"What to do now if I had the Flashback Trojan?"
I just did a software update (was overdue) that included the java security fix, and was immediately informed that the "OSX.FlashBack.iv" malware was found and removed.
Does anyone happen to know how serious a threat the malware presents, how to assess any potential damage it may have done, and what I might do to minimize any after-the-fact damage?
MadMacs0 wrote:
I'm pretty sure I would go to all the sites I could remember signing into that had significant financial data of mine on them and change my passwords. If I used the same password on multiple sites (I don't) I would change all those, as well. I already check all my transactions on a daily basis due to a mysterious Credit Card compromise a few months back, but if I wasn't, I would do that. A site called mint.com (run by Intuit) makes it easy to see everything at once, but the in order to do that I have to provide significant information to them.
I did go to all of my credit card/bank account sites and changed my user names and passwords. And this time, I'll print the info out, but won't do what I've done before (which was to store that info in a spreadsheet that I had saved to my drive).
As far as mint.com or any other third party is concerned (including the online backup-service companies), I simply don't trust them and/or don't have high enough confidence in the security measures they have in place to hand over my personal info.
I would certainly endorse the use of Little Snitch as being worth the time, money and effort to install, setup and maintain. It's not for everyone, but I've used it for years to keep track of what information leaves my computer. During the period when it first alerted users to the existence of the Flashback "N" variant I gained new respect for it's capability.
Thinking about Little Snitch again...I think I read somewhere that FlashBack checks out the system it has targeted and doesn't install itself if it detects the presence of Little Snitch. (If true, I don't know how FlashBack got into my system.)
Similar Messages
-
HT4651 What do I need to know about the Flashback Trojan?
Reading about the Flashback Trojan malware. How can I check to see if I'm infected? Could it be what's causing Youtube to run badly?
A good place to start is looking over the other numerous threads on the subject. Please look to your right under More Like This and you will find many other threads.
-
I've just signed up to iTunes Match as I have songs on my iPhone 4 which wont sync with iTunes as they are from CDs but I can't see my music in the cloud now. Anyone had the same problem and have an easy fix?
What fixed it for me:
On your computer, open iTunes > My iPhone (or whatever name you gave your iPhone) > "Music" page
Uncheck "Sync Music"
Click "Sync" button (bottom right)
Let it run and finish
Uncheck the box for every song, playlist, etc.
Click "Sync" button (bottom right) (This step may be unnecessary, but I did it and got the result I wanted.)
Let it run and finish
Check the boxes for the music you want on your iPhone
Click "Sync" button (bottom right)
Let it run and finish
See if that doesn't work for you. I tried a lot of things that did nothing, but this seems to have fixed it, and quickly. -
HELP! I had a Flashback Trojan/Malware on my Mac, I deleted it in trash, and now my Mac won't start.
At first my Mac Finder showed n81, n82, etc when you right-click it, instead of the commands " open new finder window", "hide" etc. I also noticed that sometimes, when I would go to sites such as facebook, it would redirect to a different site and I'd have to type in the address again to get to the site. Nothing else was wrong with it. Safari was not shutting down. It wasn't slow.
I did some research and found that I probably have the Flashback Trojan/Malware virus (whatever that is?) And so I followed what some people did (which got their mac fixed) .. I downloaded clamvax and tinkertool to find the malware (hidden files) and I deleted it in trash.. my computer seemed fine but when I restarted it, it wont turn on anymore.. the screen remains blue, the mouse could still be moved, but it stays that way..
did I lose all my files? am I being hacked as we speak? Is this virus very dangerous?! I am very paranoid and know nothing about this kind of stuff so please help!
BTW, the malware was from the game Farm Frenzy.. I have no idea how I got this... I never play online games.@Thomas, Thanks for jumping in. I had to take my wife to a Doctor appointment and things went down hill from there.
I note that you are using Mac OS X 10.5.x. It's important to understand that the Java vulnerabilities that allowed this malware to get established on your machine cannot be fixed in 10.5.x. You would need to upgrade to at least 10.6 (Snow Leopard) to be able to get a version of Java with those vulnerabilities fixed. (Correct me if I'm wrong there, Al!)
That's 100% correct. Natalia has the distinction of being the first OS X 10.5 user confirmed to be infected by Flashback as far as I can tell. That operating system is becoming increasingly dangerous as the days go by. The OS has not been updated since Aug 2009 and the last Security and Java updates were in June 2011. There is no XProtect system and more and more third party's have dropped support in updating their Applications.
Natalia_ wrote:
I actually ran disk utility, and it said that the Macintosh HD is fine... I also tried safe mode/safe boot and did the FSCK command.. even that said that my laptop was fine? but somehow it still stays blue when I start up!
And I think it probably is fine, except that something is hanging during the initial loading process. Could be most anything.
As for my files, I appreciate your advice but I am scared I might do something wrong and mess my laptop up even more!
There is almost no chance of that and at this point it should be obvious to you that if the files on your laptop are that important, you should already have a backup.
I will take it to Apple and hopefully they can help me... because it seems that my files aren't wiped out... yet... It still displayed that I had my files in there..
One word of caution, then. I have been told that Apple has instructed their support folks not to attempt to clean up a malware infection. If I were you I wouldn't bring it up unless you have to.
By the way, while the disk was running, it was making very loud noises.. humming/grinding/etc... what could this mean?
Only one thing in my experience, you're hard drive is toast. All the more reason to try and get all the data you can off it immediately.
The only way to test it is to do a surface scan which Disk Utility cannot do. You would need a third party utility to do that. If it tells you there are bad sectors, that is 100% proof that it's going bad, as modern hard drives repair themselves of bad sectors until they run out of reserves to substitute. -
What does the community recommend as an appropriate response in light of reports that "an estimated 600,000 or more Macs are currently compromised and part of a massive botnet thanks to the Flashback Trojan." Is Apple taking steps to mitigate the threat?
See article in PC World at: http://www.pcworld.com/businesscenter/article/253403/mac_malware_outbreak_is_big ger_than_conficker.html
I have a MacBookPro and my wife has an iMac. I assume both are equally vulnearble.
MLSCOSThere are checks one can perform to see
1: If any of their machines have been seen on the Flashback botnet
http://public.dev.drweb.com/april/
2: Terminal commands to see if their machine is infected (use copy and paste, then press enter)
https://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
3: Preventative methods to avoid becoming infected.
Update Java via Software Update.
Disable Java in all your web browsers preferences (notice Java is not Javascript)
Check your status of all browser plug-ins
https://www.mozilla.org/en-US/plugincheck/
Firefox + NoScript add-on + Temp Allow All Button on Firefox's toolbar to turn on scripts only on sites you trust.
Learn how to make bootable clones, this way a complete erase can occur and a reverse clone done.
https://discussions.apple.com/community/notebooks/macbook_pro?view=documents
4: Resources if one is infected
Data Recovery, wiping entire machine, reinstalling OS X, returning clean files, etc.
https://discussions.apple.com/community/notebooks/macbook_pro?view=documents -
What can I safely recover from Time Machine if I have the Flashback Trojan?
I have recently found out that my iMac has been infected with the Flashback trojan. I followed the commands from F-Secure to remove it from my computer however I'm not happy with this solution. I am going to erase my hard drive and re-install the operating system. I would then like to restore some of my folders using Time Machine. However, before I do any of that I would like to know if it's safe to restore from my Home folder the following folders; Movies, Music, and Pictures. Also, is it safe to recover databases from Address Book and iCal, and accounts from Mail and bookmarks from Safari?
I apologize if this question is in the wrong category and I would like to thank anyone in advance that may be able to help, as it's much appreciated!Plug an external drive into the computer and use that to expand data onto.
http://pondini.org/TM/16.html -
HT1338 RE: the Flashback trojan virus?
