Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: DainaG1234
DainaG1234 Author
User level: Level 1
8 points

Safari problem - .RedHandProWith.xsl unable to load

For the past 2-3 weeks, Safari kept shutting down with a message about the .RedHandProWith.png file having issues. It seemed to be acting like malware so I installed Norton Internet Security for Mac. Norton ran a virus scan and quarantined two files: .RedHandProWith.xsl and .RedHandProWith.png. Now I can't open Safari at all - I just get a page that says "safari cannot be opened because of a problem" and further down in the details I see


Application Specific Information:

Dyld: launch, loading dependent libraries


Dyld Error Message:

Could not load inserted library: /Applications/Safari.app/Contents/Resources/.RedHandProWith.xsl



Safari version 5.1.5 (7534.55.3)

Mac Os X 10.7.3 (11d50)


I can't even get to a point to view Safari's About menu so I hope this is even information.


I tried to both repair and restore this file from within Norton but nothing happens.


Any help would be much appreciated!!!

MacBook Pro (13-inch Early 2011), Mac OS X (10.7.3)

Posted on Apr 22, 2012 5:09 PM

Reply
11 replies
User profile for user: John Galt
John Galt
User level: Level 10
140,994 points

Apr 22, 2012 5:13 PM in response to DainaG1234

Your system has the malware commonly known as Flashback. Read about it here: http://support.apple.com/kb/HT5244


Download and install the updates offered in Software Update. To run Software Update go to the  (Apple) menu and select "Software Update…"


You should also consider using OpenDNS which has recently been improved to prevent certain malware from spreading. It's free and has many other useful features.


Norton is notorious for its uselessness on a Mac. Get rid of it.

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,541 points

Apr 22, 2012 6:45 PM in response to John Galt

You should also consider using OpenDNS which has recently been improved to prevent certain malware from spreading.


I suggest you let OpenDNS -- a for-profit business -- pay for its own publicity, instead of regurgitating that publicity as if it were advice.


Nowhere does that fear-mongering piece of hucksterism and factual error explain how OpenDNS prevents malware from spreading. Obviously it does not and cannot. What the ad claims is that OpenDNS blocks queries for the domain names used by the Flashback malware to contact the attacker's servers. That may or may not be true, but it's certainly not true that OpenDNS prevents infection. And even if the claim of blocking queries is true, that would be easy for the attacker to circumvent. I would place zero reliance on the ability of OpenDNS to block communication between the malware and the attacker. As for preventing infection, that's completely out of the question.

Reply
User profile for user: John Galt
John Galt
User level: Level 10
140,994 points

Apr 22, 2012 8:49 PM in response to Linc Davis

Linc Davis wrote:


... Nowhere does that fear-mongering piece of hucksterism and factual error explain how OpenDNS prevents malware from spreading.


It certainly did not. The "recent improvement" that I referenced was added months after the Flashback threat arose and as such, is only capable of blocking known sources of it. In other words they are still fighting the last war.


From the referenced link:

OpenDNS will also protect you from future, widespread attacks and make your Internet both faster and more reliable.


At best this is a questionable claim for OpenDNS or anyone to make. I suggested, as I always have, that the OP consider it since its other features can be beneficial for some users.


No harm can come from using OpenDNS, or Google's equivalent, but it should by no means be considered a magic shield against this or future malware.


OpenDNS derives no profit from me, nor I from it.

Reply
User profile for user: Carolyn Samit
Carolyn Samit
User level: Level 10
165,615 points

Apr 22, 2012 10:17 PM in response to DainaG1234

Hi..


You need to have a browser running in order to download that update. Since you are running Lion v10.7.3 the only way to reinstall Safari is to use Lion Recovery which reinstalls the Mac OS X (as well as the Safari app).


After you have reinstalled the Mac OS X, launch Safari, then install this update > Java for Mac OS X 10.6 Update 8


My overall Software Update is all up to date.

That may be but the Java update is what you need to download in order to remove the flashback trojan. Otherwise, Safari will continue to crash.

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,541 points

Apr 22, 2012 10:25 PM in response to DainaG1234

You’ve been infected with the “Flashback” malware. See this Apple support document:


About Flashback malware


Back up all data, if you haven't already done so.


Select Software Update to install the latest Java update (if Java is already installed) or the Flashback malware removal tool (if Java is not installed under Lion), as well as any other available updates. Installing either of those items should clear the infection in most cases. You must update to the latest version of Mac OS X 10.6 or 10.7 before you can install the Java update.


The removal tool runs automatically in the background and is then deleted. Don’t look for something to click. If the malware is removed, you’ll be notified.


After you’ve secured your system — not before — change every Internet password you have, starting with banking passwords, and check all financial accounts for unauthorized transactions.

Reply

Safari problem - .RedHandProWith.xsl unable to load

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up