Stuck on grey screen at start up

Question

Level 1

29 points

Stuck on grey screen at start up

I am in the process of updating our 3 Mac Pros to Mountain Lion, in the office.

One that I updated a couple of weeks okay got stuck on a grey screen while booted in Windows 7 on BootCamp. I think it was downloading updates from Apple for BootCamp 3 at the time. As it was like this over at least an hour, I had to perform a hard shut down.

I did performed a Recovery Mode and tried checking the hard drive and repairing permissions with Disk Utility but still got the grey screen on reboot.

I then tried a Safe Boot (holding down shift on reboot) and managed to get back into Mac OS X.

Realising that BootCamp 3 wasn't compatible with Mountain Lion, I asked our IT dept to update the Mac to BootCamp 4 yesterday and all seems well again now. Although, I haven't tried this morning.

I booted my own Mac this morning and got the stuck grey screen during start up. Now, this cannot be the same issue as above, as I don't have BootCamp on my Mac, but use Fusion VM Ware with Windows 7 instead (version 5).

After doing Recovery Mode and checking the hard drive and repairing permissions, I tried a reboot. Still stuck on grey screen.

Rebooted in Safe Mode and got Mac OS X back, so thought it must be a start up item. I deleted ALL log in items listed under my User preferences and rebooted. Still stuck on grey screen.

I then reset my PRAM, and rebooted. Still stuck on grey screen.

I have verified my preference files using OnyX, and they all appear to be in order.

The only other thing I can think of is that I updated Flash before shutting down last night.

I'd be grateful for any other suggestions, as I'm not sure I can work in Safe Mode for the rest of the day.

Mac Pro, OS X Mountain Lion (10.8.2), 2.66GHz Quad-Core, 8GB RAM

Posted on Feb 26, 2013 3:16 AM

Reply

Answer 1

Linc Davis

Level 10

209,547 points

Feb 26, 2013 9:40 AM in response to Maff K

If you have more than one user account, these instructions must be carried out as an administrator.

Boot in safe mode. Launch the Console application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad. Click Utilities, then Console in the icon grid.

Step 1

Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left. If you don't see that menu, select

View ▹ Show Log List

from the menu bar.

Enter "BOOT_TIME" (without the quotes) in the search box. Note the timestamps of those log messages, which refer to the times when the system was booted. Now clear the search box and scroll back in the log to the last boot time when you had the problem. Select the messages logged before the boot, while the system was unresponsive or was failing to start up or shut down. Copy them to the Clipboard (command-C). Paste into a reply to this message (command-V). Please include the BOOT_TIME message at the end of the log extract.

If there are runs of repeated messages, post only one example of each. Don’t post many repetitions of the same message.

When posting a log extract, be selective. In most cases, a few dozen lines are more than enough.

Please do not indiscriminately dump thousands of lines from the log into this discussion.

Important: Some private information, such as your name, may appear in the log. Anonymize before posting.

Step 2

Still in Console, look under System Diagnostic Reports for crash or panic logs, and post the entire contents of the most recent one, if any. In the interest of privacy, I suggest you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if present (it may not be.) Please don’t post shutdownStall, spin, or hang logs — they're very long and not helpful.

Reply

Answer 2

Maff K Author

Level 1

29 points

Feb 27, 2013 1:56 AM in response to Linc Davis

Thanks Linc

I did manage to get things back up and running in the end. I logged into the other user accounts (including admin) and deleted the login items from the user preferences. The only one that seemed to be common across all accounts was the iTunesHelper item.

However, I don't know if it will be useful, but here is an extract from the Console log showing before BOOT_TIME:

26/02/2013 12:48:25.390 apsd[59]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)

26/02/2013 12:48:25.560 WindowServer[114]: Server is starting up

26/02/2013 12:48:27.000 kernel[0]: Virex Kext: "Loading Phoenix kernel extension"

26/02/2013 12:48:28.344 rooksd[60]: kCGErrorRangeCheck: On-demand launch of the Window Server is allowed for root user only.

26/02/2013 12:48:28.344 rooksd[60]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)

26/02/2013 12:48:28.344 rooksd[60]: Window Server is not available.