Is there a safe Apple site where I can find out if my laptop got infected with the Flashback Trojan virus
I thought these worries were over when I made the PC to Mac switch?...sigh
Any help appreciated.
MarlaSorry to hijack here is my copy. What would indicate an infection?
Sampling process 308 for 3 seconds with 1 millisecond of run time between samples
Sampling completed, processing symbols...
Analysis of sampling Safari (pid 308) every 1 millisecond
Process: Safari [308]
Path: /Applications/Safari.app/Contents/MacOS/Safari
Load Address: 0x10db3e000
Identifier: com.apple.Safari
Version: 5.1.5 (7534.55.3)
Build Info: WebBrowser-7534055003000000~1
Code Type: X86-64 (Native)
Parent Process: launchd [165]
Date/Time: 2012-04-05 20:57:07.049 -0500
OS Version: Mac OS X 10.7.3 (11D50d)
Report Version: 7
Call graph:
2572 Thread_5525 DispatchQueue_1: com.apple.main-thread (serial)
+ 2572 ??? (in Safari) load address 0x10db3e000 + 0xf24 [0x10db3ef24]
+ 2572 SafariMain (in Safari) + 197 [0x7fff8d1ca48d]
+ 2572 NSApplicationMain (in AppKit) + 867 [0x7fff82e11b88]
+ 2572 -[NSApplication run] (in AppKit) + 470 [0x7fff82b9319d]
+ 2572 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in Safari) + 171 [0x7fff8d016165]
+ 2572 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (in AppKit) + 135 [0x7fff82b96861]
+ 2572 _DPSNextEvent (in AppKit) + 659 [0x7fff82b96f5d]
+ 2572 BlockUntilNextEventMatchingListInMode (in HIToolbox) + 62 [0x7fff85ab7456]
+ 2572 ReceiveNextEventCommon (in HIToolbox) + 355 [0x7fff85ab75c9]
+ 2572 RunCurrentEventLoopInMode (in HIToolbox) + 277 [0x7fff85ab031f]
+ 2572 CFRunLoopRunSpecific (in CoreFoundation) + 230 [0x7fff837e7676]
+ 2572 __CFRunLoopRun (in CoreFoundation) + 1204 [0x7fff837e7e64]
+ 2572 __CFRunLoopServiceMachPort (in CoreFoundation) + 188 [0x7fff837df6fc]
+ 2572 mach_msg (in libsystem_kernel.dylib) + 73 [0x7fff80aabd71]
+ 2572 mach_msg_trap (in libsystem_kernel.dylib) + 10 [0x7fff80aac67a]
2572 Thread_5547 DispatchQueue_2: com.apple.libdispatch-manager (serial)
+ 2572 _dispatch_mgr_thread (in libdispatch.dylib) + 54 [0x7fff87af514e]
+ 2572 _dispatch_mgr_invoke (in libdispatch.dylib) + 923 [0x7fff87af65be]
+ 2572 kevent (in libsystem_kernel.dylib) + 10 [0x7fff80aae7e6]
2572 Thread_5570: WebCore: IconDatabase
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) (in WebCore) + 9 [0x10e45ea8f]
+ 2572 WebCore::IconDatabase::iconDatabaseSyncThread() (in WebCore) + 491 [0x10e45ec7f]
+ 2572 WebCore::IconDatabase::syncThreadMainLoop() (in WebCore) + 375 [0x10e4611d5]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5572: CoreAnimation render server
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 thread_fun (in QuartzCore) + 24 [0x7fff85846509]
+ 2572 CA::Render::Server::server_thread(void*) (in QuartzCore) + 184 [0x7fff858465c9]
+ 2572 mach_msg (in libsystem_kernel.dylib) + 73 [0x7fff80aabd71]
+ 2572 mach_msg_trap (in libsystem_kernel.dylib) + 10 [0x7fff80aac67a]
2572 Thread_5582: Safari: CertRevocationChecker
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 Safari::MessageRunLoop::threadCallback(void*) (in Safari) + 9 [0x7fff8d184a87]
+ 2572 Safari::MessageRunLoop::threadBody() (in Safari) + 163 [0x7fff8d184b2f]
+ 2572 CFRunLoopRunSpecific (in CoreFoundation) + 230 [0x7fff837e7676]
+ 2572 __CFRunLoopRun (in CoreFoundation) + 1204 [0x7fff837e7e64]
+ 2572 __CFRunLoopServiceMachPort (in CoreFoundation) + 188 [0x7fff837df6fc]
+ 2572 mach_msg (in libsystem_kernel.dylib) + 73 [0x7fff80aabd71]
+ 2572 mach_msg_trap (in libsystem_kernel.dylib) + 10 [0x7fff80aac67a]
2572 Thread_5600: WebCore: LocalStorage
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 WebCore::LocalStorageThread::threadEntryPointCallback(void*) (in WebCore) + 9 [0x10e4797cb]
+ 2572 WebCore::LocalStorageThread::threadEntryPoint() (in WebCore) + 99 [0x10e479883]
+ 2572 ***::MessageQueue<WebCore::LocalStorageTask>::waitForMessage() (in WebCore) + 132 [0x10e47992a]
+ 2572 ***::ThreadCondition::timedWait(***::Mutex&, double) (in JavaScriptCore) + 64 [0x10db4fdd0]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5601: com.apple.NSURLConnectionLoader
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 __NSThread__main__ (in Foundation) + 1575 [0x7fff862d36c6]
+ 2572 -[NSThread main] (in Foundation) + 68 [0x7fff862d374e]
+ 2572 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] (in Foundation) + 335 [0x7fff862deffb]
+ 2572 CFRunLoopRunSpecific (in CoreFoundation) + 230 [0x7fff837e7676]
+ 2572 __CFRunLoopRun (in CoreFoundation) + 1204 [0x7fff837e7e64]
+ 2572 __CFRunLoopServiceMachPort (in CoreFoundation) + 188 [0x7fff837df6fc]
+ 2572 mach_msg (in libsystem_kernel.dylib) + 73 [0x7fff80aabd71]
+ 2572 mach_msg_trap (in libsystem_kernel.dylib) + 10 [0x7fff80aac67a]
2572 Thread_5615: CVDisplayLink
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 _ZL13startIOThreadPv (in CoreVideo) + 148 [0x7fff820f585d]
+ 2572 CVDisplayLink::runIOThread() (in CoreVideo) + 710 [0x7fff820f5b3c]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5623: JavaScriptCore::Marking
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddc6aa9]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadMain() (in JavaScriptCore) + 272 [0x10ddc6a00]
+ 2572 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) (in JavaScriptCore) + 493 [0x10ddc67ad]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5625: JavaScriptCore::Marking
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddc6aa9]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadMain() (in JavaScriptCore) + 272 [0x10ddc6a00]
+ 2572 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) (in JavaScriptCore) + 493 [0x10ddc67ad]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5627: JavaScriptCore::Marking
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddc6aa9]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadMain() (in JavaScriptCore) + 272 [0x10ddc6a00]
+ 2572 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) (in JavaScriptCore) + 493 [0x10ddc67ad]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5630: JavaScriptCore::BlockFree
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 JSC::Heap::blockFreeingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddcf129]
