Multiple Issues - Virus or HDD crash?

Question

Level 1

12 points

Multiple Issues - Virus or HDD crash?

I have searched and attempted multiple solutions with no solution (MacBook Pro OSX 10.9.5). This is a work computer and don't want to do a clean reinstall which is most likely what IT will have me do. Clarification, I want to do a clean reinstall, but can't until I back up my files...which I can't and is part of my issue.

Problems:

Not coming out of sleep mode after closing lid

Prohibitory Sign

Inability to Log In

Can't transfer files to external HDD via USB or a Lacie Cloud Storage via ethernet cable

Can't upload some larger files to Google Drive and similar cloud storage solutions

Mal/Miner-C found

Solutions attempted (and failed):

"dot_clean"

"dot_clean -n"

Repair Disk

Verify Disk

SMART in Disk Utility and SMART Utility Passed

Avast, Avira, Sophos, ClamXav, Malware Bytes, EtreCheck - Downloaded and Run

I first noticed issues when my computer wouldn't come out of sleep mode after closing the lid. Soon after, I started getting a prohibitory/no entry sign before the login screen would come up. I thought it was just a glitch so I ignored it for a bit, but after a few times, I uninstalled a recent application and excel add-in solver table and statpro from here: http://kelley.iu.edu/albright/free_downloads.htm.

Uninstalling did not solve the issue. I went into the files and removed them manually as well.

Things started getting worse. The prohibit sign stayed longer to the point where I didn't think I would be able to log in. Once I was finally able to, it wouldn't let me log in. So I took it to IT. I don't know what they did, but they connected via ethernet cable and signed in as root. I believe they then changed some permissions or something. Anyways, they fixed that issue and said there shouldn't be any more issues logging on. True....but the prohibit sign came back. I have found the sign shows up when the battery is low or when the computer is too hot, but it could be coincidental. I have come to this conclusion because when I see it, I will charge it to full and it works. I also lift it to its back and take off the speck bottom protector.

Next issue - not logging in prompted me to make sure I backed up my info. So I started that and started getting errors. It seems that certain folders have certain capacity limitations. It will let me move over until it hits a certain level then it stops and gives an Error-36 code. Upon research, I found a "dot_clean" solution which did absolutely nothing. Found another "dot_clean -n" solution and it said it wasn't able to move it. I used Disk Utility and ran repair and verify disk. SMART disk is verified and SMART utility also passed. After repairing permissions, I got Permissions differ on "Applications/Safari.app/Contents/Resources/Safari.help/Contents/Resources/inde x.html; should be lrwxr-xr-x ; they are -rwxr-xr-x"

This was repaired

"System/Library/CoreServices/Feedback Assistant.app" ; should be drwxr-xr-x ; they are lrwxr-xr-x."

This was repaired

"Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired"

A quick search said this can be ignored, but the repair doesn't complete.

Verify Disk Permissions gave:

Same errors as Repair Disk Permissions

I found that I could get the majority of files moved over especially documents and pictures (although I had to move many over individually). However, videos are a different story because of their size. I would get Error-50 codes during these times as well. I could get an occasional small .mp4 to move, but that's it. So I started researching more on the Error-36, possible HDD failure indicators, and even Virus/Malware/Spyware infections (since I downloaded a non verified application).

The machine has VIPRE installed on it already and nothing has come through as problematic. I downloaded Avast, Avira, Sophos, ClamXav all to no avail (to some degree - keep reading). I used Intego Backup assistant and it had 6 I/O errors. When I clicked on Reveal Destinations, Sophos popped up and notified of a Mal/miner-c infestion. I found the location was actually on my Lacie Cloud as Picture.scr. Doing some research I found that is a potential virus. I attempted to manually delete it and got a Error-8072 message then the file moved to another folder. I clicked (singled clicked) to see what it was and it disappeared. I found it again in another folder and did nothing...it disappeared again, and I can't find it now. From what I understand, picture.scr is an exe file or something and isn't supposed to be a threat to a mac, but I don't buy it. Also, I know it was on the Lacie cloud, but I moved the files that I could over to the Lacie from the Mac HDD so I don't think the Lacie is the issue. I have also downloaded and ran etrecheck app and it came back with a few red marks including one error Drive failure! This leads me to believe is it a HDD failure coming. But I have to get my files off this computer before I lose them!

Other factors to consider:

1. I am getting extra spam from what appears to be my own email address the last few days although there is nothing in my sent folder and I have changed my password from my work PC.

a. My macbook pro has not updated my new password to get into it, but I am not logging in from work since I am at home the last few days.