26/02/2013 12:48:28.344 rooksd[60]: kCGErrorRangeCheck: On-demand launch of the Window Server is allowed for root user only.

26/02/2013 12:48:28.344 rooksd[60]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)

26/02/2013 12:48:28.344 rooksd[60]: Window Server is not available.

26/02/2013 12:48:30.156 WindowServer[114]: Session 256 retained (2 references)

26/02/2013 12:48:30.157 WindowServer[114]: Session 256 released (1 references)

26/02/2013 12:48:30.912 WindowServer[114]: Session 256 retained (2 references)

26/02/2013 12:48:30.913 WindowServer[114]: init_page_flip: page flip mode is on

26/02/2013 12:48:32.302 WindowServer[114]: mux_initialize: Couldn't find any matches

26/02/2013 12:48:32.425 WindowServer[114]: GLCompositor enabled for tile size [256 x 256]

26/02/2013 12:48:32.425 WindowServer[114]: CGXGLInitMipMap: mip map mode is on

26/02/2013 12:48:32.577 WindowServer[114]: WSMachineUsesNewStyleMirroring: false

26/02/2013 12:48:32.579 WindowServer[114]: Display 0x28d9e300: GL mask 0x1; bounds (0, 0)[1920 x 1200], 105 modes available

Main, Active, on-line, enabled, boot, Vendor 38a3, Model 678c, S/N 0, Unit 0, Rotation 0

UUID

26/02/2013 12:48:32.579 WindowServer[114]: Display 0x003f003d: GL mask 0x2; bounds (0, 0)[0 x 0], 1 modes available

off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0

UUID

26/02/2013 12:48:32.584 WindowServer[114]: Created shield window 0x5 for display 0x28d9e300

26/02/2013 12:48:32.584 WindowServer[114]: Created shield window 0x6 for display 0x003f003d

26/02/2013 12:48:32.586 WindowServer[114]: Display 0x28d9e300: GL mask 0x1; bounds (0, 0)[1920 x 1200], 105 modes available

Main, Active, on-line, enabled, boot, Vendor 38a3, Model 678c, S/N 0, Unit 0, Rotation 0

UUID

26/02/2013 12:48:32.586 WindowServer[114]: Display 0x003f003d: GL mask 0x2; bounds (2944, 0)[1 x 1], 1 modes available

off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0

UUID

26/02/2013 12:48:32.586 WindowServer[114]: CGXPerformInitialDisplayConfiguration

26/02/2013 12:48:32.586 WindowServer[114]: Display 0x28d9e300: MappedDisplay Unit 0; Vendor 0x38a3 Model 0x678c S/N 0 Dimensions 20.39 x 12.76; online enabled, Bounds (0,0)[1920 x 1200], Rotation 0, Resolution 1

26/02/2013 12:48:32.586 WindowServer[114]: Display 0x003f003d: MappedDisplay Unit 1; Vendor 0xffffffff Model 0xffffffff S/N -1 Dimensions 0.00 x 0.00; offline enabled, Bounds (2944,0)[1 x 1], Rotation 0, Resolution 1

26/02/2013 12:48:33.344 rooksd[60]: kCGErrorRangeCheck: On-demand launch of the Window Server is allowed for root user only.

26/02/2013 12:48:33.344 rooksd[60]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)

26/02/2013 12:48:33.344 rooksd[60]: Window Server is not available.

26/02/2013 12:48:33.344 rooksd[60]: kCGErrorRangeCheck: On-demand launch of the Window Server is allowed for root user only.

26/02/2013 12:48:33.344 rooksd[60]: CGSLookupServerRootPort: Failed to look up the port for "com.apple.windowserver.active" (1102)

26/02/2013 12:48:33.344 rooksd[60]: Window Server is not available.

