Have I got some malware when my Mac screen shows lines from Unix script on login, instead of going to the password dialogue box?
Is it normal that my Mac (Mini, running High Sierra) would spontaneously run Unix script on a login if there had been a crash a few hours before this on login happened? Or should I consider that this spontaneous running of the UNIX script is an indication of the presence of malware? Here are the details.
There was a spontaneous system crash at midnight (I was asleep -- more details from the crash log are below). When I started to use the machine (it had spontaneously restarted after the crash) after 6 AM, some Finder windows began to close spontaneously and some applications began to start spontaneously. So I quickly did a normal shutdown.
On doing a login about 10 minutes later, instead of bringing up the normal startup screen this weird UNIX script began to run, which it did for more than 30 seconds, and I saw lines saying that XX (can't remember what now) was "changed"; and this, I suppose, referred to changes done by the script! (My heart started to flutter -- there is a big bunch of business stuff on this machine.) Soon the usual dialogue box for me to enter my password appeared.
So, that is how I got to the questions asked at the outset of this message. Basically, do I now have some new malware on board?
Semi-finally. In the past two days I installed new programs, one of which required my use of Terminal (craftcms, which executes PHP code). Also, I installed MAMP and MAMP_Pro (two different programs), which also harness PHP-executing server software (Apache).
However, note that McAffee's True Key seems to have triggered the crash at midnight. I mention these PHP-executing programs to say that they and I have been 'messing around' below the MacOS level of code.
I will appreciate all comments/advice as to whether I should act as if something bad has happened (in terms of malware arrival) and I need to start 'rescuing important stuff' ASAP.
Thanks in advance.
Finally, here are a few lines from the crash log in the Diagnostics folder:
____
Process: nativeproxy [38165]
Path: /Applications/True Key.app/Contents/Frameworks/nativeproxy
Identifier: nativeproxy
Version: 0
Code Type: X86-64 (Native)
Parent Process: Google Chrome [38146]
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
...
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 nativeproxy 0x0000000108b46833 ELF::ELFRegistrar::logLine(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, ELF::ELFLevel) + 179
1 nativeproxy 0x0000000108b2a580 ZmqClient::StopConnect() + 1152
2 nativeproxy 0x0000000108b11f5b NativeProxy::RunLoop() + 363
3 nativeproxy 0x0000000108b028b0 main_common(std::__1::basic_string<wchar_t, std::__1::char_traits<wchar_t>, std::__1::allocator<wchar_t> > const&, std::__1::basic_string<wchar_t, std::__1::char_traits<wchar_t>, std::__1::allocator<wchar_t> > const&, std::__1::basic_string<wchar_t, std::__1::char_traits<wchar_t>, std::__1::allocator<wchar_t> > const&) + 2272
4 nativeproxy 0x0000000108b05793 main + 883
5 libdyld.dylib 0x00007fff63771015 start + 1
____