recent apple virus
How to check if my Mac has been infected with the recent flashback virus? I already downloaded the software update.............
Mac OS X (10.7.3)
How to check if my Mac has been infected with the recent flashback virus? I already downloaded the software update.............
Mac OS X (10.7.3)
In essence, open the Terminal utility (in the /Applications/Utilities/ folder) and run the following commands (copy one line at a time, followed by press Enter in the Terminal after it is pasted):
defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
defaults read /Applications/Safari.app/Contents/Info LSEnvironment
defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
ls -la ~/../Shared/.*.so
ls -la ~/../Shared/.*.dyld
ls -la ~/Library/LaunchAgents
When finished, press Command-A to select all the contents of the Terminal and paste it to a message on this board, and we will let you know if your system has any suspect files that are associated with the malware, and how to proceed from there.
Alternatively, you can download Sophos Home Edition (http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx) or ClamXav (http://www.clamxav.com), update their definitions, and then scan your system to find known variants of the malware.
Thank you for this advice. Probably no issues, but followed your instructions and sent you this. Can you help?:
Last login: Sat Apr 21 19:11:17 on ttys000
Andrew-Panayis-iMac:~ andrewpanayi$ defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
2012-04-21 19:12:39.785 defaults[5103:903]
The domain/default pair of (/Users/andrewpanayi/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist
Andrew-Panayis-iMac:~ andrewpanayi$ defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2012-04-21 19:12:53.478 defaults[5104:903]
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
Andrew-Panayis-iMac:~ andrewpanayi$
Andrew-Panayis-iMac:~ andrewpanayi$ defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
2012-04-21 19:13:23.076 defaults[5105:903]
The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist
Andrew-Panayis-iMac:~ andrewpanayi$ ls -la ~/../Shared/.*.so
ls: /Users/andrewpanayi/../Shared/.*.so: No such file or directory
Andrew-Panayis-iMac:~ andrewpanayi$
Andrew-Panayis-iMac:~ andrewpanayi$ ls -la ~/../Shared/.*.dyld
ls: /Users/andrewpanayi/../Shared/.*.dyld: No such file or directory
Andrew-Panayis-iMac:~ andrewpanayi$ ls -la ~/Library/LaunchAgents
total 40
drwxr-xr-x 7 andrewpanayi staff 238 16 Sep 2011 .
drwx------+ 41 andrewpanayi staff 1394 29 Jan 14:26 ..
-rw-r--r-- 1 andrewpanayi staff 463 15 Oct 2010 com.apple.FTMonitor.plist
-rw-r--r-- 1 andrewpanayi staff 552 20 Oct 2010 com.apple.apsd-ft.plist
-rw-r--r-- 1 andrewpanayi staff 411 13 Oct 2010 com.apple.imagent.plist
-rw-r--r-- 1 andrewpanayi staff 447 13 Oct 2010 com.apple.marcoagent.plist
-rw-r--r-- 1 andrewpanayi staff 809 16 Sep 2011 com.google.keystone.agent.plist
Andrew-Panayis-iMac:~ andrewpanayi$
Hi, I'm almost positive I have a virus on my macbook that is not allowing any of my browsers to connect to the internet. I know this because I tried to diagnose it on the network side by speaking with my internet provider, and after trying several things, they concluded that it's some setting that's in my browser. My airport shows that I'm connected to wifi, but when I get onto Google Chrome, the page shows up as "Unable to connect to the Internet" Error 106. I followed the instructions above to see if I have the flashback virus, and below is what I got. Can you please help?
Last login: Fri Jun 22 11:28:09 on console
Isabela-Samrenys-MacBook:~ yellowbeezus$
Isabela-Samrenys-MacBook:~ yellowbeezus$ defaults read~/.MacOSX/environment DYLD_INSERT_LIBRARIES
Command line interface to a user's defaults.
Syntax:
'defaults' [-currentHost | -host <hostname>] followed by one of the following:
read shows all defaults
read <domain> shows defaults for given domain
read <domain> <key> shows defaults for given domain, key
read-type <domain> <key> shows the type for the given domain, key
write <domain> <domain_rep> writes domain (overwrites existing)
write <domain> <key> <value> writes key for domain
rename <domain> <old_key> <new_key> renames old_key to new_key
delete <domain> deletes domain
delete <domain> <key> deletes key in domain
domains lists all domains
find <word> lists all entries containing word
help print this help
<domain> is ( <domain_name> | -app <application_name> | -globalDomain )
or a path to a file omitting the '.plist' extension
<value> is one of:
<value_rep>
-string <string_value>
-data <hex_digits>
-int[eger] <integer_value>
-float <floating-point_value>
-bool[ean] (true | false | yes | no)
-date <date_rep>
-array <value1> <value2> ...
-array-add <value1> <value2> ...
-dict <key1> <value1> <key2> <value2> ...
-dict-add <key1> <value1> ...
Isabela-Samrenys-MacBook:~ yellowbeezus$ defaults read/Applications/Safari.app/Contents/Info LSEnvironment
Command line interface to a user's defaults.
