Re: I got a malware, how do I get rid of it?

I got my MacBook Air corrupted by pop up warm and probably other things through Safari, and decided to go to Genius Bar on Friday the 13th, and asked to do hard reset (or clean install), thinking that I could recover from my Time Machine backup. However, the Time Machine was black before the date I did reset, and it did recover along with the virus and warms when I did with the restore by migration assistant.  So, I went in on Monday the 16th, to reset again. I decided to get the whole backup spars-bundle thing copied to another backup disk. It gave me an error saying my other backup disk does not capacity, so I went to Staple to get the 1TB cheapest backup drive.  Unfortunately, it is spinning hard drive and copy took three to four days because I did not realize that the reset default was to sleep in every 30 min, or something.  After finally copied the total 450GB or so, I copied the "Document" folder of June 10th from the copied files in the new backup drive to my newly restored computer.  Here is my current problem on Monday the 23rd.
The copied files had permissions that does not have me (administrator of my computer) as user, rather Fetch as user. so I did this after reading https://discussions.apple.com/message/17158710
I ran the code on Terminal.
chflags -R nouchg ~/Documents
However, one of my application AccountEdge gives me permissions errors and other things.  "Numbers" let me open the existing excel file, but won't let me save the modified file in numbers. Apparently all the permissions in the subfolders are not corrected.  I hope it is only the permission issues.
How can I change the permissions in Document folder globally accessible by me the user?
The diagnostics says here:
System Version: OS X 10.9.3 (13D65)
Kernel Version: Darwin 13.2.0
Boot Mode: Normal
Model: MacBookAir4,2
USB
   My Passport 07B8 (Western Digital Technologies, Inc.)
System diagnostics
   2014-06-16 installd spin
Kernel messages
   Jun 18 08:32:00   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/ backup disk
   Jun 18 08:32:00   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data-1
   Jun 18 08:32:04   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data
   Jun 18 08:32:04   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data-1
   Jun 18 08:32:04   ASP_TCP CancelOneRequest: cancelling slot 16 error 35 reqID 35786 flags 0x29 afpCmd 0x44 so 0xffffff803ef93650
   Jun 18 09:00:53   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data-1
   Jun 18 09:00:53   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/ backup disk
   Jun 18 09:00:57   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data
   Jun 18 09:00:57   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data-1
   Jun 18 09:00:57   ASP_TCP CancelOneRequest: cancelling slot 25 error 35 reqID 36062 flags 0x29 afpCmd 0x22 so 0xffffff803ef93650
   Jun 18 09:20:53   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data-1
   Jun 18 09:20:54   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/ backup disk
   Jun 18 09:20:54   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data
   Jun 18 10:13:06   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data-1
   Jun 18 10:13:06   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/ backup disk
   Jun 18 10:13:06   AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Data
   Jun 18 10:13:09   ASP_TCP CancelOneRequest: cancelling slot 18 error 35 reqID 40614 flags 0x29 afpCmd 0x45 so 0xffffff803ef93650
   Jun 18 12:41:07   wl0: Roamed or switched channel, reason #1, bssid 00:1b:63:18:04:c5
   Jun 18 12:41:10   wl0: Roamed or switched channel, reason #8, bssid 00:1b:63:18:04:c5
   Jun 18 15:45:35   msdosfs_fat_uninit_vol: error 6 from msdosfs_fat_cache_flush
   --- last message repeated 11 times ---
   Jun 21 07:48:58   wl0: Roamed or switched channel, reason #8, bssid 00:1b:63:18:04:c5
   Jun 22 12:22:44   jnl: disk5s2: write_journal_header: error writing the journal header!
   Jun 22 12:22:44   hfs: Runtime corruption detected on Time Machine Backups, fsck will be forced on next mount.
   --- last message repeated 10 times ---
Pageouts (MiB): 1723
Extrinsic daemons
   com.adobe.fpsaud
launchd items
   /Library/LaunchDaemons/com.adobe.fpsaud.plist
   (com.adobe.fpsaud)
Extrinsic loadable bundles
   /Library/Internet Plug-Ins/Flash Player.plugin
   (com.macromedia.Flash Player.plugin)
   /Library/PreferencePanes/Flash Player.prefPane
   (com.adobe.flashplayerpreferences)
User login items
   iTunesHelper
Restricted user files: 20870
Elapsed time (s): 100
Now my approach is to try to get the June 10th backup folder from Time Machine Backups, which was not available to see from my MacBook Air last week, but now it seems visible, try to go back there in TimeMachine, and restore and override the new installs or any other.  I think mail will reload the last week and everything is going to be there.  Then I have to go back uninstall MacKeeper and other things if there is using The SafeMac.com instructions, to get around the permission issues.  I will not copy the Applications and other folders. 
IF it works, it's like there was no reason to buy this backup hard disk.  I wasted one week.
I will let you know if anything goes wrong...

