For 2-3 months, Safari has had a very noticeable slowdown in loading pages, hanging on the initial part of the url, or not loading at all, eventually sending a "server not responding" message. Because my isp is often sludgy, I haven't worried about it. This week however, my console messages window opened unexpectedly and I saw messages similar to what follows. (FYI: I have about 4000 messages in the last week). I am worried about iSkysoft, removeObject..., disappearBtn, hiddenBtn. reload page, etc., and believe I may have a trojan collecting info or tracking my safari usage.
I don't know:
- if that is accurate, or
- if so, how to block and remove the problem.
Any information or knowledgable advice would be appreciated.
3/27/11 9:44:41 AM Safari[2291] iSkysoft: removeObjectFromDic: ReloadPage
3/27/11 9:44:45 AM Safari[2291] iSkysoft: removeObjectFromDic: ReloadPage
3/27/11 9:45:09 AM Safari[2291] iSkysoft: Add Button.
3/27/11 9:45:09 AM Safari[2291] iSkysoft: Show Button: <SFSButton: 0x115xx08b0>(72.0,511.0)
3/27/11 9:45:33 AM Safari[2291] iSkysoft: disappearBtn
3/27/11 9:45:34 AM Safari[2291] iSkysoft: Hidden Button.
3/27/11 9:46:05 AM Safari[2291] iSkysoft: removeObjectFromDic: ReloadPage
When I look iSkysoft up, it is some kind of program to convert video formats. As far as I can tell, I do not have it in my application folder, or on my computer. There are no results from Finder/find if I search for it. Nevertheless, it is in all of my safari messages as above, and they refresh every time I try to load a new page The message identifier or error numbers (in this case, [2291]) change throughout the day.
I have read all I can find on MacRumors and mac forum threads for Safari + Trojan, but haven't seen any info to verify or block such a problem.
At the advice of a forum user, I have run Disk Utility/Repair permissions, and get a series of changes as below. However, when I run verify permissions or rerun Repair permissions, the problems are still there. At the end of the window, I get the (SUID) warning as shown below. I am assuming this is connected with the problem above, but don't know if that is so.
If I run Disc permission repair, I a series (usually 15-20) of changes similar to these (Most have to do with Java):
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib", should be 0, user is 95.
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Libraries", should be 0, user is 95.
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts", should be lrwxr-xr-x , they are lrw-r--r-- .
etc. etc., ending with:
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired.
I don't know:
- if that is accurate, or
- if so, how to block and remove the problem.
Any information or knowledgable advice would be appreciated.
3/27/11 9:44:41 AM Safari[2291] iSkysoft: removeObjectFromDic: ReloadPage
3/27/11 9:44:45 AM Safari[2291] iSkysoft: removeObjectFromDic: ReloadPage
3/27/11 9:45:09 AM Safari[2291] iSkysoft: Add Button.
3/27/11 9:45:09 AM Safari[2291] iSkysoft: Show Button: <SFSButton: 0x115xx08b0>(72.0,511.0)
3/27/11 9:45:33 AM Safari[2291] iSkysoft: disappearBtn
3/27/11 9:45:34 AM Safari[2291] iSkysoft: Hidden Button.
3/27/11 9:46:05 AM Safari[2291] iSkysoft: removeObjectFromDic: ReloadPage
When I look iSkysoft up, it is some kind of program to convert video formats. As far as I can tell, I do not have it in my application folder, or on my computer. There are no results from Finder/find if I search for it. Nevertheless, it is in all of my safari messages as above, and they refresh every time I try to load a new page The message identifier or error numbers (in this case, [2291]) change throughout the day.
I have read all I can find on MacRumors and mac forum threads for Safari + Trojan, but haven't seen any info to verify or block such a problem.
At the advice of a forum user, I have run Disk Utility/Repair permissions, and get a series of changes as below. However, when I run verify permissions or rerun Repair permissions, the problems are still there. At the end of the window, I get the (SUID) warning as shown below. I am assuming this is connected with the problem above, but don't know if that is so.
If I run Disc permission repair, I a series (usually 15-20) of changes similar to these (Most have to do with Java):
Permissions differ on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Classes/jconsole.jar", should be lrwxr-xr-x , they are lrw-r--r-- .
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib", should be 0, user is 95.
User differs on "System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Libraries", should be 0, user is 95.
Permissions differ on "System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts", should be lrwxr-xr-x , they are lrw-r--r-- .
etc. etc., ending with:
Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired.