You’ve been infected with a variant of what’s commonly called the “Flashback” or “Fakeflash” malware, although the names are obsolete. See this Apple support document:
If you’re certain you know when the infection took place, and you back up with Time Machine or something similar, you can save yourself a lot of time by restoring your whole system from the most recent snapshot taken before it was infected. Then take Steps 6, 7, and 9 below.
How can you tell when the infection took place? All you can be sure of is that it was some time before the problems started.
If you don’t know when you were infected, there may be no easy, reliable way to remove the malware, because it's constantly changing.
I suggest you take the following steps:
Back up all data, if you haven't already done so.
Run the removal tool distributed by F-Secure:
If the tool fails to clear the infection, or if you're unable to log in after running it, proceed as follows.
1. Boot from your recovery partition (if running Mac OS X 10.7 or later) or your installation disc (if running an earlier version of the Mac OS), launch Disk Utility, and erase the startup volume. This action will destroy all data on the volume, so you must be sure of your backups.
2. Reconnect to the Internet and install the Mac OS.
3. Reboot and go through the initial setup process to create an account with the same name as your old one. Don’t import anything from your backups at this stage.
4. If running Mac OS X 10.6.x or earlier, run Software Update. You may have to run it more than once to fully update your system.
5. Restore the contents of the top-level subfolders of your home folder except “Library” from the most recent backup. The Library folder may contain components of the malware. This is where restoring becomes difficult, and I can only give general guidelines.
Of the top-level subfolders of Library that are visible in the Finder, I think it’s safe to restore the following, which contain most of the data you’d want to keep:
Mail (except Mail/Bundles)
Safari (except Safari/Extensions)
The following are not safe to restore, at least not in full:
If you have Time Machine snapshots of these folders that you’re sure are older than the infection, you can restore from one of those snapshots.
Folders not mentioned above may or may not be safe. If in doubt, don’t restore them. Don’t restore any hidden files or folders, no matter where they are. Hidden files should be considered suspicious.
7. Change every Internet password you have, starting with banking passwords. Check all financial accounts for unauthorized transactions. Take this step only after you’ve secured your system in the preceding steps, not before.
8. Reinstall your third-party software from fresh downloads or original media, not from backups which may be contaminated.
9. If you use any third-party web browsers, disable Java in their preferences. As with step 6, this step is mandatory if you’re running any version of Mac OS X older than 10.6. Otherwise it’s optional, but recommended.
Thanks for the help everyone. I'm a graphic artist with tons of hardware connected to my computer and thousands of files, so cleaning the system or re-installing the OS is somewhere I don't want to go again... did that in the fall and still recovering.
I did talk with the support team from Apple and as we were talking he got a memo that they released a Java update (yesterday) that would clear the Flashback malware. I also downloaded ClamXAV from the App Store at his recommendation. It's free and has the best ratings of all the anti-virus software.
I've been leary of the Java web plugin anyway so I'll take your suggestion and disable that.
Everything seems to be back to normal today, so far so good.
> I'm a graphic artist with tons of hardware connected to my computer and thousands of files, so cleaning the system or re-installing the OS is somewhere I don't want to go
You should always have bootable clone of your system. From before the virus or whatever disaster. Another idea is to keep the system and data separate so you have a dedicated OS/Apps boot drive. There really are ways to never have to reinstall, ever, again - maybe apply an update or changes to the operating system between the backup image was made and restored. And yes you can make a system fit on 120-240GB SSD, or use just the outer 350GB even of a 2TB eneterprise drive (for performance).
Virus can be a special case: even cleaning can be next to impossible.
Kaspersky pulled their tool for this virus due to some problems and issues, a company that is generally well regarded and was on the forefront of this outbreak. And people using their tool obviously need backups that were clean and untouched.
Restore from sparse disk image is also a good method. And does not take that long - to create, or to restore.
Cloning with SSDs is special, not all programs have mastered partition alignment properly but they are such a great device for system performance worth investing in one or more (and now there are PCIe controllers with 400-1000GB of SSD to help graphics and photographers.