Some of your user files (not system files) have incorrect permissions or are locked. This procedure will unlock those files and reset their ownership, permissions, and access controls to the default. If you've intentionally set special values for those attributes, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it, but you do need to follow the instructions below.
Back up all data.
Step 1
If you have more than one user, and the one in question is not an administrator, then go to Step 2.
Enter the following command in the Terminal window in the same way as before (triple-click, copy, and paste):
sudo find ~ $TMPDIR.. -exec chflags nouchg,nouappnd {} + -exec chown $UID {} + -exec chmod +rw {} + -exec chmod -N {} + -type d -exec chmod +x {} + 2>&-
This time you'll be prompted for your login password, which won't be displayed when you type it. Type carefully and then press return. You may get a one-time warning to be careful. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.
The command may take several minutes to run, depending on how many files you have. Wait for a new line ending in a dollar sign ($) to appear, then quit Terminal.
Step 2 (optional)
Take this step only if you have trouble with Step 1, if you prefer not to take it, or if it doesn't solve the problem.
Start up in Recovery mode. When the OS X Utilities screen appears, select
Utilities ▹ Terminal
from the menu bar. A Terminal window will open. In that window, type this:
res
Press the tab key. The partial command you typed will automatically be completed to this:
resetpassword
Press return. A Reset Password window will open. You’re not going to reset a password.
Select your startup volume ("Macintosh HD," unless you gave it a different name) if not already selected.
Select your username from the menu labeled Select the user account if not already selected.
Under Reset Home Directory Permissions and ACLs, click the Reset button
Select
 ▹ Restart
from the menu bar.

Similar Messages

  • Hi, I D/L'd FF 23 but inadvertantly D/L'd it from a 3rd party, dalesearch took over FF I have stripped it out and run my malware how can I get rid of it.Thanks

    I downloaded FF 23 but inadvertantly from a 3rd party, FF was taken over by something called Dalesearch which apparently is malware, I stripped FF23 out ran my anti malware programme and re downloaded FF23 from the Mozilla site, everything works now but Dalesearch is permanently in my search window but not active. I can overwrite it and all is ok. Can anyone tell me how to get rid of this completely as it is a bit worrying. I can find my way around a computer but am not an expert so please no complicated answers.
    Many thanks Pete30

    Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
    You can try these free programs to scan for malware, which work with your existing antivirus software:
    * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner]
    * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware]
    * [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility]
    * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro]
    * [http://www.eset.com/us/online-scanner/ ESET Online Scanner]
    [http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.
    Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article.
    You may also want to see the ....
    * [[Disable or remove Add-ons]]
    * [[Remove a toolbar that has taken over your Firefox search or home page]]
    Always download Firefox from mozilla.org

  • HT4650 My Mac book has got a virus how can I get rid of it

    Dose any  body have any info that can help meu

    I seriously doubt that your MB has a virus seeing as how there are no virus on the Mac.
    What is happening that makes you think that?
    Allan

  • How do I get rid of "slick savings"?

    All of a sudden I have a shopping assistant called "slick savings"  I don't know how I got it, but how do I get rid of it?

