11 Replies Latest reply: Dec 6, 2012 1:28 PM by g.searle
BretA Level 1 Level 1 (0 points)

I have a malware/virus problem and I can't connect to the internet now. My email doesn't work and either does Firefox or Safari or the App Store. I received some message last night that I was infected by malware. Is there anyway to install a malware scanner without connecting to the internet? My PC, iPad and iPhone all connect OK, but my Mac can't any longer. So I don't think it is my router or wifi. I've tried to install from a thumbdrive where I downloaded Sophos and ClamXav onto my PC, but when I install them on my Mac it wants to update the definitions and it can't connect to the internet. I've read a lot of things and tried them but can't figure anything out.


MacBook Pro, Mac OS X (10.7.4)
  • Linc Davis Level 10 Level 10 (160,025 points)

    Please read this whole message before doing anything.

     

    This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

     

    The purpose of this exercise is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login. Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. The instructions provided by Apple are as follows:

     

    • Be sure your Mac is shut down.
    • Press the power button.
    • Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
    • Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).

     

    Note: If FileVault is enabled under Mac OS X 10.7 or later, you can’t boot in safe mode.

     

    Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.

     

    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

     

    Test while in safe mode. Same problem(s)?

     

    After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

  • BretA Level 1 Level 1 (0 points)

    Thanks. In safe mode everything works  (email, safari, firefox). After rebooting in normal mode it doesn't work again.

  • Linc Davis Level 10 Level 10 (160,025 points)

    Please read this whole message before doing anything.

     

    This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

     

    Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.

     

    These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.

     

    Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.

     

    Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then either copy or drag it. The headings “Step 1” and so on are not part of the commands.

     

    Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.

     

    Launch the Terminal application in any of the following ways:

     

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

     

    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

     

    ☞ If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Terminal in the page that opens.

     

    When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” (without the quotes) and press return. You should then get a new line ending in a dollar sign.

     

    Step 1

     

    Copy or drag — do not type — the line below into the Terminal window, then press return:

     

    kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
    

     

    Post the lines of output (if any) that appear below what you just entered (the text, please, not a screenshot.)

     

    Step 2

     

    Repeat with this line:

     

    sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'
    

     

    This time, you'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning.

     

    Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.

     

    Step 3

     

    launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
    

     

    Step 4

     

    ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null
    

     

    Important: If you synchronize with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.

     

    Step 5

     

    osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
    

     

    Remember, steps 1-5 are all drag-and-drop or copy-and-paste, whichever you prefer — no typing, except your password. Also remember to post the output.

     

    You can then quit Terminal.

  • BretA Level 1 Level 1 (0 points)

    OK-thats some good shell commands

     

     

    Brets-MacBook-Pro:~ BretsHome$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    com.symantec.kext.internetSecurity (1.3.2f5)

    com.symantec.kext.pf (4.2.1f7)

    com.symantec.kext.ips (3.2f8)

    com.parallels.kext.prl_netbridge (6.0

    com.parallels.kext.prl_vnic (6.0

    com.parallels.kext.prl_usb_connect (6.0

    com.parallels.kext.prl_hypervisor (6.0

    com.parallels.kext.prl_hid_hook (6.0

    com.symantec.kext.fw (1.0.3f5)

    com.symantec.kext.SymAPComm (11.2.2f3)

    Brets-MacBook-Pro:~ BretsHome$

      

    Password:

    com.parallels.vm.prl_naptd

    com.symantec.symSchedDaemon.plist

    com.symantec.symdaemon

    com.symantec.sharedsettings

    com.symantec.Sched501-2.plist

    com.symantec.Sched501-1.plist

    com.symantec.navapdaemonsl

    com.symantec.navapd

    com.symantec.MissedTasks.plist

    com.symantec.diskMountNotify.plist

    com.symantec.deepsight-extractor

    com.symantec.avscandaemon

    com.parallels.desktop.launchdaemon

    com.cocoatech.pathfinder.SMFHelper

    Brets-MacBook-Pro:~ BretsHome$

    jp.co.canon.UFR2.BackGrounder

    com.symantec.uiagent.application

    com.parallels.vm.prl_pcproxy

    com.parallels.desktop.client.launch

    com.google.keystone.user.agent

    com.facebook.videochat.BretsHome.updater

    com.divx.agent.postinstall

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

      

    Brets-MacBook-Pro:~ BretsHome$

    /Library/Components:

    /Library/Extensions:

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    DYMO

    DivX Toolkit.framework

    MacFUSE.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    Snapfish.framework

    TSLicense.framework

    iLifeFaceRecognition.framework

    iLifeKit.framework

    iLifePageLayout.framework

    iLifeSQLAccess.framework

    iLifeSlideshow.framework

    /Library/Input Methods:

    /Library/Internet Plug-Ins:

    AdobePDFViewer.plugin

    AdobePDFViewerNPAPI.plugin

    DYMO Safari Addin.plugin

    DivXBrowserPlugin.plugin

    EPPEX Plugin.plugin

    Easy-WebPrint EX.plugin

    Flash Player.plugin

    Flip4Mac WMV Plugin.plugin

    Google Earth Web Plug-in.plugin

    JavaAppletPlugin.plugin

    OVSHelper.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    Silverlight.plugin

    flashplayer.xpt

    iPhotoPhotocast.plugin

    nsIQTScriptablePlugin.xpt

    /Library/Keyboard Layouts:

    /Library/LaunchAgents:

    com.parallels.desktop.launch.plist

    com.parallels.vm.prl_pcproxy.plist

    com.symantec.uiagent.application.plist

    jp.co.canon.UFR2.BG.plist

    /Library/LaunchDaemons:

    com.apple.remotepairtool.plist

    com.cocoatech.pathfinder.SMFHelper.plist

    com.parallels.desktop.launchdaemon.plist

    com.symantec.MissedTasks.plist

    com.symantec.Sched501-1.plist

    com.symantec.Sched501-2.plist

    com.symantec.avscandaemon.plist

    com.symantec.deepsight-extractor.plist

    com.symantec.diskMountNotify.plist

    com.symantec.navapd.plist

    com.symantec.navapdaemonsl.plist

    com.symantec.sharedsettings.plist

    com.symantec.symSchedDaemon.plist

    com.symantec.symdaemon.plist

    /Library/PreferencePanes:

    DivX.prefPane

    Flash Player.prefPane

    Flip4Mac WMV.prefPane

    MacFUSE.prefPane

    SymantecQuickMenu.prefPane

    /Library/PrivateFrameworks:

    SymAVScan.framework

    SymAppKitAdditions.framework

    SymBase.framework

    SymConfidential.framework

    SymDaemon.framework

    SymFirewall.framework

    SymIPS.framework

    SymIR.framework

    SymInternetSecurity.framework

    SymPersonalFirewall.framework

    SymScheduler.framework

    SymSharedSettings.framework

    SymSubmission.framework

    SymUIAgent.framework

    SymUIAgentUI.framework

    SymWebKitUtils.framework

    /Library/PrivilegedHelperTools:

    com.cocoatech.pathfinder.SMFHelper

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    ParallelsQL.qlgenerator

    iWork.qlgenerator

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    DivX Decoder.component

    DivX Encoder.component

    Flip4Mac WMV Advanced.component

    Flip4Mac WMV Export.component

    Flip4Mac WMV Import.component

    /Library/ScriptingAdditions:

    SymWebKitUtilsSL.osax

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    LogicPro.mdimporter

    Microsoft Office.mdimporter

    ParallelsMD.mdimporter

    iWork.mdimporter

    /Library/StartupItems:

    /etc/mach_init.d:

    /etc/mach_init_per_login_session.d:

    /etc/mach_init_per_user.d:

    Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

    YMsgrCallABPlugin.bundle

    YMsgrMsnABPlugin.bundle

    YMsgrSmsABPlugin.bundle

    YMsgrYimABPlugin.bundle

    Library/Fonts:

    Library/Input Methods:

    .localized

    Library/Internet Plug-Ins:

    FacebookVideoCalling.bundle

    Picasa.plugin

    rf-firefox-plugin.plugin

    rf-safari-plugin.webplugin

    Library/Keyboard Layouts:

    Library/LaunchAgents:

    com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

    com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.0CF774C3-F74E-497D-A2A6-7A0 FF83364A2.plist

    com.apple.FolderActions.enabled.plist

    com.apple.FolderActions.folders.plist

    com.apple.SafariBookmarksSyncer.plist

    com.divx.agent.postinstall.plist

    com.facebook.videochat.BretsHome.plist

    com.google.keystone.agent.plist

    Library/PreferencePanes:

    Library/ScriptingAdditions:

    Brets-MacBook-Pro:~ BretsHome$

      

    Brets-MacBook-Pro:~ BretsHome$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    iTunesHelper, Canon IJ Network Scanner Selector2, Canon IJ Network Scan Utility, AdobeResourceSynchronizer, Dropbox, TotalFinder, Syncplicity, SymSecondaryLaunch

  • Linc Davis Level 10 Level 10 (160,025 points)

    Please read this whole message carefully, especially the warnings, before doing anything.

