Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Non-Apple Software No Longer Works

Had a weird experience this AM. Was checking email via Safari when a screen popped up asking for permission to update software. I declined, because I didn't know who was trying to do what (i.e., there were no update icons in the Dock, etc.). Then, the fun began.


I tried to open EXCEL next and it wouldn't open. It immediately failed with a message saying the application quit unexpectedly, etc., etc. Same thing happened with every other Office app. After much discussion with Apple, then Microsoft, and then Apple again, I was able to un-install Mcrosoft Office but the kicker is: I got the same failure when I tried to re-install the apps from the CD (i.e., I got an immediate failure when I double-clicked the install icon).


With Microsoft's help, I was able to set up another user profile with Admin capability, and the apps installed just fine using that profile. So, the problem appears to be with my main profile. However, Apple is stumped and gave up trying to help me.


So, I'm now in the situation where the Apps are on my machine under 1 profile and the data is under another profile. AND, I just discovered that Quicken fails when I try to iopen it in my 1st Profile too.


So,


1. Has this happened to anyone else out there? If so, how'd you get around it?


2. Is there a way to share files between profiles? I know I can probably copy the Microsoft files on a portable drive, but I'm concerned about the Quicken database. Not sure how to transport this data between Users.


Any help would be GREATLY appreciated.


PS. I'm running Snow Leopard. There are no pending software updates.

iMac, Mac OS X (10.6.8)

Posted on Apr 1, 2012 4:09 PM

Reply
50 replies

Apr 1, 2012 4:37 PM in response to walterfromct

Launch the Console application in any of the following ways:


Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Console in the page that opens.


Step 1


Enter the name of the crashed application or process in the Filter text field. Post the messages from the time of the last crash, if any — the text, please, not a screenshot.


Step 2


Still in the Console window, look under User Diagnostic Reports for crash reports related to the process. The report name starts with the name of the crashed process, and ends with ".crash". Select the most recent report and post the contents — again, the text, not a screenshot. For privacy’s sake, I suggest that, before posting, you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if it’s present (it may not be.)

Apr 1, 2012 5:31 PM in response to Linc Davis

Thanks for the quick response.


I looked at the console entries as you suggested and it's loaded from all of today's activities. I'm not sure I'll be able to sync up the entires you requested.


So, I'm going to wait until tomorrow morning, recreate the error by attempting to re-install MS Office, and then post tomorrow's console entries as you requested. That way, I'll be sure various messages will be syn'd up.


Thanks, again. And stay tuned.

Apr 2, 2012 6:27 AM in response to Linc Davis

Linc,


I attempted to re-install MS Office from the CD 1st thing after booting up this AM and it failed again.


Here's the console info. you suggested:


The messages:


4/2/12 8:51:05 AM com.apple.launchd[1] *** launchd[1] has started up. ***

4/2/12 8:51:27 AM com.apple.launchd.peruser.501[88] (com.apple.ReportCrash) Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self

4/2/12 8:51:31 AM com.apple.launchd.peruser.501[88] (com.apple.Kerberos.renew.plist[113]) Exited with exit code: 1

4/2/12 8:52:12 AM Pages[127] contentBoundsOrigin = {0, 0}

4/2/12 8:52:12 AM Pages[127] contentBoundsOrigin = {0, 0}

4/2/12 8:52:12 AM Pages[127] contentBoundsOrigin = {0, 0}

4/2/12 8:52:12 AM Pages[127] contentBoundsOrigin = {0, 0}

4/2/12 8:52:12 AM Pages[127] contentBoundsOrigin = {0, 0}

4/2/12 8:52:59 AM [0x0-0x10010].com.microsoft.setupassistant[146] dyld: could not load inserted library: /Users/Shared/.libgmalloc.dylib

4/2/12 8:52:59 AM com.apple.launchd.peruser.501[88] ([0x0-0x10010].com.microsoft.setupassistant[146]) Job appears to have crashed: Trace/BPT trap

4/2/12 8:52:59 AM ReportCrash[148] Saved crash report for LaunchCFMApp[146] version ??? (???) to /Users/waltersemolic/Library/Logs/DiagnosticReports/LaunchCFMApp_2012-04-02-085 259_Macintosh.crash

4/2/12 8:53:16 AM com.apple.WindowServer[67] Mon Apr 2 08:53:16 Macintosh.local WindowServer[67] <Error>: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged.


