removing virus from macbook running mountain lion
hi!
i suspect my MBPr is infected with malware. how can i get rid of this?
pls give me a detailed guide of cleaning the machine.
MacBook Pro with Retina display, OS X Mountain Lion
hi!
i suspect my MBPr is infected with malware. how can i get rid of this?
pls give me a detailed guide of cleaning the machine.
MacBook Pro with Retina display, OS X Mountain Lion
Run the free ClamXav scan, as you know you will have to Control Key click or right click and select "open" to allow it through Gatekeeper.
http://www.clamav.net/lang/en/
If it it comes up clean, very unlikely you have malware as they keep it updated and watch for any, but there is always a first time and you can explain why you think you have malware.
Did you install something?
Are you getting brower redirects?
What?
Also fill this out and paste back here so we can know more information and upload your processes for evaluation.
why do you suspect having a virus? what are the symptoms experienced?
well, i've downloaded some software from the internet and some torrent files. the mac has become slower than what it used to be. i'm not a tech savvy guy and am relatively new to mac platform.
try opening activity monitor and see what processes are taking cpu or ram... if you suspect that any process is taking or using a lot of resources then you might have a problem
Try uninstall torrent
It can use a lot of resources on your MBP
Allan Eckert wrote:
Try uninstall torrent
It can use a lot of resources on your MBP
i use utorrent all the time and i can assure you it doesn't use a lot of resources when running. also when you quit the application, all related processes will quit. i dont think the torrent.app is the issue
Deleted... not relevant
Message was edited by: stedman1
Maybe you are lucky because I have helped a number of Mac users fix their Mac by uninstalling torrent software.
From my past experience, I think it is a possible cause and should be checked out.
Allan
First, back up all data immediately, as your boot drive might be failing.
There are a few other possible causes of generalized slow performance that you can rule out easily.
Otherwise, take the steps below when you notice the problem.
Step 1
Launch the Activity Monitor application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Activity Monitor in the icon grid.
Select the CPU tab of the Activity Monitor window.
Select All Processes from the menu in the toolbar, if not already selected.
Click the heading of the % CPU column in the process table to sort the entries by CPU usage. You may have to click it twice to get the highest value at the top. What is it, and what is the process? Also post the values for % User, % System, and % Idle at the bottom of the window.
Select the System Memory tab. What values are shown in the bottom part of the window for Page outs and Swap used?
Next, select the Disk Activity tab. Post the approximate values shown for Reads in/sec and Writes out/sec (not Reads in and Writes out.)
Step 2
If you have more than one user account, you must be logged in as an administrator to carry out this step.
Launch the Console application in the same way you launched Activity Monitor. Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left. If you don't see that menu, select
View ▹ Show Log List
from the menu bar.
Select the 50 or so most recent entries in the log. Copy them to the Clipboard (command-C). Paste into a reply to this message (command-V). You're looking for entries at the end of the log, not at the beginning.
When posting a log extract, be selective. Don't post more than is requested.
Please do not indiscriminately dump thousands of lines from the log into this discussion.
Important: Some personal information, such as your name, may appear in the log. Anonymize before posting. That should be easy to do if your extract is not too long.
well, i've downloaded some software from the internet and some torrent files. the mac has become slower than what it used to be.
This is not likely to be caused by malware, though the fact that you're using torrents does increase that likelihood slightly. Torrents are most often used for somewhat illicit purposes, even if the people using them sometimes don't realize that those purposes are not legal.
That said, it's far more likely that you have just installed a bunch of junk software along with the torrent software, and that's what is causing your performance problems. There's a lot of junk out there.
Try the suggestions in my Mac Performance Guide to figure out what's causing the performance issues.
musfique wrote:
This solved my question.
Great, but exactly how did you fix things? Linc made a number of recommendations.
torrent files......... aaah....
