Q: Why is it when i right click and choose options in finder, they are coming up as numbers and letters?
iMac (21.5-inch Late 2009), Mac OS X (10.6.8)
Posted on Feb 20, 2012 12:32 AM
iMac (21.5-inch Late 2009), Mac OS X (10.6.8)
Posted on Feb 20, 2012 12:32 AM
sarah.design wrote:
So i just copy that code and paste it into terminal and hit enter? I tired running that in terminal but nothing happened or has changed.
Hmmm, it should give you something like this:
Janets-iMac-G5:~ <userid>$ java -version
java version "1.5.0_30"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_30-b03-389-9M3425)
Java HotSpot(TM) Client VM (build 1.5.0_30-161, mixed mode, sharing)
except that yours should start with 1.6.0...
What about your Java Preferences app, what does it say?
WZZZ wrote:
Very nasty! And I'm seeing the most recent XProtect update is only from 2/7.
Had an off-line discussion with a colleague yesterday about this. We think that XProtect may not be effective here and that the Quarantine system probably needs to be fixed to cover Java installations. I'm not even sure that GateKeeper can prevent this sort of thing. As far as Apple is concerned, they have taken care of it by releasing J2SE 1.6.0_29, so it's no longer a threat to the supported OS X base. But what about the next Java vulnerability exploit? FYI, developers have a beta of J2SE 1.6.0_31 that corrects several such vulnerabilities and Adobe has Java 7 betas floating around.
Besides the phony certificate, is this new version still delivered with a notice to update Flash Player? If not, how does it present itself?
Users have been asked if they saw such a notice, but none of them responded, so I don't know if it's being marketed as a FlashPlayer update or not.
It's really going to be wonderful when 10.8 comes out and shortly after Snow will become unsupported a year ahead of schedule. Throw us to the vultures.
Tell me about it (Leopard on a PPC)!
I just restarted my computer and it is all back to normal now!! Thank you so so much. I apprecaite all of your help.
According to your terminal display you did the correct thing and nothing should appear after the rm if it actually deletes what is is asked to delete.
So now, where can a I get a copy of what you downloaded? I'd like to analyze it a bit.
rm -rf ~/.MacOSX/environment.plist also worked for me. I am curious what else this virus has left behind though. Hopefully someone will release full removal instructions in the near future. I really don't want to have to reinstall the OS.
I have to believe there is something in ~/Library/LaunchAgents.
I sent some suspect files to Sophos and the verified they were indeed a virus. They identified this as OSX/Flshplyr-A . As of today, thier definition updates claim to now protect against this using thier free antivirus solution for Mac.
The infected files on my machine were:
/Users/Shared/.SuperJigsawPets.so
/User/Shared/.svcdmp.so
~/.MACOSX/environment.plist
Once these were removed, my issues were resolved.
guitman wrote:
I sent some suspect files to Sophos and the verified they were indeed a virus. They identified this as OSX/Flshplyr-A . As of today, thier definition updates claim to now protect against this using thier free antivirus solution for Mac.
The infected files on my machine were:
/Users/Shared/.SuperJigsawPets.so
/User/Shared/.svcdmp.so
~/.MACOSX/environment.plist
Once these were removed, my issues were resolved.
Not really. Your visible issues may have gone away, but there is still more work to do. Those files are from the FlashBack.G Trojan described in these articles: blog.intego…flashback-mac-trojan-horse-infections-increasing-with-new-variant/ and http://tidbits.com/article/12818. You will note that there is at least one more file to remove "~/Library/Logs/vmLog" and that code has probably been injected into your browser and other network applications in order to harvest your userID's and passwords to financial institutions and forward them on to the mother ship.
As a minimum you need to replace Safari and Skype if you have it from a trusted source. If you use other browsers or network applications, you would be wise to replace those as well.
Also change the passwords to all the financial sites you have logged into over the past ten days as well as all others where you have used the same UserID/Password combination. Try to make them all different.
Since the information available to date on exactly what all this Trojan does is limited, most of us are still recommending you make sure you have a good backup of your user data, format your disk, reinstall your OS X from original disks along with all browser and network applications, then restore your user data. If you have a good TimeMachine backup you can also restore it back to where it was before you were infected, which, as near as we've been able to figure out is on or about February 18.
Also make sure your Java is up-to-date (J2SE 1.6.0_29) and that you do not automatically approve self-signed certificates from sources you don't trust.