I think I have a virus!

Discussion in 'Mac Basics and Help' started by liredsnow, Feb 24, 2010.

  1. liredsnow macrumors newbie

    Joined:
    Feb 24, 2010
    #1
    One day in my Trash Can folders called "Recovered Files" kept on popping up. Inside were files by with the word "Flash" in them.

    When I first saw this in my Trash Can I moved the folder to the Desktop to be looked at later. The next day there were more files in my Trash Can. So I would empty the trash and it would come back everyday. So I ran a Secure Empty Trash and updated my Flash Player to overwrite any bad files that might had gotten in there.

    After some thought I figured that someone had discovered a loophole were infected files could be downloaded into the Apple Trash Can without the System catching it. (Maybe Someone would see the files in the Trash Can and move them to the Flash Player.)

    My computer, however, was still running slow. So I remembered a strange "Disk Utility" I had run were it seemed all the Espon files had been corrupted.

    Sample from log:

    Owner and group corrected on ./Library/Printers/EPSON/Libraries/UtilityLib.framework/Versions/V/Resources/version.plist
    Permissions corrected on ./Library/Printers/EPSON/Libraries/UtilityLib.framework/Versions/V/Resources/version.plist
    Permissions differ on ./Library/Printers/EPSON/Libraries/UtilityLib.framework/Versions/W/Resources/Dutch.lproj/Localizable.strings, should be -rw-rw-r-- , they are -rwxrwxr-x

    It was just a long list of 'should be -rw-rw-r-- , they are -rwxrwxr-x' in the Epson library.

    So I downloaded ClamXav (It is a virus scanner), but and checked all my computer. (Even if it would not let my scan everything at once.) Nothing came up.

    My computer was still slow. So I tried scanning just "./Library/Printers/EPSON/" and ClamXav crashed. When I reopened it the scan and tried again it the scan didn't work. So I tried it again, and it found nothing.

    I was worried that the virus was set up to infect ClamXav if it scanned the Espon Folder so I tried to find another free virus software. I have a PowerBook G4 running Tiger, so I had trouble finding anything and settled something that did not appear to be the right program, MacNikto 1.1.1.

    After I downloaded this from the Apple site I discovered this window open in the background. It was the 'Console.log'

    Mac OS X Version 10.4.11 (Build 8S165)
    2010-02-24 01:52:01 -0500
    2010-02-24 01:52:17.259 SystemUIServer[155] lang is:en
    2010-02-24 01:52:22.368 SecurityFixer[170] No insecure startup items found!

    **********
    Disk Utility started.


    2010-02-24 01:58:53.947 ClamXav[180] jobjc_mapObjects() collision, objc object 67eff0 of type (NSConcreteTextStorage) being entered for Java object of class (com/apple/cocoa/application/NSTextStorage) in entry 634720
    2010-02-24 01:58:53.947 ClamXav[180] existing java object's class is (com/apple/cocoa/application/NSTextStorage)
    2010-02-24 01:58:53.948 ClamXav[180] no corresponding java entry! (did it get collected?)
    ObjCJava FATAL:
    jobjc_mapObjects(): mapping inconsistency -- hashtable entries are not identical
    ObjCJava Exit

    Debugger() was called!

    Feb 24 02:46:17 Misa-Misa authexec: executing /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/MacOS/uid

    **********
    Disk Utility started.

    I had no idea what 'Debugger() was called!' meant.
    So I checked the 'system.log' which was saying.

