Skip navigation

Non-Apple Software No Longer Works

4835 Views 50 Replies Latest reply: Apr 13, 2012 4:11 PM by walterfromct RSS
1 2 3 4 Previous Next
walterfromct Level 1 Level 1 (0 points)
Currently Being Moderated
Apr 1, 2012 4:09 PM

Had a weird experience this AM.  Was checking email via Safari when a screen popped up asking for permission to update software.  I declined, because I didn't know who was trying to do what (i.e., there were no update icons in the Dock, etc.).  Then, the fun began.

 

I tried to open EXCEL next and it wouldn't open.  It immediately failed with a message saying the application quit unexpectedly, etc., etc.  Same thing happened with every other Office app.  After much discussion with Apple, then Microsoft, and then Apple again, I was able to un-install Mcrosoft Office but the kicker is: I got the same failure when I tried to re-install the apps from the CD (i.e., I got an immediate failure when I double-clicked the install icon).

 

With Microsoft's help, I was able to set up another user profile with Admin capability, and the apps installed just fine using that profile.  So, the problem appears to be with my main profile.  However, Apple is stumped and gave up trying to help me.

 

So, I'm now in the situation where the Apps are on my machine under 1 profile and the data is under another profile. AND, I just discovered that Quicken fails when I try to iopen it in my 1st Profile too.

 

So,

 

1.  Has this happened to anyone else out there?  If so, how'd you get around it?

 

2.  Is there a way to share files between profiles?  I know I can probably copy the Microsoft files on a portable drive, but I'm concerned about the Quicken database.  Not sure how to transport this data between Users.

 

Any help would be GREATLY appreciated.

 

PS.  I'm running Snow Leopard.  There are no pending software updates.

iMac, Mac OS X (10.6.8)
  • Linc Davis Level 10 Level 10 (107,875 points)
    Currently Being Moderated
    Apr 1, 2012 4:37 PM (in response to walterfromct)

    Launch the Console application in any of the following ways:

     

    Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

     

    In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

     

    If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Console in the page that opens.

     

    Step 1

     

    Enter the name of the crashed application or process in the Filter text field. Post the messages from the time of the last crash, if any — the text, please, not a screenshot.

     

    Step 2

     

    Still in the Console window, look under User Diagnostic Reports for crash reports related to the process. The report name starts with the name of the crashed process, and ends with ".crash". Select the most recent report and post the contents — again, the text, not a screenshot. For privacy’s sake, I suggest that, before posting, you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if it’s present (it may not be.)

  • Linc Davis Level 10 Level 10 (107,875 points)
    Currently Being Moderated
    Apr 2, 2012 6:32 AM (in response to walterfromct)

    You installed a variant of what’s usually called the “Flashback” malware, although the name is obsolete.

     

    If you’re absolutely sure you know when that happened, and you back up with Time Machine or something similar, you can save yourself a lot of time by restoring your whole system from the most recent snapshot taken before it was infected. Then take Steps 7 and 8 below.

     

    How can you tell when the infection took place? All you can be sure of is that you were infected some time before the problems started. You may have visited a blog that prompted you to install some kind of software, or a “certificate.” If you remember doing that recently, mention it in a reply, but don’t post a link. Or you may have downloaded a file with a Bittorrent client, always a dependable source of malware.

     

    If you don’t know when you were infected, there's no easy, reliable way to remove the malware, because it's constantly changing. I suggest you take the following steps immediately:

     

    1. Back up all data to at least two different devices, if you haven't already done so.

     

    2. Boot from your recovery partition (if running Mac OS X 10.7 or later) or your installation disc (if running an earlier version of the Mac OS), launch Disk Utility, and erase the startup drive. This action will destroy all data on the drive, so you must be sure of your backups.

     

    3. Install the Mac OS.

     

    4. Reboot and go through the initial setup process to create an account with the same name as your old one. Don’t import anything from your backups at this stage.

     

    5. If running Mac OS X 10.6.x or earlier, run Software Update.

     

    6. Restore the contents of the top-level subfolders of your home folder except “Library” from the most recent backup. The Library folder may contain components of the malware. It’s best not to restore anything from there. If you must do so, restore only files, not folders, and only if they’re visible in the Finder, and then only if you’re absolutely sure you know what they are and they haven’t been altered. Don’t restore anything in the home subfolder Library/LaunchAgents, if it exists, or any hidden files or folders, no matter where they are.

