Security Problem

LadySunshine

macrumors newbie
Original poster
Mar 23, 2014
3
0
Hi all,

Please forgive me if this is in the wrong forum. I couldn't find a forum just for security issues.

I have a 17" Macbook Pro (c. 2009), 2.5 GHz, running 10.6.8. It's been running slow and freezing up, so I repaired Permissions (a whole lot of them) and also had to repair the disk. Right after I repaired the disk successfully, I ran the permissions again. It seemed like there were just as many permission problems as before. I again repaired them and all but one was repaired. It said: Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent" has been modified and will not be repaired.

I presume SUID stands for System User ID. And Remote Management? Does this mean someone can--or HAS!--taken over my computer? Why wasn't it repaired? Who modified it?

I ran ClamXav and it said I had 18 infected files. Most were .exe or .exe.part files, but there were three "InstallGenieo.dmg -- Osx.Trojan.Genieo" files and one "InstallGenieo.dmg -- Osx.Adware.Geonei-9" file as well as three email phishing files. I quarantined all the files except the Genieo files. I trashed those.

I have previous Time Machine Backups (a Seagate GoFlex 1TB external drive) for the last two months, but new backups fail. I verified the TM Drive and it, too, needs to be repaired. I will do this just as soon as I get all my music (nearly 3,000 songs) and some other stuff backed up onto another drive.

I'm sorry this is so long, but I'm very worried and afraid to use my Mac for any business/banking, etc. Also, I just got an iPhone 4S and I'm afraid to sync it with my calendar, which is what I really need it for. What do I have to do to make sure my Mac is secure?

Thanks very much for your assistance.

Sunshine
 

laurihoefs

macrumors 6502a
Mar 1, 2013
792
22
You don't need to worry about the error in Disk Utility: Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore

Where were the files ClamXav quarantined? Most likely they were email attachments, and if you have never run them, they have not infected your computer.

So running ClamXav and letting it quarantine the files it found suspicious/infected is all that was needed to make your computer safe. You can use it safely.
 

simon48

macrumors 65816
Sep 1, 2010
1,315
88
Feel free to sync your iPhone, as long as you haven't jailbroken it there's nothing that can harm it by syncing it.

Here's a little info on Genieo (it's a safe link to Wikipedia), it's a browser "add-on".

Why do your backups fail? Are you running out of space on your backup drive?

An old computer, running slow, with permission issues sounds like your HD might be dying.
 

Barney63

macrumors 6502a
Jan 9, 2014
799
1
Bolton, UK.
I decided to run ClamXav, and I'm quite disturbed about the results :-

It found 41 "infections" although most of them appear to be phishing emails (probably out of my bulk mail), but I don't open any that I'm not expecting.
Why did it only quarantine one copy of "Osx.Adware.Geonei-9"?
I'm not sure where the zip files or the exe files have come from, I've not downloaded any cracks!

Barney
 

LadySunshine

macrumors newbie
Original poster
Mar 23, 2014
3
0
You don't need to worry about the error in Disk Utility: Mac OS X: Disk Utility's Repair Disk Permissions messages that you can safely ignore

Where were the files ClamXav quarantined? Most likely they were email attachments, and if you have never run them, they have not infected your computer.

So running ClamXav and letting it quarantine the files it found suspicious/infected is all that was needed to make your computer safe. You can use it safely.
Hi,

Thanks for the quick response and the reassurance. That Permission I was worried about is on the list of Permissions I can ignore. As to the original location of the files, I don't know where they were. ClamXav doesn't seem to give that information but I don't think I ran anything.

Thanks again.
 

LadySunshine

macrumors newbie
Original poster
Mar 23, 2014
3
0
Feel free to sync your iPhone, as long as you haven't jailbroken it there's nothing that can harm it by syncing it.

Here's a little info on Genieo (it's a safe link to Wikipedia), it's a browser "add-on".

Why do your backups fail? Are you running out of space on your backup drive?

An old computer, running slow, with permission issues sounds like your HD might be dying.
Hi, Simon,

Yes, that's what I'm afraid of. But I can't afford a new Mac right now. :(

Anyway, thanks for the advice and the info on Genieo. I don't think I'm running out of space. (When you do, doesn't TimeMachine just delete the oldest backup?) My backups ran fine in the past couple of months. It was only this last one from the other day that failed. I verified both partitions on the backup drive and the TimeMachine partition also needs to be repaired. During the last backup I did, I think one of these files might have been copied to the drive. Could that be why the backup failed?

I'm in the process of backing up stuff to the good partition before I try to repair the TimeMachine partition. I just need to figure out a reasonably easy way to transfer my 3000+ song iTunes library. I can't just sync it because when I select Devices from the iTunes pull down File menu everything is grayed out.

One more question: If I repair my TimeMachine will I lose anything that was on it? I didn't lose anything when I repaired the HD in the mac. Will TimeMachine be the same or should I try to back up other stuff to be sure? If nothing is lost, my iTunes should be on there already.