Possible new malware

Similar Messages

• New malware disguised as flash installer

  I'm a dummy....fell for the ruse, any ideas on how to get rid of this new malware?  thanks

  I have had some pop ups saying Flash seems to have crashed.Mainly on Youtube videos.
  That's just an error message, not an attempt to get you to download and install software.
  Is my MBP infected?
  If you've downloaded and installed Flash only from Adobe's web site, then no. Ignore any other site's attempt to convince you to install any software they are not the distributors of.
  What signs do I look for. I am 99% certain I have not downloaded anything but 1% of me says maybe!
  Not sure. From what's published on it so far, you wouldn't see any obvious activity, which is the point. Everything they want the Trojan to do happens in the background.
  I just ran software update and nothing new was found.
  Software Update is only for updating Apple software, such as OS X, Final Cut Studio, iLife, etc. It doesn't check for any updates from third party vendors.
  so is the update a remote piece of software?
  Yes, Flash is supplied by Adobe. You can get the real thing here.
  Sorry I am not used to this on my MAC, been a 'user' since 2002 and never worried before.
  There's always something to worry about, no matter what OS you're using. You just have to be vigilant, more than anything else. For now, viruses are still non existent. What few OS X exploits there are, are Trojans. Software that requires you to fall for some supposed value it has and installing it yourself.

• Please assit with identifying current VBIOS and possible newer update

  Hi
  Please assist with identifying current VBIOS and possible newer update. I have a MSI GTX 670 PE OC. I have attached ROM file as per -> https://forum-en.msi.com/index.php?topic=167763.0
  Please use link to download here -> http://rapidshare.com/files/3848283025/GK104.rom
  Thanks
  PS: is my VBIOS a hybrid BIOS or regular one?

  Quote from: Svet on 03-April-13, 03:46:59
  Download permission denied by uploader. (0b67c2f5)
  Strange, when I tried it it appeared to work. Looks like permissions. Please try again
  File link -> https://rapidshare.com/files/3848283025/GK104.rom

• Possible new virus/malware? slui.exe in %Userprofile%\AppData\Roaming

  Hi,
  I would like to start a discussion for one strange problem that I encountered in my company. Four Notebooks with Windows 7 x64 Enterprise SP1 versions all of a sudden after 1-2-3hours period cannot open any webpage trough any browser (IE,FF, Chrome) but
  everything is pingable via command prompt. We made sure that it is not a DNS problem, whole network is functioning properly.
  After one college called me because of the problem described above I started to dig trough the active processes that were running in that moment and slui.exe caught my attention because it was unusual for me to see that process even running. The process
  itself is very small, only 54k. And starting folder is located in userprofile\AppData\Roaming\DNCache folder, in there are a couple of files (see picture bellow). That is not a location for slui.exe in my humble opionion, slui.exe resides in System32 folder.
  You cannot delete the folder because it is being used, even with file unlocker it won't let you delete it. I went to SAFE mode and deleted it. Also in safe mode run msconfig and clear out any files that have "Unknown" manufacturer and start with
  d..something, sorry cannot remember the correct name, but are the same as in DNCache folder. Our company uses Microsoft Forefront for protection. I am now waiting to see if I have solved the issue.
  Could that be somekind of a virus/malware?
  Thanks,

  Hi,
  Based on m research, “suli.exe” has not been recorded into MS data. It may be not a virus.
  Best Regards
  Quan Gu

• Possible new Creative Zen 40GB MP3 play

  Hi there, does anybody know if there would be a new Creative Zen 40GB MP3 player due out soon? Here in Malaysia, the new Creative Zen 20GB MP3 player has replaced the Zen Touch 20GB player, and only the Zen Touch 40GB player is still available. Been wondering if I should wait for a new Creative Zen 40GB player instead of getting the Zen Touch 40GB player now. The Creative Zen has better specs then the Zen Touch except for the battery life which is only rated for hours. A big let down from the previous 24 hours battery life of the Zen Touch. Now, it would be just perfect if the new possible Zen 40GB player had the improved specs together with the 24 hours battery.

