Malware has setup a hidden partition

There are many malicious web sites out there that will display fake Flash update notices. Just ignore and close them. Make sure that you don't have Java enabled in your web browser, and use a Flash blocker (like ClickToFlash), and don't install anything that gets downloaded as a result.

It sounds like you have had some bad experiences with malware on Windows, but do not use your experience with Windows malware to extrapolate behavior on the Mac. Of course malware will often download more files, but it certainly does not do so in a way that the average user would notice. Regarding Flashback, no, there aren't newer versions. It is extinct at this point. No new infections have been seen in about a year.

You are not well served by making assumptions about your issues that are not grounded in fact. We can help you determine what is going on if you could simply post clear, detailed descriptions of the behavior, without interpretation.

Now I'm having a strange problem with restarting my mac to reinstall ML. I have clicked off the require password after sleep or screen saver begins. Yet, as improbable as it is, it still asks for a password on every restart. Any suggestions? Or is better for another forum?

Is Users & Groups set to Automatic Login?

Do you have FileVault enabled?

Based on all the other issues, do you have disk corruption that is manifesting in all sorts of weird behavior?

For instance I had to call Apple support last week because I my password wouldn't reset.

I can't comment much on that, because there's no real concrete information there. If the issue has to do with a redirect in Chrome, see:

Eliminating browser redirects and advertisements

I have clicked off the require password after sleep or screen saver begins. Yet, as improbable as it is, it still asks for a password on every restart.

That setting only controls whether the password is requested on waking from sleep or dismissing the screen saver. It has nothing to do with passwords at startup.

If you are being prevented from reinstalling the system by a password, that's either a firmware password or a request for the password for the Apple ID used to purchase Mountain Lion.

Your directory structure looks to be messed up as the top item should be a physical description of the drive such as, MATSUSHITA 500GB....

The indented items will be logical volumes on the hard drive.

Select the very top Macintosh HD and try repairing it. That should repair the directory.

I'm also confused that the Macintosh HD is on the top. That usually indicates the boot drive, which would explain not being able to erase it. However, I haven't been in Recovery in a while, so that may be correct for recovery.

That's normal for Recovery.

This seems to be an issue experienced by at least some people using FileVault. See:

https://discussions.apple.com/thread/4232251?start=0&tstart=0

I don't use it personally, so I have no experience with whether this is normal or not, but perhaps it will help you.

Regarding the firmware password, that prevents you from booting from any but your internal hard drive's system without providing the password, among other things. See:

http://support.apple.com/kb/HT1352

Ok. Your drive is Encrypted with FileVault. That is likely why it looks like it does.

This issue is because you are using FileVault, where the system sets its CoreStorage technology for managing volumes. This is why the device is listed as a "Logical Volume Group" instead of a "Solid State Disk" or other physical device.

To erase this volume, try first destroying the logical volume group. This will take a bit of Terminal work, so do the following:

1. Open the Terminal in the Utilities menu

2. Run the following command:

diskutil cs list

3. Locate the UUID of the "Logical Volume Group" in the CoreStorage tree that is output from this command. The UUID will be a series of letters and numbers, separated by dashes.

4. With the UUID, run the following command to delete the CoreStorage volume (see screenshot below):

diskutil cs delete UUID

When finished, wait for the command to complete and return you to the command prompt, and then try formatting the drive again.

FileVault will always ask for your password on restart in order to decrypt the drive.

There is no point in encrypting the disk if you're just going to automatically decrypt it.

This thread has become quite difficult to navigate...

I held off responding as you seemed to have chosen a path and I didn't want to distract from that. Hope you have everything working now.

Royal Cascadian wrote:

But the fact that my browers are supposed to automatically update flash, yet tell me to update the flash player exernally with the one on my computer, which I didn't install, would seem likely that it is malware.

The automatic update capability of System Preferences->Flash Player->Advanced tab has never worked. I gave up and set mine to Notify. Chrome is the only one of my browsers that automatically updates.

Just because you personally haven't run into this, doesn't mean it's impossible, just unlikely, yet.

Have you never heard of a malware program automatically downloading more files? What do you think flashback was? And do you not think there are already newer versions of that? This is just the beginning for Macs.

At least three of us folks who have tried to help you here have an ulterior motive for being here and that is in case you are right about new malware. We spend a good portion of our days scanning the Internet and reading the security blogs for any sign of a new mac threat. It would not be the first time that we have stumbled across a zero-day infection that none of the A-V labs, etc. have run across yet. That's why we keep insisting on details and answers to detailed questions. I realize that your first priority must be getting your computer back on track, but hopefully you appreciate that in doing so you can help the community out before things get out of control as they did about a year ago.

Of course we know about Trojan downloaders. That's the way almost all drive-by infections occur. Neither I nor any of the other contributors said that wasn't a possibility, just that we are currently unaware. I believe the Flashback developers retreated from the OS X market because it wasn't cost effective for them, even after collecting advertising fees for ~600,000 users for a short time. Are they working on the next version? Certainly possible, and some of us want to be on top of it should they choose to open that market up again.

Did you set up Disk Utility to see the Debug menu and all partitions?

The Terminal command is:

defaults write com.apple.diskutility DUDebugMenuEnabled 1

Then select the Debug menu item and "Show every partition"

The "hidden" partition should be there to see.

Concentrate on OSX's own applictions for now, 3rd party browsers later.

And to put the malware idea away finally, reinstall to an erased drive, not over whatever you have now. (make sure that your backup is current and complete)