+ 2572 JSC::Heap::blockFreeingThreadMain() (in JavaScriptCore) + 300 [0x10ddcf0ec]
+ 2572 ***::ThreadCondition::timedWait(***::Mutex&, double) (in JavaScriptCore) + 151 [0x10db4fe27]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5632: Safari: SafeBrowsingManager
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 Safari::MessageRunLoop::threadCallback(void*) (in Safari) + 9 [0x7fff8d184a87]
+ 2572 Safari::MessageRunLoop::threadBody() (in Safari) + 163 [0x7fff8d184b2f]
+ 2572 CFRunLoopRunSpecific (in CoreFoundation) + 230 [0x7fff837e7676]
+ 2572 __CFRunLoopRun (in CoreFoundation) + 1204 [0x7fff837e7e64]
+ 2572 __CFRunLoopServiceMachPort (in CoreFoundation) + 188 [0x7fff837df6fc]
+ 2572 mach_msg (in libsystem_kernel.dylib) + 73 [0x7fff80aabd71]
+ 2572 mach_msg_trap (in libsystem_kernel.dylib) + 10 [0x7fff80aac67a]
2572 Thread_5638: WebCore: Database
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 WebCore::DatabaseThread::databaseThreadStart(void*) (in WebCore) + 9 [0x10ea1b513]
+ 2572 WebCore::DatabaseThread::databaseThread() (in WebCore) + 132 [0x10ea1b664]
+ 2572 ***::MessageQueue<WebCore::DatabaseTask>::waitForMessage() (in WebCore) + 134 [0x10ea1b97a]
+ 2572 ***::ThreadCondition::timedWait(***::Mutex&, double) (in JavaScriptCore) + 64 [0x10db4fdd0]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5642: WebCore: LocalStorage
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 WebCore::LocalStorageThread::threadEntryPointCallback(void*) (in WebCore) + 9 [0x10e4797cb]
+ 2572 WebCore::LocalStorageThread::threadEntryPoint() (in WebCore) + 99 [0x10e479883]
+ 2572 ***::MessageQueue<WebCore::LocalStorageTask>::waitForMessage() (in WebCore) + 132 [0x10e47992a]
+ 2572 ***::ThreadCondition::timedWait(***::Mutex&, double) (in JavaScriptCore) + 64 [0x10db4fdd0]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_5643: com.apple.CFSocket.private
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 __CFSocketManager (in CoreFoundation) + 1355 [0x7fff83830cdb]
+ 2572 __select (in libsystem_kernel.dylib) + 10 [0x7fff80aaddf2]
2572 Thread_6317: Safari: SnapshotStore
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 Safari::SnapshotStore::diskAccessThreadCallback(void*) (in Safari) + 9 [0x7fff8d1f9361]
+ 2572 Safari::SnapshotStore::diskAccessThreadBody() (in Safari) + 229 [0x7fff8d1f9ff7]
+ 2572 Safari::MessageQueue<***::RefPtr<Safari::SnapshotStore::DiskAccessMessage> >::waitForMessage(***::RefPtr<Safari::SnapshotStore::DiskAccessMessage>&) (in Safari) + 125 [0x7fff8d1fc2f9]
+ 2572 ***::ThreadCondition::timedWait(***::Mutex&, double) (in JavaScriptCore) + 64 [0x10db4fdd0]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_6634: JavaScriptCore::Marking
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddc6aa9]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadMain() (in JavaScriptCore) + 272 [0x10ddc6a00]
+ 2572 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) (in JavaScriptCore) + 493 [0x10ddc67ad]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_6635: JavaScriptCore::Marking
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddc6aa9]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadMain() (in JavaScriptCore) + 272 [0x10ddc6a00]
+ 2572 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) (in JavaScriptCore) + 493 [0x10ddc67ad]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_6636: JavaScriptCore::Marking
+ 2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
+ 2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddc6aa9]
+ 2572 JSC::MarkStackThreadSharedData::markingThreadMain() (in JavaScriptCore) + 272 [0x10ddc6a00]
+ 2572 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) (in JavaScriptCore) + 493 [0x10ddc67ad]
+ 2572 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
+ 2572 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
2572 Thread_6637: JavaScriptCore::BlockFree
2572 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
2572 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
2572 JSC::Heap::blockFreeingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddcf129]
2572 JSC::Heap::blockFreeingThreadMain() (in JavaScriptCore) + 300 [0x10ddcf0ec]
2572 ***::ThreadCondition::timedWait(***::Mutex&, double) (in JavaScriptCore) + 151 [0x10db4fe27]
2571 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
! 2571 __psynch_cvwait (in libsystem_kernel.dylib) + 10 [0x7fff80aadbca]
1 cerror (in libsystem_kernel.dylib) + 21 [0x7fff80aaf011]
Total number in stack (recursive counted multiple, when >=5):
19 _pthread_start (in libsystem_c.dylib) + 335 [0x7fff84c968bf]
19 thread_start (in libsystem_c.dylib) + 13 [0x7fff84c99b75]
14 __psynch_cvwait (in libsystem_kernel.dylib) + 0 [0x7fff80aadbc0]
14 _pthread_cond_wait (in libsystem_c.dylib) + 840 [0x7fff84c9a274]
6 JSC::MarkStackThreadSharedData::markingThreadMain() (in JavaScriptCore) + 272 [0x10ddc6a00]
6 JSC::MarkStackThreadSharedData::markingThreadStartFunc(void*) (in JavaScriptCore) + 9 [0x10ddc6aa9]
6 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) (in JavaScriptCore) + 493 [0x10ddc67ad]
5 mach_msg (in libsystem_kernel.dylib) + 73 [0x7fff80aabd71]
5 mach_msg_trap (in libsystem_kernel.dylib) + 0 [0x7fff80aac670]
Sort by top of stack, same collapsed (when >= 5):
__psynch_cvwait (in libsystem_kernel.dylib) 36007
mach_msg_trap (in libsystem_kernel.dylib) 12860
__select (in libsystem_kernel.dylib) 2572
kevent (in libsystem_kernel.dylib) 2572
Binary Images:
0x10db3e000 - 0x10db3efff com.apple.Safari (5.1.5 - 7534.55.3) <059294EC-BA41-3E41-B05D-7547E3865AFD> /Applications/Safari.app/Contents/MacOS/Safari
0x10db45000 - 0x10de67fff com.apple.JavaScriptCore (7534.55 - 7534.55.2) <5D2A50D5-F449-30A9-A649-7F57756F829B> /System/Library/StagedFrameworks/Safari/JavaScriptCore.framework/JavaScriptCore
0x10def7000 - 0x10e081ff7 com.apple.WebKit (7534.55 - 7534.55.3) <19CBEE85-3CB3-3ECE-89AB-71FDCE1B6404> /System/Library/StagedFrameworks/Safari/WebKit.framework/WebKit
0x10e16b000 - 0x10e323fff com.apple.WebKit2 (7534.55 - 7534.55.3) <403EF859-AFD8-3762-8140-1109E22E9215> /System/Library/StagedFrameworks/Safari/WebKit2.framework/WebKit2