The Report:


Process: LaunchCFMApp [146]

Path: /Volumes/Microsoft Office 2004/Office Setup Assistant

Identifier: com.microsoft.setupassistant

Version: ??? (???)

Code Type: PPC (Translated)

Parent Process: launchd [88]


Date/Time: 2012-04-02 08:52:59.122 -0400

OS Version: Mac OS X 10.6.8 (10K549)

Report Version: 6


Exception Type: EXC_CRASH (SIGTRAP)

Exception Codes: 0x0000000000000000, 0x0000000000000000

Crashed Thread: 0 Dispatch queue: com.apple.main-thread


Thread 0 Crashed: Dispatch queue: com.apple.main-thread

0 libSystem.B.dylib 0x80239236 __pthread_kill + 10

1 libSystem.B.dylib 0x80238ad7 pthread_kill + 95

2 LaunchCFMApp 0xb80bfb30 0xb8000000 + 785200

3 LaunchCFMApp 0xb80c0037 0xb8000000 + 786487

4 LaunchCFMApp 0xb80dd8e8 0xb8000000 + 907496

5 LaunchCFMApp 0xb8145397 spin_lock_wrapper + 1791

6 LaunchCFMApp 0xb801ceb7 0xb8000000 + 118455


Thread 1:

0 libSystem.B.dylib 0x80142afa mach_msg_trap + 10

1 libSystem.B.dylib 0x80143267 mach_msg + 68

2 LaunchCFMApp 0xb819440f CallPPCFunctionAtAddressInt + 206231

3 libSystem.B.dylib 0x80170259 _pthread_start + 345

4 libSystem.B.dylib 0x801700de thread_start + 34


Thread 0 crashed with X86 Thread State (32-bit):

eax: 0x00000000 ebx: 0x802fc540 ecx: 0xb7fff9ac edx: 0x80239236

edi: 0xb8211640 esi: 0x00000005 ebp: 0xb7fff9d8 esp: 0xb7fff9ac

ss: 0x0000001f efl: 0x00000286 eip: 0x80239236 cs: 0x00000007

ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037

cr2: 0x8023922c


Binary Images:

0x80000000 - 0x8005dff7 com.apple.framework.IOKit 2.0 (???) <3DABAB9C-4949-F441-B077-0498F8E47A35> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit

0x8007d000 - 0x800e7fe7 libstdc++.6.dylib 7.9.0 (compatibility 7.0.0) <411D87F4-B7E1-44EB-F201-F8B4F9227213> /usr/lib/libstdc++.6.dylib

0x80142000 - 0x802e9ff7 libSystem.B.dylib 125.2.11 (compatibility 1.0.0) <2DCD13E3-1BD1-6F25-119A-3863A3848B90> /usr/lib/libSystem.B.dylib

0x8036b000 - 0x804e6fe7 com.apple.CoreFoundation 6.6.6 (550.44) <F88C95CD-1264-782D-A1F5-204739847E93> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation

0x805de000 - 0x805ecfe7 libz.1.dylib 1.2.3 (compatibility 1.0.0) <33C1B260-ED05-945D-FC33-EF56EC791E2E> /usr/lib/libz.1.dylib

0x805f1000 - 0x805fdff7 libkxld.dylib ??? (???) <9A441C48-2D18-E716-5F38-CBEAE6A0BB3E> /usr/lib/system/libkxld.dylib

0x80601000 - 0x80647ff7 libauto.dylib ??? (???) <29422A70-87CF-10E2-CE59-FEE1234CFAAE> /usr/lib/libauto.dylib

0x80654000 - 0x807d6fe7 libicucore.A.dylib 40.0.0 (compatibility 1.0.0) <D5980817-6D19-9636-51C3-E82BAE26776B> /usr/lib/libicucore.A.dylib

0x80838000 - 0x808e5fe7 libobjc.A.dylib 227.0.0 (compatibility 1.0.0) <9F8413A6-736D-37D9-8EB3-7986D4699957> /usr/lib/libobjc.A.dylib

