Q: Adwaremedic is it safe ?
-
Jul 10, 2015 11:26 AMby Jules237,Hi Linc,
I used some of your advice on a different page to remove some malware on my computer. Thank you for posting such detailed responses to help everyone out here. I'm wondering now if it's all gone and it's now safe to resume normal activities, like banking and other security-sensitive tasks. I just followed your instructions above to diagnose my computer, and I'd appreciate your help in letting me know if things look good now. Here's what I got from the terminal test...
Start time: 14:16:25 07/10/15
Model Identifier: iMac14,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 3:34
Diagnostic reports
2015-06-11 cloudd crash
2015-06-15 iTunes hang
2015-06-17 pluginkit crash
2015-06-18 pluginkit crash x8
2015-06-19 pluginkit crash x10
2015-07-02 iTunes hang
2015-07-09 AppAS crash x2
2015-07-09 PTPCamera crash
Log
Jul 9 21:14:52 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 9 21:14:52 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 9 21:14:52 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:24:00 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:24:00 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:31:52 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:31:52 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:49:04 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:56:16 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 22:08:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 22:09:38 ARPT: 23.550918: Failed to set AWDL Sync Enabled state (0), error code -25
Jul 9 22:10:21 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:30 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:40 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:50 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:11:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:11:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:30:48 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 9 22:30:59 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 10 10:42:46 ARPT: 25.075445: Failed to set AWDL Sync Enabled state (0), error code -25
Jul 10 10:42:51 com.apple.dpd: Service exited with abnormal code: 75
Jul 10 14:01:44 com.google.GoogleTalkPluginD.95172.UUID: Service exited with abnormal code: 1
Daemons
com.oracle.java.JavaUpdateHelper
com.apple.installer.osmessagetracing
com.oracle.java.Helper-Tool
com.adobe.fpsaud
Agents
Listchack.update
com.flipvideo.FlipShareAutoRun
com.citrix.ServiceRecords
Leperdvil.update
com.apple.javadisabler
com.apple.photostream-agent
Listchack.download
com.apple.CSConfigDotMacCert-@me.com-SharedServices
com.citrix.ReceiverHelper
Listchack.ltvbit
com.citrix.AuthManager_Mac
com.amazon.cloud-player
com.apple.AirPortBaseStationAgent
Leperdvil.download
Leperdvil.ltvbit
Bundles
/System/Library/Extensions/BJUSBMP.kext
- jp.co.canon.bj.kext.BJUSBMP
/System/Library/Extensions/MacOSXCameraDriver.kext
- com.flipvideo.IOUSBCameraMassStorage
/System/Library/Extensions/PdaNetDrv.kext
- com.jft.driver.PdaNetDrv
/Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
/Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
/Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin
- com.citrix.citrixicaclientplugIn
/Library/Internet Plug-Ins/DirectorShockwave.plugin
- com.adobe.director.shockwave.pluginshim
/Library/Internet Plug-Ins/EPPEX Plugin.plugin
- N/A
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
- com.apple.plugin.iPhotoPhotocast
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/Mozillaplug.plugin
- com.apple.verifieddownloadplugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/SlingPlayer.plugin
- com.slingmedia.slingplayer.plugin.nspapi
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/Internet Plug-Ins/VeetleBroadcast-0.9.16
- com.netscape.vlc
/Library/Internet Plug-Ins/VeetleTVCore-0.9.16
- com.veetle.plugin
/Library/Internet Plug-Ins/VeetleTVPlayer-0.9.16
- com.netscape.vlc
/Library/PreferencePanes/3ivxPrefPane.prefPane
- com.3ivx.prefpane
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/QuickTime/QTMpeg4Codec.component
- com.apple.QTMpeg4Codec
Library/Caches/com.apple.Safari/Extensions/Add To Amazon Wish List-2.safariextension
- com.amazon.safari.wishlist
Library/Caches/com.apple.Safari/Extensions/Pin It Button-2.safariextension
- com.pinterest.extension
Library/Internet Plug-Ins/BrowserPlus_2.9.8.plugin
- com.yahoo.browserplus
Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
Library/PreferencePanes/BrowserPlusPrefs.prefPane
- com.yahoo.browserplus.prefpane
Library/PreferencePanes/Growl.prefPane
- com.growl.prefpanel
Library/Widgets/BoredomButton.wdgt
- com.boredombutton.dashboard
Library/Widgets/Calculatrice Eclipse Solaire.wdgt
- com.xjubier.widget.solareclipsecalc
Library/Widgets/Countdown Calendar.wdgt
- com.maletic.dashboard.countdown
Library/Widgets/countdown.wdgt
- com.pietjonas.hector.AHectorCountdown
Library/Widgets/Sudoku.v1.0.0.wdgt
- com.orange.widgets.Sudoku
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /System/Library/LaunchAgents/com.apple.javadisabler.plist (checksum 4039215888)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>RunAtLoad</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Label</key>
<string>com.apple.javadisabler</string>
<key>Program</key>
<string>/System/Library/CoreServices/JavaDisabler.app/Contents/MacOS/JavaDisabl er</string>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.AuthManager_Mac.plist (checksum 1501830148)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.citrix.AuthManager_Mac</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.AuthManager_Mac</string>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/AuthManager_Mac.app/Contents/MacOS/AuthManager_Mac</ string>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ReceiverHelper.plist (checksum 676087606)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.citrix.ReceiverHelper</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ReceiverHelper.app/Contents/MacOS/ReceiverHelper</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ServiceRecords.plist (checksum 827728504)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.citrix.Beacons</key>
<true/>
<key>com.citrix.ServiceRecords</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.ServiceRecords</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ServiceRecords.app/Contents/MacOS/ServiceRecords</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
...and 4 more line(s)
Contents of /Library/LaunchAgents/com.flipvideo.FlipShare.AutoRun.plist (checksum 824467701)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.flipvideo.FlipShareAutoRun</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/Library/Application Support/Flip Video/FlipShareAutoRun.app/Contents/MacOS/FlipShareAutoRun</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/Leperdvil.download.plist (checksum 875449712)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Leperdvil.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Leperdvil/Leperdvil.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Leperdvil</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Leperdvil.ltvbit.plist (checksum 2066058212)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Leperdvil.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Leperdvil/Leperdvil.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Leperdvil</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Leperdvil.update.plist (checksum 1743478277)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Leperdvil.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Leperdvil/Leperdvil.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Leperdvil</string>
<string>-sig</string>
<string>ASSAF_SIGNATURE</string>
<string>-agentUpdate</string>
<string>0</string>
</array>
<key>RunAtLoad</key>
...and 10 more line(s)
Contents of Library/LaunchAgents/Listchack.download.plist (checksum 3943411104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Listchack.ltvbit.plist (checksum 1946168578)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Listchack.update.plist (checksum 1348697178)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
...and 6 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Contents of Library/LaunchAgents/com.amazon.cloud-player.plist (checksum 2707474481)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.amazon.cloud-player</string>
<key>Program</key>
<string>/Applications/Amazon Cloud Player.app/Contents/MacOS/Amazon Music Helper</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-@me.com-SharedServices.Agent.plist (checksum 3298495348)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.apple.CSConfigDotMacCert-@me.com-SharedServices</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>10</integer>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>
<string>-l</string>
<string>/Users/USER/Library/Logs/CSConfigDotMacCert-@me.com-SharedServices.log</string>
<string>-u</string>
<string>@me.com</string>
<string>-t</string>
<string>SharedServices</string>
<string>-s</string>
</array>
...and 4 more line(s)
Root crontab
* */5 * * * "/Library/Internet Plug-Ins/AdobeFlash" vx 1>/dev/null 2>&1
Bad plists
Library/Preferences/com.apple.iphotomosaic.plist
Library/Preferences/com.apple.WebFoundation.plist
Firewall: On
DNS: 208.67.222.222 (static)
Wi-Fi
link auth: none
User login items
GrowlHelperApp
- /Users/USER/Library/PreferencePanes/Growl.prefPane/Contents/Resources/GrowlHelp erApp.app
PdaNetMac
- /Applications/PdaNetMac.app
Dropbox
- /Applications/Dropbox.app
ElementsAutoAnalyzer
- /Applications/Adobe Elements 12 Organizer.app/Contents/ElementsAutoAnalyzer.app
SMARTBoardService
- missing value
Safari extensions
Add To Amazon Wish List
Pin It Button
Widgets
Countdown Calendar
Restricted files: 75
Lockfiles: 4
Elapsed time (s): 310
-
Jul 10, 2015 2:46 PMby Linc Davis,You installed a variant of the "InstallMac" trojan. Take the steps below to disable it.