  Most probably, you know how Creative is making a Zen Photo or something, does that reminds you of the iPod Photo You'll just have to wait though, currently I'm just happy with my 5 Gig, it has more than enough space

• Possible new version of Flashback trojan

  Dear all,
  today I experienced some problems just like the people in these two threads:
  https://discussions.apple.com/thread/3355170?tstart=0
  https://discussions.apple.com/message/16280207#16280207
  Among others, my finder sidebar suddenly said SD5, SD6, SD7 instead of "Devices", "Shared" etc., and Skype crashed when trying to start it.
  Examining Skype's crash report revealed the following line:
  0x154c000 -  0x1574ff3 +.AiseesoftFLVConverter.so ??? (???) <23EEF509-128B-B224-D44D-313574EE83D3> /Users/Shared/.AiseesoftFLVConverter.so
  which happened to share resemblance with the file <user>/.MacOSX/environment.plist, the content of which contained :
  <dict>
       <key>DYLD_INSERT_LIBRARIES</key>
       <string>/Users/Shared/.AiseesoftFLVConverter.so</string>
  </dict>
  While I've renamed the two files, and my system has returned to normal behaviour, I'm not entirely sure I've deleted every part of the trojan. As for the files that are mentioned in the links above, I've moved and renamed the environment.plist file, but I wasn't able to find any of the other files mentioned:
  .MacOSX/environment.plist
  Library/LaunchAgents/com.apple.SystemUI.plist
  Library/Preferences/perflib
  Library/Preferences/Preferences.dylib
  Library/Logs/swlog
  I'll be happy to provide any further information/trojan files if someone thinks there's something they can do with it.
  One problem remains, as can be seen in the following screen shot. My <user>/Library/Preferences/ directory seems to have been altered or tampered with in some way, is there any chance there is still an active and malicious part of the trojan on my computer?
  All help is appreciated! Thanks in advance

  Thanks for the replies!
  I've been aware of malicious Flash installers and therefore have been very cautious to install Flash from the official Adobe website only. I haven't downloaded any program from non-official websites. Here's my download list in the past couple of days before I discovered the malware:
  VLC 2.0 from the official website
  Several files from my internal university page (I assume this isn't infected though, mostly zip files containing MATLAB and Maple scripts)
  I tried to open the .so file in an editor to see if there was any more information about the malware in there, but when I did, Finder issued the following warning:
  (renamed the files to "<filename>OLD")
  Normally, when you download something, the respective download link is included in the file's info, so naturally I checked it out, but it did not contain a link.
  So, I'm afraid I can't provide a link, sorry. Any chance there's a hidden directory of downloaded files somewhere?
  To clarify about the files' contents:
  ~/.MacOSX/environment.plist contained (in the standard plist format which I didn't include):
  <dict>
       <key>DYLD_INSERT_LIBRARIES</key>
       <string>/Users/Shared/.AiseesoftFLVConverter.so</string>
  </dict>
  Users/Shared/.AiseesoftFLVConverter.so is a ~420 KB file, I uploaded it to the following link.
  Caution! Malware, download at your own risk
  http://www.mediafire.com/?e3qlnmhs6y97ia2
  Caution! Malware, download at your own risk
  I only renamed it to "<filename>OLD" and I haven't tampered with it in any other way. (I also sent it to a friend to help me examine it and he wasn't infected, so I assume just downloading the file should be safe. I added a disclaimer so people don't blindly click on it without knowing what they're getting into. )
  Skype crash report from yesterday when the "symptoms" of the virus occured
  http://pastebin.com/cDYnWq06
  java -version returns the following:
  java version "1.6.0_29"
  Java(TM) SE Runtime Environment (build 1.6.0_29-b11-402-10M3527)
  Java HotSpot(TM) 64-Bit Server VM (build 20.4-b02-402, mixed mode)
  My Mac OS X was also up to date with the exception of the security update from the beginning of February 2012, but I installed it following the incident.
  I am also aware of all kinds of man-in-the-middle attacks using counterfeit certificates, so I'm very cautious when I see pop-ups like that. I'm sure I didn't approve any certificate like shown in the Intego article.
  Any to clarify once more, I didn't update my Flash using anything other than the official Adobe site, and that must have been quite longer ago than two days.
  So according to the file opening dialogue above, the AiseesoftFLVConverter.so file was downloaded on 19/02/2012. According to the Finder's own tools, the only two other files that were created during that day were the folder ".MacOSX" and the file in it, "environment.plist". AiseesoftFLVConverter.so itself was created on 21/01/2012, and no other relevant files were created during that day.
  I deinstalled XCode a couple of months ago to have some space for other data, so I can't do this myself. But if someone who's interested in this stuff could try examining the .so file using otool and see if there's something interesting, that'd be really cool.
  Although I'm almost sure I've deactivated the virus, I'll safe reformat my drive and put a clean install on it. Is there any further information I can provide at this time?
  Is there any way for me to find out where I got the virus? To me there's no obvious answer, as I try to be as safe as possible when browsing the internet, apparently not safe enough though. I'd be glad to help prevent an attack like this from affecting others, so if there's anything I can do, please let me know. Also, is there a team at Apple directly who work on anti-malware who I can contact and send the files to?
  Thanks for the help!