0x808f9000 - 0x808fcfe7 libmathCommon.A.dylib 315.0.0 (compatibility 1.0.0) <1622A54F-1A98-2CBE-B6A4-2122981A500E> /usr/lib/system/libmathCommon.A.dylib

0x8fe00000 - 0x8fe4162b dyld 132.1 (???) <749D24EE-54BD-D74B-D305-C13F5E6C95D8> /usr/lib/dyld

0xb8000000 - 0xb81defff LaunchCFMApp ??? (???) <CC0F32CD-4587-7C83-03D0-9CFE28A58FB6> /System/Library/Frameworks/Carbon.framework/Versions/A/Support/LaunchCFMApp

0xffff0000 - 0xffff1fff libSystem.B.dylib ??? (???) <2DCD13E3-1BD1-6F25-119A-3863A3848B90> /usr/lib/libSystem.B.dylib


Translated Code Information:

objc[146]: garbage collection is ON

NO CRASH REPORT


Additional useful(??) info. Every so often I've had to Froce Quit out of Excel, especially if Safari was up and I had opened a spreadsheet that came via email. This has been going on for quite a while.

Apr 2, 2012 6:32 AM in response to walterfromct

You installed a variant of what’s usually called the “Flashback” malware, although the name is obsolete.


If you’re absolutely sure you know when that happened, and you back up with Time Machine or something similar, you can save yourself a lot of time by restoring your whole system from the most recent snapshot taken before it was infected. Then take Steps 7 and 8 below.


How can you tell when the infection took place? All you can be sure of is that you were infected some time before the problems started. You may have visited a blog that prompted you to install some kind of software, or a “certificate.” If you remember doing that recently, mention it in a reply, but don’t post a link. Or you may have downloaded a file with a Bittorrent client, always a dependable source of malware.


If you don’t know when you were infected, there's no easy, reliable way to remove the malware, because it's constantly changing. I suggest you take the following steps immediately:


1. Back up all data to at least two different devices, if you haven't already done so.


2. Boot from your recovery partition (if running Mac OS X 10.7 or later) or your installation disc (if running an earlier version of the Mac OS), launch Disk Utility, and erase the startup drive. This action will destroy all data on the drive, so you must be sure of your backups.


3. Install the Mac OS.


4. Reboot and go through the initial setup process to create an account with the same name as your old one. Don’t import anything from your backups at this stage.


5. If running Mac OS X 10.6.x or earlier, run Software Update.


6. Restore the contents of the top-level subfolders of your home folder except “Library” from the most recent backup. The Library folder may contain components of the malware. It’s best not to restore anything from there. If you must do so, restore only files, not folders, and only if they’re visible in the Finder, and then only if you’re absolutely sure you know what they are and they haven’t been altered. Don’t restore anything in the home subfolder Library/LaunchAgents, if it exists, or any hidden files or folders, no matter where they are.


7. If you’re running Mac OS X 10.5.x or earlier, disable Java in Safari’s preferences, and leave it disabled until you upgrade to Mac OS X 10.6.8 or later, including all available updates. The Java web plugin is unsafe to use under older versions of the Mac OS. Note: I’m not referring to JavaScript, which is unrelated to Java, despite the similar names. Although there’s no conclusive proof, some have suggested that the Java web plugin is unsafe to use in any version of the Mac OS. Legitimate Java content is uncommon on modern websites, so you should consider disabling Java in all your browsers regardless of your Mac OS version.


8. Change every Internet password you have, starting with banking passwords. Check all financial accounts for unauthorized transactions. Take this step only after you’ve secured your system in the preceding steps, not before.


9. Reinstall your third-party software from fresh downloads or original media, not from backups which may be contaminated. If you use any third-party web browsers under Mac OS X 10.5.x or earlier, disable Java in their preferences, as you did with Safari in step 7.


More information about Flashback can be found by searching this site, or the Web.


If you use a Mac OS version older than 10.6, you should upgrade at least to 10.6.8 as soon as possible, even if you have to buy a new computer. Those older Mac OS versions are no longer maintained by Apple, and they may have other security holes, besides the one mentioned above, that make them permanently unsafe to use on the Internet.