0x10e45a000 - 0x10f191fef com.apple.WebCore (7534.55 - 7534.55.3) <45276B15-5518-30C7-B14D-D9BEE7C85895> /System/Library/StagedFrameworks/Safari/WebCore.framework/WebCore
0x110d2a000 - 0x110d2dff7 libCoreFSCache.dylib (??? - ???) <0E2C3D54-7D05-35E8-BA10-2142B7C03946> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreFSCache .dylib
0x110d31000 - 0x110d31ffd +cl_kernels (??? - ???) <8E906D85-98B1-4FE5-AE7C-21AAEEAF667E> cl_kernels
0x113d83000 - 0x113d89fef libcldcpuengine.dylib (1.50.69 - compatibility 1.0.0) <C0C4CC37-F2FD-301C-A830-EC54D86612D5> /System/Library/Frameworks/OpenCL.framework/Libraries/libcldcpuengine.dylib
0x113d98000 - 0x113e2bff7 unorm8_bgra.dylib (1.50.69 - compatibility 1.0.0) <5FB796A4-1AD0-3B4D-AA83-F8A46E039224> /System/Library/Frameworks/OpenCL.framework/Libraries/ImageFormats/unorm8_bgra. dylib
0x113e4d000 - 0x113e4eff3 +cl_kernels (??? - ???) <59307521-6A55-40D2-BF25-E4B25A889684> cl_kernels
0x113e65000 - 0x113ef6ff7 unorm8_rgba.dylib (1.50.69 - compatibility 1.0.0) <2683BD70-B7EE-3A60-A39C-2360B3C2A301> /System/Library/Frameworks/OpenCL.framework/Libraries/ImageFormats/unorm8_rgba. dylib
0x113f18000 - 0x113f19ffc +cl_kernels (??? - ???) <B9A4072E-BAA5-4195-B31B-59B8954B1187> cl_kernels
0x1141aa000 - 0x114343fff GLEngine (??? - ???) <8BA26192-A4D7-362D-8B57-5FCF4B706A25> /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine
0x114377000 - 0x114470fff libGLProgrammability.dylib (??? - ???) <B7710703-8652-36B8-83DD-4F216FAF0730> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgramma bility.dylib
0x114496000 - 0x1148a1ff7 com.apple.driver.AppleIntelHD3000GraphicsGLDriver (7.18.11 - 7.1.8) <B3612412-7530-3FB9-AF32-C9433755CC76> /System/Library/Extensions/AppleIntelHD3000GraphicsGLDriver.bundle/Contents/Mac OS/AppleIntelHD3000GraphicsGLDriver
0x114a7d000 - 0x114aabff7 GLRendererFloat (??? - ???) <0C213C61-C08C-3B5D-85A4-EB4660AF55BF> /System/Library/Frameworks/OpenGL.framework/Resources/GLRendererFloat.bundle/GL RendererFloat
0x7fff6d73e000 - 0x7fff6d772baf dyld (195.6 - ???) <0CD1B35B-A28F-32DA-B72E-452EAD609613> /usr/lib/dyld
0x7fff80a7e000 - 0x7fff80a83fff com.apple.OpenDirectory (10.7 - 146) <A674AB55-6E3D-39AE-9F9B-9865D0193020> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory
0x7fff80a84000 - 0x7fff80a96ff7 libz.1.dylib (1.2.5 - compatibility 1.0.0) <30CBEF15-4978-3DED-8629-7109880A19D4> /usr/lib/libz.1.dylib
0x7fff80a97000 - 0x7fff80ab7fff libsystem_kernel.dylib (1699.24.8 - compatibility 1.0.0) <C56819BB-3779-3726-B610-4CF7B3ABB6F9> /usr/lib/system/libsystem_kernel.dylib
0x7fff80ab8000 - 0x7fff80aebff7 com.apple.GSS (2.1 - 2.0) <57AD81CE-6320-38C9-9B66-0E5A4DEA898A> /System/Library/Frameworks/GSS.framework/Versions/A/GSS
0x7fff80aec000 - 0x7fff80b35ff7 com.apple.framework.CoreWLAN (2.1.2 - 212.1) <B254CC2C-F1A4-3A87-96DE-B6A4113D2811> /System/Library/Frameworks/CoreWLAN.framework/Versions/A/CoreWLAN
0x7fff80b44000 - 0x7fff80b46fff com.apple.TrustEvaluationAgent (2.0 - 1) <1F31CAFF-C1C6-33D3-94E9-11B721761DDF> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/Tru stEvaluationAgent
0x7fff80b5d000 - 0x7fff80b5dfff com.apple.CoreServices (53 - 53) <043C8026-8EDD-3241-B090-F589E24062EF> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x7fff812dc000 - 0x7fff8131dfff com.apple.QD (3.40 - ???) <47674D2C-BE88-388E-B1B0-03F08BFFE5FD> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ QD.framework/Versions/A/QD
0x7fff81322000 - 0x7fff8143bfff com.apple.DesktopServices (1.6.2 - 1.6.2) <6B83172E-F539-3AF8-A76D-1F9EA357B076> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/Desk topServicesPriv
0x7fff8143c000 - 0x7fff81903fff FaceCoreLight (1.4.7 - compatibility 1.0.0) <E9D2A69C-6E81-358C-A162-510969F91490> /System/Library/PrivateFrameworks/FaceCoreLight.framework/Versions/A/FaceCoreLi ght
0x7fff8199e000 - 0x7fff8199efff com.apple.ApplicationServices (41 - 41) <89B6AD5B-5C75-3E83-8C2B-AA7F4C55E400> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Application Services
0x7fff8199f000 - 0x7fff819dafff com.apple.LDAPFramework (3.1 - 120.2) <5633BDE9-BDCB-35CC-BC6B-B8E4CD011D51> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x7fff819db000 - 0x7fff81a7ffff com.apple.ink.framework (1.3.2 - 110) <C8840EA4-AE7B-360C-A191-D36B5F10B6B5> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework /Versions/A/Ink
0x7fff81a80000 - 0x7fff81a83fff libRadiance.dylib (??? - ???) <CD89D70D-F177-3BAE-8A26-644EA7D5E28E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x7fff81a84000 - 0x7fff81ab4ff7 com.apple.DictionaryServices (1.2.1 - 158.2) <3FC86118-7553-38F7-8916-B329D2E94476> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/DictionaryServices
0x7fff81abd000 - 0x7fff81d30fff com.apple.CoreImage (7.93 - 1.0.1) <0B7D855E-A2B6-3C14-A242-2CF2165C6E7E> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/CoreImage .framework/Versions/A/CoreImage
0x7fff81d31000 - 0x7fff81d37fff libmacho.dylib (800.0.0 - compatibility 1.0.0) <165514D7-1BFA-38EF-A151-676DCD21FB64> /usr/lib/system/libmacho.dylib
0x7fff8201f000 - 0x7fff82020ff7 libsystem_sandbox.dylib (??? - ???) <5087ADAD-D34D-3844-9D04-AFF93CED3D92> /usr/lib/system/libsystem_sandbox.dylib
0x7fff82021000 - 0x7fff82060ff7 libGLImage.dylib (??? - ???) <348729DC-BC44-3744-B249-9DFA6498344A> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dyl ib
0x7fff82061000 - 0x7fff820f3ff7 com.apple.CorePDF (3.1 - 3.1) <F81F99A9-7FF6-3A6A-92C7-78C76BA35777> /System/Library/PrivateFrameworks/CorePDF.framework/Versions/A/CorePDF
0x7fff820f4000 - 0x7fff8211cff7 com.apple.CoreVideo (1.7 - 70.1) <98F917B2-FB53-3EA3-B548-7E97B38309A7> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x7fff8211d000 - 0x7fff8212eff7 SyndicationUI (??? - ???) <31B8E697-A12A-3389-87A9-823CBE515686> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/Syndicatio nUI
0x7fff82173000 - 0x7fff82182ff7 libxar-nossl.dylib (??? - ???) <A6ABBFB9-E4ED-38AD-BBBB-F9958B9CEFB5> /usr/lib/libxar-nossl.dylib
0x7fff82183000 - 0x7fff82185ff7 com.apple.print.framework.Print (7.1 - 247.1) <8A4925A5-BAA3-373C-9B5D-03E0270C6B12> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framewo rk/Versions/A/Print