• Is there a possible new PC incompatability with DVDs?

  Hello all,
  Our clients are starting to bring us DVDs that have QuickTimes that have been burned on PCs running video editing software(Avid I believe). The DVDs are data formatted rather than "movie type". Our problem is that on every single one of our Macs, the DVD just doesn't show up. We have G5s and iBooks and iMacs, about 12 machines all told, and not one of them will read these DVDs. One of those G5s even has a brand new LG external USB optical drive that's supposed to be able to read/write anything. However, the DVDs show up just fine in one of the older PCs we have here. Can this possibly be some weird Vista thing? I've read in some other posts about QT 7.3 messing up the ability of the drives to read. Is it that maybe?
  Thanks, Ninja Bob.

  Well, after talking with the tech from the video house, I figured out that the format he was using to burn the DVD was incompatible with Macs. I'm pretty sure he was using Roxio's Easy Media Creator, and he was using the latest Joliet setting. One setting that worked was the Joliet/UDF. There ws another setting called ISO 2, but I didn't get to try it.
  I hope this helps others.
  Ciao, NB

• Possible new percentile function?

  Hi,
  I'm running "Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production".
  I need to calculate percentiles, so I believe I have two choices: PERCENTILE_CONT() or PERCENTILE_DISC().
  I also need to get the same results as the SPSS and SAS tools.
  Comparing the results, neither of the Oracle versions give the same result as SPSS/SAS. I think this is due to how Oracle determines what row numbers to use.
  Oracle takes row RN = (1+ (P*(N-1)) where P is percentile and N is number of ordered rows.
  For PERCENTILE_CONT(0.1) from a 16 row set that would give row 2.5 as the starting point.
  http://docs.oracle.com/cd/B28359_01/server.111/b28286/functions115.htm
  SPSS and SAS uses the formula RN = P*(N+1) which gives row 1.7 for a 16 row set.
  Now, would it be possible for me to write a PERCENTILE_SPSS() function?
  The samples of analytical/pipelined functions I have seen (and written) are happy to use the rows in the set one by one, to calculate some special min/max/avg/etc.
  For this function I would need either
  1 - to know the number of rows in the set, from the first call of my function, and calculate the percentile as my function "passes" the desired rows
  or
  2 - save all values in the set and calculate the percentile at the end
  The first sounds impossible, the second sounds expensive for a large table.
  Any suggestions?
  Kind regards
  Tomas