Apr 2, 2012 7:46 AM in response to Linc Davis

Linc,


Thanks for your help.


I've tried to be careful, but I guess i wasn't careful enough.


I have no clue when I first became infected, as there have been instances of flakey behavior on and off for quite some time noiw. So, it looks like I'll need to do it the hard way. What a PAIN!


It's funny that you should mention "certificates". I've been getting "invalid certificate" messages off and on from many of the web-sites I frequent, and they had no idea why. I thought it was a quirk in Safari. Maybe this explains it.


I also do a lot of on-line banking and, fortunately, nothing bad has happened yet.


So, I'll start by backing up (copying) my data files and then I'll get cracking.


Some questions re: data files:


1. Is there a chance I'll re-infect my machine when I restore my data files?


2. I have a lot of photos in iPhoto and videos in iMovie. How do I ensure these are backed up (copied)?


Any additional advice will be GREATLY appreciated.


Thanks again, for your help.


I'll let you know how things turn out.


HERE WE GO!

Apr 2, 2012 8:08 AM in response to Linc Davis

Linc Davis wrote: Don’t restore anything in the home subfolder Library/LaunchAgents, if it exists, or any hidden files or folders, no matter where they are.

Linc, how does one avoid restoring the hidden, dot files or folders, since, by definition, they are invisible? Toggle hidden on during the restore using Terminal or TinkerTool first?

Apr 2, 2012 8:12 AM in response to walterfromct

I can't tell you what the malware does. Nobody knows. A document as such, as long as it's just a document and not in any special folder, cannot in itself function as malware, though it could be part of a malware installation.


Some iPhoto and iMovie settings are stored in the home Library, but the documents should be in the Pictures and Movies folders, respectively. As long as those are backed up and restored, you should be OK. You'll need to recreate your settings.

Apr 2, 2012 8:15 AM in response to WZZZ

Linc, how does one avoid restoring the hidden, dot files or folders, since, by definition, they are invisible?


The easiest way is to follow the above instructions exactly. Don't restore the whole home folder or the Library subfolder. Only restore the contents of the visible top-level folders such as Documents, Desktop, etc. Some parts of the trojan might conceivably get through, but they wouldn't be effective without the rest.

Apr 2, 2012 11:07 AM in response to noondaywitch

Yeah, this infected user was asked what Java version he was running when infected:


NuLynx wrote:


java version "1.6.0_29"


MadMacs0 wrote:


Thanks, that's consistent with what others have told me over the past couple of days. Appears that they have found another way to infect.



https://discussions.apple.com/thread/3825457?answerId=18020948022#18020948022


Best to disable Java in the browser and uncheck the On boxes in Java Preferences>General

Apr 6, 2012 3:29 AM in response to Linc Davis

It appears that the trojan may also be related to Rosetta, which is used by older versions of Office and Quicken.


If so, then cleaning my machine as you described and then re-loading the apps will re-infect my machine. No?


There's a similar discussion of this problem on MicroSoft's web site, and they say that Office for MAC 2008 and the latest version of Quicken do not use Rosetta.


Re: my own recovery. I had trouble running my backups and took my machine to the genius bar at an Apple Store in CT. They got the backup to run, after switching to a new external drive. I was also able to copy my Documents and Pictures folders to Flash drives. However, I couldn't copy the Movies folder, so I tried to copy each individual file. They all copied except the iMovie Project Files, which failed to copy. So, I've got a Time Machine back up of my machine on an external drive and copies of the Document, Pictures, and (partial) Movies folders on Flash drives.


The Genius Bar guys didn't seem to know about Flashback, but their recommended solution was to un-install Office and Quicken, re-load Snow Leopard, run the updates and then try to re-install Office and Quicken, which I tried. Everything went great. The re-install of Office even started off great (i.e., it didn't crash like before) UNTIL it dowloaded Rosetta as part of the re-install at which point it immediately crashed.


So, it looks like, on top of everything else, I'll need to upgrade to later versions of Office and Quicken.

Non-Apple Software No Longer Works

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.