The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may files with a name of the form
something.download.plist
something.ltvbit.plist
something.update.plist
where something is usually a meaningless string, such as any of the following:
InKeepr
InstallMac
Leperdvil
Listchack
Oliverto
Texiday
These are examples, not a complete list. The string could be anything. The point is that the same string will appear in the name of three files.
You could have more than one copy of the malware, with different values of something. In your case, something is both "Leperdvil" and "Listchack".
Move all such items to the Trash. There may not be any other files in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)
Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Open this folder in the same way as above:
~/Library/Application Support
and move to the Trash any subfolders named with the same something you found in Step 2.
Don't move the Application Support folder or anything else inside it.
4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, drag it to the Trash.
If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.
Empty the Trash.
If you get an alert that the application is in use, force it to quit.
5. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select
Safari ▹ Preferences... ▹ General
and click
Set to Current Page
-
Jul 11, 2015 7:16 AMby Jules237,Thank you. All better now?
Start time: 10:08:07 07/11/15
Model Identifier: iMac14,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 10 minutes
Diagnostic reports
2015-06-11 cloudd crash
2015-06-15 iTunes hang
2015-06-17 pluginkit crash
2015-06-18 pluginkit crash x8
2015-06-19 pluginkit crash x10
2015-07-02 iTunes hang
2015-07-09 AppAS crash
2015-07-09 PTPCamera crash
2015-07-10 AppAS crash
Log
Jul 9 21:49:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:56:16 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 22:08:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 22:09:38 ARPT: 23.550918: Failed to set AWDL Sync Enabled state (0), error code -25
Jul 9 22:10:21 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:30 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:40 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:50 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:11:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:11:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:30:48 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 9 22:30:59 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 10 10:42:46 ARPT: 25.075445: Failed to set AWDL Sync Enabled state (0), error code -25
Jul 10 10:42:51 com.apple.dpd: Service exited with abnormal code: 75
Jul 10 14:01:44 com.google.GoogleTalkPluginD.95172.UUID: Service exited with abnormal code: 1
Jul 10 14:38:42 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 10 14:38:42 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 10 14:38:42 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 11 09:57:46 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 11 09:58:46 com.apple.dpd: Service exited with abnormal code: 75
Jul 11 09:59:48 com.apple.spindump: Service exited with abnormal code: 75
Jul 11 09:59:58 com.apple.spindump: Service exited with abnormal code: 75
Jul 11 10:00:08 com.apple.spindump: Service exited with abnormal code: 75
Daemons
com.oracle.java.JavaUpdateHelper
com.apple.installer.osmessagetracing
com.oracle.java.Helper-Tool
com.adobe.fpsaud
Agents
com.flipvideo.FlipShareAutoRun
com.citrix.ServiceRecords
com.apple.javadisabler
com.apple.photostream-agent
com.apple.CSConfigDotMacCert-@me.com-SharedServices
com.google.GoogleTalkPluginD.95172.UUID
Javeview.update
com.citrix.ReceiverHelper
com.citrix.AuthManager_Mac
com.amazon.cloud-player
com.apple.AirPortBaseStationAgent
Bundles
/System/Library/Extensions/BJUSBMP.kext
- jp.co.canon.bj.kext.BJUSBMP
/System/Library/Extensions/MacOSXCameraDriver.kext
- com.flipvideo.IOUSBCameraMassStorage
/System/Library/Extensions/PdaNetDrv.kext
- com.jft.driver.PdaNetDrv
/Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
/Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
/Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin
- com.citrix.citrixicaclientplugIn