0x7fff8219a000 - 0x7fff821ecff7 libGLU.dylib (??? - ???) <3C9153A0-8499-3DC0-AAA4-9FA6E488BE13> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x7fff8223c000 - 0x7fff82288ff7 com.apple.SystemConfiguration (1.11.2 - 1.11) <A14F3583-9CC0-397D-A50E-17217075953F> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfi guration
0x7fff82289000 - 0x7fff8229bff7 libbsm.0.dylib (??? - ???) <349BB16F-75FA-363F-8D98-7A9C3FA90A0D> /usr/lib/libbsm.0.dylib
0x7fff8229c000 - 0x7fff822a1fff libcompiler_rt.dylib (6.0.0 - compatibility 1.0.0) <98ECD5F6-E85C-32A5-98CD-8911230CB66A> /usr/lib/system/libcompiler_rt.dylib
0x7fff822a2000 - 0x7fff822b9fff com.apple.CFOpenDirectory (10.7 - 146) <E71AE4A2-F72B-35F2-9043-9F45CF75F11A> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpen Directory.framework/Versions/A/CFOpenDirectory
0x7fff822cb000 - 0x7fff82335ff7 com.apple.framework.IOKit (2.0 - ???) <EEEB42FD-E3E1-3A94-A771-B1993B694F17> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x7fff82336000 - 0x7fff823abff7 libc++.1.dylib (19.0.0 - compatibility 1.0.0) <C0EFFF1B-0FEB-3F99-BE54-506B35B555A9> /usr/lib/libc++.1.dylib
0x7fff82426000 - 0x7fff82439ff7 libCRFSuite.dylib (??? - ???) <0B76941F-218E-30C8-B6DE-E15919F8DBEB> /usr/lib/libCRFSuite.dylib
0x7fff8243a000 - 0x7fff8249afff libvDSP.dylib (325.4.0 - compatibility 1.0.0) <3A7521E6-5510-3FA7-AB65-79693A7A5839> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libvDSP.dylib
0x7fff824d9000 - 0x7fff82512fe7 libssl.0.9.8.dylib (44.0.0 - compatibility 0.9.8) <79AAEC98-1258-3DA4-B1C0-4120049D390B> /usr/lib/libssl.0.9.8.dylib
0x7fff82513000 - 0x7fff82518fff libpam.2.dylib (3.0.0 - compatibility 3.0.0) <D952F17B-200A-3A23-B9B2-7C1F7AC19189> /usr/lib/libpam.2.dylib
0x7fff8251a000 - 0x7fff82545ff7 libxslt.1.dylib (3.24.0 - compatibility 3.0.0) <4DB5ED11-004B-36B5-AE5F-2AB714754241> /usr/lib/libxslt.1.dylib
0x7fff82546000 - 0x7fff82748fff libicucore.A.dylib (46.1.0 - compatibility 1.0.0) <38CD6ED3-C8E4-3CCD-89AC-9C3198803101> /usr/lib/libicucore.A.dylib
0x7fff82749000 - 0x7fff827ebff7 com.apple.securityfoundation (5.0 - 55107) <6C2E7362-CB11-3CBD-BB1C-348E4B10F25A> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoun dation
0x7fff82800000 - 0x7fff8280cfff com.apple.DirectoryService.Framework (10.7 - 146) <65C78AE3-89B8-3372-8359-31FD520781D5> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryServi ce
0x7fff8280d000 - 0x7fff82883fff com.apple.CoreSymbolication (2.2 - 73.2) <126415E3-3A35-315B-B4B7-507CDBED0D58> /System/Library/PrivateFrameworks/CoreSymbolication.framework/Versions/A/CoreSy mbolication
0x7fff82884000 - 0x7fff828b3fff com.apple.shortcut (2.1 - 2.1) <43C186C0-6B0F-39FA-976A-C307CC410495> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut
0x7fff82966000 - 0x7fff82975fff libxar.1.dylib (??? - ???) <58B07AA0-BC12-36E3-94FC-C252719A1BDF> /usr/lib/libxar.1.dylib
0x7fff82b79000 - 0x7fff82b8dff7 com.apple.LangAnalysis (1.7.0 - 1.7.0) <04C31EF0-912A-3004-A08F-CEC27030E0B2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LangAnalysis.framework/Versions/A/LangAnalysis
0x7fff82b8e000 - 0x7fff83792fff com.apple.AppKit (6.7.3 - 1138.32) <A9EB81C6-C519-3F29-89F1-42C3E8930281> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x7fff8379f000 - 0x7fff837a5fff com.apple.DiskArbitration (2.4.1 - 2.4.1) <CEA34337-63DE-302E-81AA-10D717E1F699> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x7fff837ab000 - 0x7fff837aefff com.apple.help (1.3.2 - 42) <BF14DE49-F7E8-336F-81FB-BBDF2DB3AC09> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framewor k/Versions/A/Help
0x7fff837af000 - 0x7fff83983fff com.apple.CoreFoundation (6.7.1 - 635.19) <57B77925-9065-38C9-A05B-02F4F9ED007C> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x7fff83984000 - 0x7fff839dcfff libTIFF.dylib (??? - ???) <DD797FBE-9B63-3785-A9EA-0321D113538B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x7fff839f2000 - 0x7fff839f9ff7 com.apple.CommerceCore (1.0 - 17) <3894FE48-EDCE-30E9-9796-E2F959D92704> /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Frameworks/C ommerceCore.framework/Versions/A/CommerceCore
0x7fff839fa000 - 0x7fff839fafff com.apple.audio.units.AudioUnit (1.7.2 - 1.7.2) <04C10813-CCE5-3333-8C72-E8E35E417B3B> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x7fff839fb000 - 0x7fff839fcfff com.apple.MonitorPanelFramework (1.4.0 - 1.4.0) <92364334-3B11-360B-89D8-447185FEC653> /System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPane l
0x7fff839fd000 - 0x7fff839fdfff com.apple.Accelerate.vecLib (3.7 - vecLib 3.7) <C06A140F-6114-3B8B-B080-E509303145B8> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/vecLib
0x7fff83b89000 - 0x7fff83b8bfff libquarantine.dylib (36.2.0 - compatibility 1.0.0) <48656562-FF20-3B55-9F93-407ACA7341C0> /usr/lib/system/libquarantine.dylib
0x7fff83b8c000 - 0x7fff83c2cfff com.apple.LaunchServices (480.27.1 - 480.27.1) <4DC96C1E-6FDE-305E-9718-E4C5C1341F56> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchS ervices.framework/Versions/A/LaunchServices
0x7fff83c2d000 - 0x7fff83c51fff com.apple.Kerberos (1.0 - 1) <1F826BCE-DA8F-381D-9C4C-A36AA0EA1CB9> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
0x7fff83cd4000 - 0x7fff842b8fff libBLAS.dylib (??? - ???) <C34F6D88-187F-33DC-8A68-C0C9D1FA36DF> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.fr amework/Versions/A/libBLAS.dylib
0x7fff842b9000 - 0x7fff842f9ff7 libcups.2.dylib (2.9.0 - compatibility 2.0.0) <29DE948E-38C4-3CC5-B528-40C691380607> /usr/lib/libcups.2.dylib
0x7fff842fa000 - 0x7fff84320ff7 com.apple.framework.familycontrols (3.0 - 300) <DC06CF3A-2F10-3867-9498-CADAE30D0CE4> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyCon trols
0x7fff84321000 - 0x7fff843a6ff7 com.apple.Heimdal (2.1 - 2.0) <3758B442-6175-32B8-8C17-D8ABDD589BF9> /System/Library/PrivateFrameworks/Heimdal.framework/Versions/A/Heimdal
0x7fff843a7000 - 0x7fff84485fff com.apple.ImageIO.framework (3.1.1 - 3.1.1) <DB530A63-8ECF-3B53-AC9A-1692A5397E2F> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/ImageIO
0x7fff844bf000 - 0x7fff844c5fff com.apple.phonenumbers (1.0 - 47) <0398EEEE-DBA1-36B6-AE0E-AABBDC17AF4F> /System/Library/PrivateFrameworks/PhoneNumbers.framework/Versions/A/PhoneNumber s
0x7fff844c6000 - 0x7fff8499cff7 com.apple.RawCamera.bundle (3.11.0 - 608) <187ED782-EDF1-C1AC-B73A-E974DD57E9DD> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
