recent apple virus

Here: http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/?tag=txt;title

In essence, open the Terminal utility (in the /Applications/Utilities/ folder) and run the following commands (copy one line at a time, followed by press Enter in the Terminal after it is pasted):

defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

defaults read /Applications/Safari.app/Contents/Info LSEnvironment

defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

ls -la ~/../Shared/.*.so

ls -la ~/../Shared/.*.dyld

ls -la ~/Library/LaunchAgents

When finished, press Command-A to select all the contents of the Terminal and paste it to a message on this board, and we will let you know if your system has any suspect files that are associated with the malware, and how to proceed from there.

Alternatively, you can download Sophos Home Edition (http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx) or ClamXav (http://www.clamxav.com), update their definitions, and then scan your system to find known variants of the malware.

Thank you for this advice. Probably no issues, but followed your instructions and sent you this. Can you help?:

Last login: Sat Apr 21 19:11:17 on ttys000

Andrew-Panayis-iMac:~ andrewpanayi$ defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

2012-04-21 19:12:39.785 defaults[5103:903]

The domain/default pair of (/Users/andrewpanayi/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

Andrew-Panayis-iMac:~ andrewpanayi$ defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2012-04-21 19:12:53.478 defaults[5104:903]

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

Andrew-Panayis-iMac:~ andrewpanayi$

Andrew-Panayis-iMac:~ andrewpanayi$ defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

2012-04-21 19:13:23.076 defaults[5105:903]

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Andrew-Panayis-iMac:~ andrewpanayi$ ls -la ~/../Shared/.*.so

ls: /Users/andrewpanayi/../Shared/.*.so: No such file or directory

Andrew-Panayis-iMac:~ andrewpanayi$

Andrew-Panayis-iMac:~ andrewpanayi$ ls -la ~/../Shared/.*.dyld

ls: /Users/andrewpanayi/../Shared/.*.dyld: No such file or directory

Andrew-Panayis-iMac:~ andrewpanayi$ ls -la ~/Library/LaunchAgents

total 40

drwxr-xr-x 7 andrewpanayi staff 238 16 Sep 2011 .

drwx------+ 41 andrewpanayi staff 1394 29 Jan 14:26 ..

-rw-r--r-- 1 andrewpanayi staff 463 15 Oct 2010 com.apple.FTMonitor.plist

-rw-r--r-- 1 andrewpanayi staff 552 20 Oct 2010 com.apple.apsd-ft.plist

-rw-r--r-- 1 andrewpanayi staff 411 13 Oct 2010 com.apple.imagent.plist

-rw-r--r-- 1 andrewpanayi staff 447 13 Oct 2010 com.apple.marcoagent.plist

-rw-r--r-- 1 andrewpanayi staff 809 16 Sep 2011 com.google.keystone.agent.plist

Andrew-Panayis-iMac:~ andrewpanayi$

Hi, I'm almost positive I have a virus on my macbook that is not allowing any of my browsers to connect to the internet. I know this because I tried to diagnose it on the network side by speaking with my internet provider, and after trying several things, they concluded that it's some setting that's in my browser. My airport shows that I'm connected to wifi, but when I get onto Google Chrome, the page shows up as "Unable to connect to the Internet" Error 106. I followed the instructions above to see if I have the flashback virus, and below is what I got. Can you please help?

Last login: Fri Jun 22 11:28:09 on console

Isabela-Samrenys-MacBook:~ yellowbeezus$

Isabela-Samrenys-MacBook:~ yellowbeezus$ defaults read~/.MacOSX/environment DYLD_INSERT_LIBRARIES

Command line interface to a user's defaults.

Syntax:

'defaults' [-currentHost | -host <hostname>] followed by one of the following:

read shows all defaults

read <domain> shows defaults for given domain

read <domain> <key> shows defaults for given domain, key

read-type <domain> <key> shows the type for the given domain, key

write <domain> <domain_rep> writes domain (overwrites existing)

write <domain> <key> <value> writes key for domain

rename <domain> <old_key> <new_key> renames old_key to new_key

delete <domain> deletes domain

delete <domain> <key> deletes key in domain

domains lists all domains

find <word> lists all entries containing word

help print this help

<domain> is ( <domain_name> | -app <application_name> | -globalDomain )

or a path to a file omitting the '.plist' extension

<value> is one of:

<value_rep>

-string <string_value>

-data <hex_digits>

-int[eger] <integer_value>

-float <floating-point_value>

-bool[ean] (true | false | yes | no)

-date <date_rep>

-array <value1> <value2> ...

-array-add <value1> <value2> ...

-dict <key1> <value1> <key2> <value2> ...

-dict-add <key1> <value1> ...

Isabela-Samrenys-MacBook:~ yellowbeezus$ defaults read/Applications/Safari.app/Contents/Info LSEnvironment

Command line interface to a user's defaults.

