Malware has setup a hidden partition

Its likely not malware, but could you do the following to help determine what is going on? First open the Terminal utility and run the following command (copy and paste it to the Terminal and then press Enter), and then copy and paste the output from the Terminal to a message here:

diskutil list

Is the item in the Finder sidebar listed under "DEVICES" or is it under a different category such as "SHARED"?

I downloaded the Flashback Removal Security Update, mounted it on the desktop and see exactly the same thing, except that in the sidebar of Finder window it says "Flashback Removal..." instead of "I K".

When Eject the volume using the Finder or Disk Utility, it is no longer mounted. The volume name remains in Disk Utility, but goes away when I drag it from the sidebar. This is the expected behavior.

BTW, if you use the camera icon above you can upload those images here so we don't have to open them separately.

This issue is because you are using FileVault, where the system sets its CoreStorage technology for managing volumes. This is why the device is listed as a "Logical Volume Group" instead of a "Solid State Disk" or other physical device.

To erase this volume, try first destroying the logical volume group. This will take a bit of Terminal work, so do the following:

1. Open the Terminal in the Utilities menu

2. Run the following command:

diskutil cs list

3. Locate the UUID of the "Logical Volume Group" in the CoreStorage tree that is output from this command. The UUID will be a series of letters and numbers, separated by dashes.

4. With the UUID, run the following command to delete the CoreStorage volume (see screenshot below):

diskutil cs delete UUID

When finished, wait for the command to complete and return you to the command prompt, and then try formatting the drive again.

You say Chrome is opening on its own at startup... is it also open when you shut down or restart? If so, that's normal behavior.

As for what else might be going wrong with your machine, again, it's not malware. My bet is that it is simple lack of full understanding of the way the system works. However, I agree with Csound... at this point, you should simply wipe the slate clean and ease your mind. For instructions on how that should be done, see:

How to reinstall Mac OS X from scratch

This is not showing as an attached device or hardware volume on your system. At most right now you have a ~68 megabyte (not gigabyte) disk image that is mounted, which is is called "Flashback Removal Se..." (ends with something else, likely "Security Update"?).

This is likely this following utility that Apple provides for removing the Flashback malware that affected a number of Mac users a few years ago: http://support.apple.com/kb/dl1534

The disk image is a small ~2MB file, but when mounted it defines a disk that is 70MB in size (68.7, to be exact).

Try searching your system for a file called "FlashbackRemovalUpdate.dmg" and remove it. This may be in your Downloads folder.

Does this image show up if you create a new user account in the Users & Groups system preferences and log into this account? If not, then it is very likely just Apple's updater that you have downloaded.

You can also try finding this file by opening the Terminal utility and running the following command (copy and paste it into the Terminal to run):

find ~ $TMPDIR.. -name FlashbackRemovalUpdate

When this command runs, it will output any instances of this name that are found in your home folder and in a temporary folder your account uses for things like caches. Copy and paste any output you see to another message here, so we can take a look and direct you what to do next.

This seems to be an issue experienced by at least some people using FileVault. See:

https://discussions.apple.com/thread/4232251?start=0&tstart=0

I don't use it personally, so I have no experience with whether this is normal or not, but perhaps it will help you.

Regarding the firmware password, that prevents you from booting from any but your internal hard drive's system without providing the password, among other things. See:

http://support.apple.com/kb/HT1352

Royal Cascadian wrote:

I expected more from Apple than from Microsft.

Nobody commenting here is an Apple Employee, and if they were they would not be able to admit to it.

I reinstalled OSX but the downloaded flash player is still there

Where? It's been so long I you may have told us, but I can't seem to locate where you did so.

Chrome opens on start up. Which I didn't do since I don't know how or why I would.

I'm working with a couple of other users that have this complaint. In one case, it's because it keeps being added to his Login Items in System Preferences->Accounts. The way to stop that is to right-click / command-click on the Chrome Icon in the dock when it is running and select "Options" and make sure that "Open at Login" is not checked.

The other possibility is that starting with Lion, I believe, any applications that are running when you log out, shut down or restart is automatically re-opened when you log in. Some users have reported that they see this behavior even when they quit the application first, so there must be a way the previous state records become correupted.

I reinstalled Firefox but when I did and it told me to quit Firefox, I did. And it still asked to shut down Firefox even though it wasn't open or on. I did this twice and both times it kept telling to quit Firefox even though it wasn't on. Which leads me to believe the malware has infected my browsers and has started to rewrite code on my machine.

I see this happen all the time with Safari since the WebKit framework "WebProcess" is still running after quiting Safari. I can't say that I've ever observed the same thing with Firefox, but that's one possibility. I do see an mdworker process start right after Firefox, but it stops as soon as I quit Firefox. The two suggestions I have there are to restart and do the install before starting Firefox again and if that doesn't work restart into "Safe Mode".

I know I'm a broken record, but there is no currently known malware that could impact OS X or Firefox in this manner. It's a bit hard to believe after this length of time that you are the only one infected by it.

Royal Cascadian wrote:

I downloaded the flashback security file from Apple and it says that my drive doesn't meet the requirements for this update.

That was only for OS X 10.5.8 on Intel Macs. Flashback has been extinct for almost a year now. Every Security and Java update runs the Malware Removal Tool which is supposed to remove all commonly found malware.

Ah! That is your hard drive, which for some reason got renamed in the Finder sidebar. Try going to the Finder's Preferences and then check the box next to "Hard disks" in the Sidebar settings to toggle this on and off, and see if it changes back to Macintosh HD.

Alternatively, right-click the "k" drive and try changing its name to Macintosh HD using the contextual menu.

If you cannot seem to rename it, then go to the Go menu, hold the Option key, and choose Library from the list that pops up. In here, go to the Preferences folder and remove the file called "com.apple.sidebarlists.plist" and then log out and back in to your account and see if you can rename the disk accordingly.

...and the 70GB you are seeing there is the size on disk, meaning its the amount of used space and not the size of the drive itself. If you select the drive and press Command-I you will see this value under Used, and see its full capacity and available space listed above it.