  You'll be more successful in the forums if you focus on the issues, questions and suggestions rather than make assumptions about why those questions or suggestions are being asked or made. Your unwarranted personal comments are unprofessional and indicate a lack of maturity.
  My questions were, and are, solely to elicit information about your actual issue so that suitable solutions or workarounds can be determined. There was no 'lecture' anywhere in any of the information that I provided; just statements and quotes from experts.
  The articles and quotes I provided were intended to show you that there isn't a universal agreement on a definition for those 'percentile' calculations. That would signal at least a 'caution' flag.
  >
  I'm asking if it's possible to write a custom-made analytical function when the formula needs to know the record count.
  >
  Yes - it is possible. In my opinion it isn't feasible. Any attempt to reproduce the exact proprietary algorithm that any vendor uses would require knowledge about the internals of that vendor's code that jsut aren't likely to be known or available: what precision is being used for intermediate results? What rounding methods are being used? What is the exact order of operations. Were any of those factors changed between versions. Did the vendor make any bug fixes?
  Any testing you do with any manageable set of test data won't ensure that there aren't data sets that will produce slightly different results.
  So writing such a function is one thing; trying to duplicate existing functionality is something else. The vendor's own implementation may have changed due to bug fixes so the results from that vendor may depend on the actual version being used.
  >
  Oracle does not have to match, I've never said that.
  My report, running in Oracle Reports, do need to match the results of an old report.
  >
  Well I read that as saying that Oracle does need to match. Your second sentence pretty much says exactly that.
  Again, my question was to try to understand why Oracle needed to produce a NEW report from OLD data that matches information in a PRINTED report from the past. That is a very unusual requirement. I've never run across such a requirement in more than 30 years and I have written thousands of reports using Crystal Reports (now BO), Oracle Reports, RPG and many other tools.
  It is often not possible to reproduce ANY report from the past due to the ever-changing nature of the data in the database. Data gets updated, deleted, inserted even when it shouldn't.
  >
  I have considered typing in the old values and selecting them.
  >
  That is the only method guaranteed to produce the same results. And that is about the only method that will pass the stringent auditing and Sarbanes-Oxley requirements that many organizations have to abide by. Those auditors won't allow you to just change the data to make things come out the way you want. You have to PROVE the provenance of the data: where did every piece of data come from, what changes were made to it (and when and by whome) and how were any accumulations performed.
  Using a custom function and merely showing that the results, on paper, match would not sway any auditor I've ever had to deal with. You may not have an issue of having to prove the data. That's why we are asking questions. To try to understand what options are viable for you.
  >
  That would mean I'd have to use SPSS to produce future values to store.
  >
  Yep! That's one of the main drivers for a lot of the ETL processes that exist. There are multiple systems of record. A PeopleSoft system might be the SOR for Inventory while an Oracle financials system might be the SOR for the financial and payroll data. ETL tries to merge and match the data. Trying to keep those ETL processes up to date with the changes going on in all of the source systems is a MAJOR headache.
  The standard solutiion for that use case is to select an SOR for reporting and then create ETL processes that bring the SOR data from each source system to the reporting SOR. For your use case that might mean using SPSS to produce data in report-ready tables and then use ETL to bring that data to the report server where it can be merged with data from other systems.
  >
  That's just too much manual labour for my taste.
  >
  Welcome to the real world!

• Possible new section for the website.

  At the top right of the Arch website, you have the sevral tabs, e.g. "home", "forums", "wiki" etc. I personally think that a clincher for allot of brand new linux users is a "media" section.
  When i first started using Linux, I used to browse round sevral diffrent sites for diffrent distro's and check out their screenshots, of course now ~3 years down the pipeline I know this means nothing, but for new users its a nice thing to see.
  Last friday whilst I was at college, I was trying to "convert" one of my friends to Linux, explaining all the advantages of a package manager and a customisable init system, when all he cared about was distro screenshots, when he found none on the main page of the arch site, he quickly moved on to Fedora/PCLinuxOS etc.
  The addition of an extra media section, listing community and stock backgrounds/screenshots I think would be a great addition to help attract some more attention to the site.
  I think there was a screenshot section like 1.5 years ago (I saw a fluxbox screenshot I really liked ), but im not sure where thats gone,  think it was art.archlinux.org, but that has since died.
  A range of screenshots would demonstrate Arch's flexibility and userbase, aswell as community and offical wallpapers.
  Just my $0.02, what you reckon?

  Crooksey wrote:
  @neotull
  I see excatly where you are coming from, but Im talking about drawing more attention to arch, mainly through the people who troll distrowatch/linux sites all day, when new users are doing resarch they look at pcitures and what is possible not features, so im simply suggesting a page that shows what is possible with arch linux. Maybe a few diffrent images, updated each month from sevral shots from the Screenshot thread (chosen by whoever updates the site).
  I've been thinking about like minded thoughts lately, and I think this is a good place to let them go.
  1st. I understand the so called need for screenshots.
  2nd. I understand it's not really arch, when were talking about screenshots.
  What I actually was _just_ thinking about, say 30 minutes ago, were the wiki pages and the step by step tutorials the wiki provides. Now wouldn't it be nice to have a cool looking desktop screenshot and then have a wiki to walk you through the installation of all the cool stuff you'd need for such a thing? I think, that would not only be a learning experience with pacman, but also a true guided tour for someone "from the ground up" with linux. A learning experience with the basics of what happens when you boot up the machine and end up in that vc/1 wondering "Whattaaa???".. and then beyond 'till one finds him/herself staring at the desktop _picture_ s/he saw a couple days back..
  Aghh.. I hate when this happens, my fingers are not keeping up with my head!!
  Now this would (in my head atleast) mean a few basic "arch setups" (one "arch setup" per each of the most used dm's, kde, gnome, xfce?) which would have an "official" screenshots in arch's site, and if someone would like one of them pictures, there'd be a tutorial how to achieve it. And once these so called official screenshots had been introduced, it'd mean basically almost any of us with the same dm could help in a way or another the new archer to achieve her/his goal, (..I think xorg.conf would propably be the first squared tire) and then the fresh archer could _instantly_ help the next one with like minded problems.
  I can of course speak for myself only, but the easiest way for me to learn is by doing things. This is one of the main reasons I'm still sticking with arch, I love it when you have to add stuff manually to a file to make things happen automatically from now on. Not just ..install ..and ....done ...and.. wtf?! why am I running out of memory ?!..
  I got fed up tweaking msconfig and the registry after every install I made, so I jumped
  Last edited by sm4tik (2008-01-04 03:51:40)

• Possible New Customer w/ Questions

  I'm on day 20 of a 30 day trial at T-Mobile and would like to get the iPhone at Verizon.  If I wait until the iPhone comes out at Verizon, I would be past the 30 day cancellation period at T-Mobile. 
  Is it possible for me to get a temporary phone, sign up for service at Verizon, and still purchase the iPhone at the new customer price next month?  I'm thinking of buying a used phone after-market or borrowing one from a friend. 

  As long as the phone you use it not recieved with a contract then yes, you will be able to upgrade at discounted prices.

• New malware targets Linux and Mac OS X

  http://www.techspot.com/news/50009-new- … -os-x.html
  pacman -S iptables shorewall
  then to block the malware as root do
  iptables -A INPUT -s 212.7.208.65 -j DROP
  iptables -A OUTPUT -d 212.7.208.65 -j DROP

  Why not just make sure WIFIADAPT isn't sitting in your home directory?
  How exactly is this thing supposed to install and run without the user's knowledge?
  I don't see that shorewall is required to block as you suggest. I could perfectly easily install those rules with just iptables.
  Note, too, that those rules won't block the malware, what they are designed to do as I understand it is to stop the installed malware from  communicating with the server. What I don't understand is why the advice is not to delete the malware. I could understand installing those rules as a precaution in case you later get infected and don't notice. But if as the article says you suspect you are already infected, why not delete the thing if it is really sitting in your home directory like that?