26/02/2013 12:48:34.066 launchctl[167]: launchctl: Dubious permissions on file (skipping): /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

26/02/2013 12:48:34.067 launchctl[168]: launchctl: Dubious permissions on file (skipping): /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

26/02/2013 12:48:34.581 awacsd[57]: Exiting

26/02/2013 12:48:35.590 WindowServer[114]: GLCompositor: GL renderer id 0x0102260c, GL mask 0x00000003, accelerator 0x00003a3b, unit 0, caps QEX|QGL|MIPMAP, vram 512 MB

26/02/2013 12:48:35.605 WindowServer[114]: GLCompositor: GL renderer id 0x0102260c, GL mask 0x00000003, texture units 8, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT

26/02/2013 12:48:35.605 WindowServer[114]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.

26/02/2013 12:48:35.725 WindowServer[114]: Received display connect changed for display 0x28d9e300

26/02/2013 12:48:35.763 WindowServer[114]: Created shield window 0x7 for display 0x28d9e300

26/02/2013 12:48:35.764 WindowServer[114]: handle_will_sleep_auth_and_shield_windows: NULL auth_window

26/02/2013 12:48:35.764 WindowServer[114]: Received display connect changed for display 0x3f003d

26/02/2013 12:48:35.817 loginwindow[42]: **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.

26/02/2013 12:48:36.217 WindowServer[114]: Display 0x28d9e300: GL mask 0x1; bounds (0, 0)[1920 x 1200], 105 modes available

Main, Active, on-line, enabled, boot, Vendor 38a3, Model 678c, S/N 0, Unit 0, Rotation 0

UUID 0

26/02/2013 12:48:36.217 WindowServer[114]: GLCompositor: GL renderer id 0x0102260c, GL mask 0x00000003, accelerator 0x00003a3b, unit 0, caps QEX|QGL|MIPMAP, vram 512 MB

texture units 8, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT

26/02/2013 12:48:36.217 WindowServer[114]: Display 0x003f003d: GL mask 0x2; bounds (2944, 0)[1 x 1], 1 modes available

off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0

UUID

26/02/2013 12:48:36.540 WindowServer[114]: Created shield window 0x8 for display 0x28d9e300

26/02/2013 12:48:36.540 WindowServer[114]: Created shield window 0x9 for display 0x003f003d

26/02/2013 12:48:37.765 WindowServer[114]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.

26/02/2013 12:48:38.344 rooksd[60]: Window Server is not available.

26/02/2013 12:48:41.560 WindowServer[114]: post_notification : Time out waiting for reply from "(PID 42)" for notification type 109 (CID 0x7203, PID 42)

26/02/2013 12:48:41.560 WindowServer[114]: Display added

26/02/2013 12:48:41.561 WindowServer[114]: Display removed

26/02/2013 12:48:41.561 WindowServer[114]: Display 0x28d9e300: GL mask 0x1; bounds (0, 0)[1920 x 1200], 105 modes available

Main, Active, on-line, enabled, boot, OpenGL-accel, Vendor 38a3, Model 678c, S/N 0, Unit 0, Rotation 0

UUID

26/02/2013 12:48:41.561 WindowServer[114]: GLCompositor: GL renderer id 0x0102260c, GL mask 0x00000003, accelerator 0x00003a3b, unit 0, caps QEX|QGL|MIPMAP, vram 512 MB

texture units 8, texture max 8192, viewport max {8192, 8192}, extensions FPRG|NPOT|GLSL|FLOAT

26/02/2013 12:48:41.562 WindowServer[114]: Display 0x003f003d: GL mask 0x2; bounds (2944, 0)[1 x 1], 1 modes available

off-line, enabled, Vendor ffffffff, Model ffffffff, S/N ffffffff, Unit 1, Rotation 0

UUID

26/02/2013 12:48:41.708 WindowServer[114]: Received display connect changed for display 0x28d9e300

26/02/2013 12:49:37.879 warmd[26]: [warmctl_evt_timer_bc_activation_timeout:286] BC activation bcstop timer fired!