    Helpful Links Regarding Malware Problems
    If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.
    Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
    The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
    Fix Some Browser Pop-ups That Take Over Safari.
    Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
    Quit Safari
    Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
    Relaunch Safari
    If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
    This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
    An excellent link to read is Tom Reed's Mac Malware Guide.
    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
    See these Apple articles:
      Mac OS X Snow Leopard and malware detection
      OS X Lion- Protect your Mac from malware
      OS X Mountain Lion- Protect your Mac from malware
      OS X Mavericks- Protect your Mac from malware
      About file quarantine in OS X
    If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

  • I got a fake message from the FBI and now I supposedly have the Reveton virus and Citadel malware. Can a Mac even get these? If so, how do I get rid of them?

    Can a Mac get the Reveton virus and Citadel malware? If so, how do I get rid of them?

    See:
    FBI ransomware “virus” rampant

  • I just got an iPad 2 and have not yet synced to my computer. I don't want to have all the duplicate songs in my iTunes. How do I get rid of duplicates?

    I just got an iPad 2 and have not yet synced to my computer. I don't want to have all the duplicate songs in my iTunes. How do I get rid of duplicates?

    You don't say whether you are on PC or Mac. For Mac there are these two programs which might help (I havn't tried either) :
    http://www.apple.com/downloads/macosx/ipod_itunes/songsergeant.html
    http://www.apple.com/downloads/macosx/ipod_itunes/idupe.html
    There are probably similar programs for PCs, but I don't know what they are. On a PC you can hold the shift key and do File > Display Exact Duplicates (without the shift they may not be exact matches) - if one of each duplicate pair has the same date added then you can sort by that and then delete those with (or without) that date.

  • How do i get rid of malware on my macbook pro

    I am not computer savvy, I tried to watch NFL live through safari and ultimately came down with a bad case of malware where I am constantly getting pop ups and my internet is extremely slow now. How can I get rid of this malware?

    There is no need to download anything to solve this problem.
    You may have installed one or more of the common types of ad-injection malware. Follow the instructions on this Apple Support page to remove it. It's been reported that some variants of the "VSearch" malware block access to the page. If that happens, start in safe mode by holding down the shift key at the startup chime, then try again.
    Back up all data before making any changes.
    One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.
    If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, ask for further instructions.
    Make sure you don't repeat the mistake that led you to install the malware. It may have come from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
    Malware is also found on websites that traffic in pirated content such as video. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
    In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
    Still in System Preferences, open the App Store or Software Update pane and check the box marked
              Install system data files and security updates (OS X 10.10 or later)
    or
              Download updates automatically (OS X 10.9 or earlier)
    if it's not already checked.

  • HT1766 My ipod 4g keept crashing so then i read on this website to go to settings and rest everything. And when i did everything on my ipod got deleted.I tried restarting it but i didnt restore my ipod before everthing got erased. How can i get it all bac

    My ipod 4g keept crashing so then i read on this website to go to settings and rest everything. And when i did everything on my ipod got deleted.I tried restarting it but i didnt restore my ipod before so everthing got erased. How can i get it all back???

    Restore from backup if you have one:
    To restore from backup see:
    iOS: Back up and restore your iOS device with iCloud or iTunes       
    If you restore from iCloud backup the apps will be automatically downloaded. If you restore from iTunes backup the apps and music have to be in the iTunes library since synced media like apps and music are not included in the backup of the iOS device that iTunes makes.
    You can redownload most iTunes purchases by:
    Downloading past purchases from the App Store, iBookstore, and iTunes Store        

  • My non apple laptop died, got new laptop, how do i get my phone to recognize new laptop?

    my non apple laptop died, got new laptop, how do i get my phone to recognize new laptop?

