS_jailbreaking

Suspicious metadata suggests possible malware...

I have this really weird problem that just came up, and I don't know what to think except "malware?".
I run an old program called Business Sense using Classic. I have several copies of the application on my machine, and I recently noticed some strange behavior: if I open a Business Sense file (not the application directly), it opens the program (no problems). But if I try to open the application itself, the computer instead tries to open it as a file in Script Editor. Get Info reveals that the kind is listed as "application" instead of "Application (Classic)". The "Open With" panel shows up, and the Memory panel does not. Two copies of the program have this problem, and the other 5 or so do not. Other Classic apps do not have this problem as far as I can see. Sometimes the Business Sense icon changes to a weird "color glitch" square (sort of like TV noise but with color). If I use SetFileInfo (from the developer tools) to turn off the custom icon flag, the weird icon goes away.
Here's the really weird part. I used an Automator workflow that I cobbled together from macosxhints.com to view all of the metadata for the file (it uses the mdls command in the command line). The funky copies of Business Sense show this metadata:
*/Documents/BS Data/B $‚Ñ¢ 2.3 -------------*
*kMDItemAttributeChangeDate = 2007-11-25 19:33:02 -0800*
*kMDItemContentCreationDate = 1993-12-22 09:00:00 -0800*
*kMDItemContentModificationDate = 2007-11-25 19:33:01 -0800*
*kMDItemContentType = "com.prospa.manpage"*
*kMDItemContentTypeTree = ("com.prospa.manpage", "public.data", "public.item")*
*kMDItemDisplayName = "B $‚Ñ¢ 2.3"*
*kMDItemFSContentChangeDate = 2007-11-25 19:33:01 -0800*
*kMDItemFSCreationDate = 1993-12-22 09:00:00 -0800*
*kMDItemFSCreatorCode = 1112755795*
*kMDItemFSFinderFlags = 9472*
*kMDItemFSInvisible = 0*
*kMDItemFSIsExtensionHidden = 0*
*kMDItemFSLabel = 0*
*kMDItemFSName = "B $‚Ñ¢ 2.3"*
*kMDItemFSNodeCount = 0*
*kMDItemFSOwnerGroupID = 80*
*kMDItemFSOwnerUserID = 501*
*kMDItemFSSize = 411634*
*kMDItemFSTypeCode = 1095782476*
*kMDItemID = 208135*
*kMDItemKind = "application"*
*kMDItemLastUsedDate = 2004-12-11 16:34:45 -0800*
*kMDItemUsedDates = (2004-12-11 16:34:45 -0800)*
Don't mind the funky file name (it's named "B $™ 2.3" in the Finder). The weird part is what are in the ContentType and ContentTypeTree fields. For comparison, here's the metadata from one of the normal Business Sense applications:
*/Documents/BS Data/Empty DDS/B $‚Ñ¢ 2.3 -------------*
*kMDItemAttributeChangeDate = 2007-06-25 20:10:46 -0700*
*kMDItemContentCreationDate = 1993-12-22 09:00:00 -0800*
*kMDItemContentModificationDate = 2002-07-13 16:52:09 -0700*
*kMDItemContentType = "com.apple.application-file"*
*kMDItemContentTypeTree = (*
"com.apple.application-file",
"com.apple.application",
"public.executable",
"public.data",
"public.item"
*kMDItemDisplayName = "B $‚Ñ¢ 2.3"*
*kMDItemFSContentChangeDate = 2002-07-13 16:52:09 -0700*
*kMDItemFSCreationDate = 1993-12-22 09:00:00 -0800*
*kMDItemFSCreatorCode = 1112755795*
*kMDItemFSFinderFlags = 8448*
*kMDItemFSInvisible = 0*
*kMDItemFSIsExtensionHidden = 0*
*kMDItemFSLabel = 0*
*kMDItemFSName = "B $‚Ñ¢ 2.3"*
*kMDItemFSNodeCount = 0*
*kMDItemFSOwnerGroupID = 80*
*kMDItemFSOwnerUserID = 501*
*kMDItemFSSize = 408262*
*kMDItemFSTypeCode = 1095782476*
*kMDItemID = 208691*
*kMDItemKind = "Classic Application"*
*kMDItemLastUsedDate = 2002-07-13 16:52:09 -0700*
