Perpetual rainbow wheel upon login (Please read, this is urgent)

[orvn]

I'm having a pretty troubled day, I'd really appreciate some advice.

I have some work I need to submit at midnight tonight and I can't access it because my Macbook Pro (mid-2009 unibody running 10.7.1 Lion) won't fully start up.

The story:
So I install Sophos antivirus for OSX earlier today. I haven't run a scan yet, but I have updated. This has been the only major recent change on my Mac.

An hour ago I noticed that my machine had a lot of memory wired but inactive, so I decided to restart to speed things up as I hadn't done so in a few days.

The story is the same every time: I login and my applications start loading. I get a rainbow wheel during start up when only a few things are open (activity monitor, chromium, gnu privacy guard, evernote, etc.). The rainbow wheel never goes away.

The WindowServer still responds as I am still able to drag windows and move the cursor, but nothing else is responsive. I cannot click or select anything.

I know that there are a few buttons I can hold down during start up to trigger things like system and disk checks, but I'm not sure what they are or which to use.

Recommendations?

 

[TehFalcon]

I'm having a pretty troubled day, I'd really appreciate some advice.

I have some work I need to submit at midnight tonight and I can't access it because my Macbook Pro (mid-2009 unibody running 10.7.1 Lion) won't fully start up.

The story:
So I install Sophos antivirus for OSX earlier today. I haven't run a scan yet, but I have updated. This has been the only major recent change on my Mac.

An hour ago I noticed that my machine had a lot of memory wired but inactive, so I decided to restart to speed things up as I hadn't done so in a few days.

The story is the same every time: I login and my applications start loading. I get a rainbow wheel during start up when only a few things are open (activity monitor, chromium, gnu privacy guard, evernote, etc.). The rainbow wheel never goes away.

The WindowServer still responds as I am still able to drag windows and move the cursor, but nothing else is responsive. I cannot click or select anything.

I know that there are a few buttons I can hold down during start up to trigger things like system and disk checks, but I'm not sure what they are or which to use.

Recommendations?

Not Sure why you would install Anti-Virus. Heck I Haven't even heard of that one before. Try booting into Single-User mode and going into account and then startup items and make sure only your vital things are there. Now I Would also suggest uninstalling that anti-virus, and if you truly need one, just get iAntivirus.. Its not really needed to have Anti-Virus on Snow Leopard or Lion as it is built in. After you have done that go into Disk utility and select Macintosh HD (or whatever you named your Partition name) And press Repair Permissions then after that is finished, Verify disk, if there are any errors on the Verifications press Repair Disk. After than restart your mac this way, Press the Apple in the Top Left Corner and press Restart, and UNCHECK Reopen Windows When Logging back in and then hit Restart. If it does the same thing after that try taking to an Apple Store and have them run some diagnostics.. Might be your Hard Drive going out. Good Luck!

 

[orvn]

Thanks for your reply!

Trying single user mode now (hold down the "s" key, right?)

Antivirus is due to exponentially increasing reports of trojans for OSX in the past year. Sophos is sort of a leader in security technology, and I've read several white papers from them on Mac security, so I thought their antivirus would be the best bet. I did see iAntivirus, but it looked poorly designed, so I wasn't inclined to trust it.

 

[TehFalcon]

Thanks for your reply!

Trying single user mode now (hold down the "s" key, right?)

Antivirus is due to exponentially increasing reports of trojans for OSX in the past year. Sophos is sort of a leader in security technology, and I've read several white papers from them on Mac security, so I thought their antivirus would be the best bet. I did see iAntivirus, but it looked poorly designed, so I wasn't inclined to trust it.

Yes hold the S Key until you see a progress bar. Also The Anti-Virus Really isn't needed. Apple Just Released a security update this week. And this is how it always is, Apple is the leader in security on macs, they release Security updates and the Anti-Virus is built right into Mac OS X. You Wont get a virus if you pay attention to what you click. Most Viruses come from Email links and attachments and Ads on Websites. That Stupid Mac Keeper program is all I See for ads it seems. But Really anti-virus isn't needed. iAntiVirus is a great program, my friend uses it.. Their website has a database of every mac virus known for Mac OS X.. it keeps up with the Viruses and its definitely not going to cause problems. I Recommended but at the same time recommend not having any at all as it is build in to mac os x.

 

[old-wiz]

iAntiVirus is a great program, my friend uses it.. Their website has a database of every mac virus known for Mac OS X.. it keeps up with the Viruses and its definitely not going to cause problems. I Recommended but at the same time recommend not having any at all as it is build in to mac os x.

There are ZERO viruses in the wild for OSX, hence there is no database of viruses for OSx.

Installing anti-virus, especially Sophos, often makes your system even more vulnerable.

Don't waste time with Anti-virus.

 

[orvn]

So unfortunately the whole single user fix didn't work out. Turns out the culprit is an process called "InterCheck" which is executed by root upon startup.

I managed to kill the process in the few seconds during regular startup I have before the rainbow wheel takes over. Uninstalled Sophos.

