virus on mac changes program of files on external device

Your Mac does not have a virus.

I'm unclear on exactly what's going on from your description of the problem. You may have connected that hard drive to a Windows machine infected with ransomware, which has encrypted or hidden those files and replaced them with .exe files. Do you have backups of the data on that drive?

can you enclose a snapshot of what you are seeing?

That can happen with files stored on Windows formatted disks. What format is the disk? What kinds of files are on there? Jpeg? Docs? What?

akitii wrote:

IT was connected to a windows software computer before, but now whenever i put any other drive to my mac the same thing happens.

Well, the only other possibility that springs to mind with the information you have provided is that those files don't have an extension (like .jpeg, .txt, .doc, etc). If they don't have an extension for some reason, Mac OS X will not know what they're supposed to be and may show them with an icon looking like this:

If that's the problem, you need to assign the proper extension to those files.

However, if they're showing up as Windows executable files (ie, the extension is ".exe"), then it's almost certainly due to connecting those drives to an infected Windows computer.

Whatever the case, though, this is most assuredly not due to a virus, or any other malware, on your Mac.

And no i don't have backup of the data on my drive..

That's very bad. Even if the data hasn't been destroyed by some Windows ransomware, those drives could fail at any time. If you care about the data, it MUST be backed up.

Select that file and open the Info window. What is the size?

akitii wrote:

how do i assign the proper extension to the files?

Well, that's a difficult question to answer. You have to know what those files are supposed to be, and you have to know what extension such files should have. There are dozens of commonly-used extensions and probably thousands of extensions in current use.

Where did these files come from? It's odd that none of them have extensions. It's actually rather difficult to create a file with no extension these days.

If these files are between 782 and 824 bytes in size, they are definitely not intact photo or video files.

Can you please clarify: do these files have a .exe extension or not? Select one of the files and choose Get Info from the File menu, then look at the Name & Extension information. What is the full filename, including the extension?

Those files are much too small to contain any image data. Whatever happened, they're useless and there's no point in trying to open them.

The files in questions are (Windows-style) symbolic links pointing to the actual files somewhere on the drive or to a place in the filesystem of your Windows machine.

Hopefully you just didn't create those links assuming you would actually copy the files...

Thanks,

M.

That is what I originally suspected: that drive has been used on a Windows machine that is infected with malware. I'm not very familiar with Windows malware, but from what I understand, in some cases the original files are hidden elsewhere on the drive, while in other cases they have been encrypted (and thus destroyed).

If you're not sure how to look for invisible folders on that drive, there are ways to make the Finder show invisible files, but this can lead to trouble. Many things on your system are hidden for a good reason, and you should not be messing with them, so I don't necessarily advocate showing all invisible files. However, if the instructions below for browsing the contents of that drive in the Terminal are too difficult, you could try downloading a 30-day trial of Pathfinder, which will (among many other things) allow you to view hidden files:

http://www.cocoatech.com/pathfinder/

If you use Pathfinder, be very cautious about messing with any hidden files or folders. Looking at them isn't a problem, but don't move, change or delete them.

To do this without downloading anything, open the Terminal app (found in the Utilities folder in your Applications folder) and enter the following command:

cd

Don't press return yet, and make sure there's a space at the end. Then drag the icon for that SABA hard drive onto the Terminal window, which will insert a path to that hard drive into the command. Now press return. Nothing should happen, because all you have done so far is change the current directory in the Terminal to that hard drive.

Next, enter the following command:

ls -al

(Either copy and paste that command, or if you re-type it, be aware that those are lowercase 'L's, not uppercase 'i's.)

This should list all the items that you would see in the Finder if you double-click the drive's icon, except that it will also show any files there that are invisible. Compare it to the listing in the Finder and look for differences. Be aware that items named ".", "..", ".DS_Store", ".Spotlight-V100", ".TemporaryItems" and ".Trashes" are normal. Also, you may see a number of files starting with "._" and with names otherwise the same as some of your files - those are also normal for a FAT32-formatted drive that is used on both Mac and Windows.

You're looking for a folder. You can tell folders from files by looking at the very first character on the line. For example:

-rw-r--r--@ 1 thomas staff 372994 May 17 06:37 a file drwxr-xr-x@ 3 thomas staff 102 Sep 26 2014 a folder

If the first character is a '-', the item is a file. If it's a 'd', it's a folder.

If you spot a folder that doesn't seem to belong, you can inspect its contents in the Finder with the "open" command. So let's say you see a folder named "hidden stuff" that doesn't appear when looking at the drive in the Finder. Enter the following in the Terminal:

open "hidden stuff"

This should open a window in the Finder showing the contents of those files.