Syntax:
'defaults' [-currentHost | -host <hostname>] followed by one of the following:
read shows all defaults
read <domain> shows defaults for given domain
read <domain> <key> shows defaults for given domain, key
read-type <domain> <key> shows the type for the given domain, key
write <domain> <domain_rep> writes domain (overwrites existing)
write <domain> <key> <value> writes key for domain
rename <domain> <old_key> <new_key> renames old_key to new_key
delete <domain> deletes domain
delete <domain> <key> deletes key in domain
domains lists all domains
find <word> lists all entries containing word
help print this help
<domain> is ( <domain_name> | -app <application_name> | -globalDomain )
or a path to a file omitting the '.plist' extension
<value> is one of:
<value_rep>
-string <string_value>
-data <hex_digits>
-int[eger] <integer_value>
-float <floating-point_value>
-bool[ean] (true | false | yes | no)
-date <date_rep>
-array <value1> <value2> ...
-array-add <value1> <value2> ...
-dict <key1> <value1> <key2> <value2> ...
-dict-add <key1> <value1> ...
Isabela-Samrenys-MacBook:~ yellowbeezus$ defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
2012-07-07 13:46:22.253 defaults[15676:903]
The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist
Isabela-Samrenys-MacBook:~ yellowbeezus$ ls -la ~/..Shared/.*.so
ls: /Users/yellowbeezus/..Shared/.*.so: No such file or directory
Isabela-Samrenys-MacBook:~ yellowbeezus$ ls -la~/../Shared/.*.dyld
ls: illegal option -- ~
usage: ls [-ABCFGHLOPRSTUWabcdefghiklmnopqrstuwx1] [file ...]
Isabela-Samrenys-MacBook:~ yellowbeezus$ ls -la~/Library/LaunchAgents
ls: illegal option -- ~
usage: ls [-ABCFGHLOPRSTUWabcdefghiklmnopqrstuwx1] [file ...]
Isabela-Samrenys-MacBook:~ yellowbeezus$
If your Mac was infected you would have gotten a message it was removed. No news is good news.
There NO viruses that attack Macs and fairly little malware.
"Mac OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware."
Those tests are difficult for a novice to use properly. In fact, you've mis-typed several of them, is most of your results are meaningless.
Just run Software Update if you haven't already. And for more information about Flashback, see:
http://www.reedcorner.net/about-the-flashback-malware/
The symptoms you describe are not typical of Flashback anyway. I'd advise you to post your own topic with a clear description of the symptoms for assistance with fixing the problem.
It is much more likely that your Mac is not fully connected to your router. Run System Preferences > Network and see what the status is under WiFi.
Last login: Wed Mar 13 13:51:47 on ttys000
new-host:~ Phyllis$
Last login: Wed May 8 07:37:48 on console
new-host:~ Phyllis$
new-host:~ Phyllis$ defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
2013-05-08 09:48:34.267 defaults[315:707]
The domain/default pair of (/Users/Phyllis/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist
new-host:~ Phyllis$
new-host:~ Phyllis$ defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES
2013-05-08 09:49:01.716 defaults[316:707]
The domain/default pair of (/Users/Phyllis/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist
new-host:~ Phyllis$
new-host:~ Phyllis$ defaults read /Applications/Safari.app/Contents/Info LSEnvironment
2013-05-08 09:49:21.180 defaults[317:707]
The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist
new-host:~ Phyllis$ defaults read /Applications/Firefox.app/Contents/Info LSEnvironment
2013-05-08 09:49:37.794 defaults[318:707]
The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist
new-host:~ Phyllis$ ls -la ~/../Shared/.*.so
ls: /Users/Phyllis/../Shared/.*.so: No such file or directory
new-host:~ Phyllis$ ls -la ~/../Shared/.*.dyld
ls: /Users/Phyllis/../Shared/.*.dyld: No such file or directory
new-host:~ Phyllis$ ls -la ~/Library/LaunchAgents
total 32
drwx------ 6 Phyllis staff 204 Jul 20 2012 .
drwx------@ 47 Phyllis staff 1598 Dec 20 17:05 ..
-rw-r--r-- 1 Phyllis staff 618 Oct 22 2011 com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.4006AA38-FF2B-4DD3-A357-64 A44C4BA9C8.plist
-rw------- 1 Phyllis staff 814 Jul 18 2009 com.apple.SafariBookmarksSyncer.plist
-rw-r--r-- 1 Phyllis staff 804 Jul 20 2012 com.google.keystone.agent.plist
-rw-r--r-- 1 Phyllis staff 541 Mar 23 2011 com.zeobit.MacKeeper.Helper
new-host:~ Phyllis$
You're going to need to post a question on a new topic. This one is a year only, and the malware we were discussing at that time is gone.
What you need to do is start a new question of your own, then describe in words what the problem is. Do not make the assumption that your problem is caused by malware (it probably isn't)... Just describe the symptoms and let the experts here propose solutions.
recent apple virus