I can't find resources on what you mentioned, an antivirus being built into OSX? I know they release security updates, but so does every other software application with ongoing support- right? Could you link me?

I've just seen a number of studies that seem to suggest that OSX attacks are growing in proportion with OSX market share. Thus the exploration of an antivirus option.

I do run Adblock Plus, which kills popups and ads (yes, even the dreaded "MacKeeper"), I'd recommend it if you're sick of that particular ad (or ads in general).

----------

There are ZERO viruses in the wild for OSX, hence there is no database of viruses for OSx.

Installing anti-virus, especially Sophos, often makes your system even more vulnerable.

Don't waste time with Anti-virus.

http://reviews.cnet.com/8301-13727_7-20110677-263/new-os-x-trojan-horse-sends-screenshots-files-to-remote-servers/

Really?
This one's just 3 days old in terms of media attention (it's also the third article down on the MacRumors home page right now).

 

[TehFalcon]

So unfortunately the whole single user fix didn't work out. Turns out the culprit is an process called "InterCheck" which is executed by root upon startup.

I managed to kill the process in the few seconds during regular startup I have before the rainbow wheel takes over. Uninstalled Sophos.

I can't find resources on what you mentioned, an antivirus being built into OSX? I know they release security updates, but so does every other software application with ongoing support- right? Could you link me?

I've just seen a number of studies that seem to suggest that OSX attacks are growing in proportion with OSX market share. Thus the exploration of an antivirus option.

I do run Adblock Plus, which kills popups and ads (yes, even the dreaded "MacKeeper"), I'd recommend it if you're sick of that particular ad (or ads in general).

I Use Safari as Main Browser, If Ad Block is on the Extensions i will gladly get it! Also Here is an Article about it built into Snow Leopard, it is also built into Lion and works exactly the same.. http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html

Any Good Luck!

 

[jameslmoser]

Not using antivirus just because there isn't a (current) big problem with them on macs is not very smart. If you are on the internet, your connected to users who use windows. You might even use it yourself. Its not only to prevent your machine from getting infected, but from distributing it as well.

I have been using Sophos Anti-Virus for some time now without any problems, on Snow Leopard and it worked on Lion (upgarde and clean install) before I ditched it and went back to Snow Leopard.

 

[TehFalcon]

Not using antivirus just because there isn't a (current) big problem with them on macs is not very smart. If you are on the internet, your connected to users who use windows. You might even use it yourself. Its not only to prevent your machine from getting infected, but from distributing it as well.

I have been using Sophos Anti-Virus for some time now without any problems, on Snow Leopard and it worked on Lion (upgarde and clean install) before I ditched it and went back to Snow Leopard.

Dude Every one of your posts says going back to Snow Leopard, what do you have against Lion? They Run on the EXACT same system, just lion has updated and new feature. Are you running a mac that can't handle Lion? Anti Virus is Almost not needed on OSX. The chances of you distributing it though your network is extremely low, Your router/Modem have built in firewalls to prevent this, and if you have a PC you most likely have anti virus on it to stop it if it did get though. Stop Telling people horrible advice.

 

[orvn]

I Use Safari as Main Browser, If Ad Block is on the Extensions i will gladly get it! Also Here is an Article about it built into Snow Leopard, it is also built into Lion and works exactly the same.. http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html

Any Good Luck!

Thanks for the article

 

[TehFalcon]

Thanks for the article

Your Very Welcome!

 

[jameslmoser]

Dude Every one of your posts says going back to Snow Leopard, what do you have against Lion? They Run on the EXACT same system, just lion has updated and new feature. Are you running a mac that can't handle Lion? Anti Virus is Almost not needed on OSX. The chances of you distributing it though your network is extremely low, Your router/Modem have built in firewalls to prevent this, and if you have a PC you most likely have anti virus on it to stop it if it did get though. Stop Telling people horrible advice.

You are telling people not to worry about getting and spreading computer viruses/malware and I'm the one giving bad advice??

I'm sure all the people affected by Mac Defender would disagree with you. In fact, Apple disagrees with you too (http://news.cnet.com/8301-1009_3-10110852-83.html, http://www.neowin.net/news/main/08/11/30/apple-recommends-antivirus-software)

Firewalls and routers don't block viruses and malware from being downloaded to your computer.

 

[TehFalcon]

You are telling people not to worry about getting and spreading computer viruses/malware and I'm the one giving bad advice??

I'm sure all the people affected by Mac Defender would disagree with you. In fact, Apple disagrees with you too (http://news.cnet.com/8301-1009_3-10110852-83.html, http://www.neowin.net/news/main/08/11/30/apple-recommends-antivirus-software)

Firewalls and routers don't block viruses and malware from being downloaded to your computer.

Did i say they stop you from downloading viruses? NO. It stops the virus from infecting all computers on the network. As for mac defender Apple Solved that with an Update, infact if you open MAc Defender it stops you and tells you it isn't safe. Anyway...