0x7fff8499d000 - 0x7fff849a0fff com.apple.AppleSystemInfo (1.0 - 1) <111B6F69-3FBD-3860-BCF8-1DF02D9BED28> /System/Library/PrivateFrameworks/AppleSystemInfo.framework/Versions/A/AppleSys temInfo
0x7fff849a7000 - 0x7fff84ab4fff libJP2.dylib (??? - ???) <F2B34A61-75F0-3BFE-A309-EE0DF4AF9E37> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x7fff84ab5000 - 0x7fff84bafff7 com.apple.DiskImagesFramework (10.7.3 - 331.3) <57A7E46A-5AA4-37FF-B19C-5337CCBCA0CA> /System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/DiskImages
0x7fff84bb0000 - 0x7fff84bc0ff7 com.apple.opengl (1.7.6 - 1.7.6) <C168883D-9BC5-3C38-9937-42852D719718> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x7fff84bc7000 - 0x7fff84c1bff7 libFontRegistry.dylib (??? - ???) <F98926EF-FFA0-37C5-824C-02E436E21DD1> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ATS.framework/Versions/A/Resources/libFontRegistry.dylib
0x7fff84c48000 - 0x7fff84d25fef libsystem_c.dylib (763.12.0 - compatibility 1.0.0) <FF69F06E-0904-3C08-A5EF-536FAFFFDC22> /usr/lib/system/libsystem_c.dylib
0x7fff84d26000 - 0x7fff84d28fff libCVMSPluginSupport.dylib (??? - ???) <B2FC6EC0-1A0C-3482-A3C9-D08446E8713A> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCVMSPluginS upport.dylib
0x7fff84d53000 - 0x7fff84d57fff libmathCommon.A.dylib (2026.0.0 - compatibility 1.0.0) <FF83AFF7-42B2-306E-90AF-D539C51A4542> /usr/lib/system/libmathCommon.A.dylib
0x7fff84d58000 - 0x7fff84d5ffff libcopyfile.dylib (85.1.0 - compatibility 1.0.0) <0AB51EE2-E914-358C-AC19-47BC024BDAE7> /usr/lib/system/libcopyfile.dylib
0x7fff84d68000 - 0x7fff84db8fff com.apple.CoreMediaIO (210.0 - 3180) <C5B60D3E-71BE-3CD2-90FC-3B2F9961D662> /System/Library/Frameworks/CoreMediaIO.framework/Versions/A/CoreMediaIO
0x7fff84df0000 - 0x7fff85222fef com.apple.VideoToolbox (1.0 - 705.61) <1A70CA82-C849-3033-8598-37C5A72637CC> /System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/VideoToolbo x
0x7fff85223000 - 0x7fff8532ffff libcrypto.0.9.8.dylib (44.0.0 - compatibility 0.9.8) <3A8E1F89-5E26-3C8B-B538-81F5D61DBF8A> /usr/lib/libcrypto.0.9.8.dylib
0x7fff85330000 - 0x7fff853f7ff7 com.apple.ColorSync (4.7.1 - 4.7.1) <EA74B067-9916-341A-9C68-6165A4656042> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ColorSync.framework/Versions/A/ColorSync
0x7fff853f8000 - 0x7fff85425fe7 libSystem.B.dylib (159.1.0 - compatibility 1.0.0) <7BEBB139-50BB-3112-947A-F4AA168F991C> /usr/lib/libSystem.B.dylib
0x7fff85426000 - 0x7fff8542aff7 com.apple.CommonPanels (1.2.5 - 94) <37C6540B-F8D1-355A-806C-F93D8FB522AB> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels. framework/Versions/A/CommonPanels
0x7fff8542b000 - 0x7fff85430ff7 libsystem_network.dylib (??? - ???) <5DE7024E-1D2D-34A2-80F4-08326331A75B> /usr/lib/system/libsystem_network.dylib
0x7fff85431000 - 0x7fff8543fff7 libkxld.dylib (??? - ???) <B1BD4862-9D3F-3EEF-895C-A8E2E53684B6> /usr/lib/system/libkxld.dylib
0x7fff85440000 - 0x7fff85469ff7 com.apple.framework.Apple80211 (7.1.2 - 712.1) <B4CD34B3-D555-38D2-8FF8-E3C6A93B94EB> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Apple80211
0x7fff8546a000 - 0x7fff854adff7 libRIP.A.dylib (600.0.0 - compatibility 64.0.0) <85D00F5C-43ED-33A9-80B4-72EB0EAE3E25> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x7fff854ae000 - 0x7fff854b2fff libdyld.dylib (195.5.0 - compatibility 1.0.0) <380C3F44-0CA7-3514-8080-46D1C9DF4FCD> /usr/lib/system/libdyld.dylib
0x7fff854b3000 - 0x7fff854d0fff libxpc.dylib (77.18.0 - compatibility 1.0.0) <26C05F31-E809-3B47-AF42-1460971E3AC3> /usr/lib/system/libxpc.dylib
0x7fff854d1000 - 0x7fff854d2fff libDiagnosticMessagesClient.dylib (??? - ???) <3DCF577B-F126-302B-BCE2-4DB9A95B8598> /usr/lib/libDiagnosticMessagesClient.dylib
0x7fff854d3000 - 0x7fff85526fff com.apple.AppleVAFramework (5.0.14 - 5.0.14) <45159B9E-05BF-35B2-AF76-D933490FBFB1> /System/Library/PrivateFrameworks/AppleVA.framework/Versions/A/AppleVA
0x7fff85527000 - 0x7fff85535fff com.apple.HelpData (2.1.2 - 72) <B99E743A-82C9-3058-8FD5-18668CA890F7> /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData
0x7fff85536000 - 0x7fff85548ff7 libsasl2.2.dylib (3.15.0 - compatibility 3.0.0) <6245B497-784B-355C-98EF-2DC6B45BF05C> /usr/lib/libsasl2.2.dylib
0x7fff85549000 - 0x7fff8555ffff libGL.dylib (??? - ???) <6A473BF9-4D35-34C6-9F8B-86B68091A9AF> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x7fff855c2000 - 0x7fff855edfff libpcre.0.dylib (1.1.0 - compatibility 1.0.0) <7D3CDB0A-840F-3856-8F84-B4A50E66431B> /usr/lib/libpcre.0.dylib
0x7fff85644000 - 0x7fff856c7fef com.apple.Metadata (10.7.0 - 627.28) <1C14033A-69C9-3757-B24D-5583AEAC2CBA> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadat a.framework/Versions/A/Metadata
0x7fff856cb000 - 0x7fff8575dfff com.apple.PDFKit (2.6.2 - 2.6.2) <4C8D80F6-09BB-3BD5-983B-A24FBEB5BCF3> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framew ork/Versions/A/PDFKit
0x7fff8575e000 - 0x7fff85774ff7 com.apple.ImageCapture (7.0 - 7.0) <F15FC6FB-9E88-3BE9-BABE-0454D3A502A0> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture. framework/Versions/A/ImageCapture
0x7fff85783000 - 0x7fff85783fff com.apple.Carbon (153 - 153) <C1A30E01-E113-38A0-95CA-99360F92A37A> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x7fff85844000 - 0x7fff859e3fff com.apple.QuartzCore (1.7 - 270.2) <F2CCDEFB-DE43-3E32-B242-A22C82617186> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x7fff85aae000 - 0x7fff85dd8ff7 com.apple.HIToolbox (1.8 - ???) <D6A0D513-4893-35B4-9FFE-865FF419F2C2> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.fra mework/Versions/A/HIToolbox
0x7fff85de6000 - 0x7fff85f70ff7 com.apple.QTKit (7.7.1 - 2315) <BFC33B70-34F2-3940-A14A-3C51036589F0> /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit
0x7fff85f71000 - 0x7fff85f77fff IOSurface (??? - ???) <03F95CAC-569C-3573-B3D7-2D211B8BDC56> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface
0x7fff85f88000 - 0x7fff85f89fff liblangid.dylib (??? - ???) <CACBE3C3-2F7B-3EED-B50E-EDB73F473B77> /usr/lib/liblangid.dylib
0x7fff85f8a000 - 0x7fff860f1ff7 com.apple.CFNetwork (520.3.2 - 520.3.2) <516B611D-E53E-3467-9211-3C5B86ABA865> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwo rk.framework/Versions/A/CFNetwork
