Malware has setup a hidden partition

Royal Cascadian wrote:

I should also mention the flashback removal update went to the k device.

Just an FYI, OSX does not use drive letters. No c drive, or k.

Royal Cascadian wrote:

No, I'm not using this as a server and don't know how.

I don't think you have a choice. Don't all mini's come with OS X Server installed?

Csound1 wrote:

Just an FYI, OSX does not use drive letters. No c drive, or k.

And it looks to me as if it is "I K" not just K.

Apologies, its tough to see the screenshots. The device is not your hard drive, but the name of your computer. For some reason that got renamed. Go to the Sharing system preferences and change the "Computer Name" field, and see if that changes the name of this device.

BTW, you can take a screenshot of your system by pressing Shift-Command-3. The resulting screenshot will be a direct representation of your screen, and will be placed on your Desktop for you to access (ie, to upload here).

MadMacs0 wrote:

Royal Cascadian wrote:

No, I'm not using this as a server and don't know how.

I don't think you have a choice. Don't all mini's come with OS X Server installed?

No.

Aha, that throws some new light on matters. That "l k" item is your computer's name. Go to System Preferences -> Sharing and change it there. You have checked the first box under Devices in the General pane of the Finder's preferences to show that item in the sidebar. When you select that item, it shows you all possible devices you have. It looks like you have a disk image mounted, two shared folders, your hard drive (named Macintosh HD), the Network item (which allows you to browse for other devices to connect to on the network, and a Remote Disc item which, I believe, allows you to share the optical drive of another Mac that is on your local network.

None of this is related to malware.

You are correct. I just checked MacTracker and see there is a choice.

If you have Java installed, reinstall Java for OS X 2013-002 otherwise reinstall OS X Mountain Lion v10.8.3 which will run the Malware Removal Tool. It will either tell you that it found and removed something or be silent, in which case it didn't find anything.

If you are still uncomfortable download and run one of the anti-malware applications reviewed by Thomas Reed in his Mac Malware Guide.

I'm sure I speak for the rest of us here when I say that there is no currently known OS X malware that would do what you have described. You say you downloaded a malicious program and earlier you indicated that it was Flash Player related. Can you give us a better description of exactly what happened. Did you have Java enabled in your browser at the time? Was your OS X fully up-to-date at the time? Do you recall the name of the file that was downloaded and do you still have it? I assume you launched the downloaded file and allowed it to install something at the time. Did you notice anything unusual about the installation.

The latest Flash Update is 11.7.700.203, I believe dated 5/22/2013 and should be in /Library/Internet Plug-Ins/. There was one about a week before that, but I don't have the exact date at the moment.

Full disclosure: I do uncompensated tech support for the ClamXav Forum.

If you believe you're infected with something, then just get a copy of Sophos and scan your hard drive.

However, nothing that you're telling us sounds anything like the symptoms of any known Mac malware. I can't say what's going on, as I can't entirely follow your description of what you've seen, but it certainly doesn't sound like malware. Honestely, it sounds like you're simply misinterpreting normal behaviors as malicious somehow.

I'd recommend that you take a look at my Mac Malware Guide to learn more about this topic.

Nobody's saying its impossible to be malware, but rather that it's improbable. Many folks here are well-versed in the Mac malware scene and while there's the possibility of a new threat out there that behaves like this, so far it's not been documented.

It's possible this has arisen from malicious activities, but do keep in mind that both the Flash plugin and the Flash system preferences can detect if Flash is out of date and inform you of an update. Additionally Apple's XProtect security feature in OS X may block the plugin if it's out of date, and inform you of the need to update, so there are several modes by which the system can issue you requests to update Flash, without it being malware.

However, if you don't want to take any chances, then formatting and reinstalling OS X is one way to clear any unknown items that may have been installed.