• Possible virus/malware...?

  Hello,
  Kind of an odd question here, looking for advice from folks who know something about viruses and malware.
  So today I had to go onto a website for work that required IE to run correctly. I pulled out my old PC laptop that I haven't used since I got a Mac a year ago. Said PC was already starting to fall apart, and was itself probably full of malware. In any event, it hadn't been updated, or turned on, for ages.
  Once it boots up, I turn on the wifi, connect to my home network... and suddenly the internet in the house stops working. I try to go online with my Mac and it won't connect. I turned off the old PC, but the wifi still wasn't working for a good five minutes or so. It finally came back on.
  This could just be placebo from fear that my old PC screwed everything up in the house, but I'm suddenly aware of the sound of my Mac's hard drive running even when my computer is at relative rest.
  Anyways, the past fifteen minutes were a little weird tech-wise. I guess my question is, should I be worried that my crappy old PC jacked up my wifi network with malware when I booted it up, and that somehow may have affected my Mac? As of right now the computer appears to be running fine.
  Kind of a far-fetched question I know, but I know virtually nothing about this sort of thing. The internet in my house randomly ceasing to work right when I turned on the old PC could be just a weird coincidence, but figured I'd ask anyways.
  Thanks in advance for any responses.

  I'd think that it was a 'weird coincidence' as you say.
  If it happens again, you may want to reset your router to factory settings. I don't know what type of router you have but there should be a method for resetting to factory settings somewhere in your manual.
  Good luck,
  Clinton

• Possible new feature for Macs

  Hi Guys,
  I have always been annoyed by not finding the right brightness on my display. It or either to bright or too dark.. BUT I came to the conclusion it is the whites on the display that makes it too bright and my eyes get tired.
  I think an excelent new feature for Macs would be to be able to just increase the brightness of DARK colors and have the bright colors increase at 50% rate or something like that.
  What do you think?
  Edwin

  This is a user to user forum.  Ideas like these might find there way into software developers hands.  If you wish to have Apple consider the idea, read the unsolicited ideas policy on http://www.apple.com/feedback/ and post there. Brightness of displays from my point of view, and for that matter glare can be very subjective, and hard to please everyone.  Your overhead and peripheral lights, as well as the light behind you make a significant effect on the perceived brightness of the display. Anti-glare displays are truer to real life brightness and color than glossy displays.  People who may not notice as much difference probably wear glasses or contacts as they add highlighted glare to your vision that isnt' there with unaided sight.  People used to viewing glossy photos may prefer glossy displays well.  But when it comes to realism, the anti-glare displays are closer to reality.

• Flash Player is the new malware !