    Feb 23 03:15:48 Misa-Misa cp: error processing extended attributes: Operation not permitted
    Feb 23 10:52:26 Misa-Misa ntpd[214]: time reset +0.133481 s
    Feb 23 15:55:50 Misa-Misa loginwindow[72]: sendQuitEventToApp (LAServer): AESendMessage returned error -609
    Feb 23 15:55:51 Misa-Misa loginwindow[72]: sendQuitEventToApp (iCalAlarmScheduler): AESendMessage returned error -1712
    Feb 23 15:55:51 Misa-Misa loginwindow[72]: sendQuitEventToApp (Microsoft AU Daemon): AESendMessage returned error -1712
    Feb 23 15:56:08 Misa-Misa shutdown: halt by emaddix:
    Feb 23 15:56:09 Misa-Misa SystemStarter[415]: "/Library/StartupItems/Tablet" failed security check: permissions
    Feb 23 15:56:12 Misa-Misa SystemStarter[415]: authentication service (426) did not complete successfully
    Feb 23 15:56:15 Misa-Misa sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/aw/COM/bin/lmdown -q -c /var/flexlm/aw_server.dat
    Feb 23 15:56:25 localhost usbmuxd[41]: stopping.
    Feb 23 15:56:25 Misa-Misa usbmuxd[500]: usbmuxd-176 built for iTunesNineDot on Sep 24 2009 at 16:11:04, running 32 bit
    Feb 23 16:40:53 localhost memberd[48]: memberd starting up
    Feb 23 16:40:53 localhost mDNSResponder-108.6 (Jul 19 2007 11: 33:32)[38]: starting
    Feb 23 16:40:54 localhost DirectoryService[53]: Launched version 2.1 (v353.6)
    Feb 23 16:40:54 localhost lookupd[47]: lookupd (version 369.8) starting - Tue Feb 23 16:40:54 2010
    Feb 23 16:40:55 localhost xinetd[43]: xinetd Version 2.3.11 started with libwrap options compiled in.
    Feb 23 16:40:55 localhost xinetd[43]: Started working: 0 available services
    Feb 23 16:40:55 localhost diskarbitrationd[46]: disk0s3 hfs 589992E1-3829-38C6-86EC-37FF3B7BDCBB Macintosh HD /
    Feb 23 16:40:55 localhost launchd: Server 2f07 in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[47]: exited abnormally: Hangup
    Feb 23 16:40:56 localhost lookupd[68]: lookupd (version 369.8) starting - Tue Feb 23 16:40:56 2010
    Feb 23 16:40:56 localhost usbmuxd[41]: usbmuxd-176 built for iTunesNineDot on Sep 24 2009 at 16:11:04, running 32 bit
    Feb 23 16:40:57 localhost configd[44]: WirelessConfigure: 88001003
    Feb 23 16:40:57 localhost configd[44]: initCardWithStoredPrefs failed.
    Feb 23 16:40:57 localhost configd[44]: WirelessConfigure: 88001003
    Feb 23 16:40:59 localhost mDNSResponder: Adding browse domain local.
    Feb 23 16:41:00 localhost /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Feb 23 16:41:01 localhost loginwindow[72]: Login Window Started Security Agent
    Feb 23 16:41:05 Misa-Misa configd[44]: setting hostname to "Misa-Misa.local"
    Feb 23 16:41:09 Misa-Misa launchd: Server 0 in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[68]: exited abnormally: Hangup
    Feb 23 16:41:09 Misa-Misa configd[44]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
    Feb 23 16:41:09 Misa-Misa configd[44]: posting notification com.apple.system.config.network_change
    Feb 23 16:41:09 Misa-Misa lookupd[85]: lookupd (version 369.8) starting - Tue Feb 23 16:41:09 2010
    Feb 23 16:41:09 Misa-Misa SystemStarter[52]: "/Library/StartupItems/Tablet" failed security check: permissions
    Feb 23 16:42:33 Misa-Misa configd[44]: target=enable-network: disabled
