ac96822

Q: Accidentally downloaded a virus/malware (?) - please help

I was trying to download the Flip4Mac app from a site that was dubious, but under the assumption that my Mac would protect itself from any file that could harm it.  Yes, very naive.  This was on August 7th, around 12:20-12:30 sometime.  I've tried to run a variety of anti-virus software, and Avast seemed to initially catch the viruses, but I deleted them before moving to the Virus Chest, and after reading more, found out that may've been a mistake.  However, after running scans a few more times, I can no longer find those viruses.

 

Basically, I want to know that they're permanently gone, and off my Mac, and if not, how to resolve the issue.  I can give more details, but don't want to bludgeon any more than I already have, especially if the information is useless to the cause.  I originally posted three days ago, but perhaps posted to the wrong forum, the original one is here: Please help undo damage done by bad software download

 

I ran a script as directed by Linc Davis in response to another similar issue (Utilities->Terminal), and the results are pasted below.  I also ran EtreCheck, and can follow up with the data received from running that program.

 

Google Chrome, Safari, and my Library/Preferences folders are screwed up, and that's only what I've found so far.  I've re-set my internet, and dumped some of the files I think were causing the damage, but today I tried to open folders in Finder, and they show nothing in there.  This has never happened before, and am guessing it might be related.

 

Thank you so much in advance, I really don't know what else to do.

 

Andrea

 

Start time: 13:48:15 08/10/14

 

 

Model Identifier: MacBookAir4,2

System Version: Mac OS X 10.7.5 (11G63)

Kernel Version: Darwin 11.4.2

Boot Mode: Normal

64-bit Kernel and Extensions: Yes

Time since boot: 6 days 5:05

 

 

Log

 

 

   Aug  4 08:43:34 Sleep failure code 0x00000000 0x31000000

   Aug  4 08:43:34 jnl: unknown-dev: replay_journal: from: 16551424 to: 18159616 (joffset 0xd502000)

   Aug  4 08:43:35 jnl: unknown-dev: journal replay done.

   Aug  4 08:43:38 Previous Shutdown Cause: -60

   Aug  4 13:08:35 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  4 13:19:01 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  5 00:19:54 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  5 00:21:37 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  5 07:33:52 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  5 13:33:08 jnl: disk0s3: replay_journal: from: 1334784 to: 1577984 (joffset 0x7000)

   Aug  5 13:33:08 jnl: disk0s3: journal replay done.

   Aug  7 03:46:55 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  7 09:00:20 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  7 09:44:07 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  7 11:10:07 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  7 11:56:23 wl0: Roamed or switched channel, reason #8, bssid f8

   Aug  7 12:25:27 New Power Throttle state:1 Old state:0

   Aug  7 12:25:28 New Power Throttle state:0 Old state:1

   Aug  7 19:52:25 ALF: ifnet_get_address_list_family error 12

 

 

kexts

 

 

   com.avast.PacketForwarder (1.4)

   com.avast.AvastFileShield (2.1.0)

   com.sophos.nke.swi (9.0.0)

   com.sophos.kext.sav (9.0.0)

 

 

Daemons

 

 

   com.sophos.intercheck

   com.sophos.sxld

   com.sophos.webd

   com.sophos.configuration

   com.sophos.notification

   com.sophos.autoupdate

   com.sophos.scan

   com.avast.crashreport

   com.avast.account

   com.avast.fileshield

   com.avast.proxy

   com.avast.service

   com.avast.update

   com.avast.daemon

   com.avast.uninstall

   com.avast.init

   jp.co.canon.MasterInstaller

   com.microsoft.office.licensing.helper

   com.adobe.fpsaud

 

 

Agents

 

 

   com.sophos.uiserver

   com.avast.helper

   com.avast.userinit

   com.genieo.completer.update

   com.genieo.completer.download

   com.hp.help.tocgenerator

   com.google.keystone.user.agent

   com.adobe.ARM.UUID

 

 

launchd

 

 