2. Some files that are small and should transfer fine, don't. Example - a jpeg I saved from the internet on an educational site is 17 kb and cannot transfer? I clicked on Get info and the Where From is extremely long.

3. Under Get info under Sharing and Permissions, there is my user name, then Fetching..., and everyone. Fetching doesn't change.

4. After the closing lid issues, I started getting recovered files from 2012 and 13 and now Trash has Recovered Files that can't be deleted.

5. I will be working and all the sudden the computer will freeze and you can't do anything for 15 seconds or so. The beach ball spins during this time. The computer resumes normally after a small pause.

I would love to fix this, but I think a clean install and possible HDD replacement is necessary so I just need a solution to get the rest of my files.

ANY HELP GREATLY APPRECIATED!

Mac Pro, OS X Mavericks (10.9.5), null

Posted on Jun 8, 2016 1:12 PM

Reply

Answer 1

Jun 8, 2016 1:19 PM in response to idakanwyo

Your Mac does not have a virus. No matter what all of the AV crap you might have installed on it might be saying.

I strongly recommend that you uninstall VIPRE, Avast, Avira, Intego, Sophos and ClamXav. Have a single AV package install is bad. Having that many installed is sure to cause major problems with a Mac

Reply

Answer 2

idakanwyo Author

Level 1

12 points

Jun 8, 2016 1:20 PM in response to Allan Eckert

I installed one at a time and then uninstalled with the exception of Sophos and Clamxav which remain based on reviews.

Also, I cannot uninstall VIPRE - this is a work computer with VIPRE as a requirement per IT policy.

Reply

Answer 3

Jun 8, 2016 1:21 PM in response to idakanwyo

Remove based on what I have seen on Mac I help to support they are all crap.

It appears you have EtreCheck. Please post a report from it.

Reply

Answer 4

Esquared

Level 6

12,415 points

Jun 8, 2016 1:32 PM in response to idakanwyo

Essentially all the things you sum up are either caused by a failing hdd or are pretty harmless/common (such as the recovered files, which are probably Microsoft rubble). So you'd better treat this as a salvage and rescue mission, and forget about malware.

If you are at a loss here, you might consider getting help from someone who knows what he's doing. An option might be to replace the internal hdd, and put the old one in an external enclosure, to see wat can be saved.

Reply

Answer 5

idakanwyo Author

Level 1

12 points

Jun 8, 2016 1:38 PM in response to Allan Eckert

Done with no internet connection - number of drive errors change every test.

EtreCheck version: 2.9.12 (265)

Report generated 2016-06-08 14:34:49

Download EtreCheck from https://etrecheck.com

Runtime 1:33

Performance: Excellent

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Check files] link for help with unknown files.

Problem: Other problem

Hardware Information:ⓘ

MacBook Pro Intel Core i7, 15" (Mid 2012)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro9,2

1 2.9 GHz Intel Core i7 CPU: 2-core

8 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

4 GB DDR3 1600 MHz ok

BANK 1/DIMM0

4 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 525

Video Information:ⓘ

Intel HD Graphics 4000

Color LCD 1280 x 800

System Software:ⓘ

OS X Mavericks 10.9.5 (13F1603) - Time since boot: about one day

Disk Information:ⓘ

APPLE SSD SM256E disk0 : (251 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 210 MB

Macintosh HD (disk0s2) / : 250.14 GB (43.43 GB free) - 70 errors

Drive failure!

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

MATSHITADVD-R UJ-8A8 ()

USB Information:ⓘ

Apple Inc. FaceTime HD Camera (Built-in)

Apple Computer, Inc. IR Receiver

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller

Apple Inc. Apple Internal Keyboard / Trackpad

Thunderbolt Information:ⓘ

Apple Inc. thunderbolt_bus

Gatekeeper:ⓘ

Anywhere

Unknown Files:ⓘ

/Library/LaunchAgents/com.gfi.viprea.plist

open -a /Applications/VipreAgent.app

/Library/LaunchDaemons/com.gfi.vipred.plist

/Applications/VipreAgent.app/Contents/Resources/VipreDaemon

2 unknown files found. [Check files]

Kernel Extensions:ⓘ

/Library/Extensions

[not loaded] com.blackmagic-design.desktopvideo.iokit.driver (10.4.3 - SDK 10.9 - 2016-06-08) [Support]

[loaded] com.blackmagic-design.desktopvideo.iokit.framebufferdriver (10.4.3 - SDK 10.9 - 2016-06-08) [Support]