0x7fff86123000 - 0x7fff86177ff7 com.apple.ImageCaptureCore (3.0.2 - 3.0.2) <68147E63-C211-361E-8B24-B5E0675B4297> /System/Library/Frameworks/ImageCaptureCore.framework/Versions/A/ImageCaptureCo re
0x7fff86178000 - 0x7fff86180fff libsystem_dnssd.dylib (??? - ???) <998E3778-7B43-301C-9053-12045AB8544D> /usr/lib/system/libsystem_dnssd.dylib
0x7fff86181000 - 0x7fff861dcff7 com.apple.HIServices (1.11 - ???) <DE8FA7FA-0A41-35D9-8473-5104F81DA934> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ HIServices.framework/Versions/A/HIServices
0x7fff861dd000 - 0x7fff861ddfff com.apple.vecLib (3.7 - vecLib 3.7) <9A58105C-B36E-35B5-812C-4ED693F2618F> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x7fff861de000 - 0x7fff86278ff7 com.apple.SearchKit (1.4.0 - 1.4.0) <4E70C394-773E-3A4B-A93C-59A88ABA9509> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchK it.framework/Versions/A/SearchKit
0x7fff86279000 - 0x7fff86592ff7 com.apple.Foundation (6.7.1 - 833.24) <6D4E6F93-64EF-3D41-AE80-2BB10E2E6323> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x7fff86593000 - 0x7fff868b6ff7 com.apple.AddressBook.framework (6.1 - 1083) <9C23C164-B9E1-3F80-83F4-C027AF282DE6> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x7fff868b7000 - 0x7fff868bdfff libGFXShared.dylib (??? - ???) <B95E9B22-AE68-3E48-8733-00CCCA08D50E> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.d ylib
0x7fff868be000 - 0x7fff868d3fff com.apple.speech.synthesis.framework (4.0.74 - 4.0.74) <C061ECBB-7061-3A43-8A18-90633F943295> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x7fff869cc000 - 0x7fff869e8ff7 com.apple.frameworks.preferencepanes (15.0 - 15.0) <C1DF4A08-3CBA-3EEA-BA6E-3557F09052FE> /System/Library/Frameworks/PreferencePanes.framework/Versions/A/PreferencePanes
0x7fff869e9000 - 0x7fff873797a7 com.apple.CoreGraphics (1.600.0 - ???) <177D9BAD-72C9-3ADF-A391-5B88C5EE623F> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/CoreGraphics
0x7fff8737a000 - 0x7fff87797ff7 com.apple.SceneKit (2.2 - 125.3) <DDCC8DB6-D5DB-31CD-A401-F56C84216E1C> /System/Library/PrivateFrameworks/SceneKit.framework/Versions/A/SceneKit
0x7fff87af3000 - 0x7fff87b01fff libdispatch.dylib (187.7.0 - compatibility 1.0.0) <712AAEAC-AD90-37F7-B71F-293FF8AE8723> /usr/lib/system/libdispatch.dylib
0x7fff87ba0000 - 0x7fff87cd6fff com.apple.vImage (5.1 - 5.1) <A08B7582-67BC-3EED-813A-4833645964A7> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.fr amework/Versions/A/vImage
0x7fff8829d000 - 0x7fff88310fff libstdc++.6.dylib (52.0.0 - compatibility 7.0.0) <6BDD43E4-A4B1-379E-9ED5-8C713653DFF2> /usr/lib/libstdc++.6.dylib
0x7fff88311000 - 0x7fff883effff com.apple.DiscRecording (6.0.3 - 6030.4.1) <8DB1BDDD-F066-3E8B-B416-11DF712C6A1E> /System/Library/Frameworks/DiscRecording.framework/Versions/A/DiscRecording
0x7fff883f0000 - 0x7fff884d2fff com.apple.CoreServices.OSServices (478.37 - 478.37) <1DAC695E-0D0F-3AE2-974F-A173E69E67CC> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServi ces.framework/Versions/A/OSServices
0x7fff884d5000 - 0x7fff88537ff7 com.apple.Symbolication (1.3 - 91) <B072970E-9EC1-3495-A1FA-D344C6E74A13> /System/Library/PrivateFrameworks/Symbolication.framework/Versions/A/Symbolicat ion
0x7fff88538000 - 0x7fff88594ff7 com.apple.QuickLookFramework (3.1 - 500.10) <35BF320E-26F5-310C-9FA9-D60919B218EC> /System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook
0x7fff887c1000 - 0x7fff88807ff7 libcurl.4.dylib (7.0.0 - compatibility 7.0.0) <01DD0773-236C-3AC3-B43B-07911F458767> /usr/lib/libcurl.4.dylib
0x7fff88808000 - 0x7fff88825ff7 com.apple.openscripting (1.3.3 - ???) <4FACC89E-FDAA-3CA5-B5CD-1F4EEAEDF7CF> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting .framework/Versions/A/OpenScripting
0 -
I have an iMac running OS 10.4.11. How can I check to see if I have the Flashback Trojan (and remove it, if I have it)? IMy Safari is also crashing frequently. Any suggestions?
Hi Barry, is this an Intel iMac, or a PPC iMac?
Disable Java in your Browser settings, not JavaScript.
http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
Flashback - Detect and remove the uprising Mac OS X Trojan...
http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html
In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:
/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app
If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.
http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/
http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660
The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.
https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site
More bad news...
https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link
Removal for 10.5...
http://support.apple.com/kb/DL1534 -
I have had it on charge over night but nothing has changed, i have connected it to itunes and it can see it but wont do anything and if i hold the home/sleep awake button nothing changes.
- Try:
iOS: Not responding or does not turn on
- If not successful and you can't turn the iPod fully off, let the battery fully drain. After charging for at least an hour try the article again.
- If still problem that indicates a hardware problem and an appointment at the genius Bar of an Apple store is in order. -
I think I have the Flashback trojan
I recently bought a late 2014 Mac mini. Today, I found out that some financial information has been compromised - I don't want to go in to details, but fortunately no harm was done. Still, it's rather scary and I'd like to locate the source of the problem. As my Mac is new, I've been installing a few pieces of software for it, one of which was Adobe Flash. I downloaded it after being prompted by a website (the website belonged to a major television broadcaster here in Britain, it's a legitimate site). Is it possible that I have Flashback, even though I'm running Yosemite and my all the software is up to date? If so, how would I remove it?
Any Flash installer that doesn't come directly from Adobe must be assumed to be malware. You can either restore the whole startup volume from a backup that predates the incident, or else see below.
