Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

I have a malware/virus problem and I can't connect to the internet

I have a malware/virus problem and I can't connect to the internet now. My email doesn't work and either does Firefox or Safari or the App Store. I received some message last night that I was infected by malware. Is there anyway to install a malware scanner without connecting to the internet? My PC, iPad and iPhone all connect OK, but my Mac can't any longer. So I don't think it is my router or wifi. I've tried to install from a thumbdrive where I downloaded Sophos and ClamXav onto my PC, but when I install them on my Mac it wants to update the definitions and it can't connect to the internet. I've read a lot of things and tried them but can't figure anything out.

MacBook Pro, Mac OS X (10.7.4)

Posted on May 10, 2012 11:17 AM

Reply
Question marked as Best reply

Posted on May 10, 2012 2:04 PM

Please read this whole message before doing anything.


This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.


The purpose of this exercise is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login. Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. The instructions provided by Apple are as follows:


  • Be sure your Mac is shut down.
  • Press the power button.
  • Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
  • Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).


Note: If FileVault is enabled under Mac OS X 10.7 or later, you can’t boot in safe mode.


Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.


The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.


Test while in safe mode. Same problem(s)?


After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

11 replies
Question marked as Best reply

May 10, 2012 2:04 PM in response to BretA

Please read this whole message before doing anything.


This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.


The purpose of this exercise is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login. Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. The instructions provided by Apple are as follows:


  • Be sure your Mac is shut down.
  • Press the power button.
  • Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
  • Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).


Note: If FileVault is enabled under Mac OS X 10.7 or later, you can’t boot in safe mode.


Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.


The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.


Test while in safe mode. Same problem(s)?


After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test.

May 10, 2012 2:55 PM in response to BretA

Please read this whole message before doing anything.


This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.


Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.


These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.


Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.


Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then either copy or drag it. The headings “Step 1” and so on are not part of the commands.


Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.


Launch the Terminal application in any of the following ways:


☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


☞ If you’re running Mac OS X 10.7 or later, open LaunchPad. Click Utilities, then Terminal in the page that opens.


When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” (without the quotes) and press return. You should then get a new line ending in a dollar sign.


Step 1


Copy or drag — do not type — the line below into the Terminal window, then press return:


kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'


Post the lines of output (if any) that appear below what you just entered (the text, please, not a screenshot.)


Step 2


Repeat with this line:


sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'


This time, you'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning.


Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.


Step 3


launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'


Step 4


ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null


Important: If you synchronize with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.


Step 5


osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null


Remember, steps 1-5 are all drag-and-drop or copy-and-paste, whichever you prefer — no typing, except your password. Also remember to post the output.


You can then quit Terminal.

May 10, 2012 3:49 PM in response to Linc Davis

OK-thats some good shell commands 🙂



Brets-MacBook-Pro:~ BretsHome$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

com.symantec.kext.internetSecurity (1.3.2f5)

com.symantec.kext.pf (4.2.1f7)

com.symantec.kext.ips (3.2f8)

com.parallels.kext.prl_netbridge (6.0

com.parallels.kext.prl_vnic (6.0

com.parallels.kext.prl_usb_connect (6.0

com.parallels.kext.prl_hypervisor (6.0

com.parallels.kext.prl_hid_hook (6.0

com.symantec.kext.fw (1.0.3f5)

com.symantec.kext.SymAPComm (11.2.2f3)

Brets-MacBook-Pro:~ BretsHome$

 

Password:

com.parallels.vm.prl_naptd

com.symantec.symSchedDaemon.plist

com.symantec.symdaemon

com.symantec.sharedsettings

com.symantec.Sched501-2.plist

com.symantec.Sched501-1.plist

com.symantec.navapdaemonsl

com.symantec.navapd

com.symantec.MissedTasks.plist

com.symantec.diskMountNotify.plist

com.symantec.deepsight-extractor

com.symantec.avscandaemon

com.parallels.desktop.launchdaemon

com.cocoatech.pathfinder.SMFHelper

Brets-MacBook-Pro:~ BretsHome$

jp.co.canon.UFR2.BackGrounder

com.symantec.uiagent.application

com.parallels.vm.prl_pcproxy

com.parallels.desktop.client.launch

com.google.keystone.user.agent

com.facebook.videochat.BretsHome.updater

com.divx.agent.postinstall

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

 

Brets-MacBook-Pro:~ BretsHome$

/Library/Components:

/Library/Extensions:

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

DYMO

DivX Toolkit.framework

MacFUSE.framework

NyxAudioAnalysis.framework

PluginManager.framework

Snapfish.framework

TSLicense.framework

iLifeFaceRecognition.framework

iLifeKit.framework

iLifePageLayout.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

DYMO Safari Addin.plugin

DivXBrowserPlugin.plugin

EPPEX Plugin.plugin

Easy-WebPrint EX.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

Google Earth Web Plug-in.plugin

JavaAppletPlugin.plugin

OVSHelper.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

Silverlight.plugin

flashplayer.xpt

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.parallels.desktop.launch.plist

com.parallels.vm.prl_pcproxy.plist

com.symantec.uiagent.application.plist

jp.co.canon.UFR2.BG.plist

/Library/LaunchDaemons:

com.apple.remotepairtool.plist

com.cocoatech.pathfinder.SMFHelper.plist

com.parallels.desktop.launchdaemon.plist

com.symantec.MissedTasks.plist

com.symantec.Sched501-1.plist

com.symantec.Sched501-2.plist

com.symantec.avscandaemon.plist

com.symantec.deepsight-extractor.plist

com.symantec.diskMountNotify.plist

com.symantec.navapd.plist

com.symantec.navapdaemonsl.plist

com.symantec.sharedsettings.plist

com.symantec.symSchedDaemon.plist

com.symantec.symdaemon.plist

/Library/PreferencePanes:

DivX.prefPane

Flash Player.prefPane

Flip4Mac WMV.prefPane

MacFUSE.prefPane

SymantecQuickMenu.prefPane

/Library/PrivateFrameworks:

SymAVScan.framework

SymAppKitAdditions.framework

SymBase.framework

SymConfidential.framework

SymDaemon.framework

SymFirewall.framework

SymIPS.framework

SymIR.framework

SymInternetSecurity.framework

SymPersonalFirewall.framework

SymScheduler.framework

SymSharedSettings.framework

SymSubmission.framework

SymUIAgent.framework

SymUIAgentUI.framework

SymWebKitUtils.framework

/Library/PrivilegedHelperTools:

com.cocoatech.pathfinder.SMFHelper

/Library/QuickLook:

GBQLGenerator.qlgenerator

ParallelsQL.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

DivX Decoder.component

DivX Encoder.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

/Library/ScriptingAdditions:

SymWebKitUtilsSL.osax

/Library/Spotlight:

GBSpotlightImporter.mdimporter

LogicPro.mdimporter

Microsoft Office.mdimporter

ParallelsMD.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

YMsgrCallABPlugin.bundle

YMsgrMsnABPlugin.bundle

YMsgrSmsABPlugin.bundle

YMsgrYimABPlugin.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

FacebookVideoCalling.bundle

Picasa.plugin

rf-firefox-plugin.plugin

rf-safari-plugin.webplugin

Library/Keyboard Layouts:

Library/LaunchAgents:

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.0CF774C3-F74E-497D-A2A6-7A0 FF83364A2.plist

com.apple.FolderActions.enabled.plist

com.apple.FolderActions.folders.plist

com.apple.SafariBookmarksSyncer.plist

com.divx.agent.postinstall.plist

com.facebook.videochat.BretsHome.plist

com.google.keystone.agent.plist

Library/PreferencePanes:

Library/ScriptingAdditions:

Brets-MacBook-Pro:~ BretsHome$

 

Brets-MacBook-Pro:~ BretsHome$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Canon IJ Network Scanner Selector2, Canon IJ Network Scan Utility, AdobeResourceSynchronizer, Dropbox, TotalFinder, Syncplicity, SymSecondaryLaunch

May 10, 2012 4:09 PM in response to BretA

Please read this whole message carefully, especially the warnings, before doing anything.


The changes to your configuration suggested here should be considered provisional; they may not solve your problem, or they may remove functionality that you find useful. If a third-party system modification that you want to keep is causing the problem, seek help from its developer.


WARNING: Back up all data now if you haven’t already done so. Before proceeding, you must be sure you can restore your system to its present state, even if it becomes unbootable. If you’re not sure you can do that, STOP — DON’T CHANGE ANYTHING. If you’re dissatisfied with the results of the procedure suggested below, restore from your backup. I will not be responsible for the consequences, and I will not help, if you ignore this warning.


You should either remove or update the following system modification(s), if an update is available from the developer:


Parallels


and definitely remove at least the following:


† DivX

† MacFUSE

† Symantec/Norton Security


Whatever you remove must be removed completely, and (unless otherwise specified in this message) the only way to do that is to use the uninstallation tool, if any, provided by the third-party developer, or to follow his instructions. In some cases it may be necessary to re-download or even reinstall the software in order to get rid of it. I can't be more specific, because I don't install such things myself. Please do your own research.


Here are some general guidelines to get you started. Suppose you want to remove something called “BrickYourMac.” First check the developer's website, say www.brickyourmac.com, for instructions. If you don’t find any, email the developer. Failing that, download BrickYourMac.dmg and open it. There may be an application in there such as “Uninstall BrickYourMac.” If not, open “BrickYourMac.pkg” and look for an Uninstall button.


If you can’t remove the software in any other way, you’ll have to erase your boot volume and perform a clean reinstallation of the Mac OS. Never install any third-party software unless you're sure you know how to uninstall it; otherwise you may create problems that are very hard to solve.


WARNING: Trying to remove complex system modifications by hunting for files by name often will not work and may make the problem worse.


I recommend that you never reinstall the modifications marked with a dagger (†) above, if any. If your problem is resolved after uninstalling all the above modifications and rebooting, but you still want to use some of those not marked with a dagger, you can experiment with putting them back, one at a time, testing carefully after each step. Keep in mind that system modifications may be incompatible with each other or with future Mac OS updates, so it may not be clear which one is at fault.


If you still have problems after making the suggested changes and rebooting, post again. Remember: if you don’t like the results of this procedure, you can undo it by restoring from the last backup you made before you started.

May 10, 2012 4:48 PM in response to Linc Davis

OK. I will backup to Time Capsule in a while. I am scanning for malware with clamXav right now. I already scanned with Norton and didn't find anything. I'm not sure where DivX and MacFuse came from, but I bought Parallels and use it alot. I don't mind getting rid of Symantec applications. I don't think they work very well on Mac anyway and right now it has a lot of processes dieing and filling up my system logs.I will backkup and then remove the 3 apps and then keep Parallels for now, but see if there is an update. Does that sound like a good plan?

I have a malware/virus problem and I can't connect to the internet

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.