*kMDItemUsedDates = (2002-07-13 16:52:09 -0700)*
Whereas the normal one has metadata values one would expect ("com.apple.application-file", "com.apple.application", "public.executable", etc.), the funky one has a value that doesn't make any sense: "com.prospa.manpage"
Where the heck did that come from? I tried going to that website (prospa.com) and it's just a placeholder for a domain squatter. Interestingly, manpage.prospa.com does exist, and redirects to prospa.com. On that website, a contact address is listed: [email protected], but the words "contact us" to the right of that send the user to http://paty-poker.net/ which looks almost exactly the same as the first site.
A whois inquiry of prospa.com is shown below. It reveals that the owner is in South Korea, and lists a different contact email address ([email protected])
*Tue Dec 04 08:00 PM*
*cybertoothdog $ whois prospa.com*
*Whois Server Version 2.0*
*Domain names in the .com and .net domains can now be registered*
*with many different competing registrars. Go to http://www.internic.net*
*for detailed information.*
*Domain Name: PROSPA.COM*
*Registrar: CYDENTITY, INC. D/B/A CYPACK.COM*
*Whois Server: whois.cypack.com*
*Referral URL: http://www.cypack.com*
*Name Server: NS1.HOSTNAME.NET*
*Name Server: NS2.HOSTNAME.NET*
*Status: clientDeleteProhibited*
*Status: clientTransferProhibited*
*Status: clientUpdateProhibited*
*Updated Date: 12-jul-2007*
*Creation Date: 14-jun-2001*
*Expiration Date: 14-jun-2008*
*>>> Last update of whois database: Wed, 05 Dec 2007 04:00:42 UTC <<<*
*The Registry database contains ONLY .COM, .NET, .EDU domains and*
Registrars.
*Welcome to CyDentity, Inc. dba CyPack.com's WHOIS Service*
*Domain Name: PROSPA.COM*
*Domain Status: LOCK*
*Registrar: CyDentity, Inc. dba CyPack.com*
*Referral URL: <a class="jive-link-external-small" href="http://">http://www.CyPack.com*
*Domain Registration Date....: 2001-06-14 GMT.*
*Domain Expiration Date......: 2008-06-14 GMT.*
Registrant:
kimtaeho
*17-211, Maewol-dong, Seo-gu*
*Gwangju, Gwangju 502153*
KR
*Administrative, Technical, Billing Contact:*
*kimtaeho [email protected]*
*17-211, Maewol-dong, Seo-gu*
*Gwangju, Gwangju 502153*
KR
*(PHONE) +82-11-226-2899 (FAX) +82-62-603-0969*
*Domain Name Servers in listed order:*
NS1.HOSTNAME.NET
NS2.HOSTNAME.NET
I don't know Korean. I don't go to Korean websites. Where in the heck did my computer get the information to put "com.prospa.manpage" into the metadata of a random Classic application on my computer? I can't think of any reason that makes any sense other than malware. I looked up "com.prospa.manpage" and "prospa.com" on Google, Yahoo, and Altavista; nothing comes up for the first one, and nothing that seems relevant comes up for the second one. I also tried searching for "prospa.com", "com.prospa" and "prospa" in Spotlight - not a single result listed. Not even the funky Business Sense application.
Does anyone have any idea what this could be? I hate bringing up the idea of "malware", but that's the only thing that makes any sense to me. What else would it be?
So far, the only thing I could think of to do was to email the [email protected] address using a junk email account saying that I was "interested" in the prospa.com website. I just did that this evening, so I don't expect to hear anything back for a while - although I don't know what good it's going to do. Does anyone know how to report this to Apple directly?
Any help or suggestions greatly appreciated!

