Skip navigation

New malware?

3511 Views 57 Replies Latest reply: Oct 30, 2012 4:29 PM by BDAqua RSS
1 2 3 4 Previous Next
SnowLeo777 Level 1 Level 1 (0 points)
Currently Being Moderated
Oct 23, 2012 2:27 PM

Since a couple of days my iMac (Snow Leopard (10.6.8) would not start up when it is connected to the Internet. Blue

screen appears, and the desktop never appears. If I disconnect the Internet or turn off the modem, it loads

correctly and works as usual. If I turn on the modem while the computer is already on, it freezes or gets extremely

slow - impossible to open any application or turn it off in a normal way. I called my Internet provider, we reset

the modem, and I connected my old PC to test the modem with another computer. It works without problem. After the

reset I tried it with Mac again. The computer was able to start up, very slowly, and I managed to set up the

Internet connection again. But then a message appeared on the screen saying "Please type you computer password in

order for Dropbox to function properly". I clicked "cancel". After that the computer became incredibly slow again,

freezing each time I clicked the mouse.
I would like to run ClamXav or another antivirus software but can not do it because I need to get definitions from

Internet, and the computer becomes not usable as soon as it's connected to the Internet.

Does it look like a malware? The message that appears by itself proposing to enter the password for the computer

seems not to be normal.

I would really appreciate some advice!

iMac, Mac OS X (10.6.8)
  • BDAqua Level 10 Level 10 (114,730 points)
    Currently Being Moderated
    Oct 23, 2012 2:43 PM (in response to SnowLeo777)

    Doesn't sound like malware yet.

     

    One way to test is to Safe Boot from the HD, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, Test for problem in Safe Mode...

     

    PS. Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive

     

    Reboot, test again.

     

    If it only does it in Regular Boot, then it could be some hardware problem like Video card, (Quartz is turned off in Safe Mode), or Airport, or some USB or Firewire device, or 3rd party add-on, Check System Preferences>Accounts>Login Items window to see if it or something relevant is listed.

     

    Check the System Preferences>Other Row, for 3rd party Pref Panes.

     

    Also look in these if they exist, some are invisible...

     

    /private/var/run/StartupItems

    /Library/StartupItems

    /System/Library/StartupItems

    /System/Library/LaunchDaemons

    /Library/LaunchDaemons

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 23, 2012 4:56 PM (in response to SnowLeo777)

    SnowLeo777 wrote:

     

    a message appeared on the screen saying "Please type you computer password in

    order for Dropbox to function properly". I clicked "cancel".

    You need to type in your admin password to clear this. Dropbox won't work properly without it and it could even be causing some of your issue.

     

    I agree with BDAqua that this is not malware.

     

    If a hardware problem is indicated, then you should run the Apple Hardware Test. Instructions for running it on your model iMac should be explained in your manual or read Intel-based Macs: Using Apple Hardware Test.

     

    How are you attached to the internet, via WiFi or directly connected to your Cable/DSL modem with an ethernet wire?

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 24, 2012 11:12 AM (in response to SnowLeo777)

    SnowLeo777 wrote:

     

    ...should repair permissions and repeat the test?

    Repair permissions. No need to repeat the test as it will still say there are a few errors as explained in "Disk Utility's Repair Disk Permissions messages that you can safely ignore".

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 25, 2012 10:26 AM (in response to SnowLeo777)

    SnowLeo777 wrote:

     

    In Safe mode I was able to install and run ClamXaV. It is still running and found HTML.Spy.IMG in one Jpeg file. Is it a PC virus?

    All OS X malware should have "OSX" in the infection name. The signature contains a link to a JavaScript on a web site in Argentina, so I suspect it was found in one of your browser caches.

     

    Checking VirusTotal shows what the infection is called by 29 other vendors, and appears to be a Windows Trojan, possibly disquised as a clickable image. More details are probably available from one of the other vendors, like Sophos.

     

    To get detailed information on what ClamXav has found, click on the ClamXav window showing the results to make sure it's in front and  type Command-A, Command-C (or choose "Select-All", "Copy" from the "Edit" menu) to copy the information to your clip board, then come back here and type Command-V or choose "Paste" to show us what was found where.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 25, 2012 12:18 PM (in response to SnowLeo777)

    SnowLeo777 wrote:

     

    In the Scan summary window, before the scan results, it says "LibClamAV Error: fmap_readpage: pread error: Input/output error".

    Might be more information in either the Scan Log or system.log, but there's not a lot of information on these errors in the ClamAV documentation. Possibly a problem trying to read a file. Not sure whether a corrupt file would cause this or a bad sector on your hard drive.

    And in scan results it also says "Total errors: 1101"

    Unfortunately, these errors are not logged by the current scan engine (supposed to be fixed in v0.98.x), so there is no way to be certain, but in previous tests these were either files that you do not have read access to (system or other users' files) or temporary files that disappear during the scan process. 1100 seems like a lot, to me, but without knowing your setup I can't really tell. Did this include any external drives? I don't think LibClamAV errors are included in that count.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    Oct 25, 2012 1:47 PM (in response to SnowLeo777)

    SnowLeo777 wrote:

     

    BDAqua suggested in the first post:

     

    Also look in these if they exist, some are invisible...

     

    /private/var/run/StartupItems

    ...

     

    What exactly should I look for?

    Anything you don't expect to be launched at startup. If you don't know then post what you find and someone can tell you if any look to be abnormal.

    And how can I see invisible folders?

    In the Finder's "Go" menu, choose "Go to Folder..." or type Command-Shift-G

    Copy and paste "/private/var/run/StartupItems" without the quotes and click the "Go" button.

  • BDAqua Level 10 Level 10 (114,730 points)
    Currently Being Moderated
    Oct 25, 2012 3:44 PM (in response to SnowLeo777)

    At least get rid of this one...

     

    folder "Jaksta" containing items: StartupParameters.plist

1 2 3 4 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.