/Library/Internet Plug-Ins/DirectorShockwave.plugin
- com.adobe.director.shockwave.pluginshim
/Library/Internet Plug-Ins/EPPEX Plugin.plugin
- N/A
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
- com.apple.plugin.iPhotoPhotocast
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/Mozillaplug.plugin
- com.apple.verifieddownloadplugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/SlingPlayer.plugin
- com.slingmedia.slingplayer.plugin.nspapi
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/Internet Plug-Ins/VeetleBroadcast-0.9.16
- com.netscape.vlc
/Library/Internet Plug-Ins/VeetleTVCore-0.9.16
- com.veetle.plugin
/Library/Internet Plug-Ins/VeetleTVPlayer-0.9.16
- com.netscape.vlc
/Library/PreferencePanes/3ivxPrefPane.prefPane
- com.3ivx.prefpane
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/QuickTime/QTMpeg4Codec.component
- com.apple.QTMpeg4Codec
Library/Caches/com.apple.Safari/Extensions/Add To Amazon Wish List-2.safariextension
- com.amazon.safari.wishlist
Library/Caches/com.apple.Safari/Extensions/Pin It Button-2.safariextension
- com.pinterest.extension
Library/Internet Plug-Ins/BrowserPlus_2.9.8.plugin
- com.yahoo.browserplus
Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
Library/PreferencePanes/BrowserPlusPrefs.prefPane
- com.yahoo.browserplus.prefpane
Library/PreferencePanes/Growl.prefPane
- com.growl.prefpanel
Library/Widgets/BoredomButton.wdgt
- com.boredombutton.dashboard
Library/Widgets/Calculatrice Eclipse Solaire.wdgt
- com.xjubier.widget.solareclipsecalc
Library/Widgets/Countdown Calendar.wdgt
- com.maletic.dashboard.countdown
Library/Widgets/countdown.wdgt
- com.pietjonas.hector.AHectorCountdown
Library/Widgets/Sudoku.v1.0.0.wdgt
- com.orange.widgets.Sudoku
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /System/Library/LaunchAgents/com.apple.javadisabler.plist (checksum 4039215888)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>RunAtLoad</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Label</key>
<string>com.apple.javadisabler</string>
<key>Program</key>
<string>/System/Library/CoreServices/JavaDisabler.app/Contents/MacOS/JavaDisabl er</string>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.AuthManager_Mac.plist (checksum 1501830148)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.citrix.AuthManager_Mac</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.AuthManager_Mac</string>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/AuthManager_Mac.app/Contents/MacOS/AuthManager_Mac</ string>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ReceiverHelper.plist (checksum 676087606)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.citrix.ReceiverHelper</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ReceiverHelper.app/Contents/MacOS/ReceiverHelper</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ServiceRecords.plist (checksum 827728504)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.citrix.Beacons</key>
<true/>
<key>com.citrix.ServiceRecords</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.ServiceRecords</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ServiceRecords.app/Contents/MacOS/ServiceRecords</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
...and 4 more line(s)
Contents of /Library/LaunchAgents/com.flipvideo.FlipShare.AutoRun.plist (checksum 824467701)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.flipvideo.FlipShareAutoRun</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/Library/Application Support/Flip Video/FlipShareAutoRun.app/Contents/MacOS/FlipShareAutoRun</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/Javeview.update.plist (checksum 3299095357)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Javeview.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Javeview/Javeview.app/Contents/MacOS/AppNOS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>1434976216979282</string>
<string>-identity</string>
<string>Javeview</string>
<string>-sig</string>
<string>NOSIGNATURE_SIGNATURE</string>
<string>-agentUpdate</string>
<string>2</string>
</array>
<key>RunAtLoad</key>