    Plug it in and sync it

  • Installed office for mac (trial version). now I got 2 excel files, which cannot be deleted. I googled the names of the sheets and found chinese websites I never visited. Are those dialers? How can I get rid of them? system is mac lion(with win 7 parallel)

    now I got 2 excel files, which cannot be deleted on my desktop. I can't open them, either. I googled the names of the sheets and found chinese websites I never visited. Are those dialers? How can I get rid of them? system is mac lion (with win 7 parallel)

    The people who make that stuff have their own forums you can also search/ask in:
    http://answers.microsoft.com/en-us/mac/forum

  • I was told by comcast that we had a computer in the house with a malware virus, they even said that they were going to terminate our service if we did not get it fixed. Now this week we hear that there is a trojan malware virus, how do we get rid of it?

    I was told by comcast that we had a computer in the house with a malware virus, they even said that they were going to terminate our service if we did not get it fixed. Now this week we hear that there is a trojan malware virus, how do we get rid of it?

    Hello,
    Flashback - Detect and remove the uprising Mac OS X Trojan...
    http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
    In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
    /Library/Little Snitch
    /Developer/Applications/Xcode.app/Contents/MacOS/Xcode
    /Applications/VirusBarrier X6.app
    /Applications/iAntiVirus/iAntiVirus.app
    /Applications/avast!.app
    /Applications/ClamXav.app
    /Applications/HTTPScoop.app
    /Applications/Packet Peeper.app
    If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
    http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
    http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
    Check now whether your Mac is infected by Backdoor.Flashback.39!
    http://public.dev.drweb.com/april/

  • My iPhone hasn't got facetime. How can I get it?

    My iPhone hasn't got facetime. How can I get it?

    It is standard on the iphone 4.
    Tap contats, select the contact you want to call, scroll down to the facetime button.

  • HT5012 How do I get rid of a email that we put in when we got it and I forgot the password to that email

    How can I get rid of a email that I put in when I got-my. iPad  I cannot remember the password and it pops up when I try to get my iCloud app

    You will need to recover the password to the Apple ID.
    Start here:
    https://iforgot.apple.com

  • I had a pop up which turned out to be a malware virus on my iPad how do I get rid of it

    I had a pop up which turned out to be a malware virus on my iPad how do I get rid of it

    I didn't know you could even get one with an iPad.  Are you sure it installed something?  I see them pop up for my computer occasionally but they will pop up for any computer whether or not they can actually do anything or not.
    I'll let more experienced heads answer this one but they will certainly want to know the name of what it was you saw, unless it really is a case of nothing to worry about.

  • Just got a new MacMini.  Migrated files using Time Machine.  However, now, on Launchpad, I see several Firmware updates that were relevant for the old machine, but not for the new one.  How do I get rid of these updates?  They won't delete!

    Just got a new MacMini.  Migrated files using Time Machine.  However, now, on Launchpad, I see several Firmware updates that were relevant for the old machine, but not for the new one.  How do I get rid of these updates?  They won't delete!

    Only thing I can think of is trying this Lion trick...
    http://www.cultofmac.com/106030/how-to-nuke-lions-launchpad-and-start-over/10603 0/

Maybe you are looking for

  • Apple TV stuck on 'computers and settings'

    What works is to change 'location' in the settings menu to the 'United States'. Thanks to Dean at Apple for helping figure this out.

  • Excise tax indicator maintainance

    Dear all i have problem with excise tax indicator maintainance.i given the exact problem below Exc. tax ind. not maint. for 1 1 - please maintain. how can i maintain this? regards ajit jaiswal

  • OT: looking for Logic Audio for Windows XP

    Apologies for the crass request, but I'm looking a cheap copy of Logic Audio that will run on Windows XP. I just found some old Logic Audio recordings I did years ago, but I've lost my LAGW 4 CD, and in any case, I'm not sure if LAGW 4 even worked on

  • Sql server migration from 2005 to 2012 (110)

    hi, experts,  the database of  .net web form application (Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1025  ) that I am responsible will be migrated to sql server 2012 (110).  the .net webform use the functions from System.D

  • Time settings for Caracas Venezuela in ICLOUD

    Time settings for Caracas Venezuela used to be GMT-4 (Caracas - La Paz), those settings were changed to GMT-4.30 some time ago. When I check these settings in my ICLOUD apparenty the have still the old GMT-4. So if I sinc my outlook with ICLOUD I get