26/02/2013 12:49:37.880 warmd[26]: [___bootcachectl_filter_out_sharedio_from_history_block_invoke_0:2244] Unable to open i386 shared cache: 2 No such file or directory

26/02/2013 12:49:56.000 kernel[0]: considerRebuildOfPrelinkedKernel com.rim.driver.BlackBerryUSBDriverVSP triggered rebuild

26/02/2013 12:49:57.894 com.apple.kextcache[186]: Kernel file /mach_kernel does not contain requested arch: i386

26/02/2013 12:50:14.671 launchctl[188]: launchctl: Dubious permissions on file (skipping): /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

26/02/2013 12:50:14.756 distnoted[190]: Bug: 12C60: liblaunch.dylib + 23849 [2F71CAF8-6524-329E-AC56-C506658B4C0C]: 0x25

26/02/2013 12:50:16.432 launchctl[195]: launchctl: Dubious permissions on file (skipping): /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

26/02/2013 12:50:17.021 com.apple.kextcache[186]: Created prelinked kernel /System/Library/Caches/com.apple.kext.caches/Startup/kernelcache.

26/02/2013 12:50:21.851 mdworker32[199]: CGSGetDisplayBounds: Invalid display 0x00000000

26/02/2013 12:50:22.582 mdworker32[199]: bootstrap_look_up2 failed with 0x44c

26/02/2013 12:50:22.000 kernel[0]: Sandbox: sandboxd(200) deny mach-lookup com.apple.coresymbolicationd

26/02/2013 12:50:24.144 sandboxd[200]: ([199]) mdworker32(199) deny mach-lookup com.apple.PowerManagement.control (import fstype:hfs fsflag:480D000 flags:40000005E diag:0 uti:com.microsoft.excel.openxmlformats.spreadsheetml.sheet plugin:/Library/Spotlight/Microsoft Office.mdimporter - find suspect file using: sudo mdutil -t 9866202)

26/02/2013 12:50:30.587 com.apple.SecurityServer[17]: Session 100006 created

26/02/2013 12:50:30.594 com.apple.SecurityServer[17]: Session 100005 created

26/02/2013 12:51:09.586 [CMA][173]: Failed to start cma

26/02/2013 12:55:37.000 bootlog[0]: BOOT_TIME 1361883337 0

There were no crash or panic logs from yesterday.

Reply

Answer 3

Maff K Author

Level 1

29 points

Feb 27, 2013 2:18 AM in response to Maff K

Okay, spoke too soon.

I rebooted after posting the last post and got stuck on they grey screen again. Here is the extract for Console log file from this time:

27/02/2013 09:39:04.759 Safari[225]: Warning: accessing obsolete X509Anchors.

27/02/2013 09:49:28.372 librariand[244]: MMe quota status changed: under quota

27/02/2013 09:49:28.830 com.apple.security.pboxd[246]: Bug: 12C60: liblaunch.dylib + 23849 [2F71CAF8-6524-329E-AC56-C506658B4C0C]: 0x25

27/02/2013 09:50:06.483 com.apple.security.pboxd[246]: CGSGetWindowTags: Invalid window 0x52

27/02/2013 09:50:06.483 com.apple.security.pboxd[246]: kCGErrorFailure: CGSSetHideOnDeact: error getting window tags

27/02/2013 09:50:06.585 com.apple.security.pboxd[246]: CGSCopyWindowColorSpace: Invalid window 0x52

27/02/2013 09:50:08.174 com.apple.security.pboxd[246]: CGSReleaseWindow: Invalid window 82

27/02/2013 09:50:08.174 com.apple.security.pboxd[246]: _NXTermWindow: error releasing window (1000)

27/02/2013 09:53:16.103 com.apple.security.pboxd[246]: CGSGetWindowTags: Invalid window 0x7d

27/02/2013 09:53:16.103 com.apple.security.pboxd[246]: kCGErrorFailure: CGSSetHideOnDeact: error getting window tags

27/02/2013 09:53:16.141 com.apple.security.pboxd[246]: CGSCopyWindowColorSpace: Invalid window 0x7d

27/02/2013 09:53:17.837 com.apple.security.pboxd[246]: CGSReleaseWindow: Invalid window 125

27/02/2013 09:53:17.837 com.apple.security.pboxd[246]: _NXTermWindow: error releasing window (1000)

27/02/2013 09:56:25.760 com.apple.launchd.peruser.502[144]: (com.apple.printtool.agent[252]) Exited: Killed: 9

27/02/2013 09:56:25.000 kernel[0]: memorystatus_thread: idle exiting pid 252 [printtool]

27/02/2013 09:56:25.000 kernel[0]: (default pager): [KERNEL]: ps_allocate_cluster - send HI_WAT_ALERT

27/02/2013 09:56:25.000 kernel[0]: macx_swapon SUCCESS

27/02/2013 09:56:42.517 WindowServer[88]: CGXGetConnectionProperty: Invalid connection 35587

27/02/2013 09:56:42.519 WindowServer[88]: dict count after removing entry for window 0x30 is 0

27/02/2013 09:56:42.534 com.apple.launchd.peruser.502[144]: (com.apple.talagent[155]) Exited: Killed: 9

27/02/2013 09:56:42.553 com.apple.launchd.peruser.502[144]: ([0x0-0x17017].com.apple.AppleSpell[220]) Exited: Terminated: 15

27/02/2013 09:56:42.556 WindowServer[88]: CGXGetConnectionProperty: Invalid connection 35587

27/02/2013 09:56:42.560 coreservicesd[60]: SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=190

27/02/2013 09:56:42.597 loginwindow[39]: DEAD_PROCESS: 39 console

27/02/2013 09:56:42.631 com.apple.launchd.peruser.502[144]: (com.apple.PackageKit.InstallStatus) Throttling respawn: Will start in 9 seconds

27/02/2013 09:56:42.807 coreservicesd[60]: SendFlattenedData, got error #268435459 (ipc/send) invalid destination port from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=135

27/02/2013 09:56:42.807 coreservicesd[60]: SendFlattenedData, got error #268435460 (ipc/send) timed out from ::mach_msg(), sending notification kLSNotifyApplicationDeath to notificationID=190

27/02/2013 09:56:42.808 WindowServer[88]: CGXGetConnectionProperty: Invalid connection 35587

27/02/2013 09:56:42.888 helpd[165]: Could not find access page in directory /Library/Documentation/Help/VirusScanHelp.help

27/02/2013 09:56:42.889 helpd[165]: Could not find access page in directory /Library/Documentation/Help/VirusScanHelp.help

27/02/2013 09:56:42.905 helpd[165]: CFPropertyListCreateFromXMLData(): Old-style plist parser: missing semicolon in dictionary on line 1. Parsing will be abandoned. Break on _CFPropertyListMissingSemicolon to debug.

27/02/2013 09:57:20.000 bootlog[0]: BOOT_TIME 1361959040 0

Still not crash or panic reports.

Reply

Answer 4

Maff K Author

Level 1

29 points

Feb 27, 2013 2:34 AM in response to Maff K

Also when I do reboot, I get the Apple logo withe grey progress circle, then the screen goes grey. There sounds like there is some disc activity after this, but stops after a minute or so.

I have left it like this for 10-15 minutes and nothing further happens.

Reply

Answer 5

Linc Davis

Level 10

209,547 points

Feb 27, 2013 6:31 AM in response to Maff K

Boot in safe mode. Back up all data, then uninstall "Virex" according to the developer's instructions. Reboot as usual and test.

1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.

2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.

The following caveats apply to XProtect:

It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.

3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.

Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:

It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.

For more information about Gatekeeper, see this Apple Support article.

4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.

That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?

Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.

5. Java on the Web ( not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.

Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.

Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it only on well-known, password-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

Follow these guidelines, and you’ll be practically as safe from malware as you can be.

6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.

Why shouldn't you use commercial "anti-virus" products?

Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.

7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.

ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.

A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:

♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe

ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.

8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.

9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

Reply

Answer 6

Maff K Author

Level 1

29 points

Feb 28, 2013 5:12 AM in response to Linc Davis

Thanks Linc

We have uninstalled McAfee Security and Flash Player from my Mac. Unfortunately, we are still getting the grey screen on reboot.

What would you suggest as the next step. Reinstall Mountain Lion?

Reply

Answer 7

Linc Davis

Level 10

209,547 points

Feb 28, 2013 5:38 AM in response to Maff K

Please read this whole message before doing anything.

This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.

These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.

Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.

Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then copy it. The headings “Step 1” and so on are not part of the commands.

Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.

Launch the Terminal application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.

When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.

Step 1

Triple-click the line of text below to select it:

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

Copy the selected text to the Clipboard by pressing the key combination command-C. Then click anywhere in the Terminal window and paste (command-V). Post the lines of output (if any) that appear below what you just entered. You can do that by copying and pasting as well. Omit the final line ending in “$”. No typing is involved in this step.

Step 2

Repeat with this line:

sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'

This time you'll be prompted for your login password, which you do have to type. It won't be displayed when you type it. Type it carefully and then press return. You may get a one-time warning to be careful. Heed that warning, but don't post it. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.

Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.

Step 3

launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

Step 4

ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null

Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.

Step 5

osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

Remember, steps 1-5 are all copy-and-paste — no typing, except your password. Also remember to post the output.

You can then quit Terminal.

Reply

Answer 8

Maff K Author

Level 1

29 points

Feb 28, 2013 5:43 AM in response to Linc Davis

Thanks for posting that so quickly, Linc.

The problem that I have is that I am unable to boot normally at all, I just get the grey screen.

Reply

Answer 9

Maff K Author

Level 1

29 points

Feb 28, 2013 5:49 AM in response to Linc Davis

Would this do the same thing?

http://support.apple.com/kb/PH11342

Reply

Answer 10

Linc Davis

Level 10

209,547 points

Feb 28, 2013 5:58 AM in response to Maff K

Do this instead.

Please read this whole message before doing anything.

This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.

These steps are to be taken while booted in safe mode.

Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.

The commands may line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then either copy or drag it. The headings “Step 1” and so on are not part of the commands.

Launch the Terminal application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.

When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.

Step 1

Triple-click the line of text below to select it. Copy the selected text to the Clipboard (command-C). Then click anywhere in the Terminal window and paste (command-V).

find /Sy*/L*/Ex* -type f -name Info.plist -exec sh -c '/usr/libexec/PlistBuddy -c "Print :CFBundleIdentifier" "$1" 2> /dev/null | egrep -qv "apple|Accusys|ArcMSR|ATTO|CalDigit|HighPoint|hp-fax|JMicron|print|SoftRAID|stex" && echo ${1%*.kext/*}.kext' {} {} \;

Post the lines of output (if any) that appear below what you just entered (the text, please, not a screenshot.) You can omit the final line ending in “$”.

Step 2

Repeat with this line:

ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null

Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.

Step 3

osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

Remember, these steps are all copy-and-paste — no typing. Also remember to post the output.

You can then quit Terminal.

Reply

Answer 11

Maff K Author

Level 1

29 points

Feb 28, 2013 6:59 AM in response to Linc Davis

Thanks Linc

Output from step 1:

/System/Library/Extensions/hp_qc_io_enabler.kext

/System/Library/Extensions/RIMBBUSB.kext

/System/Library/Extensions/RIMBBVSP.kext

Output from step 2:

/Library/Components:

/Library/Extensions:

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

KodakCMS.framework

LogoSync.framework

MT6Lib.framework

NyxAudioAnalysis.framework

PluginManager.framework

RIM_VSP.framework

RimBlackBerryUSB.framework

Xalan-c-xc.framework

Xerces-c-xc.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobeExManDetect.plugin

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

JavaAppletPlugin.plugin

OfficeLiveBrowserPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

NSMClientStatusIcon.plist

com.adobe.AAM.Updater-1.0.plist

com.adobe.CS5ServiceManager.plist

com.oracle.java.Java-Updater.plist

com.rim.BBAlbumArtCacher.plist

com.rim.BBLaunchAgent.plist

com.trusteer.rapport.rapportd.plist

jp.co.canon.CUPSPS2.BG.plist

/Library/LaunchDaemons:

com.DesignScience.DSMTTool.plist

com.adobe.SwitchBoard.plist

com.barebones.authd.plist

com.barebones.textwrangler.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.rim.BBDaemon.plist

com.trusteer.rooks.rooksd.plist

/Library/PhonePlugins:

.DS_Store

Nokia6300.phoneplugin

/Library/PreferencePanes:

Growl.prefPane

JavaControlPanel.prefPane

RapportPreferences.prefPane

/Library/PrivilegedHelperTools:

com.DesignScience.DSMTTool

com.barebones.authd

com.barebones.textwrangler

com.microsoft.office.licensing.helper

/Library/QuickLook:

GBQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

.DS_Store

/Library/Spotlight:

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

NSMClient

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9.plist

Library/PreferencePanes:

Output from step 3:

VMware Fusion Start Menu

Reply

Answer 12

Linc Davis

Level 10

209,547 points

Feb 28, 2013 7:44 AM in response to Maff K

Please read this whole message carefully, especially the warnings, before doing anything.

1. The changes to your configuration suggested here should be considered provisional; they may not solve your problem, or they may remove functionality that you find useful. If a third-party system modification that you want to keep is causing the problem, seek help from its developer.

2. WARNING: Back up all data now if you haven’t already done so. Before proceeding, you must be sure you can restore your system to its present state, even if it becomes unbootable. If you’re not sure you can do that, STOP — DON’T CHANGE ANYTHING. If you’re dissatisfied with the results of the procedure suggested below, restore from your backup. I will not be responsible for the consequences, and I will not be able to help, if you ignore this warning.

3. You should either remove or update the following system modification(s), if an update is available from the developer:

VMware

and definitely remove at least the following:

† Rapport (Uninstalling Rapport)

BlackBerry Desktop Manager

4. Whatever you remove must be removed completely, and (unless otherwise specified in this message) the only way to do that is to use the uninstallation tool, if any, provided by the third-party developers, or to follow their instructions. If the software has been incompletely removed, you may have to re-download or even reinstall it in order to finish the job. I can't be more specific, because I don't install such things myself. Please do your own research.

Here are some general guidelines to get you started. Suppose you want to remove something called “BrickYourMac.” First, consult the product's Help menu, if there is one, for instructions. Finding none there, look on the developer's website, say www.brickyourmac.com. (That may not be the actual name of the site; if necessary, search the web for the product name.) If you don’t find anything on the website or in your search, contact the developer. While you're waiting for a response, download BrickYourMac.dmg and open it. There may be an application in there such as “Uninstall BrickYourMac.” If not, open “BrickYourMac.pkg” and look for an Uninstall button.

Again, please don't ask me to do this research for you. You can do it better than I can, because I haven't installed the product and I may not even know what it is.

If you can’t remove software in any other way, you’ll have to erase your boot volume and perform a clean reinstallation of OS X. Never install any third-party software unless you're sure you know how to uninstall it; otherwise you may create problems that are very hard to solve.

WARNING: Trying to remove complex system modifications by hunting for files by name often will not work and may make the problem worse. The same goes for "utilities" that purport to remove software.

5. I recommend that you never reinstall the modifications marked with a dagger (†) above, if any. If your problem is resolved after uninstalling all the above modifications and rebooting, but you still want to use some of those not marked with a dagger, you can experiment with putting them back, one at a time, testing carefully after each step. Keep in mind that system modifications may be incompatible with each other or with future OS X updates, so it may not be clear which one is at fault.

6. If you still have problems after making the suggested changes and rebooting, post again. Remember: if you don’t like the results of this procedure, you can undo it by restoring from the last backup you made before you started.

Reply

Answer 13

Maff K Author

Level 1

29 points

Mar 1, 2013 8:27 AM in response to Linc Davis

Hi Linc

Just to let you know that I removed those items from my Mac and everything is back to normal now. I have even reinstalled Fusion (which I need for work) and McAfee Security (which is company policy).

Thank you very much for your expert guidance this week.

Matt

Reply

Answer 14

Maff K Author

Level 1

29 points

Mar 8, 2013 7:19 AM in response to Linc Davis

I may have spoken too soon.

A few days this week, I have got the grey screen on start up and one day it booted normally in first time.

On the days that I got the grey screen, I safe booted into Admin account and restarted. Once or twice this sorted the problem. Other times it did not.

Our IT guys are saying that I should not erase and reinstall. Anything else that I should try before I go down that route?

Reply