Login Items in Users & Groups in System Preference.

Please read this whole message before doing anything.

Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. Step 1 should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.

Triple-click anywhere in the line of text below on this page to select it:

P=/usr/libexec/PlistBuddy; E () { [ "$o" ] && echo $'\n'$1: && echo "$o"; }; F () { o=$($P -c Print "$2" | awk -F'= ' \/$3'/{print $2}'); E "$1"; }; { o=$(kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'); E "Loaded extrinsic kernel extensions"; o=$(launchctl list | sed 1d | awk '!/0x|com\.apple|org\.(x|openbsd)|\.[0-9]+$/{print $3}'); E "Loaded extrinsic user agents"; o=$(launchctl getenv DYLD_INSERT_LIBRARIES); E "Inserted libraries"; o=$(crontab -l); E "User cron tasks"; o=$(cat /e*/lau*); E "Global launchd configuration"; o=$(cat ~/.lau*); E "Per-user launchd configuration"; F "Global login items" /L*/P*/loginwindow.plist Path; F "Per-user login items" L*/P*/com.apple.loginitems.plist Path; F "Safari extensions" L*/Saf*/*/E*.plist Bundle | sed 's/\..*$//;s/-[1-9]$//'; o=$(find ~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \) | wc -l); [ "$o" == 0 ] || printf "\nRestricted user files: %s\n" $o; cd; o=$(find -L /S*/L*/E* {,/}L*/{Ad,Compon,Ex,In,Keyb,Mail/Bu,P*P,Qu,Scripti,Servi,Spo}* -type d -name Contents -prune | while read d; do $P -c 'Print :CFBundleIdentifier' "$d/Info.plist" | egrep -qv "^com\.apple\.[^x]|Accusys|ArcMSR|ATTO|HDPro|HighPoint|driver\.stex|hp-fax|JMicron|microsoft\.MDI|print|SoftRAID" && echo ${d%/Contents}; done); E "Extrinsic loadable bundles"; o=$(find /u*/{,*/}lib -type f -exec sh -c 'file -b "$1" | grep -qw shared && ! codesign -v "$1"' {} {} \; -print); E "Unsigned shared libraries"; for d in {,/}L*/{La,Priv,Sta}* L*/Fonts; do o=$(ls -A "$d"); E "$d"; done; } 2> /dev/null | pbcopy; echo $'\nStep 1 done'

Remember that you must be logged in as an administrator for this step. Do as in Step 1 with this line:

E () { [ "$o" ] && echo $'\n'$1: && echo "$o"; }; { o=$(sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|cups|isc|ntp|postf|x)/{print $3}'); E "Loaded extrinsic daemons"; o=$(sudo defaults read com.apple.loginwindow LoginHook); E "Login hook"; o=$(sudo crontab -l); E "Root cron tasks"; o=$(syslog -k Sender kernel -k Message CReq 'GPU |hfs: Ru|I/O e|find tok|n Cause: -|NVDA\(|pagin|timed? ?o' | tail | awk '/:/{$4=""; print}'); E "Log check"; } 2> /dev/null | pbcopy; echo $'\nStep 2 done'

You can then quit Terminal.

Note: If you don’t have a login password, set one before taking Step 2. If that’s not possible, skip the step.

Remember, Steps 1 and 2 are all copy-and-paste — no typing is involved, apart from your password. Also remember to post the output.

First, uninstall ESET by following these instructions. If you have a different version of the product, the procedure may be different. Back up all data before making any changes. Then continue as below.

This procedure will unlock all your user files (not system files) and reset their ownership and access-control lists to the default. If you've set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it.

Step 1

If you have more than one user account, and the one in question is not an administrator account, then temporarily promote it to administrator status in the Users & Groups preference pane. To do that, unlock the preference pane using the credentials of an administrator, check the box marked Allow user to administer this computer, then reboot. You can demote the problem account back to standard status when this step has been completed.

Enter the following command in the Terminal window in the same way as before (triple-click, copy, and paste):

{ sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -R $UID:staff ~ $_ ; sudo chmod -R u+rwX ~ $_ ; chmod -R -N ~ $_ ; } 2> /dev/null

This time you'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning to be careful. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.

The command may take several minutes to run, depending on how many files you have. Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal.

Step 2 (optional)

Take this step only if you have trouble with Step 1 or if it doesn't solve the problem.

Boot into Recovery. When the OS X Utilities screen appears, select

Utilities ▹ Terminal

from the menu bar. A Terminal window will open. In that window, type this:

res

Press the tab key. The partial command you typed will automatically be completed to this:

resetpassword

Press return. A Reset Password window will open. You’re not going to reset a password.

Select your startup volume ("Macintosh HD," unless you gave it a different name) if not already selected.

Select your username from the menu labeled Select the user account if not already selected.

Under Reset Home Directory Permissions and ACLs, click the Reset button.

Select

 ▹ Restart

from the menu bar.

If you find this comment too long or too technical, read only sections 5, 6, and 10.

2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.

The following caveats apply to XProtect:

Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:

For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.

4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.

Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.

7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use one of the free anti-virus products in the Mac App Store — nothing else.

♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe

The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have the disadvantages mentioned in section 7.

Do you think the same problem occurs if I install Norton's.

Norton is renowned for causing problems on Macs, and its detection of Mac malware isn't that great anyway. Avoid it.

As for whether you need anti-virus software, and some recommendations for what anti-virus software to use if you do choose to use it, see my Mac Malware Guide.

Masaru(Japanese) wrote:

I want to install an anti-virus software

If, after reading what Linc and Thomas' reference has to say you still feel this way, it might be helpful to understand why. Nobody here can make that decision for you, but understanding your situation might help others make similar choices.

Are the login items always reset, or only sometimes? Are they reset when you log out and log back in without rebooting, or only when you reboot?

Triple-click anywhere in the line below on this page to select it:

~/Library/Preferences/com.apple.loginitems.plist

Services ▹ Show Info in Finder

from the contextual menu.* An Info dialog should open.