I figured it out. I feel sort of silly.
At one point, my son's PowerBook hard drive was connected to the computer. He had a spotlight importer called manimporter.mdimporter installed. Somehow, the file associations for that mdimporter got added to my lsregister database, so any file that ended in .[number] (such as B $™ 2.3) was seen as a man file. I re-indexed the lsregister database using the command found at the bottom of this macosxhints.com hint:
http://www.macosxhints.com/article.php?story=20071014124330643
and that fixed the problem (perhaps this information will help someone with a similar problem in the future, like it did for me). I had to modify the search slightly, as just updating the database didn't get rid of the entry for manimporter.mdimporter. Using the following two variants seems to have returned everything to normal:
./lsregister -kill -f -domain local -domain system -domain user -domain network -dump
+This one kills the current database and forces a new update of all possible domains. I also added a+ *> ~/file.txt* +to the end so that the dump command would load all the data into a text file that I could look at later.+
./lsregister -f -R /system/library/
+This one picks up things like .dmg and .zip. I don't know why those weren't indexed in the first command. This one gives a lot of errors as it encounters things like jpeg files, but it seems to be ok.+
I don't recall whether I had to run these commands as root or not. Anyway, I hope this helps somebody.

Possible Malware or Virus on IMac?

Today one of my family members visited the site Neopets, as she does almost everyday. What is strange is that every link she clicks on the site, be it for playing a game, checking contact information at the bottom of the site, starting a game etc,would cause a pop up to appear saying that we do not have the updated player. By pressing ok, it redirects us to a site called updateplayer.us. It is almost identical to the adobe/flash site which makes me believe that its some type of phishing scam. Furthermore, it will again redirect us to other sites, all similar but with different names (i.e. bamplay.net, and fatplay.net). These sites were identical to one another (bamplay and fatplay). So my question is, do we have a virus or malware on or mac? We have the lion OS. Everything is up to date, (flash player is 13.0.0.214) and our system updates are all up to date. We only download updates through system preferences/ software update. Other than pictures that we have recieved from friends and family, and the occasional pdf we download for school/taxes, the only downloading/installing we have done is from the system/flash updates. We don't visit any malicious websites and are fairly cautious internet users. This just started happening today for the first time ever, and it only appears to be happening on Neopets. Do we have a virus or malicious software installed? Everything else seems to be running fine. Safari still seems to be fast. Or is this something on Neopets end? I'm not very skilled with computers so any help would be appreciated!
Thanks!
P.S.
Has anyone else who visits the site been experiencing this?

If Neopets requires Adobe Flash Player, always navigate on your own to Adobe's website and download the installer from them, and never from within someone else's website including this one. Fortunately, thousands of Apple Support Communities participants are here to rapidly respond to anyone's malicious intent.
Adobe's website is as follows, which you will be able to see for yourself exactly as it appears, in your browser's URL field:
https://get.adobe.com/flashplayer/
Ignore unexpected popups or solicitations to update Flash Player; they can direct you to fraudulent sites that will attempt to convince you to install malicious software, or to reveal personal information such as your Apple ID credentials.
Or is this something on Neopets end?
That is another possibility, as are other potential causes, but the malicious router hacking I described is a serious concern and must be ruled out at your earliest opportunity.

File Sharing Enabling Itself/ Possible Malware Infection?

Greetings to all,
I'm posting this out of sheer desperation because no one else seems to have reported such an issue (or so Google would have me believe).
A bit of background info:
I'm running 10.8.5 and Firefox 24.0, no frills, no extra customisations apart from one add-on; pretty much everything left to the default settings (homepage, theme, etc.).
I noticed two weeks ago that my first tab in Firefox kept shivering every time a new tab was opened or an existing one was closed. The only thing that had been installed was AdBlock Plus and that was running flawlessly for a month.
I researched the problem on my own and found that previous versions of Firefox had similar shaking issues but none were related to AdBlock.
I reset my browser and the shaking stopped. I re-installed AdBlock and the issue returned in ten minutes. I reported this to AdBlock Plus but have yet to hear back from them.
Now moving onto the crux of the issue:
I noticed in the last week that File Sharing has been turning itself on. I have another Mac on the network but I have only used this feature a handful of times and always make sure to disable it as soon as I'm done. This is combination with e-mails that I did not send that appear to be sent from my account despite having changed my password several times in the last year. None of my contacts have reported that they received spam from me.
I had been mildly suspicious of some such malware due to Netflix/ Hulu magically playing videos on their own well after they had already timed out.
I checked Activity Monitor and there were no suspicious processes but I figured if a keylogger, for instance, were sophisticated enough, I still might not be able to see it.
Enter MacScan 2.9.4. I downloaded it directly from their website and ran a full-system scan which ultimately yielded nothing.
I re-open Firefox and what do I see? Yahoo! has been made my new homepage and a bunch of Spigot searchbars have been added, namely that for Amazon and eBay.
When I Googled the company name, almost all the of articles referred to it as malware.
I have since reset my browser and I'm starting to freak out more than just a little.
A well-known and recommended AV hijacks my browser, spam is being sent to me by 'me', File Sharing is enabling itself, and of course, the phantom video playing.
Has anyone seen this conglomeration of symptoms before and if so, what can I do about it?
If not, am I going to have to wipe both Macs?
Please some kind soul out there, help!