1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB ' com.adobe.AAM.Updater-1.0 com.adobe.CS4ServiceManager com.adobe.CS5ServiceManager com.adobe.fpsaud com.adobe.SwitchBoard com.apple.AirPortBaseStationAgent com.apple.FolderActions.enabled com.apple.FolderActions.folders com.apple.installer.osmessagetracing com.apple.mrt.uiagent com.apple.ReportCrash.Self com.apple.SafariNotificationAgent com.apple.usbmuxd com.google.keystone.agent com.google.keystone.daemon com.microsoft.office.licensing.helper com.oracle.java.Helper-Tool com.oracle.java.JavaUpdateHelper ' ' 879294308 3627668074 1083382502 1274181950 1855907737 464843899 3694147963 1417519526 1233118628 2456546649 2806998573 2636415542 842973933 3301885676 891055588 998894468 695903914 1443423563 ' 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<10) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { split("'"${p[41]}"'",b);for(i in b) print b[i]".plist";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { split("'"${p[41]}"'",b);split("'"${p[42]}"'",c);for(i in b) print b[i]".plist\t"c[i];if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"cksum "F|getline C;split(C, A);C="checksum "A[1];"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F" ("T", "C")";else F=F" ("C")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */ /;' ' /:/d;/\./p;' '/\.appex\/Contents\/Info\.plist$/p' ' /2/{print "WARN"};/4/{print "CRITICAL"};' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e sysctl\ -n );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:|suhel| VALI|ver-r|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,Ex}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" 'L*/P*/com.ap*.p*.ext*.*.*t -exec '"${c1[14]}"' :displayOrder" {} \;' 'L*/{Con*/*/Data/L*/,}Pref* -type f -name *.plist.???????|wc -l' kern.memorystatus_vm_pressure_level );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors appexes Lockfiles Memory\ pressure );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 38 52 66 54;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;B3 4 0 65;A3 14 6 32 0;B4 0 16 11;A1 4 50 64;B7 16;C3 52;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D12 4 51 32 53;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed. -
HT5228 How to find out if your Mac has the Flashback Trojan EASY WAY!!!!
http://www.cnn.com/2012/04/06/tech/web/mac-flashback-trojan-check/index.html
Just did it works great and they also have a post on how to remove it as well.Here is an even easier way, it will remove most infections too:
I have created a user tip and malware checker/removal tool: https://discussions.apple.com/docs/DOC-3271 -
I have 4 Trojan Horse viruses on my external drive I use for Time Machine. My MacBook Pro hard drive is clean. I have eased the external drive 3 times using Disk Utility and it still has the 4 Trojan Horse viruses. How do I get rid of them. I am using 10.8.3 Wayne
ksu62 wrote:
The infection names are: classload.jar-719ef6a5.zip
classload.jar-5db452le31.zip
ar3.jar-6ce3b2f-45l483f.zip
classload.jar-lef99412-63bsd3fl.zip
Those look alot like file names and not infection names. I don't find any reference to anything like that on Norton or VirusTotal. Since you said these were Trojans, I would expect to see "Trojan" as part of the infection name.
".jar" files are executable Java applets. The random alpha-numerics would seem to indicate a cache file, likely from a browser with Java enabled. And we all know what ".zip" means.
Worst case is that you had Java enabled in a browser and were infected by one of the late variants of the Flashback Trojan over a year ago or one of a couple of other attacks using the same vulnerability but targetted against a small number of political sympathizers. Much more probable is that thes were Windows only Trojans. Hopefully you have a fully up-to-date OS X, including Java, and have disabled Java in all your browsers by now. -
I have not been able to find any information re: the Flashback virus on the Apple website. Has Apple put out anything on this?
The ‘Flashback Trojan’:
A version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. The most recent versions bypass any user action and automatically installs itself after an affected website is visited.
http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html
(Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.")
Flashback Trojan - Prevention of infection:
In order to prevent a potential infection with “Flashback” Trojans, Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Safari Preferences/General to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.
The Flashback Trojan does not affect PPC (non-Intel) Macs, nor has it been noted to affect users running Tiger OS 10.4.11 or Leopard OS 10.5.8.
Last, but by no means least, using Open DNS is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, re-directs, speeds up your internet connection, and works for all users of OS X from Tiger upwards:
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /
How to get it:
https://store.opendns.com/get/home-free
Flashback Trojan - Detection and Removal
Users with Intel Macs running Snow Leopard OS 10.6 or Lion OS 10.7 should ensure that they have downloaded all the recent Java updates from Apple, which are designed to prevent infection and also remove any infection already present.
New Macs running Lion do not have either Flash Player nor Java installed. If you running Lion and have not already downloaded and installed Java, you should download the ‘Flashback malware removal tool’ from Apple: http://support.apple.com/kb/HT5246 (356KB) which includes the same code as the Java update that plugged a security hole which allowed the malware to automatically install itself without admin authorization.
You can also use this to check whether you have been infected (for Intel Macs only) and remove it if required:
http://www.macupdate.com/app/mac/42571/anti-flashback-trojan
Flashback Trojan - Detection, and how to remove (with caution) if you are running other browsers than Safari:
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml -
Is 10.5 vunerable to the Flashback.G Trojan?
If 10.5 is up to date, is it vunerable to the Flashback.G Trojan that was reported on 2/24? All of the news items about this speak only of 10.6 or 10.7. They imply that if OS X is up to date, then there are no worries.
Few malicious titles actually exist for Mac OS X, and those that do almost entirely rely upon duping users to install software that pretends to be legitimate, however A new version of an existing Trojan Horse posing as a legitimate Flash Player installer (named “Flashback.A” by a security firm) is designed to disable updates to the default Mac OS X anti-malware protection system, potentially leaving the system open to the manual installation of other malware without any system warnings. In order to prevent a potential infection with “Flashback” Trojans, Mac users are advised to obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Apple's Safari browser to avoid automatically running files downloaded from the Internet.
http://www.appleinsider.com/articles/11/10/19/fake_adobe_flash_malware_seeks_to_ disable_mac_os_x_anti_malware_protection.html
UPDATE regarding the Flashback Trojan:
http://blog.intego.com/new-flashback-trojan-horse-variant-uses-novel-delivery -method-to-infect-macs/
and also: http://blog.intego.com/flashback-mac-trojan-horse-infections-increasing-with -new-variant/ -
Not very user friendly! Where is the place to report a problem!? I have been billed for an in-app purchase but not had the goods - I received an error message telling my I hadn't been charged at the time and now it is on my bill! What can I do?
You can try contact iTunes support via this page : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption
Maybe you are looking for
-
E-commerce 5.0 for SAP ERP 6.0 ehp3: detailed description of product
Hello community, I have installed and customized B2C shop (version 5.0) for SAP ERP 6.0 (NO TREX, NO IPC). At first i maintained my shop with english language and after i checked out that all work properly i decided to localize it for russian languag
-
Windows Explorer Refuses to Open Folders In Same Window
I have Windows Vista Ultimate SP1. Under Organize->Folder and Search Options->Browse folders I have the radio button, "Open each folder in the same window" checked. However, Vista refuses to do so and opens each folder in its own window. This does no
-
HT201066 trying to flip or rotate a video and then it disappears...it plays with black screen
Trying to rotate or flip a video in quick time...it then plays with a black screen. Cant see anything
-
HI, I am unable to view comments after validly adding to input schedules through EVCOM. when i go to view comments it retrieves no data. can any one hlep or provide some details. Kishore
-
Hi Guys, Is there a consensus view on a decent GUI interface for managing Oracle instances. In particular something equivalent to SQL Server Management Studio - something that allows you to do DBA tasks and write ad hoc queries against the database?