New malware?

I am learning a lot with you guys 🙂

I repeated the procedure, plugged in the Ethernet cable while the computer was already on, and leaved the console

message window opened. No messages appeared. I could still move the applications window if they were already opened, but any click inside any application window made it freeze - the rainbow wheel started turning. When it stopped turning I could click again and then it turned again for about 5 minutes.

I don't get any message saying that I need to restart.

If I am patient enough, and Safari manages to open, it doesn't connect to any website - but blue bar in the address

line goes half way and stops, the wheel turns for some minutes and stops but nothing happens, and the Safari window

stays white and blanc, named "Untitled". It took 5 minutes for it to respond to make a screenshot:

Now, even if I unplug the Ethernet cable, it doesn't help - need to shut down with power button and restart with

cable unplugged to make it work again.

Looked in "Console>Library>Logs>Diagnostic Reports" as WZZZ suggested.

1) in "~Library/Logs":

- in Diagnostic Reports - nothing with the date of today and nothing that contains the word "panic";

- in CrashReporter --> CSConfigDotMacCert.log - messages from today saying that the password for my-email@me.com could not be obtained from the keychain. (I replaced my real email for "my-email" just not to display it here).

2) in "Library/Logs":

- in DiagnosticReports - some messages about WacomTabletDriver crash but the latest is 2 days ago (Wacom tablet is not connected now);

- in CrashReporter - the same.

I don't see anything called "Hang Reporter".

Yes, as soon as I plugged in the Ethernet cable, "System Preferences" immediately jumped to 20,1% of CPU usage in Activity Monitor. It stayed like that for 5 minutes and then was showing "0" again. Then I clicked on a Safari icon trying to open it. It didn't respond with the wheel turning, but there were no big changes in Activity Monitor - "Dock" was showing 1$% of CPU usage.

BDAqua,

com.adobe.versioncueCS4.plist us found in two locations:

1) Mac HD --> Library --> LaunchDaemons

2) Mac HD --> Library --> Preferences

Which one I should try to delete? Or both?

In System Preferences, the Other row:

A 6|2m

Apple Qmaster

FlashPlayer

Flip4Mac WMV

Line 6 Audio-MIDI Devices

Perian

Version Cue CS4

Wacom Tablet

MadMacs0 wrote:

??? The error message says it's in "/private/etc/mach_init_per_user.d/" and the error may indicate it just has not been updated for your OS X. If you can't find one there then the one in LaunchDaemons may be the candicate.

I think there is a confusion. There were two error messages:

Sender: com.apple.launchctl.Aqua[104]

Message: launchctl: Please convert the following to launchd: /etc/mach_init_per_user.d/com.adobe.versioncueCS4.monitor.plist

Sender: com.apple.launchd.peruser.501[102]

Message: (0x100302d80.mach_init.VersionCueCS4monitor) Failed to check-in!

BDAqua suggested to delete "com.adobe.versioncueCS4.plist" which is found in 2 locations:

1) Mac HD --> Library --> LaunchDaemons

2) Mac HD --> Library --> Preferences

But the file "com.adobe.versioncueCS4.monitor.plist" shown in the error message is indeed found in the folder " /etc/mach_init_per_user.d/"

So which one I should delete?

MadMacs0 wrote:

Version Cue CS4

I don't use CS4, but this looks to be an update checker. Could be corrupt or perhaps is checking an old address.

Still think downloading and re-installing the latest version is in order.

I have several Adobe CS4 appications installed. Did you mean uninstalling these applications or only the Version Cue? I never installed it, it just appeared in the System Preferences after the installation of one of the CS4 applications. Version Cue is not listed in "Applications". What would be the correct way to uninstall it?

For the moment, I just removed the Version Cue CS4 from the System Preferences panel. The same 2 errors were shown after reboot:

Sender: com.apple.launchctl.Aqua[104]

Message: launchctl: Please convert the following to launchd: /etc/mach_init_per_user.d/com.adobe.versioncueCS4.monitor.plist

Sender: com.apple.launchd.peruser.501[102]

Message: (0x100302d80.mach_init.VersionCueCS4monitor) Failed to check-in!

So now, which file shoul I try to remove: "com.adobe.versioncueCS4.monitor.plist" or

"com.adobe.versioncueCS4.plist"?