Syntax:

'defaults' [-currentHost | -host <hostname>] followed by one of the following:

read shows all defaults

read <domain> shows defaults for given domain

read <domain> <key> shows defaults for given domain, key

read-type <domain> <key> shows the type for the given domain, key

write <domain> <domain_rep> writes domain (overwrites existing)

write <domain> <key> <value> writes key for domain

rename <domain> <old_key> <new_key> renames old_key to new_key

delete <domain> deletes domain

delete <domain> <key> deletes key in domain

domains lists all domains

find <word> lists all entries containing word

help print this help

<domain> is ( <domain_name> | -app <application_name> | -globalDomain )

or a path to a file omitting the '.plist' extension

<value> is one of:

<value_rep>

-string <string_value>

-data <hex_digits>

-int[eger] <integer_value>

-float <floating-point_value>

-bool[ean] (true | false | yes | no)

-date <date_rep>

-array <value1> <value2> ...

-array-add <value1> <value2> ...

-dict <key1> <value1> <key2> <value2> ...

-dict-add <key1> <value1> ...

Isabela-Samrenys-MacBook:~ yellowbeezus$ defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

2012-07-07 13:46:22.253 defaults[15676:903]

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

Isabela-Samrenys-MacBook:~ yellowbeezus$ ls -la ~/..Shared/.*.so

ls: /Users/yellowbeezus/..Shared/.*.so: No such file or directory

Isabela-Samrenys-MacBook:~ yellowbeezus$ ls -la~/../Shared/.*.dyld

ls: illegal option -- ~

usage: ls [-ABCFGHLOPRSTUWabcdefghiklmnopqrstuwx1] [file ...]

Isabela-Samrenys-MacBook:~ yellowbeezus$ ls -la~/Library/LaunchAgents

ls: illegal option -- ~

usage: ls [-ABCFGHLOPRSTUWabcdefghiklmnopqrstuwx1] [file ...]

Isabela-Samrenys-MacBook:~ yellowbeezus$

If your Mac was infected you would have gotten a message it was removed. No news is good news.

There NO viruses that attack Macs and fairly little malware.

"Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware."

Those tests are difficult for a novice to use properly. In fact, you've mis-typed several of them, is most of your results are meaningless.

Just run Software Update if you haven't already. And for more information about Flashback, see:

http://www.reedcorner.net/about-the-flashback-malware/

The symptoms you describe are not typical of Flashback anyway. I'd advise you to post your own topic with a clear description of the symptoms for assistance with fixing the problem.

It is much more likely that your Mac is not fully connected to your router. Run System Preferences > Network and see what the status is under WiFi.

Last login: Wed Mar 13 13:51:47 on ttys000

new-host:~ Phyllis$

Last login: Wed May 8 07:37:48 on console

new-host:~ Phyllis$

new-host:~ Phyllis$ defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

2013-05-08 09:48:34.267 defaults[315:707]

The domain/default pair of (/Users/Phyllis/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

new-host:~ Phyllis$

new-host:~ Phyllis$ defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

2013-05-08 09:49:01.716 defaults[316:707]

The domain/default pair of (/Users/Phyllis/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

new-host:~ Phyllis$

new-host:~ Phyllis$ defaults read /Applications/Safari.app/Contents/Info LSEnvironment

2013-05-08 09:49:21.180 defaults[317:707]

The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

new-host:~ Phyllis$ defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

2013-05-08 09:49:37.794 defaults[318:707]

The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

new-host:~ Phyllis$ ls -la ~/../Shared/.*.so

ls: /Users/Phyllis/../Shared/.*.so: No such file or directory

new-host:~ Phyllis$ ls -la ~/../Shared/.*.dyld

ls: /Users/Phyllis/../Shared/.*.dyld: No such file or directory

new-host:~ Phyllis$ ls -la ~/Library/LaunchAgents

total 32

drwx------ 6 Phyllis staff 204 Jul 20 2012 .

drwx------@ 47 Phyllis staff 1598 Dec 20 17:05 ..

-rw-r--r-- 1 Phyllis staff 618 Oct 22 2011 com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.4006AA38-FF2B-4DD3-A357-64 A44C4BA9C8.plist

-rw------- 1 Phyllis staff 814 Jul 18 2009 com.apple.SafariBookmarksSyncer.plist

-rw-r--r-- 1 Phyllis staff 804 Jul 20 2012 com.google.keystone.agent.plist

-rw-r--r-- 1 Phyllis staff 541 Mar 23 2011 com.zeobit.MacKeeper.Helper

new-host:~ Phyllis$

You're going to need to post a question on a new topic. This one is a year only, and the malware we were discussing at that time is gone.

What you need to do is start a new question of your own, then describe in words what the problem is. Do not make the assumption that your problem is caused by malware (it probably isn't)... Just describe the symptoms and let the experts here propose solutions.