   /Library/LaunchAgents/com.avast.userinit.plist

   - com.avast.userinit

   /Library/LaunchAgents/com.hp.help.tocgenerator.plist

   - com.hp.help.tocgenerator

   /Library/LaunchAgents/com.sophos.uiserver.plist

   - com.sophos.uiserver

   /Library/LaunchDaemons/com.adobe.fpsaud.plist

   - com.adobe.fpsaud

   /Library/LaunchDaemons/com.avast.init.plist

   - com.avast.init

   /Library/LaunchDaemons/com.avast.uninstall.plist

   - com.avast.uninstall

   /Library/LaunchDaemons/com.avast.update.plist

   - com.avast.update

   /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

   - com.microsoft.office.licensing.helper

   /Library/LaunchDaemons/com.sophos.autoupdate.plist

   - com.sophos.autoupdate

   /Library/LaunchDaemons/com.sophos.configuration.plist

   - com.sophos.configuration

   /Library/LaunchDaemons/com.sophos.intercheck.plist

   - com.sophos.intercheck

   /Library/LaunchDaemons/com.sophos.notification.plist

   - com.sophos.notification

   /Library/LaunchDaemons/com.sophos.scan.plist

   - com.sophos.scan

   /Library/LaunchDaemons/com.sophos.sxld.plist

   - com.sophos.sxld

   /Library/LaunchDaemons/com.sophos.webd.plist

   - com.sophos.webd

   /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist

   - jp.co.canon.MasterInstaller

   Library/LaunchAgents/com.adobe.ARM.UUID.plist

   - com.adobe.ARM.UUID

   Library/LaunchAgents/com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID. plist

   - com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID

   Library/LaunchAgents/com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID. plist

   - com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID

   Library/LaunchAgents/com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID. plist

   - com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID

   Library/LaunchAgents/com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID. plist

   - com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID

   Library/LaunchAgents/com.apple.FolderActions.enabled.plist

   - com.apple.FolderActions.enabled

   Library/LaunchAgents/com.apple.FolderActions.folders.plist

   - com.apple.FolderActions.folders

   Library/LaunchAgents/com.avast.home.userinit.plist

   - com.avast.home.userinit

   Library/LaunchAgents/com.genieo.completer.download.plist

   - com.genieo.completer.download

   Library/LaunchAgents/com.genieo.completer.update.plist

   - com.genieo.completer.update

   Library/LaunchAgents/com.google.keystone.agent.plist

   - com.google.keystone.user.agent

   Library/LaunchAgents/jp.co.canon.Inkjet_Extended_Survey_Agent.plist

   - jp.co.canon.Inkjet_Extended_Survey_Agent

 

 

Startup items

 

 

   /Library/StartupItems/HP Trap Monitor/HP Trap Monitor

   /Library/StartupItems/HP Trap Monitor/StartupParameters.plist

 

 

Bundles

 

 

   /Library/Internet Plug-Ins/AdobePDFViewer.plugin

   - com.adobe.acrobat.pdfviewer

   /Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

   - com.adobe.acrobat.pdfviewerNPAPI

   /Library/Internet Plug-Ins/EPPEX Plugin.plugin

   - N/A

   /Library/Internet Plug-Ins/Flash Player.plugin

   - N/A

   /Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin

   - net.telestream.wmv.plugin

   /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

   - com.apple.java.JavaAppletPlugin

   /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

   - com.microsoft.sharepoint.browserplugin

   /Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

   - com.microsoft.sharepoint.webkitplugin

   /Library/Internet Plug-Ins/Silverlight.plugin

   - com.microsoft.SilverlightPlugin

   /Library/PreferencePanes/Flash Player.prefPane

   - com.adobe.flashplayerpreferences

   /Library/PreferencePanes/Flip4Mac WMV.prefPane

   - net.telestream.wmv.prefpane

   /Library/QuickTime/Flip4Mac WMV Advanced.component

   - net.telestream.wmv.advanced

   /Library/QuickTime/Flip4Mac WMV Export.component

   - net.telestream.wmv.export

   /Library/QuickTime/Flip4Mac WMV Import.component

   - net.telestream.wmv.import

   Library/Mail/Bundles/TruePreview.mailbundle

   - org.christianserving.mac.mail.plugin.TruePreview

   Library/Widgets/HP Ink Widget.wdgt

   - com.hp.widget.inkwidget

 

