sarah.design

Q: Why is it when i right click and choose options in finder, they are coming up as numbers and letters?

error.jpg

iMac (21.5-inch Late 2009), Mac OS X (10.6.8)

Posted on Feb 20, 2012 12:32 AM

Close

Q: Why is it when i right click and choose options in finder, they are coming up as numbers and letters?

  • All replies
  • Helpful answers

first Previous Page 3 of 3
  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 20, 2012 3:54 PM in response to sarah.design
    Level 5 (4,801 points)
    Feb 20, 2012 3:54 PM in response to sarah.design

    sarah.design wrote:

     

    So i just copy that code and paste it into terminal and hit enter? I tired running that in terminal but nothing happened or has changed.

    Hmmm, it should give you something like this:

     

    Janets-iMac-G5:~ <userid>$ java -version

    java version "1.5.0_30"

    Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_30-b03-389-9M3425)

    Java HotSpot(TM) Client VM (build 1.5.0_30-161, mixed mode, sharing)

     

    except that yours should start with 1.6.0...

     

    What about your Java Preferences app, what does it say?

  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 20, 2012 4:04 PM in response to WZZZ
    Level 5 (4,801 points)
    Feb 20, 2012 4:04 PM in response to WZZZ

    WZZZ wrote:

     

    Very nasty! And I'm seeing the most recent XProtect update is only from 2/7.

    Had an off-line discussion with a colleague yesterday about this. We think that XProtect may not be effective here and that the Quarantine system probably needs to be fixed to cover Java installations. I'm not even sure that GateKeeper can prevent this sort of thing. As far as Apple is concerned, they have taken care of it by releasing J2SE 1.6.0_29, so it's no longer a threat to the supported OS X base. But what about the next Java vulnerability exploit? FYI, developers have a beta of J2SE 1.6.0_31 that corrects several such vulnerabilities and Adobe has Java 7 betas floating around.

    Besides the phony certificate, is this new version still delivered with a notice to update Flash Player? If not, how does it present itself?

    Users have been asked if they saw such a notice, but none of them responded, so I don't know if it's being marketed as a FlashPlayer update or not.

    It's really going to be wonderful when 10.8 comes out and shortly after Snow will become unsupported a year ahead of schedule. Throw us to the vultures.

    Tell me about it (Leopard on a PPC)!

  • by sarah.design,

    sarah.design sarah.design Feb 20, 2012 4:07 PM in response to MadMacs0
    Level 1 (0 points)
    Feb 20, 2012 4:07 PM in response to MadMacs0

    terminal.png

    this is all i see.. nothing comes up afetrwards

  • by sarah.design,

    sarah.design sarah.design Feb 20, 2012 4:10 PM in response to sarah.design
    Level 1 (0 points)
    Feb 20, 2012 4:10 PM in response to sarah.design

    I just restarted my computer and it is all back to normal now!! Thank you so so much. I apprecaite all of your help.

  • by X423424X,

    X423424X X423424X Feb 20, 2012 4:54 PM in response to sarah.design
    Level 6 (14,237 points)
    Feb 20, 2012 4:54 PM in response to sarah.design

    According to your terminal display you did the correct thing and nothing should appear after the rm if it actually deletes what is is asked to delete.

     

    So now, where can a I get a copy of what you downloaded?  I'd like to analyze it a bit.

  • by guitman,

    guitman guitman Feb 21, 2012 1:42 PM in response to boink boink
    Level 1 (0 points)
    Feb 21, 2012 1:42 PM in response to boink boink

    rm -rf ~/.MacOSX/environment.plist    also worked for me. I am curious what else this virus has left behind though. Hopefully someone will release full removal instructions in the near future. I really don't want to have to reinstall the OS.

  • by X423424X,

    X423424X X423424X Feb 21, 2012 2:21 PM in response to guitman
    Level 6 (14,237 points)
    Feb 21, 2012 2:21 PM in response to guitman

    I have to believe there is something in ~/Library/LaunchAgents.

  • by guitman,

    guitman guitman Feb 28, 2012 11:18 AM in response to guitman
    Level 1 (0 points)
    Feb 28, 2012 11:18 AM in response to guitman

    I sent some suspect files to Sophos and the verified they were indeed a virus. They identified this as OSX/Flshplyr-A . As of today, thier definition updates claim to now protect against this using thier free antivirus solution for Mac.

     

    The infected files on my machine were:

     

    /Users/Shared/.SuperJigsawPets.so

    /User/Shared/.svcdmp.so

    ~/.MACOSX/environment.plist

     

    Once these were removed, my issues were resolved.

  • by MadMacs0,

    MadMacs0 MadMacs0 Feb 28, 2012 12:15 PM in response to guitman
    Level 5 (4,801 points)
    Feb 28, 2012 12:15 PM in response to guitman

    guitman wrote:

     

    I sent some suspect files to Sophos and the verified they were indeed a virus. They identified this as OSX/Flshplyr-A . As of today, thier definition updates claim to now protect against this using thier free antivirus solution for Mac.

     

    The infected files on my machine were:

     

    /Users/Shared/.SuperJigsawPets.so

    /User/Shared/.svcdmp.so

    ~/.MACOSX/environment.plist

     

    Once these were removed, my issues were resolved.

    Not really. Your visible issues may have gone away, but there is still more work to do. Those files are from the FlashBack.G Trojan described in these articles: blog.intego…flashback-mac-trojan-horse-infections-increasing-with-new-variant/ and http://tidbits.com/article/12818. You will note that there is at least one more file to remove "~/Library/Logs/vmLog" and that code has probably been injected into your browser and other network applications in order to harvest your userID's and passwords to financial institutions and forward them on to the mother ship.

     

    As a minimum you need to replace Safari and Skype if you have it from a trusted source. If you use other browsers or network applications, you would be wise to replace those as well.

     

    Also change the passwords to all the financial sites you have logged into over the past ten days as well as all others where you have used the same UserID/Password combination. Try to make them all different.

     

    Since the information available to date on exactly what all this Trojan does is limited, most of us are still recommending you make sure you have a good backup of your user data, format your disk, reinstall your OS X from original disks along with all browser and network applications, then restore your user data. If you have a good TimeMachine backup you can also restore it back to where it was before you were infected, which, as near as we've been able to figure out is on or about February 18.

     

    Also make sure your Java is up-to-date (J2SE 1.6.0_29) and that you do not automatically approve self-signed certificates from sources you don't trust.

first Previous Page 3 of 3