cmrguitar504

Level 1 (0 points)

Q: Dialog box appears and disappears before I can read it... what is it?

I've been noticing a dialog box that appears and disappears in a fraction of a second, just enough to annoy me. It happens at random times, and have noticed it while working in various applications. I've checked Console and determined that this is the culprit. What is this!?

5/12/12 2:18:57.550 PM Firewall: java is listening from ::ffff:0.0.0.0:0 proto=6

Posted on May 12, 2012 12:24 PM

I have this question too

Q: Dialog box appears and disappears before I can read it... what is it?

All replies

Helpful answers

by BDAqua,

BDAqua May 12, 2012 1:16 PM in response to cmrguitar504
Level 10 (123,905 points)

May 12, 2012 1:16 PM in response to cmrguitar504

Hmmm, are you running 10.6.8 or later & installed the Security updates?

Java was an attack vector for FlashBack.

Disable Java in your Browser settings, not JavaScript.

http://support.apple.com/kb/HT5241?viewlocale=en_US
http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=142064
http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets

Flashback - Detect and remove the uprising Mac OS X Trojan...

http://www.mac-and-i.net/2012/04/flashback-detect-and-remove-uprising.html

In order to avoid detection, the installer will first look for the presence of some antivirus tools and other utilities that might be present on a power user's system, which according to F-Secure include the following:

/Library/Little Snitch
/Developer/Applications/Xcode.app/Contents/MacOS/Xcode
/Applications/VirusBarrier X6.app
/Applications/iAntiVirus/iAntiVirus.app
/Applications/avast!.app
/Applications/ClamXav.app
/Applications/HTTPScoop.app
/Applications/Packet Peeper.app

If these tools are found, then the malware deletes itself in an attempt to prevent detection by those who have the means and capability to do so. Many malware programs use this behavior, as was seen in others such as the Tsunami malware bot.

http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/

http://x704.net/bbs/viewtopic.php?f=8&t=5844&p=70660#p70660

The most current flashback removal instructions are F-Secure's Trojan-Downloader:OSX/Flashback.K.

https://www.securelist.com/en/blog/208193454/Flashfake_Removal_Tool_and_online_c hecking_site

More bad news...

https://www.securelist.com/en/blog/208193467/SabPub_Mac_OS_X_Backdoor_Java_Explo its_Targeted_Attacks_and_Possible_APT_link
Reply options

Link to this post

by cmrguitar504,

cmrguitar504 May 12, 2012 1:49 PM in response to BDAqua
Level 1 (0 points)

May 12, 2012 1:49 PM in response to BDAqua

Thank you for the response! I am running 10.7.3 and am currently installing a recent Mac OS X software update.

I read through those links and followed the steps to detect infection. As far as I can tell, my computer is not infected with Flashback. I even ran the F-Secure automatic tool and it also determined my computer was clean.

Hopefully the software update I'm currently installing will fix it. Do you have any other suggestions? Thanks again!
Reply options

Link to this post

by BDAqua,

BDAqua May 12, 2012 2:28 PM in response to cmrguitar504
Level 10 (123,905 points)

May 12, 2012 2:28 PM in response to cmrguitar504

I can't imagine why Java is running, but might try...

Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
Reply options

Link to this post

by Linc Davis,

Linc Davis May 12, 2012 2:29 PM in response to cmrguitar504
Level 10 (208,044 points)

Applications

May 12, 2012 2:29 PM in response to cmrguitar504

Apple menu > System Preferences > Security & Privacy > Firewall: off
Reply options

Link to this post

by MadMacs0,

MadMacs0 May 12, 2012 4:51 PM in response to cmrguitar504
Level 5 (4,801 points)

May 12, 2012 4:51 PM in response to cmrguitar504

cmrguitar504 wrote:

What is this!?

5/12/12 2:18:57.550 PM Firewall: java is listening from ::ffff:0.0.0.0:0 proto=6

This command will help narrow down the Applications that use Java...
find /Applications -type d -name *.app -prune -exec sh -c 'ls -R "$1" | grep -q \.jar\$' {} {} \; -print
Reply options

Link to this post

by Joe Yooper,

Joe Yooper Jul 29, 2013 10:31 AM in response to cmrguitar504
Level 1 (0 points)

Jul 29, 2013 10:31 AM in response to cmrguitar504

Does anyone with this problem by chance have cac reader software installed? I never saw this disappearing window on my mac until a trip to AKO for the software.
Reply options

Link to this post