 

Apps

 

 

   /Applications/Dropbox.app

 

 

Contents of /System/Library/LaunchAgents/com.apple.SafariNotificationAgent.plist (XML  document text)

 

 

   <?xml version="1.0" encoding="UTF-8"?>

   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

   <plist version="1.0">

   <dict>

    <key>Label</key>

    <string>com.apple.SafariNotificationAgent</string>

    <key>LaunchEvents</key>

    <dict>

    <key>com.apple.usernotificationcenter.matching</key>

    <dict>

    <key>com.apple.SafariNotificationAgent</key>

    <dict>

    <key>events</key>

    <array>

    <string>didDeliverNotification</string>

    <string>didActivateNotification</string>

    </array>

    <key>webcenter</key>

    <true/>

    </dict>

    </dict>

    </dict>

    <key>KeepAlive</key>

    <false/>

    <key>MachServices</key>

 

 

   ...and 8 more line(s)

 

 

Contents of /System/Library/LaunchAgents/com.apple.iCalPush.plist (XML  document text)

 

 

   <?xml version="1.0" encoding="UTF-8"?>

   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

   <plist version="1.0">

       <dict>

           <key>Label</key>

           <string>com.apple.iCalPush</string>

           <key>LimitLoadToSessionType</key>

           <array>

               <string>LoginWindow</string>

               <string>Aqua</string>

           </array>

           <key>MachServices</key>

           <dict>

               <key>com.apple.iCalPush</key>

               <true/>

           </dict>

           <key>ProgramArguments</key>

           <array>

               <string>/Applications/iCal.app/Contents/Resources/iCalPush</string>

           </array>

       </dict>

   </plist>

 

 

Contents of /System/Library/LaunchAgents/org.x.startx.plist (XML  document text)

 

 

   <?xml version="1.0" encoding="UTF-8"?>

   <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

   <plist version="1.0">

   <dict>

    <key>Label</key>

    <string>org.x.startx</string>

    <key>ProgramArguments</key>

    <array>

    <string>/usr/X11/bin/startx</string>

    </array>

    <key>Sockets</key>

    <dict>

    <key>org.x:0</key>

    <dict>

    <key>SecureSocketWithKey</key>

    <string>DISPLAY</string>

    </dict>

    </dict>

    <key>ServiceIPC</key>

    <true/>

    <key>EnableTransactions</key>

    <true/>

   </dict>

   </plist>

 

 

Contents of /System/Library/LaunchDaemons/com.apple.usbmuxd.plist (XML  document text)

 

 

   <?xml version="1.0" encoding="UTF-8"?>

   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

   <plist version="1.0">

   <dict>

    <key>KeepAlive</key>

    <true/>

    <key>RunAtLoad</key>

    <true/>

    <key>Label</key>

    <string>com.apple.usbmuxd</string>

    <key>ProgramArguments</key>

    <array>

    <string>/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Res ources/usbmuxd</string>

    <string>-launchd</string>

    </array>

    <key>UserName</key>

    <string>_usbmuxd</string>

    <key>GroupName</key>

    <string>_usbmuxd</string>

    <key>Sockets</key>

    <dict>

    <key>Listeners</key>

    <dict>

    <key>SockFamily</key>

    <string>Unix</string>

 

 

   ...and 12 more line(s)

 

 

Contents of /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist (XML  document text)

 

 