    Feb 23 19:32:14 Misa-Misa loginwindow[72]: sendQuitEventToApp (LAServer): AESendMessage returned error -1712
    Feb 23 19:32:15 Misa-Misa loginwindow[72]: sendQuitEventToApp (iCalAlarmScheduler): AESendMessage returned error -1712
    Feb 23 19:32:15 Misa-Misa loginwindow[72]: sendQuitEventToApp (Microsoft AU Daemon): AESendMessage returned error -1712
    Feb 23 19:32:33 Misa-Misa shutdown: halt by emaddix:
    Feb 23 19:32:35 Misa-Misa SystemStarter[400]: "/Library/StartupItems/Tablet" failed security check: permissions
    Feb 23 19:32:39 Misa-Misa SystemStarter[400]: authentication service (412) did not complete successfully
    Feb 23 19:32:44 Misa-Misa sudo: root : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/aw/COM/bin/lmdown -q -c /var/flexlm/aw_server.dat
    Feb 23 19:32:48 localhost usbmuxd[41]: stopping.
    Feb 23 19:32:51 Misa-Misa usbmuxd[459]: usbmuxd-176 built for iTunesNineDot on Sep 24 2009 at 16:11:04, running 32 bit
    Feb 24 01:51:29 localhost memberd[48]: memberd starting up
    Feb 24 01:51:29 localhost mDNSResponder-108.6 (Jul 19 2007 11: 33:32)[38]: starting
    Feb 24 01:51:29 localhost DirectoryService[52]: Launched version 2.1 (v353.6)
    Feb 24 01:51:30 localhost lookupd[47]: lookupd (version 369.8) starting - Wed Feb 24 01:51:30 2010
    Feb 24 01:51:30 localhost xinetd[43]: xinetd Version 2.3.11 started with libwrap options compiled in.
    Feb 24 01:51:30 localhost xinetd[43]: Started working: 0 available services
    Feb 24 01:51:31 localhost diskarbitrationd[46]: disk0s3 hfs 589992E1-3829-38C6-86EC-37FF3B7BDCBB Macintosh HD /
    Feb 24 01:51:31 localhost launchd: Server 2f07 in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[47]: exited abnormally: Hangup
    Feb 24 01:51:31 localhost lookupd[67]: lookupd (version 369.8) starting - Wed Feb 24 01:51:31 2010
    Feb 24 01:51:32 localhost usbmuxd[41]: usbmuxd-176 built for iTunesNineDot on Sep 24 2009 at 16:11:04, running 32 bit
    Feb 24 01:51:32 localhost configd[44]: WirelessConfigure: 88001003
    Feb 24 01:51:32 localhost configd[44]: initCardWithStoredPrefs failed.
    Feb 24 01:51:32 localhost configd[44]: WirelessConfigure: 88001003
    Feb 24 01:51:32 localhost mDNSResponder: Adding browse domain local.
    Feb 24 01:51:36 localhost /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Feb 24 01:51:37 localhost loginwindow[72]: Login Window Started Security Agent
    Feb 24 01:51:41 Misa-Misa configd[44]: setting hostname to "Misa-Misa.local"
    Feb 24 01:51:45 Misa-Misa SystemStarter[53]: "/Library/StartupItems/Tablet" failed security check: permissions
    Feb 24 02:11:29 Misa-Misa configd[44]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
    Feb 24 02:11:29 Misa-Misa configd[44]: posting notification com.apple.system.config.network_change
    Feb 24 02:11:29 Misa-Misa launchd: Server 0 in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[67]: exited abnormally: Hangup
    Feb 24 02:11:30 Misa-Misa lookupd[205]: lookupd (version 369.8) starting - Wed Feb 24 02:11:30 2010
    Feb 24 02:12:58 Misa-Misa configd[44]: target=enable-network: disabled
    Feb 24 02:46:17 Misa-Misa authexec: executing /System/Library/ScriptingAdditions/StandardAdditions.osax/Contents/MacOS/uid
    Feb 24 03:15:48 Misa-Misa cp: error processing extended attributes: Operation not permitted



    I have no idea what to do, and I am asking you!
     
  2. richard.mac macrumors 603

    richard.mac

    Joined:
    Feb 2, 2007
    Location:
    51.50024, -0.12662
    #2
    thats because there are no viruses for Mac OS X. there are 2 trojans that you have to install with your admin password to become infected, but you are not infected here.

    sorry for the overly concise answer, but simply there is nothing alarmingly wrong with your Mac.

    also recovered files site:apple.com - Google Search
     
  3. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #3
    There are NO virus's out for Mac. None.

    I had the Recovered Files problem in Leopard. Since upgrading, everything has been fine.
     
  4. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #4
    Nothing to add to the other responses (and they're both right), but a suggestion when you post a WoT: Use the [ code ] tags, it makes it easier to read (even when we don't really need all that ;)).

    Example:

     
  5. liredsnow thread starter macrumors newbie

    Joined:
    Feb 24, 2010
    #5
    Thanks

    This seems to be what everyone says on the discussions I have looked up. I just figured that there had to be some viruses for Macs because they have ClamXav and other programs out there. Perhaps my computer is suddenly slow because it is really old. Maybe a new Flash or something came out that doesn't run so well on it. :( Yet it is not like I'm running many advanced programs.
     
  6. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #6
    Mac antivirus solutions exist mostly so you don't propagate Windows virii back to your PC-using friends. ;) Most are a waste of time and system resources, though.

    Flash is bad enough on a C2D Mac; on a G4 PB, it must be grinding it near to a halt.

    Try Click2Flash, it'll give you the option of loading Flash when you want.
     
  7. spinnerlys Guest

    spinnerlys

    Joined:
    Sep 7, 2008
    Location:
    forlod bygningen
    #7
    As ClamXav says on its front page:

    Back in the days before OS X, the number of viruses which attacked Macintosh users totalled somewhere between about 60 and 80. Today, the number of viruses actively attacking OS X users is...NONE! However, this doesn't mean we should get complacent about checking incoming email attachments or web downloads, for two reasons. Firstly, there's no guarantee that we Mac users will continue to enjoy the status quo, but more importantly, the majority of the computing world use machines running MS Windows, for which an enormous quantity of viruses exist, so we must be vigilant in checking the files we pass on to our friends and colleagues etc. For example, if you're a wise person and you've turned MS Office's macro support off then you're not going to notice that virus which is hiding inside this month's edition of Extreme Ironing.doc which your friend sent you. If you then forward that document to a less wise person who has not turned off the macro support, then you have most likely just sent him a shiny new Pandora's Box with a sign saying "Open this end"!


    So the anti virus software for Mac OS X is for protecting us against Windows viruses and spreading them to other people using Windows.

    Although I never saw the point, as I'm not really responsible for any other computers and how they are maintained. And those anti virus applications eat up CPU cycles if they misbehave, so it's better to not even install them.
     
  8. BlueRevolution macrumors 603

    BlueRevolution

    Joined:
    Jul 26, 2004
    Location:
    Montreal, QC
    #8
    We get a thread here every couple of weeks from someone who thinks they have a virus because their computer is doing this or that strangely or slowly. The number of posters who have actually turned out to be infected? 0.

    So let's rewind a bit and take a look at the symptoms, not where you think the problem is.

    I don't see anything particularly unusual in the excerpt from system.log that you posted, just the normal smattering of system chatter and whiny applications. Bear in mind that you're looking at the entire log file for a 24-hour period. If a process is acting up, you'll often see errors appearing every few minutes or more.

    "Debugger() was called" just means that Disk Utility encountered a problem it didn't expect and referred to a subroutine designed to help the developer (Apple) fix it or figure out a more graceful way for the application to behave. It's not particularly chilling.

    Have you run the verify disk function in Disk Utility? It sounds to me like you're dealing with filesystem corruption issues. How serious that is really depends on what's corrupted and why, but I suggest making or updating a backup of your important files if you haven't already done so.

    It's handy! For years I have been forwarding emails to my friends with attachments like p0rn.exe and never thought anything of it until my Mac antivirus programme told me there was a virus attached! I know! To something so innocuous, no less...

    No software can substitute for common sense, and common sense is a great substitute for a lot of software, Mac antivirus foremost on the list.

    Kinda like a virus, really.
     

Share This Page