...and 10 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Contents of Library/LaunchAgents/com.amazon.cloud-player.plist (checksum 2707474481)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.amazon.cloud-player</string>
<key>Program</key>
<string>/Applications/Amazon Cloud Player.app/Contents/MacOS/Amazon Music Helper</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-@me.com-SharedServices.Agent.plist (checksum 3298495348)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.apple.CSConfigDotMacCert-@me.com-SharedServices</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>10</integer>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>
<string>-l</string>
<string>/Users/USER/Library/Logs/CSConfigDotMacCert-@me.com-SharedServices.log</string>
<string>-u</string>
<string>@me.com</string>
<string>-t</string>
<string>SharedServices</string>
<string>-s</string>
</array>
...and 4 more line(s)
Root crontab
* */5 * * * "/Library/Internet Plug-Ins/AdobeFlash" vx 1>/dev/null 2>&1
Bad plists
Library/Preferences/com.apple.iphotomosaic.plist
Library/Preferences/com.apple.WebFoundation.plist
Firewall: On
DNS: 208.67.222.222 (static)
Wi-Fi
link auth: none
User login items
GrowlHelperApp
- /Users/USER/Library/PreferencePanes/Growl.prefPane/Contents/Resources/GrowlHelp erApp.app
PdaNetMac
- /Applications/PdaNetMac.app
Dropbox
- /Applications/Dropbox.app
ElementsAutoAnalyzer
- /Applications/Adobe Elements 12 Organizer.app/Contents/ElementsAutoAnalyzer.app
SMARTBoardService
- missing value
Safari extensions
Add To Amazon Wish List
Pin It Button
Widgets
Countdown Calendar
Restricted files: 75
Lockfiles: 4
Elapsed time (s): 325
-
Jul 11, 2015 8:22 AMby thomas_r.,In addition to Genieo, your Mac was infected with the RSPlug (aka DNSChanger) malware at some point in the past. That malware has been dead for many years now, so you must have been carrying remnants of it along through OS upgrades for a very long time. It cannot affect you any longer, but if your system has bits of such old malware installed, who knows what else is going on. If this were my system, I'd erase it and start over from scratch.
-
Jul 11, 2015 9:21 AMby Linc Davis,You installed the "MacAccess" malware, a remote-access rootkit that gives full control to an Internet criminal. It could have compromised all data.
MacAccess circulated in 2008 and 2009, and is reported to be no longer active. Whatever damage it was going to do was done long ago, if the reports are accurate. Instructions for removing it were posted here. Not having a sample of the malware, I can't test those instructions. From what I've seen, I'm reasonably sure they would work. On the other hand, the folllowing procedure is very time-consuming and probably unnecessary, but it will ensure that the machine is safe to use. The choice is yours.
Erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.
When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.
Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.
Reinstall third-party software from original media or fresh downloads—not from a backup, which may be contaminated.
That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before.
-
Jul 11, 2015 9:55 AMby Jules237,Thanks, Thomas. I have everything backed up on a time machine, but if I use that once I restart, won't I just be putting the bad stuff back on? If the malware you mentioned is dead, shouldn't I be safe? You said "who knows what else is going on," but can't you tell from looking at the diagnostic I posted above? Thanks again.
-
Jul 11, 2015 10:00 AMby Jules237,Thanks, Linc.
So I bought this computer in... 2013? How can I have gotten this malware that circulated in '08/'09 that is no longer even active? Could it have come from my back-ups from my old laptop?
If I erase and install OS X now, and then use my back ups from before I downloaded the most recent malware a week ago, won't I still be putting the MacAccess malware back on again? And again, does that even matter?
I use a time machine that just backs up my computer every day on a schedule. Do you know if that is backing up my husband's account, as well? I'm afraid to start over unless I can get both of our accounts back up.
Thanks again for all of your help.
-
Jul 11, 2015 10:47 AMby Linc Davis,Could it have come from my back-ups from my old laptop?