   <?xml version="1.0" encoding="UTF-8"?>

   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

   <plist version="1.0">

   <dict>

    <key>Label</key>

    <string>com.apple.xprotectupdater</string>

    <key>ProgramArguments</key>

    <array>

    <string>/usr/libexec/XProtectUpdater</string>

    </array>

    <key>RunAtLoad</key>

    <true/>

    <key>StartCalendarInterval</key>

    <dict>

    <key>Hour</key>

    <integer>0</integer>

    <key>Minute</key>

    <integer>53</integer>

    </dict>

   </dict>

   </plist>

 

 

Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (XML  document text)

 

 

   <?xml version="1.0" encoding="UTF-8"?>

   <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

   <plist version="1.0">

   <dict>

    <key>Disabled</key>

    <true/>

    <key>Label</key>

    <string>org.apache.httpd</string>

    <key>OnDemand</key>

    <false/>

    <key>ProgramArguments</key>

    <array>

    <string>/usr/sbin/httpd</string>

    <string>-D</string>

    <string>FOREGROUND</string>

    <string>-D</string>

    <string>WEBSHARING_ON</string>

    </array>

    <key>SHAuthorizationRight</key>

    <string>system.preferences</string>

   </dict>

   </plist>

 

 

Font issues: 20

 

 

Bad plists

 

 

   Library/Preferences/com.solidstatenetworks.awkhost.plist

 

 

Firewall: On

 

 

Proxies

 

 

   ProxyAutoConfigEnable : 1

   ProxyAutoConfigURLString : http://wpad/wpad.dat

   ProxyAutoDiscoveryEnable : 1

 

 

Listeners

 

 

   launchd: afpovertcp

   cupsd: ipp

   kdc: kerberos

   httpd: http

   httpd: http

 

 

Wi-Fi

 

 

   link auth: wpa-psk

 

 

Restricted files: 895

 

 

Elapsed time (s): 163

MacBook Air, Mac OS X (10.7.5)

Posted on Aug 10, 2014 3:30 PM

Close

Q: Accidentally downloaded a virus/malware (?) - please help

  • All replies
  • Helpful answers

Previous Page 2
  • by MadMacs0,

    MadMacs0 MadMacs0 Aug 11, 2014 8:40 PM in response to ac96822
    Level 5 (4,801 points)
    Aug 11, 2014 8:40 PM in response to ac96822

    ac96822 wrote:

     

    But for as much junk as I've put on this computer, coupled with my dependency on its content, I will give your app a whirl.  Could it diagnose and fix my font problem?

    Thomas has probably turned out the lights for the night by now, so I'll just quickly answer that it's unlikely to fix whatever your font issue is. Since both our focus areas tend to be malware (and more recently adware, since it's become a much bigger issue) I have glossed over that, but I'll take a look and get back to you if I see anything obvious.

  • by ac96822,

    ac96822 ac96822 Aug 12, 2014 6:05 AM in response to MadMacs0
    Level 1 (0 points)
    Aug 12, 2014 6:05 AM in response to MadMacs0

    I ran the TSM Adware Removal Tool - it found TWO MORE Genieo items; one folder (com.genieoinnovation.installer), and one file (my-homepage.xml).  Actually, I don't know for sure that the file is related to Genieo, but it seems to be the root of all evil on my computer.

     

    It also found Spigot and removed that. 

     

    This was a great script  Should I install an anti-virus/-malware/-adware/-trojan software of some type?  Any recommendations?  Or just occasionally run the script?

     

    Thank you so very much, I genuinely have appreciated all the help.

  • by thomas_r.,

    thomas_r. thomas_r. Aug 12, 2014 9:36 AM in response to ac96822
    Level 7 (30,944 points)
    Mac OS X
    Aug 12, 2014 9:36 AM in response to ac96822

    There's no need to run that script repeatedly. You only need to use it if you're having symptoms of adware (ie, ads in your web browser that shouldn't be there). It won't hurt anything if you run it repeatedly, of course. But be aware that if you are frequently finding adware, you need to make some serious changes to your web browsing and downloading habits.

     

    Also, note that there is no anti-virus software that is capable of protecting you against all adware. So there's not much point in installing it.

Previous Page 2