I'm not following your description well enough to know exactly what happened. What site were you viewing when this happened, and did it happen immediately on clicking a link or did it just happen spontaneously? What is a "corrupted install window"? And what is "the corrupt file" you found in your download folder? Without more information, it's difficult to say, but it doesn't sound like malware to me. Of course, if you wish to set your mind at ease, get a copy of [ClamXav|http://www.clamxav.com> and scan your hard drive. Also, I would point you to my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus>, but as I've received private communications from you already, I see you've found it!
Note that files ending in .part are temp files... they are the beginnings of files that your browser started downloading. When you cancel a download, whatever had been downloaded to that point is left in a .part file, I believe to allow for resumption of the download later (if the server in question supports that). Whatever's in there is not complete and could not possibly be opened, so it is not a threat.

Possible Malware infection?

I was surfing a website with firefox, and my download window popped open with the list cleared. I never clear my list. Then a corrupted install window opened asking me to install a dmg that was like a clean file i had downloaded earlier. i didn't install and i shut down the computer. On reopening i found in my download folder the corrupt file and a file with random letters ending in a ".part" file name.
Any clarification would be helpful?
Thanks

I'm not following your description well enough to know exactly what happened. What site were you viewing when this happened, and did it happen immediately on clicking a link or did it just happen spontaneously? What is a "corrupted install window"? And what is "the corrupt file" you found in your download folder? Without more information, it's difficult to say, but it doesn't sound like malware to me. Of course, if you wish to set your mind at ease, get a copy of [ClamXav|http://www.clamxav.com> and scan your hard drive. Also, I would point you to my [Mac Virus guide|http://www.reedcorner.net/thomas/guides/macvirus>, but as I've received private communications from you already, I see you've found it!
Note that files ending in .part are temp files... they are the beginnings of files that your browser started downloading. When you cancel a download, whatever had been downloaded to that point is left in a .part file, I believe to allow for resumption of the download later (if the server in question supports that). Whatever's in there is not complete and could not possibly be opened, so it is not a threat.

Possible malware or infection??

so my iphone was recently booted from my schools wifi network because they say they detected a malware infection on my" computer" . Now my iphone seems to be working fine, no signs of a problem. But they said i cant get access back till i've identified the problem and cleaned it up. is there any way to identify such a problem on my iphone if one existed????

evilclaw2321,
Without some verification that the packages you install only do the things they say they will, there is no way to tell what is happening.
Without some verification and certification of the applications, whether or not a give application does more than what it says, is entirely up to how trustworthy the author and source for getting it is.
Yes, it is possible you could have malware installed. However, troubleshooting specific applications installed by breaking your iPhone's license agreement is not something that can be done within Apple Discussions.
Hope this helps,
Nathan C.

Possible malware on my macbook.

Hi guys,
Firstly let me start off by apologising as i know this topic has been somewhat covered in the past, but i thought their might be new information available that could help me out.
I play world of warcraft on my macbook, just last night i tried to log in only to find my account had been hacked and my password changed, I used secret question etc to reset and choose anew password a few hours later the password had changed again. On contacting blizzard they said it was most likely that i had a keylogger on my system either as a downloaded addon for the game or from visiting some wow related site. So my question that i really hope you may be able to answer is;
1. Assuming there is a keylogger on my system (i think thats the safest stance to take) how do i remove it ? I have ran clamxav, ianti virus and macscan all clean except for some Tracking cookies that look innocent enough.
I can do a system restore as a lst resort but im hoping to avoid it if possible.
thanks for your time and help
Conor

Yes, an erase and fresh install is the safest way to go.
While there are no known viruses that attack Mac OS X at the present time it is possible for other malware to get onto your Mac, like your keylogger.
So I go to lengths to protect my user. A hosed system can be replaced but a compromised user folder is compromised forever. Along with all your important data like bank records, credit cards, ... I.e. your "identity" stolen.
The best way to avoid that is by being a frustrating target. Use your built-in firewall which is industrial strength and/or a hard wired router, downloading only from "trusted" sites, installing all security updates and being careful about what you give administrative power to.
Don't use Limewire or any other P2P service to download your software, get it from reputable sources. In addition, always keep at least your users backed up, preferably a clone of your entire system on a separate disk. And put your sensitive passwords, bank accounts, credit card numbers in a "secure note" in a new keychain or in an encrypted folder.
If and when a Mac virus does appear it will be headline news and you can download the AV software then. If you feel you have to run an AV program I'd suggest ClamXav a mac friendly freeware app that is very stable with OS X. It will check for known virus signatures at any rate.
Hope this helps.
-mj