[not loaded] com.blackmagic-design.desktopvideo.multibridge.iokit.driver (10.4.3 - SDK 10.9 - 2016-06-08) [Support]

[not loaded] com.blackmagic-design.driver.BlackmagicIO (10.4.3 - SDK 10.9 - 2016-06-08) [Support]

[not loaded] com.blackmagic-design.driver.BlackmagicUsbIO (10.4.3 - SDK 10.9 - 2016-06-08) [Support]

[not loaded] com_sony_driver_dsccamDeviceInfo00 (1.2.0.03040 - SDK 10.7 - 2016-06-08)

/Library/Extensions/DeckLink_Driver.kext/Contents/PlugIns

[not loaded] com.blackmagic-design.desktopvideo.firmware (10.4.3 - SDK 10.9 - 2015-08-05) [Support]

/System/Library/Extensions

[loaded] com.AmbrosiaSW.AudioSupport (4.1.2 - SDK 10.7 - 2016-05-29) [Support]

[loaded] com.Cycling74.driver.Soundflower (1.6.6 - SDK 10.6 - 2016-05-29) [Support]

[loaded] com.LivestreamProcaster.driver.ProcasterAudioRedirector (2.0.0 - SDK 10.0 - 2016-05-29) [Support]

[loaded] com.ScreamingBee.driver.SBVirtualMic (1.0.4 - SDK 10.8 - 2016-05-29) [Support]

[not loaded] com.nike.sportwatch (1.0.0 - 2016-05-29) [Support]

[not loaded] com.wdc.driver.1394.64.10.9 (1.0.1 - SDK 10.9 - 2016-05-29) [Support]

[not loaded] com.wdc.driver.USB.64.10.9 (1.0.1 - SDK 10.9 - 2016-05-29) [Support]

Startup Items:ⓘ

KeyAccess: Path: /Library/StartupItems/KeyAccess

sysaid: Path: /Library/StartupItems/sysaid

Startup items are obsolete in OS X Yosemite

System Launch Agents:ⓘ

[not loaded] 5 Apple tasks

[loaded] 140 Apple tasks

[running] 38 Apple tasks

System Launch Daemons:ⓘ

[failed] com.apple.installd.plist

[failed] com.apple.softwareupdated.plist

[not loaded] 46 Apple tasks

[loaded] 142 Apple tasks

[running] 59 Apple tasks

Launch Agents:ⓘ

[not loaded] com.adobe.AAM.Updater-1.0.plist (2016-05-22) [Support]

[failed] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a...plist (2016-05-13) [Support]

[loaded] com.adobe.AdobeCreativeCloud.plist (2016-04-01) [Support]

[loaded] com.adobe.CS5ServiceManager.plist (2014-02-12) [Support]

[running] com.blackmagic-design.DesktopVideoFirmwareUpdater.plist (2015-08-05) [Support]

[loaded] com.gfi.viprea.plist (2012-10-16) [Support]

[loaded] com.google.keystone.agent.plist (2016-03-02) [Support]

[loaded] com.intego.backupassistant.agent.plist (2014-07-30) [Support]

[running] com.jamfsoftware.jamf.agent.plist (2016-05-20) [Support]

[running] com.nike.nikeplusconnect.plist (2015-10-09) [Support]

[loaded] com.oracle.java.Java-Updater.plist (2014-10-13) [Support]

[running] com.sassafras.KeyAccess.plist (2014-02-12) [Support]

[running] com.sony.SonyAutoLauncher.agent.plist (2014-04-22) [Support]

Launch Daemons:ⓘ

[running] com.adobe.ARMDC.Communicator.plist (2016-05-13) [Support]

[running] com.adobe.ARMDC.SMJobBlessHelper.plist (2016-05-13) [Support]

[loaded] com.adobe.SwitchBoard.plist (2014-02-12) [Support]

[running] com.adobe.adobeupdatedaemon.plist (2016-04-13) [Support]

[loaded] com.adobe.agsservice.plist (2015-09-24) [Support]

[failed] com.adobe.fpsaud.plist (2016-05-09) [Support]

[loaded] com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist (2013-10-28) [Support]

[running] com.blackmagic-design.DesktopVideoHelper.plist (2015-08-05) [Support]

[loaded] com.blackmagic-design.desktopvideo.XPCService.plist (2015-08-05) [Support]

[running] com.blackmagic-design.streaming.BMDStreamingServer.plist (2015-08-05) [Support]

[running] com.gfi.vipred.plist (2012-10-16) [Support]