     

    7. If you’re running Mac OS X 10.5.x or earlier, disable Java in Safari’s preferences, and leave it disabled until you upgrade to Mac OS X 10.6.8 or later, including all available updates. The Java web plugin is unsafe to use under older versions of the Mac OS. Note: I’m not referring to JavaScript, which is unrelated to Java, despite the similar names. Although there’s no conclusive proof, some have suggested that the Java web plugin is unsafe to use in any version of the Mac OS. Legitimate Java content is uncommon on modern websites, so you should consider disabling Java in all your browsers regardless of your Mac OS version.

     

    8. Change every Internet password you have, starting with banking passwords. Check all financial accounts for unauthorized transactions. Take this step only after you’ve secured your system in the preceding steps, not before.

     

    9. Reinstall your third-party software from fresh downloads or original media, not from backups which may be contaminated. If you use any third-party web browsers under Mac OS X 10.5.x or earlier, disable Java in their preferences, as you did with Safari in step 7.

     

    More information about Flashback can be found by searching this site, or the Web.

     

    If you use a Mac OS version older than 10.6, you should upgrade at least to 10.6.8 as soon as possible, even if you have to buy a new computer. Those older Mac OS versions are no longer maintained by Apple, and they may have other security holes, besides the one mentioned above, that make them permanently unsafe to use on the Internet.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 2, 2012 8:08 AM (in response to Linc Davis)

    Linc Davis wrote: Don’t restore anything in the home subfolder Library/LaunchAgents, if it exists, or any hidden files or folders, no matter where they are.

    Linc, how does one avoid restoring the hidden, dot files or folders, since, by definition, they are invisible? Toggle hidden on during the restore using Terminal or TinkerTool first?

  • Linc Davis Level 10 Level 10 (107,875 points)
    Currently Being Moderated
    Apr 2, 2012 8:12 AM (in response to walterfromct)

    I can't tell you what the malware does. Nobody knows. A document as such, as long as it's just a document and not in any special folder, cannot in itself function as malware, though it could be part of a malware installation.

     

    Some iPhoto and iMovie settings are stored in the home Library, but the documents should be in the Pictures and Movies folders, respectively. As long as those are backed up and restored, you should be OK. You'll need to recreate your settings.

  • Linc Davis Level 10 Level 10 (107,875 points)
    Currently Being Moderated
    Apr 2, 2012 8:15 AM (in response to WZZZ)

    Linc, how does one avoid restoring the hidden, dot files or folders, since, by definition, they are invisible?

     

    The easiest way is to follow the above instructions exactly. Don't restore the whole home folder or the Library subfolder. Only restore the contents of the visible top-level folders such as Documents, Desktop, etc. Some parts of the trojan might conceivably get through, but they wouldn't be effective without the rest.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 2, 2012 8:48 AM (in response to Linc Davis)

    One silver lining to this very dark cloud is that those who lose their PPC apps at least have a chance to discover they've been infected. They must represent only the tip of a huge iceberg of infected users.

  • noondaywitch Level 6 Level 6 (8,130 points)
    Currently Being Moderated
    Apr 2, 2012 9:33 AM (in response to walterfromct)

    I've just been reading a report via The Register that suggests the vulnerability being exploited by Flashback is not fixed in the latest Mac Java update, although it was fixed in Windows versions some time ago.

     

    Do not trust Java on any OS version.

  • Linc Davis Level 10 Level 10 (107,875 points)
    Currently Being Moderated
    Apr 2, 2012 10:54 AM (in response to walterfromct)

    You need a working 10.6.8 installation in order to buy and install Lion.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    Apr 2, 2012 11:07 AM (in response to noondaywitch)

    Yeah, this infected user was asked what Java version he was running when infected:

     

    NuLynx wrote:

     

    java version "1.6.0_29"

     

    MadMacs0 wrote:

     

    Thanks, that's consistent with what others have told me over the past couple of days. Appears that they have found another way to infect.

     

     

    https://discussions.apple.com/message/18020948#18020948

     

    Best to disable Java in the browser and uncheck the On boxes in Java Preferences>General

1 2 3 4 Previous Next

Actions

More Like This

  • Retrieving data ...

Related Articles

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.