Isis Mobile wallet possible malware

I upgraded my sim to the nfc secure and installed Isis mobile wallet
Vipre is the best antivirus around found ... I have informed Verizon and Vipre ... Vipre techs are researching to see if it has malware or just a false positive i will post as soon as they let me know .... this posted just to make you aware of a possible security issue
Antivirus Scan 1 threat was detected: Trojan.AndroidOS.Generic.A
Type: Malware
Level: High
about 23 hours ago
App Uninstalled Application com.isis.mclient.verizon.activity was uninstalled from your device about 23 hours ago

It is a false positive so no malware at all

My Macbook Pro is running slow, possible malware

Hi there,
I know this is an annoying redundant question but I am an idiot and I did it. A couple months ago, I made the mistake of downloading Trojan. I tried deleting the application but the pop ads (Mackeeper) continued. I looked further into the problem, I deleted all the extensions on safari and chrome, that didn't work. Also, I checked my memory 421. GB free of 498 GB yet I still find my Macbook running slow when opening different applications.   I am scared that I may have malware. What should I do?

There is no need to download anything to solve this problem. You may have installed a variant of the "VSearch" ad-injection malware.
Malware is always changing to get around the defenses against it. These instructions are valid as of today, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
/Library/LaunchDaemons
In the Finder, select
          Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
          com.something.daemon.plist
and
           com.something.helper.plist
Here something is a variable word, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes the word is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
/Library/LaunchAgents
In this folder, there may be a file named
          com.something.agent.plist
where the word something is the same as before.
If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
Open this folder:
/Library/Application Support
If it has a subfolder named just
           something
where something is the same word you saw before, drag that subfolder to the Trash and close the window.
Don't delete the "Application Support" folder or anything else inside it.
Finally, in this folder:
/System/Library/Frameworks
there may an item named exactly
            v.framework
It's actually a folder, though it has a different icon than usual. This item always has the above name. Drag it to the Trash and close the window.
Don't delete the "Frameworks" folder or anything else inside it.
If you didn't find the files or you're not sure about the identification, post what you found.
If in doubt, or if you have no backups, change nothing at all.
The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
          Install system data files and security updates (OS X 10.10 or later)
or
          Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.

Possible Malware in the latest 11.1.102.63

hi guys found a possible bug on flash
thats the screen shot
can conform this has happened after i installed the latest version of flash
also happens on google chrome
http://www.avgthreatlabs.com/webthreats/info/Blackhole%20Exploit%20Kit%20Detection%20%28ty pe%201889%29/
also happens on chrome and safari and IE

Hello
wrong forum used.
Flash Player 11.1 = http://forums.adobe.com/community/flashplayer
Report it to AVG and the webmaster of the website you have opened.
It could be a false alarm.
You can compare it with some online/offline virus scanners.

ALERT! Possible malware email spam

I received an e-mail from the iTunes store this morning stating that I received an iTunes gift card.
It included a zip file that opens to an .exe file. I suspect this is malware. No one I know purchased a gift card from iTunes. I have not been able to contact Apple yet. Beware.
Email;
From: iTunes Products <[email protected]>
Subject: Thank you for buying iTunes Gift Certificate!
Date: May 26, 2010 9:19:26 AM EDT
To: Edward Glasheen
Hello!
You have received an iTunes Gift Certificate in the amount of $50.00
You can find your certificate code in attachment below.
Then you need to open iTunes. Once you verify your account, $50.00 will be credited to your account, so you can start buying music, games, video right away.
iTunes Store.
Gift Certificate. zip ( 28.8 KB )

I received the same e-mail this morning and deleted it right away because file contained a zip file and was sent to a fake e-mail address that is close to my e-mail address but not the right one and definitely not the e-mail address I have registered with iTunes.
I came in this site in hopes that a would find an e-mail address where I could forward the phishing e-mail but all I could find was this discussion board.