Yes.
If I erase and install OS X now, and then use my back ups from before I downloaded the most recent malware a week ago, won't I still be putting the MacAccess malware back on again?
Not if you do what I suggested. If you restore everything, yes.
And again, does that even matter?
Answered in my last comment. If I were in your place, I'd follow the removal instructions rather than erasing the volume. I doubt that the malware could ever have been active on this system.
Do you know if that is backing up my husband's account, as well?
Unless you did something to prevent it, yes.
-
Jul 11, 2015 4:12 PMby Jules237,Hi Linc,
I would prefer to just remove the dead malware than start over again, but that link you sent explaining how to remove it is like a foreign language to me. Your instructions have been easy to follow, and I have successfully removed a lot over the past couple of days. Can you translate those directions into something I can follow?
-
Jul 11, 2015 6:19 PMby Linc Davis,We're getting far afield from the original topic of this thread. The instructions I linked to for removing "MacAccess" include a list of files to be removed, which you can do by the same method I posted higher on this page. They also include a shell command, which you can run, again, using the method I've already posted. I don't know of a way to make the procedure any simpler. If you don't feel comfortable with the removal instructions, your options are to do a full erase and install, to get someone more experienced to help you (such as an Apple "Genius"), or to start a new discussion of your own. Good luck.
-
Jul 12, 2015 7:55 AMby thomas_r.,Jules237 wrote:
I have everything backed up on a time machine, but if I use that once I restart, won't I just be putting the bad stuff back on? If the malware you mentioned is dead, shouldn't I be safe? You said "who knows what else is going on," but can't you tell from looking at the diagnostic I posted above?
Yes, restoring everything from a backup would restore everything, so that's not a viable option. If you choose to erase and reinstall, you'll need to follow the procedures outlined here:
How to reinstall Mac OS X from scratch
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)
You certainly are safe from this malware at this point. The FBI seized the malicious DNS servers, which the malware used to do its dirty work, years ago. If you manage to remove the last remaining traces of this malware and your computer is running fine, that's probably all you need to do. If you're having trouble with the instructions Linc directed you to, try the DNSChanger Removal Tool here:
Although I don't know if this will still work on modern versions of OS X, it was a reputable tool back when RSPlug was still active. Do not download any of the other things linked from that page, though! MacScan, McAfee and Norton should all be avoided.
However, if your Mac has such old malware on it, carried over from old backups, it's in an uncertain state. Although this particular malware is not a threat any longer, there's no way of knowing what other issues may have been carried over. It is probably unnecessary to erase the hard drive and reinstall from scratch, but that is the only way to put your Mac back into a known good state. The results of Linc's script are not adequate to identify all possible issues that could be present.
Incidentally, you will not find many people calling this malware "MacAccess." That is not one of the commonly accepted names. It was a name used in the installer for one particular variant. If you wish to learn more about this malware, you will get better results by looking for information by one of its accepted names: RSPlug, DNSChanger, Jahlav (or Jahlev) and Puper. (Security companies often come up with different names for the same malware.) Googling for information about MacAccess comes up with very little useful information. Interestingly, Googling for the traces of the malware found in your report will come up with the name MacAccess and the removal instructions Linc gave you.
-
Jul 13, 2015 10:56 AMby ChitlinsCC,Jules237 wrote:
Thanks for taking the time to help me out on this. I really appreciate it.
Jules
You received help from the two top authorities on malware removal in all of ASC. In better hands you could not have been.
TIPS for future reference...
- if your issue does lead you to a thread that applies to your issue
- only use a reply in that thread IF:
- it is SHORT - these long ones get really hard to follow an add-on conversation sometimes,
- only use a reply in that thread IF:
- If you cannot use instructions already in a LONG thread
- Start your own New Question - everyone's "sickness" is pretty much unique anyway
Either way, it is very likely someone with experience will see it and help
"Let's be safe out there" - NYPD Blue Sergeant reminded his officers every day
- if your issue does lead you to a thread that applies to your issue
