PDA

View Full Version : Trying to install Lion but get the Prohibitory Sign




prograham
Aug 21, 2012, 10:46 AM
I'm at work and thought I would throw this out for ideas...

Working on Macbook Air 13-inch Mid-2011. It had a virus and we decided just to wipe it and reinstall Lion. We work behind a firewall with a proxy so I tried to use a Lion USB installer that I often use. When booting holding option I see the installer but as soon as I select it I get the prohibitory sign (no smoking sign).

Can't use internet recovery because of the proxies (big company, no turning them off). Now trying to make a dvd installer from a lion DMG but just wondering if anyone has ideas. I've already wiped the disk, made a new partition, and done PRAM reset.

Why am I getting the prohibitory sign? Thanks.



Mal
Aug 21, 2012, 11:04 AM
First, you didn't have a virus. There are none for the Mac, so this is a situation you should have been able to avoid.

Second, the MBA you have must shipped with a newer version of Lion than is on your install drive. Try recreating it from a newer version of Lion.

jW

prograham
Aug 21, 2012, 11:25 AM
Sorry, it may have had a trojan. Security sent me a full log of it's activity trying to send out to a few different countries. Running Sophos it found 3 different files in underbelly of Spotlight yet running Norton nothing was found. I'm fairly certain it must have been doing something because I have the logs in front of me... no VMWare or windows on the machine which puzzled me since the description on the Sophos site only listed them as windows trojans.

In any case, thanks for the tip. I'm sure you're right as to the machine shipping with a newer version of Lion than my USB, which is 10.7.0. Will report back once I figure out how to make an installer from my iMac running 10.7.4.

GGJstudios
Aug 21, 2012, 11:29 AM
Sorry, it may have had a trojan. Security sent me a full log of it's activity trying to send out to a few different countries. Running Sophos it found 3 different files in underbelly of Spotlight yet running Norton nothing was found. I'm fairly certain it must have been doing something because I have the logs in front of me... no VMWare or windows on the machine which puzzled me since the description on the Sophos site only listed them as windows trojans.
Windows trojans could have been simply deleted. They cannot affect your Mac in any way. You don't need to have Windows installed on your Mac to get a file that has Windows malware in it.

I recommend that you avoid using Sophos, as it could actually increase your Mac's vulnerability, as described here (http://forums.macrumors.com/showpost.php?p=11570070&postcount=31) and here (http://forums.macrumors.com/showpost.php?p=12029337&postcount=41).

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X 10.6 and later versions have anti-malware protection (http://support.apple.com/kb/ht4651) built in, further reducing the need for 3rd party antivirus apps.
Mac Virus/Malware FAQ (http://guides.macrumors.com/Mac_Virus/Malware_FAQ)

Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall


Uncheck "Open "safe" files after downloading" in Safari > Preferences > General


Disable Java in your browser (Safari (http://support.apple.com/kb/HT5241), Chrome (http://www.podfeet.com/wordpress/tutorials/how-to-disable-java-in-chrome/), Firefox (http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets)). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan (http://support.apple.com/kb/HT5244). Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)


Change your DNS servers to OpenDNS servers by reading this (http://guides.macrumors.com/Mac_Virus/Malware_FAQ#Why_am_I_being_redirected_to_other_sites.3F).


Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.


Never let someone else have access to install anything on your Mac.


Don't open files that you receive from unknown or untrusted sources.


For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.


Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. While you may elect to use it, 3rd party antivirus software is not required to keep your Mac malware-free.

If you still want to run antivirus for some reason, ClamXav (http://www.clamxav.com/) (which is free) is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges.

prograham
Aug 21, 2012, 12:01 PM
You're preaching to the choir here about being cautious and safety but I support over 300 people and some of them unfortunately are granted admin rights on the computer. His drive was a mess anyway. Less than 1GB free (initially until I had him free 20GB) and also I was not able to delete the files because of permissions. Repairing permissions via disk utility did nothing and getting info on the drive then applying permissions to all enclosed items kept hanging. Did I mention he is a CTO?

And I admit I don't know the specifics but I have two logs in front of me where his machine was sending out LOTS of requests to foreign countries everyday. If it was just malware, it sure acted like a trojan.

Anyway, talked to Applecare and since the recovery partition is not even showing they suggested I just take it to the Applestore since it's right next door to me. What a mess!

GGJstudios
Aug 21, 2012, 12:18 PM
You're preaching to the choir here about being cautious and safety but I support over 300 people and some of them unfortunately are granted admin rights on the computer.
There is no disadvantage to running an admin user account on Mac OS X.
His drive was a mess anyway. Less than 1GB free (initially until I had him free 20GB) and also I was not able to delete the files because of permissions.
For issues with deleting files, you may find some useful ideas here:
You can't empty the Trash or move a file to the Trash (http://support.apple.com/kb/HT1526)
Solving Trash Problems (http://www.thexlab.com/faqs/trash.html)
Can't move files to trash (https://discussions.apple.com/message/15845135#15845135)
Can't Empty Trash on a Mac (http://www.lancelhoff.com/cant-empty-trash-on-a-mac/)
Repairing permissions via disk utility did nothing
Some people repair, or recommend repairing permissions for situations where it isn't appropriate. Repairing permissions only addresses very specific issues. It is not a "cure all" or a general performance enhancer, and doesn't need to be done on a regular basis. It also doesn't address permissions problems with your files or 3rd party apps.
Repairing permissions: What you need to know (http://www.macworld.com/article/52220/2006/08/repairpermissions.html)
About Disk Utility's Repair Disk Permissions feature (http://support.apple.com/kb/HT1452)
If it was just malware, it sure acted like a trojan.
A trojan is a form of malware.

prograham
Aug 21, 2012, 12:25 PM
Thanks for all these links, I'll definitely check them out. I really want to read the Sophos links when I get a chance.

But I will say allowing people that are not alert to run an admin profile just makes my life hell because they can install anything they want. This goes for non-malware also like bad fonts or two different types of Final Cut Studio on the same boot drive. I prefer my clients to be locked down tight for their own good and my sanity.

GGJstudios
Aug 21, 2012, 12:39 PM
But I will say allowing people that are not alert to run an admin profile just makes my life hell because they can install anything they want.
They can still install many things without being an admin user.
I prefer my clients to be locked down tight for their own good and my sanity.
One method that I've seen employed frequently by IT departments is the "lock down" approach. I've never seen that proven to be completely effective. Another approach is to spend some time educating users, so they're less likely to do something stupid. Neither approach is 100% effective, but users seem to appreciate the latter more. YMMV.