Q: Why is it when i right click and choose options in finder, they are coming up as numbers and letters?
iMac (21.5-inch Late 2009), Mac OS X (10.6.8)
Posted on Feb 20, 2012 12:32 AM
iMac (21.5-inch Late 2009), Mac OS X (10.6.8)
Posted on Feb 20, 2012 12:32 AM
See my post above.
Read those links to help fix this problem.
Some links on this topic:
INTEGO SECURITY MEMO: Mac Flashback Trojan Horse Masquerades as Flash Player Installer Package
Latest Adobe Flash Trojan for OS X gets revised
Another OS X Trojan imitates Adobe Flash installer
And google "adobe flash trojan".
And here's a link to google this topic just within these apple discussions.
Hmm that's weird. I have a bought version of adobe flash.
Well that probably explains why you got the trojan considering the flash plugin is free and can be downloaded by going through this page.
since it is still the same, you return the files from backup to the preferences folder. overwrite the new ones then restart.
trying the intego scan as suggested is also a step to take. i'll update you if there is more info i can find.
One of the apple discussions I listed,
Drop down menus changed to numbers
lists the files that you should look for and remove (assuming it is still the same strain of trojan). If you wan to troot this stuff out of your account that's where to look first.
I have done a search for the files but they aren't on my computer.
I returned all the back up files and am now running ClamXav. I'll let you know how it goes.
I finished the scan and it said "no infected files were found."
I found .MacOSX/environment.plist on my computer. Do i need to delete this?
A couple of users with similar problems yesterday were able to fix it by updating Java. The button labels in my folders are reading as numbers. Type "java -version" without quotes into the Terminal or open Java Preferences in your Utility folder and see if you are using J2SE 1.6.0_29. Software Update should take care of that but if it didn't you can download the update from http://support.apple.com/kb/DL1360.
I'm curious to know where you purchased flash from when you get time.
We know the installer installs a few pieces of code so that the trojan can do what it does. So why would updating java fix the problem unless the installed code depends upon a version of java that is replaced by the update or the update coincidentially wipes out the launchagent or environment.plist.
Just curious.
X423424X wrote:
We know the installer installs a few pieces of code so that the trojan can do what it does.
How do we know this. I have attempted to read everything available about this Java version and cannot find any description of what it installs, where, etc.
So why would updating java fix the problem unless the installed code depends upon a version of java that is replaced by the update or the update coincidentially wipes out the launchagent or environment.plist.
I'm just reporting that it fixed the symptoms for two individuals yesterday. That was surprising to me, as well, and I recommended the user then try using Intego's Virus Barrier X6 (since they seem to know something about it) to see if it can find additional evidence of infection.
MadMacs0 wrote:
X423424X wrote:
We know the installer installs a few pieces of code so that the trojan can do what it does.
How do we know this. I have attempted to read everything available about this Java version and cannot find any description of what it installs, where, etc.
Is this a different strain if Flashback? I was referring to the original strain which installed:
1. .MacOSX/environment.plist
2. Library/LaunchAgents/com.apple.SystemUI.plist
3. Library/Preferences/perflib
4. Library/Preferences/Preferences.dylib
5. Library/Logs/swlog or softwareupdate.log
X423424X wrote:
Is this a different strain if Flashback? I was referring to the original strain
We think so. Intego described a new version here ten days ago. Yesterday I came across three users who suddenly reported the "numbers" problem and at least two reported not having an up-to-date Jave (even though they claimed their OS was up-to-date, which is something else we can't figure out). So myself and a couple of others are assuming that either the ten day old one is making a return appearance, or this is yet another strain using Java exploits as at least an installation method.
There is another thread Re: skype wont reopen after powercut that may also be related this today.
Very nasty! And I'm seeing the most recent XProtect update is only from 2/7. Besides the phony certificate, is this new version still delivered with a notice to update Flash Player? If not, how does it present itself?
It's really going to be wonderful when 10.8 comes out and shortly after Snow will become unsupported a year ahead of schedule. Throw us to the vultures.
Thanks, yes as you can tell i am a mac noob... So i just copy that code and paste it into terminal and hit enter? I tired running that in terminal but nothing happened or has changed.