[loaded] com.google.keystone.daemon.plist (2016-03-02) [Support]

[running] com.intego.BackupAssistant.daemon.plist (2014-07-30) [Support]

[running] com.jamfsoftware.jamf.daemon.plist (2016-05-20) [Support]

[not loaded] com.jamfsoftware.startupItem.plist (2016-05-20) [Support]

[loaded] com.jamfsoftware.task.1.plist (2016-05-20) [Support]

[loaded] com.malwarebytes.MBAMHelperTool.plist (2016-05-29) [Support]

[loaded] com.microsoft.office.licensing.helper.plist (2010-08-25) [Support]

[loaded] com.oracle.java.Helper-Tool.plist (2014-10-13) [Support]

[running] com.sassafras.KeyAccess.plist (2009-09-14) [Support]

[loaded] com.wdc.WDPrivilegedHelper.plist (2016-06-02) [Support]

User Launch Agents:ⓘ

[failed] com.adobe.ARM.[...].plist (2013-10-13) [Support]

User Login Items:ⓘ

iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

WDDriveUtilityHelper Application (/Applications/WD Drive Utilities.app/Contents/WDDriveUtilityHelper.app)

WDSecurityHelper Application (/Applications/WD Security.app/Contents/WDSecurityHelper.app)

Google Drive Application (/Applications/Google Drive.app)

LaCie Network Assistant Application (/Applications/LaCie Network Assistant.app)

Android File Transfer Agent Application (~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)

Wondershare Helper Compact Application (~/Library/Application Support/Helper/Wondershare Helper Compact.app)

AdobeResourceSynchronizer Application Hidden (/Applications/Adobe Acrobat DC/Adobe Acrobat.app/Contents/Helpers/AdobeResourceSynchronizer.app)

Other Apps:ⓘ

[loaded] 0x7f90fa505790.mach_init.Inspector

[running] [0x0-0x2e02e].com.ambrosiasw.snapz-pro-x

[running] [0x0-0x8008].com.google.Chrome

[running] [0x0-0xb00b].com.microsoft.Excel

[running] [0x0-0xc00c].com.microsoft.Word

[running] com.Growl.GrowlHelperApp.45792

[running] com.adobe.CCLibrary.212288

[running] com.adobe.CCXProcess.212816

[loaded] com.adobe.Photoshop.58288

[running] com.adobe.acc.AdobeDesktopService.172512.9563EB10-07DB-4BB7-92F7-5D79533AC85B

[running] com.adobe.accmac.207536

[loaded] com.ambrosiasw.SnapzLoginHelper

[failed] com.ambrosiasw.registration-helper

[loaded] com.ambrosiasw.snapz.image-exporter

[failed] com.citrixonline.GoToMeeting.G2MUpdate

[running] com.etresoft.EtreCheck.228480

[running] com.evernote.EvernoteHelper

[running] com.gfi.VipreAgent.5488

[loaded] com.google.Chrome.158608

[running] com.google.Chrome.app.Profile-2-koegeopamaoljbmhnfjbclbocehhgmkm.206656

[running] com.google.GoogleDrive.106864

[running] com.google.android.mtpagent.152624

[running] com.lacie.EthernetAgent.125168

[running] com.microsoft.Outlook.26960

[running] com.microsoft.alerts.daemon.27840

[running] com.microsoft.autoupdate.fba.35232

[running] com.microsoft.outlook.databasedaemon.28368

[running] com.sassafras.KeyAccess.kass.61456

[running] com.westerndigital.WDDriveUtilityHelper.226016

[running] com.westerndigital.WDSecurityHelper.225840

[running] com.wondershare.helper_compact.2144

[loaded] 714 Apple tasks

[running] 343 Apple tasks

Internet Plug-ins:ⓘ

JavaAppletPlugin: Java 8 Update 77 build 03 (2016-03-29) Check version

o1dbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-17) [Support]

Default Browser: 537 - SDK 10.9 (2014-10-20)

AdobeAAMDetect: 3.0.0.0 - SDK 10.9 (2016-04-13) [Support]

FlashPlayer-10.6: 21.0.0.226 - SDK 10.6 (2016-04-22) [Support]

AdobePDFViewerNPAPI: 15.016.20045 - SDK 10.11 (2016-06-07) [Support]

Silverlight: 5.1.41212.0 - SDK 10.6 (2016-03-10) [Support]

QuickTime Plugin: 7.7.3 (2016-03-04)

Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-22) Cannot contact Adobe

PepperFlashPlayer: 21.0.0.242 - SDK 10.6 (2016-06-08) [Support]

googletalkbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-11) [Support]

AdobePDFViewer: 15.016.20045 - SDK 10.11 (2016-06-07) [Support]

SharePointBrowserPlugin: 14.3.7 - SDK 10.6 (2013-09-22) [Support]

DirectorShockwave: 12.1.3r153 - SDK 10.6 (2014-06-24) [Support]

User internet Plug-ins:ⓘ

CitrixOnlineWebDeploymentPlugin: 1.0.105 (2013-04-25) [Support]

WebEx64: 1.0 - SDK 10.6 (2015-08-11) [Support]

3rd Party Preference Panes:ⓘ

Blackmagic Desktop Video (2015-08-05) [Support]

Flash Player (2016-05-09) [Support]

Growl (2014-02-12) [Support]

Java (2016-03-29) [Support]

KeyAccess (2014-02-12) [Support]

Time Machine:ⓘ

Time Machine not configured!

Top Processes by CPU:ⓘ

18% Google Chrome

13% Google Chrome Helper(40)

11% WindowServer

3% kernel_task

3% fontd

Top Processes by Memory:ⓘ

2.43 GB Google Chrome Helper(40)

830 MB kernel_task

123 MB Google Chrome

123 MB com.apple.IconServicesAgent

82 MB Finder

Virtual Memory Information:ⓘ

676 MB Free RAM

5.29 GB Used RAM (1.63 GB Cached)

0 B Swap Used

Diagnostics Information:ⓘ

Jun 7, 2016, 10:45:10 PM ~/Library/Logs/DiagnosticReports/Finder_2016-06-07-224510_[redacted].crash

com.apple.finder - /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder

Jun 7, 2016, 09:40:43 PM ~/Library/Logs/DiagnosticReports/QuickLookUIHelper_2016-06-07-214043_[redacted] .crash

com.apple.quicklook.ui.helper - /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.f ramework/Versions/A/Resources/QuickLookUIHelper.app/Contents/MacOS/QuickLookUIHe lper

Jun 7, 2016, 12:53:36 PM Self test - passed

Jun 5, 2016, 10:28:16 AM /Library/Logs/DiagnosticReports/Kernel_2016-06-05-102816_[redacted].panic [Details]

Reply

Answer 6

idakanwyo Author

Level 1

12 points

Jun 8, 2016 1:47 PM in response to Esquared

I figure it is a salvage situation, but I really can't do that unless I have the ability to transfer files! I may not have extensive knowledge, but it appears there isn't a person on the web that can answer the problem I am having so what good does experience do without a path? I have researched multiple solutions and have nothing close to a proper answer other than "dot_clean" which doesn't work.

As for removing the HDD - I will probably have to take it to IT to have them do it as that is the first decent answer I have heard. Any other possible solutions before I do that?

Computers are crap - I lost my files last year on my PC to Ransomware, my external HDD stopped working after using it to attempt to back up my files on my Mac just last week and now this.

Thanks again for any help!

Reply

Answer 7

Jun 8, 2016 2:37 PM in response to idakanwyo

idakanwyo wrote:

I installed one at a time and then uninstalled with the exception of Sophos and Clamxav which remain based on reviews.

Also, I cannot uninstall VIPRE - this is a work computer with VIPRE as a requirement per IT policy.

Take the computer to your workplace tech person if it is a work computer. Let them figure it out.

Reply

Answer 8

notcloudy

Level 4

1,258 points

Jun 8, 2016 2:54 PM in response to idakanwyo

Macintosh HD (disk0s2) / : 250.14 GB (43.43 GB free) - 70 errors

Drive failure!

Your hard drive is failing -- period. You can check it in disk doctor and should see same message.

Take it to IT so they can get it repaired or give you a new one.

Reply

Answer 9

etresoft

Level 9

57,670 points

Jun 8, 2016 8:29 PM in response to idakanwyo

Hello idakanwyo,

This is the first time I've seen I/O errors on an SSD. You do have a fair number of low-level system modifications, including kernel extensions. I think the first step would be to erase the hard drive and reinstall the OS from scratch. If you can't perform a backup, you may have to just manually copy files. If you have another drive, you may be able to use Apple's Disk Utility (while booted from the recovery volume) to backup your disk. See Disk Utility (El Capitan): Restore a disk

If that doesn't fix it, then it could be a hardware failure. SSDs are supposed to be much more reliable, but the problem could be the hard drive cable or logic board too. If this is a work computer, give it back to IT and let them deal with it.

Reply