Possible Malware effecting Dreamweaver

I have been using Dreamweaver for a number of years and in the past few months have been encountering a problem that appears to be malware related.
When I am using the software, spurious changes are being made in both the html and css files which I have not touched.
These sorts of changes include:
Text characters piled up on top of each other
Randon price changes from $9.95 to $9.96 or $100 to $101 or $100.01
Headings are srunched up
Ad hoc adjustments to layout alignments such as one column partially overlapping another or complete resizing of the width
Inseting a stack of extra quotes around values (with the old style sloping quote marks) so they wont work
Random removal of classes
Removal of spacing
List goes on and on.
Many of these problems will correct themselves perhaps some hours or days later, but when one thing has gone back to normal it implements something else instead, making use of the software almost impossible.
I have run full Norton's scans including their additional heavy duty programs, and also followed advice to run Malwarebytes and Super-AntiSpyware, but none of these have found any problem.
When I was running the Malwarebyes, my computer became unstable - I was unable to start up and had to restore back to a point 6 weeks prior.
I am loosing faith that anyone has ever heard of this problem let alone know how to rectify it,
Any help would be greatly appreciated.
Cheers,
Alison.

Sounds like a hardware problem. You may not be infected with anything. If you haven't already, backup all your data to reliable external drives & take your PC in for service. Oftentimes a faulty fan, chip or failing hard drive can corrupt data files.
Good luck,
Nancy O.

Friend with Leopard opened a possible malware attachment

My friend who uses Leopard on a few year old MacMini got an American Airlines phony email with a supposed confirmation inside an attachment. She should have known better but she opened it, it downloaded something which she then deleted but didn't turn off her computer or modem for an hour. Looking online, there is a new malware thing going around that looks exactly like this one. I can't tell if it will work on a Mac. She's now in panic mode, thinking that she should buy some type of malware protective software. Any suggestions?

She may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
https://discussions.apple.com/docs/DOC-2435
(I have ClamXav set to scan incoming emails, but nothing else.)

Presage Tips Window, possible Malware?

Hello
I've notice lately that a supposed to be a Tips Window from Presage: "To optimize and improve user experience, we collate information about your usage and process this on an external server" suddenly appear while using my phone, I've never seen it before... I'm afraid it's some kind of Malware.
Have any of you seen this?
Thanks, regards.

Hi RikMoon
Discussion Welcome to the community! Since you're new please be sure that you have checked out our Discussion guidelines
I would have to agree with Alexdon on this one, this will likely be from a third party app or from a website you are currently viewing.
I can only suggest removing any third party apps that you may have downloaded lately, or any apps that may have been installed around the time it started to happen.
- Official Sony Xperia Support Staff
If you're new to our forums make sure that you have read our Discussion guidelines.
If you want to get in touch with the local support team for your country please visit our contact page.

How to remove possible malware

A malware named "macProtector" redirects my searches to a **** website and consistently want to scan my computer.

Uninstalling Software: The Basics
Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash. Applications may create preference files that are stored in the /Home/Library/Preferences/ folder. Although they do nothing once you delete the associated application, they do take up some disk space. If you want you can look for them in the above location and delete them, too.
Some applications may install an uninstaller program that can be used to remove the application. In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
Some applications may install components in the /Home/Library/Applications Support/ folder. You can also check there to see if the application has created a folder. You can also delete the folder that's in the Applications Support folder. Again, they don't do anything but take up disk space once the application is trashed.
Some applications may install a startupitem or a Log In item. Startupitems are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder. Log In Items are set in the Accounts preferences. Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab. Locate the item in the list for the application you want to remove and click on the "-" button to delete it from the list.
Some software use startup daemons or agents that are a new feature of the OS. Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.
If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term. Unfortunately Spotlight will not look in certain folders by default. You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead. Download Easy Find at VersionTracker or MacUpdate.
Some applications install a receipt in the /Library/Receipts/ folder. Usually with the same name as the program or the developer. The item generally has a ".pkg" extension. Be sure you also delete this item as some programs use it to determine if it's already installed.
There are many utilities that can uninstall applications. Here is a selection:
AppZapper
Automaton
Hazel
CleanApp
Yank
SuperPop
Uninstaller
Spring Cleaning
Look for them at VersionTracker or MacUpdate.
For more information visit The XLab FAQs and read the FAQ on removing software.
You should restart the computer after removing all traces of the software.

Possible Malware??

Similar Messages

Maybe you are looking for