Step 1:
Highest % CPU
Name: kernel _task
Process: 72
% User: 5.25
% System: 5.00
% Idle: 89.75
Page outs: 1.8 MB
Swap used: 26.3 MB
Step 2:
50 most recent entries:
3/15/14 5:54:24 PM | [0x0-0x19019].com.google.Chrome[188] | [WARNING:/Volumes/Builds/wksp/depot/JonesGMC/code/products/player/pepper/gypbuil d/../../../../flash/platform/pepper/pep_url_request_info.cpp(219)] Missing colon in HTTP header line " |
3/15/14 5:54:24 PM | [0x0-0x19019].com.google.Chrome[188] | ". |
3/15/14 5:54:37 PM | [0x0-0x19019].com.google.Chrome[188] | [WARNING:/Volumes/Builds/wksp/depot/JonesGMC/code/products/player/pepper/gypbuil d/../../../../flash/platform/pepper/pep_url_request_info.cpp(219)] Missing colon in HTTP header line " |
3/15/14 5:54:37 PM | [0x0-0x19019].com.google.Chrome[188] | ". |
3/15/14 5:56:08 PM | Twitter[3885] | will terminate |
3/15/14 5:56:08 PM | Twitter[3885] | Error: no oAuthTokenSecret set for account |
3/15/14 6:00:13 PM | kernel | CODE SIGNING: cs_invalid_page(0x1000): p=4078[GoogleSoftwareUp] clearing CS_VALID |
3/15/14 6:09:09 PM | ntpd[17] | time reset -1.108910 s |
3/15/14 6:16:46 PM | Twitter[4103] | font ChicagoBold loaded |
3/15/14 6:16:46 PM | Twitter[4103] | font pixChicago loaded |
3/15/14 6:16:47 PM | Twitter[4103] | could not fetch oAuthTokenSecret, this account will get removed |
3/15/14 6:16:48 PM | Twitter[4103] | --- |
API error:
For:https://api.twitter.com/1/users/show.xml?screen_name=EstherEaster97
err:<Error Domain=com.atebits.httprequest Code=401 UserInfo=0x1005cd4b0 "unauthorized">
data:<<?xml version="1.0" encoding="UTF-8"?><errors> <error code="64">The Twitter REST API v1 is no longer active. Please migrate to API v1.1. https://dev.twitter.com/docs/api/1.1/overview.</error></errors>>
headers:<{
"Content-Encoding" = gzip;
"Content-Length" = 181;
"Content-Type" = "application/xml; charset=utf-8";
Date = "Sat, 15 Mar 2014 09:16:48 UTC";
Server = tfe;
"Set-Cookie" = "guest_id=v1%3A139487500867362568; Domain=.twitter.com; Path=/; Expires=Mon, 14-Mar-2016 09:16:48 UTC";
"Strict-Transport-Security" = "max-age=631138519";
}>
---
3/15/14 6:16:48 PM | Twitter[4103] | couldn't load user unathenticated... trying authenticated |
3/15/14 6:17:04 PM | Twitter[4103] | --- |
API error:
For:https://api.twitter.com/1/friendships/show.xml?source_id=307769829&target_id=291 539519
err:<Error Domain=com.atebits.httprequest Code=401 UserInfo=0x114636070 "unauthorized">
data:<<?xml version="1.0" encoding="UTF-8"?><errors> <error code="64">The Twitter REST API v1 is no longer active. Please migrate to API v1.1. https://dev.twitter.com/docs/api/1.1/overview.</error></errors>>
headers:<{
"Content-Encoding" = gzip;
"Content-Length" = 181;
"Content-Type" = "application/xml; charset=utf-8";
Date = "Sat, 15 Mar 2014 09:17:04 UTC";
Server = tfe;
"Set-Cookie" = "guest_id=v1%3A139487502436121724; Domain=.twitter.com; Path=/; Expires=Mon, 14-Mar-2016 09:17:04 UTC";
"Strict-Transport-Security" = "max-age=631138519";
}>
---
3/15/14 6:17:27 PM | Twitter[4103] | will terminate |
3/15/14 6:17:27 PM | Twitter[4103] | Error: no oAuthTokenSecret set for account |
3/15/14 6:19:11 PM | Google Chrome[188] | Cannot find function pointer ADFSMenuFactory for factory FDA4F446-EAA4-4A02-908D-82D65424DA27 in CFBundle/CFPlugIn 0x1b231410 </Library/Contextual Menu Items/ADFSMenu.plugin> (not loaded) |
3/15/14 6:19:48 PM | Google Chrome[188] | Inconsistent set of values to create NSBitmapImageRep |
3/15/14 6:22:17 PM | [0x0-0x19019].com.google.Chrome[188] | objc[188]: Class ScrollbarPrefsObserver is implemented in both /Applications/Google Chrome.app/Contents/MacOS/../Versions/33.0.1750.149/Google Chrome Framework.framework/Google Chrome Framework and /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.frame work/Versions/A/WebCore. One of the two will be used. Which one is undefined. |
3/15/14 6:39:54 PM | Microsoft Word[495] | kCGErrorIllegalArgument: CGSRemoveWindowFromWindowMovementGroup: Invalid window |
3/15/14 6:39:54 PM | Microsoft Word[495] | kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged. |
3/15/14 6:39:54 PM | Microsoft Word[495] | kCGErrorIllegalArgument: CGSClearWindowTags: Invalid window 0x0 |
3/15/14 6:39:54 PM | [0x0-0x47047].com.microsoft.Word[495] | Sat Mar 15 18:39:54 -MacBook-Pro.local Microsoft Word[495] <Error>: kCGErrorIllegalArgument: CGSRemoveWindowFromWindowMovementGroup: Invalid window |
3/15/14 6:39:54 PM | [0x0-0x47047].com.microsoft.Word[495] | Sat Mar 15 18:39:54 s-MacBook-Pro.local Microsoft Word[495] <Error>: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged. |
3/15/14 6:39:54 PM | [0x0-0x47047].com.microsoft.Word[495] | Sat Mar 15 18:39:54 -MacBook-Pro.local Microsoft Word[495] <Error>: kCGErrorIllegalArgument: CGSClearWindowTags: Invalid window 0x0 |
3/15/14 6:40:00 PM | mdworker32[4173] | kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged. |
3/15/14 6:43:41 PM | kernel | AirPort: Link Down on en1. Reason 4 (Disassociated due to inactivity). |
3/15/14 6:43:43 PM | configd[13] | network configuration changed. |
3/15/14 6:44:09 PM | ntpd[17] | sendto(17.83.253.7) (fd=26): Can't assign requested address |
3/15/14 6:44:45 PM | kernel | Auth result for: 00:01:8e:3c:21:d4 MAC AUTH succeeded |
3/15/14 6:44:54 PM | kernel | Auth result for: 00:01:8e:3c:21:d4 No Ack |
3/15/14 6:44:58 PM | kernel | Auth result for: 00:01:8e:3c:21:d4 No Ack |
3/15/14 6:45:03 PM | kernel | Auth result for: 00:01:8e:3c:21:d4 MAC AUTH succeeded |
3/15/14 6:46:11 PM | kernel | Auth result for: 00:01:8e:3c:21:d4 No Ack |
3/15/14 6:46:20 PM | kernel | Auth result for: 00:01:8e:3c:21:d4 MAC AUTH succeeded |
3/15/14 6:46:20 PM | kernel | AirPort: Link Up on en1 |
3/15/14 6:46:21 PM | kernel | AirPort: RSN handshake complete on en1 |
3/15/14 6:46:22 PM | configd[13] | network configuration changed. |
3/15/14 6:46:29 PM | configd[13] | network configuration changed. |
3/15/14 6:46:35 PM | kernel | Auth result for: 00:01:8e:3c:21:d4 MAC AUTH succeeded |
3/15/14 6:46:35 PM | kernel | AirPort: RSN handshake complete on en1 |
3/15/14 6:46:56 PM | configd[13] | network configuration changed. |
3/15/14 6:58:56 PM | kernel | CODE SIGNING: cs_invalid_page(0x1000): p=4213[GoogleSoftwareUp] clearing CS_VALID |
3/15/14 7:16:53 PM | com.apple.launchd.peruser.502[96] | (com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae[4238]) posix_spawn("/Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper", ...): No such file or directory |
3/15/14 7:16:53 PM | com.apple.launchd.peruser.502[96] | (com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae[4238]) Exited with exit code: 1 |
removing virus from macbook running mountain lion