  I had a perfectly functional old Flash 10.0.32 with any security holes covered by my Security.protection
  When I discovered 36 vulnerabilities I decided to "upgrade",
  with no assurance that the latest version did not have at least another 100 vulnerabilities waiting to be discovered and exploited.
  I was horrified that you seem to clickjack me.
  I thought I was clicking for Flash 10.1, but what you gave the Firefox download manager was a GetPlus download manager.
  Why on earth would I want your UNPROVEN download manager, WHICH YOU STATE HAS AN UNPATCHED VULNERABILITY ! !
  I only came here to improve security on a dodgy Adobe product for which I have only rare use.
  IT IS NOT ACCEPTABLE THAT YOU DUMP ANOTHER HACKERS HIGHWAY ONTO MY SYSTEM.
  It is also disgusting that when you gave mme Getplus INSTEAD OF the expected FLASH,
  I had to accept this with no assurance that it would finally deliver Flash -
  For all I knew you could have been downloading a keylogger and identity theft device.
  I also am horrified by your incompetance demonstrated by the new high risk way of doing things :-
  You totally failed to perform the download and upgrade after my many repeated attempts.
  I gave up trying to upgrade.
  Then I found that a site which always worked well now had problems due to my Flash being totally busted by your attempts.
  You bungled everything - you even crippled the old version that had been functional.
  I finally went back to the old way and uninstalled the broken Flash by using
  http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe.
  I then used the old way of a direct download of Flash 10.1, but again your GetPlus download manager had its evil way.
  I now have Flash plugin 10.1.53, and have removed (so far as I can see) your wretched GetPlus virus downloader.
  My computer seems to have survived all your exploits,
  but I am still steaming over all the needless aggravation Adobe has caused me.
  When I was given this P.C. one of the first major bloat things to be un-installed was Adobe Reader.
  I did not like a few 100 MBytes of bloat to do what other readers achieve with less than 10 MBytes,
  and I especially did not like the fact that by the time Adobe had started up I had forgotten which PDF I needed to read.
  With a little more experience I now realise there are far more important reasons to avoid / replace Adobe products.
  I am now anxiously waiting for HTLM5 to replace Flash.
  Alan

  Thanks for the information,
  but not looking forward to needing it when existing vulnerabilities are identified.
  I saw that GetPlus has a vulnerability when I looked at the Adobe FAQ before I allowed GetPlus to invade me.
  Google gives 8 results for "getplus vulnerability",
  or 43,400 results when omitting the quotes.
  The 43,4000 results are reduced to 89 when I use Advanced search to restrict the search to Adobe.com.
  I forget the precise phrase I saw in the Adobe FAQ which increased my concern over the GetPlus fellowtraveller,
  but it definitely advised that there was an as yet unpatched vulnerability.
  I cannot now find the relevant FAQ.
  I guess my efforts are hampered by my Honours degree in technology instead of a degree in stupidity.
  I am pretty sure that I saw the click opportunity to access the relevant FAQ whilst enroute to actually installing this unwanted downloader,
  and I have no wish to go through that aggravation again - but I assure you the admission of this problem does appear on Adobe.com.
  Alan

• New malware?

  Since a couple of days my iMac (Snow Leopard (10.6.8) would not start up when it is connected to the Internet. Blue
  screen appears, and the desktop never appears. If I disconnect the Internet or turn off the modem, it loads
  correctly and works as usual. If I turn on the modem while the computer is already on, it freezes or gets extremely
  slow - impossible to open any application or turn it off in a normal way. I called my Internet provider, we reset
  the modem, and I connected my old PC to test the modem with another computer. It works without problem. After the
  reset I tried it with Mac again. The computer was able to start up, very slowly, and I managed to set up the
  Internet connection again. But then a message appeared on the screen saying "Please type you computer password in
  order for Dropbox to function properly". I clicked "cancel". After that the computer became incredibly slow again,
  freezing each time I clicked the mouse.
  I would like to run ClamXav or another antivirus software but can not do it because I need to get definitions from
  Internet, and the computer becomes not usable as soon as it's connected to the Internet.
  Does it look like a malware? The message that appears by itself proposing to enter the password for the computer
  seems not to be normal.
  I would really appreciate some advice!

  Ok.
  /private/var/run/StartupItems
  - folder doesn't exist.
  /Library/StartupItems
  - folder "EmagicA26A62mFirmwareLoader" containing items: StartupParameters.plist, Daemonizer,
  EmagicA26A62mFirmwareLoader, EmagicA26A62mFW
  - folder "Jaksta" containing items: StartupParameters.plist, Jaksta (application "Jaksta" is not installed on my computer)
  - folder "Qmaster" (see screenshot):
  /System/Library/StartupItems
  - folder is empty
  /Library/LaunchDaemons
  - 5 items, see screenshot:
  /System/Library/LaunchDaemons
  - 164 items, see screenshots:
  Is there anything that should not be there?
  Thank you!