 

[old-wiz]

So unfortunately the whole single user fix didn't work out. Turns out the culprit is an process called "InterCheck" which is executed by root upon startup.

I managed to kill the process in the few seconds during regular startup I have before the rainbow wheel takes over. Uninstalled Sophos.

I can't find resources on what you mentioned, an antivirus being built into OSX? I know they release security updates, but so does every other software application with ongoing support- right? Could you link me?

I've just seen a number of studies that seem to suggest that OSX attacks are growing in proportion with OSX market share. Thus the exploration of an antivirus option.

I do run Adblock Plus, which kills popups and ads (yes, even the dreaded "MacKeeper"), I'd recommend it if you're sick of that particular ad (or ads in general).

----------
<<< removed image from Cnet of Mac TROJAN>>>

Really?
This one's just 3 days old in terms of media attention (it's also the third article down on the MacRumors home page right now).

Really! The post you reference is for a trojan, not a virus. You might want to look up the difference between a trojan and a virus.

 

[GGJstudios]

So I install Sophos antivirus for OSX earlier today.

I have been using Sophos Anti-Virus for some time now without any problems

Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here and here.

You don't need any 3rd party antivirus software to protect Mac OS X from malware. No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware Info​

If you insist on running 3rd party antivirus, ClamXav is a better choice.

I've just seen a number of studies that seem to suggest that OSX attacks are growing in proportion with OSX market share.

Those studies are wrong. Macs have a larger market share and installed base than ever before, and the amount of malware in the wild has decreased, not increased. Mac OS 9 and earlier had viruses and many more instances of malware than today. Since Mac OS X was released 10 years ago, the number of viruses has decreased to zero, and the only malware that remains are a few trojans, which a prudent user can easily avoid by being careful where they get software they install.

 

[orvn]

Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here and here.

You don't need any 3rd party antivirus software to protect Mac OS X from malware. No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware Info​

If you insist on running 3rd party antivirus, ClamXav is a better choice.

Those studies are wrong. Macs have a larger market share and installed base than ever before, and the amount of malware in the wild has decreased, not increased. Mac OS 9 and earlier had viruses and many more instances of malware than today. Since Mac OS X was released 10 years ago, the number of viruses has decreased to zero, and the only malware that remains are a few trojans, which a prudent user can easily avoid by being careful where they get software they install.

I appreciate the references with regard to Sophos, thanks.
Can you specify some sources regarding the decrease in malicious scripts for OSX?

There's this report from Securina (it's exploit-centric, not malware-centric), but it paints a not-so-pretty picture for potential OS X risks..

I'm interested in your take.

http://www.appleinsider.com/articles/10/07/22/secunia_issues_contradictory_vulnerability_report_assailing_apple.html

 

[GGJstudios]

I'm interested in your take.

That report has nothing to do with malware and is extremely flawed in its approach. From that same article:

A closer look at Secunia's numbers shows a bizarre calculation of vulnerability numbers that appears intentionally designed to mislead, despite the company's stern warnings not to misuse the data.

If you read the rest of the article, it clearly describes the fallacies in the numbers and the approach. The fact that it compares hardware and software companies that are radically dissimilar is one of many obvious flaws, rendering that report completely worthless.

 

[munkery]

InterCheck is a process from Sophos.

Really?
This one's just 3 days old in terms of media attention (it's also the third article down on the MacRumors home page right now).

That is only a proof of concept trojan that is not in the wild.

That trojan also doesn't achieve system-level access via any method. Without system-level access, malware can't access protected data, such as keychains, or protected data entry, such as masked passwords.

Access to protected data is required to make automated mass malware profitable so that proof of concept would only be useful for targeted attacks on specific individuals known to have valuable intellectual property on their computer.

So, even if it was a real threat in the wild, it wouldn't be effective for use in an automated mass malware attack against a broader segment of the Mac user base.

See this thread linked below for more details.

https://forums.macrumors.com/threads/1234691/

There's this report from Securina (it's exploit-centric, not malware-centric), but it paints a not-so-pretty picture for potential OS X risks..

Prior to Lion, Mac OS X included many more plugins (Flash & Java) and media codecs by default than other OSs.

Because these items were included by default in OS X, a vulnerability found in any of those items was included in the count for the number of vulnerabilities found in a default install of OS X.

This doesn't translate to the number of vulnerabilities found in each OS in actual usage because Windows users end up installing Flash, Java, and media codecs during initial setup of their computers.

So, those comparisons are not very valid measures of risk.

Also, most security companies have a Windows-centric view of computer security.

Previous versions of Windows (prior to Vista) only required a single remote arbitrary code execution vulnerability used in an exploit to achieve system-level access to install more malicious malware.

In comparison, Mac OS X has always required a remote arbitrary execution vulnerability to be linked with a local privilege escalation vulnerability in an exploit to achieve system-level access.

Mac OS X has a much lower incidence rate of local privilege escalation vulnerabilities than Windows as well.

This information isn't taken into account in those risk graphs and reports released by security companies.