     

    The changes to your configuration suggested here should be considered provisional; they may not solve your problem, or they may remove functionality that you find useful. If a third-party system modification that you want to keep is causing the problem, seek help from its developer.

     

    WARNING: Back up all data now if you haven’t already done so. Before proceeding, you must be sure you can restore your system to its present state, even if it becomes unbootable. If you’re not sure you can do that, STOP — DON’T CHANGE ANYTHING. If you’re dissatisfied with the results of the procedure suggested below, restore from your backup. I will not be responsible for the consequences, and I will not help, if you ignore this warning.

     

    You should either remove or update the following system modification(s), if an update is available from the developer:

     

    Parallels

     

    and definitely remove at least the following:

     

    † DivX

    † MacFUSE

    † Symantec/Norton Security

     

    Whatever you remove must be removed completely, and (unless otherwise specified in this message) the only way to do that is to use the uninstallation tool, if any, provided by the third-party developer, or to follow his instructions. In some cases it may be necessary to re-download or even reinstall the software in order to get rid of it. I can't be more specific, because I don't install such things myself. Please do your own research.

     

    Here are some general guidelines to get you started. Suppose you want to remove something called “BrickYourMac.” First check the developer's website, say www.brickyourmac.com, for instructions. If you don’t find any, email the developer. Failing that, download BrickYourMac.dmg and open it. There may be an application in there such as “Uninstall BrickYourMac.” If not, open “BrickYourMac.pkg” and look for an Uninstall button.

     

    If you can’t remove the software in any other way, you’ll have to erase your boot volume and perform a clean reinstallation of the Mac OS. Never install any third-party software unless you're sure you know how to uninstall it; otherwise you may create problems that are very hard to solve.

     

    WARNING: Trying to remove complex system modifications by hunting for files by name often will not work and may make the problem worse.

     

    I recommend that you never reinstall the modifications marked with a dagger (†) above, if any. If your problem is resolved after uninstalling all the above modifications and rebooting, but you still want to use some of those not marked with a dagger, you can experiment with putting them back, one at a time, testing carefully after each step. Keep in mind that system modifications may be incompatible with each other or with future Mac OS updates, so it may not be clear which one is at fault.

     

    If you still have problems after making the suggested changes and rebooting, post again. Remember: if you don’t like the results of this procedure, you can undo it by restoring from the last backup you made before you started.

  • BretA Level 1 Level 1 (0 points)

    OK. I will backup to Time Capsule in a while. I am scanning for malware with clamXav right now. I already scanned with Norton and didn't find anything. I'm not sure where DivX and MacFuse came from, but I bought Parallels and use it alot. I don't mind getting rid of Symantec applications. I don't think they work very well on Mac anyway and right now it has a lot of processes dieing and filling up my system logs.I will backkup and then remove the 3 apps and then keep Parallels for now, but see if there is an update. Does that sound like a good plan?

  • Grant Bennet-Alder Level 9 Level 9 (52,385 points)

    I bought Parallels and use it alot.

    I think the version you have is out of date for 10.7.

  • Linc Davis Level 10 Level 10 (160,025 points)

    If it solves your problem, it's a good plan. Otherwise, not so much.

     

    Scanning for malware is a complete waste of time.

  • BretA Level 1 Level 1 (0 points)

    I removed Norton/Symantec first. Everything is working now. Thanks for your help.

  • Grant Bennet-Alder Level 9 Level 9 (52,385 points)

    There are reports of Parallels 6 causing kernel panics under Mac OS X 10.7.  So if you get more Kernel panics, that is a top candidate for change.

     

    They charge for the upgrade to Parallels 7.

  • g.searle Level 1 Level 1 (0 points)

    Hi Linc, I believe I may be having a similar problem.

     

    Please take a look at my question?

     

    https://discussions.apple.com/thread/4578667?tstart=0