Security Problem

Discussion in 'MacBook Pro' started by LadySunshine, Mar 23, 2014.

  1. LadySunshine macrumors newbie

    Joined:
    Mar 23, 2014
    #1
    Hi all,

    Please forgive me if this is in the wrong forum. I couldn't find a forum just for security issues.

    I have a 17" Macbook Pro (c. 2009), 2.5 GHz, running 10.6.8. It's been running slow and freezing up, so I repaired Permissions (a whole lot of them) and also had to repair the disk. Right after I repaired the disk successfully, I ran the permissions again. It seemed like there were just as many permission problems as before. I again repaired them and all but one was repaired. It said: Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired.

    I presume SUID stands for System User ID. And Remote Management? Does this mean someone can--or HAS!--taken over my computer? Why wasn't it repaired? Who modified it?

    I ran ClamXav and it said I had 18 infected files. Most were .exe or .exe.part files, but there were three "InstallGenieo.dmg -- Osx.Trojan.Genieo" files and one "InstallGenieo.dmg -- Osx.Adware.Geonei-9" file as well as three email phishing files. I quarantined all the files except the Genieo files. I trashed those.

    I have previous Time Machine Backups (a Seagate GoFlex 1TB external drive) for the last two months, but new backups fail. I verified the TM Drive and it, too, needs to be repaired. I will do this just as soon as I get all my music (nearly 3,000 songs) and some other stuff backed up onto another drive.

    I'm sorry this is so long, but I'm very worried and afraid to use my Mac for any business/banking, etc. Also, I just got an iPhone 4S and I'm afraid to sync it with my calendar, which is what I really need it for. What do I have to do to make sure my Mac is secure?

    Thanks very much for your assistance.

    Sunshine
     
  2. laurihoefs macrumors 6502a

    laurihoefs

    Joined:
    Mar 1, 2013
    #2
    You don't need to worry about the error in Disk Utility: Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore

    Where were the files ClamXav quarantined? Most likely they were email attachments, and if you have never run them, they have not infected your computer.

    So running ClamXav and letting it quarantine the files it found suspicious/infected is all that was needed to make your computer safe. You can use it safely.
     
  3. simon48 macrumors 65816

    simon48

    Joined:
    Sep 1, 2010
    #3
    Feel free to sync your iPhone, as long as you haven't jailbroken it there's nothing that can harm it by syncing it.

    Here's a little info on Genieo (it's a safe link to Wikipedia), it's a browser "add-on".

    Why do your backups fail? Are you running out of space on your backup drive?

    An old computer, running slow, with permission issues sounds like your HD might be dying.
     
  4. Barney63 macrumors 6502a

    Barney63

    Joined:
    Jan 9, 2014
    Location:
    Bolton, UK.
    #4
    I decided to run ClamXav, and I'm quite disturbed about the results :-
    [​IMG]
    It found 41 "infections" although most of them appear to be phishing emails (probably out of my bulk mail), but I don't open any that I'm not expecting.
    Why did it only quarantine one copy of "Osx.Adware.Geonei-9"?
    I'm not sure where the zip files or the exe files have come from, I've not downloaded any cracks!

    Barney
     
  5. LadySunshine thread starter macrumors newbie

    Joined:
    Mar 23, 2014
    #5
    Hi,

    Thanks for the quick response and the reassurance. That Permission I was worried about is on the list of Permissions I can ignore. As to the original location of the files, I don't know where they were. ClamXav doesn't seem to give that information but I don't think I ran anything.

    Thanks again.
     
  6. LadySunshine thread starter macrumors newbie

    Joined:
    Mar 23, 2014
    #6
    Hi, Simon,

    Yes, that's what I'm afraid of. But I can't afford a new Mac right now. :(

    Anyway, thanks for the advice and the info on Genieo. I don't think I'm running out of space. (When you do, doesn't TimeMachine just delete the oldest backup?) My backups ran fine in the past couple of months. It was only this last one from the other day that failed. I verified both partitions on the backup drive and the TimeMachine partition also needs to be repaired. During the last backup I did, I think one of these files might have been copied to the drive. Could that be why the backup failed?

    I'm in the process of backing up stuff to the good partition before I try to repair the TimeMachine partition. I just need to figure out a reasonably easy way to transfer my 3000+ song iTunes library. I can't just sync it because when I select Devices from the iTunes pull down File menu everything is grayed out.

    One more question: If I repair my TimeMachine will I lose anything that was on it? I didn't lose anything when I repaired the HD in the mac. Will TimeMachine be the same or should I try to back up other stuff to be sure? If nothing is lost, my iTunes should be on there already.
     

Share This Page