# Malware That Deleted All My Files



## lesande (Aug 16, 2015)

Hi,
two days ago, somehow, my mac os x yosemite (10.10.5) got infected by a malware and it deleted almost all my files from my home directory and I have no idea how it happened (it wasn't because  clicked on some advert, I wasn't even browsing the web when it happened and I also run adblock on my chrome, safari and firefox browsers). Suddenly at 10pm, a xterm windows showed up with tons of lines running by with filenames and "permission denied" messages. I paniced and shut down the computer.
I then restarted it and then when i open the terminal, the xterm came up and started with similar "permission denied" messages (I figured it auto launched when I opened the terminal). I shut down again and it did not appear to shut down completed. Then after a few minutes I tried to start it up and it did not start for the next 5 or 10 minutes or so. Then when it did start up, the yosemite settings were all fresh (for example, my doc was moved from left to the bottom center etc, as it would be if it was a fresh install). Then I looked at my home directory and almost all the files were deleted, strangely except some (I guess these must have different permission).
I lost all my photos and files I was working on. I have a time machine backup which is 70 days old.
I looked at the console and this is what I found. Can someone please tell me what this is and how it happened and how I can eliminate it from my system? The console log is below.
Thank you
Les

2015-08-14 10:00:23.702 PMFinder[240]CreateWithFileInfo failed to create URL with FSRef, falling back to blank icon.

2015-08-14 10:00:24.620 PMbird[267]someone ripped the database from under our feet





 LIMITS ------------------------------------------------------------------------



RLIMIT_CORE              0    infinity

RLIMIT_CPU        infinity    infinity

RLIMIT_DATA       infinity    infinity

RLIMIT_FSIZE      infinity    infinity

RLIMIT_MEMLOCK    infinity    infinity

RLIMIT_NOFILE        16384       16384

RLIMIT_NPROC           709        1064

RLIMIT_RSS        infinity    infinity



 DISK  (/Users/userx/Library/Mobile Documents)--------------------------------



NSFileSystemNodes       121846308

NSFileSystemSize     499082485760

NSFileSystemFreeSize 220219854848

NSFileSystemFreeNodes    53764613

NSFileSystemNumber       16777220

2015-08-14 10:00:24.637 PMcom.apple.xpc.launchd[1](com.apple.ReportCrash[21508]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash

2015-08-14 10:00:24.807 PMcom.apple.SecurityServer[85]Killing auth hosts

2015-08-14 10:00:24.807 PMcom.apple.SecurityServer[85]Session 100122 destroyed

2015-08-14 10:00:28.333 PMcom.apple.xpc.launchd[1](com.apple.bird[267]) Service exited due to signal: Abort trap: 6

2015-08-14 10:00:28.392 PMReportCrash[21508]Saved crash report for bird[267] version 321.9 to /Users/userx/Library/Logs/DiagnosticReports/bird_2015-08-14-220028_OLM-userx.crash

2015-08-14 10:00:31.108 PMcloudphotosd[519]Failed to open '/Users/userx/Library/Containers/com.apple.cloudphotosd/Data/Library/Preferences/com.apple.cloudphotosd.plist' for events

2015-08-14 10:01:07.911 PMsharingd[254]Could not replace account with identifier: _local

2015-08-14 10:01:07.913 PMcom.apple.internetaccounts[262]Could not replace account with identifier: _local

2015-08-14 10:01:07.915 PMsoagent[268]Could not replace account with identifier: _local

2015-08-14 10:01:07.915 PMCalNCService[279]Could not replace account with identifier: _local

2015-08-14 10:01:07.917 PMCalendarAgent[261]Could not replace account with identifier: _local

2015-08-14 10:01:07.918 PMcallservicesd[287]Could not replace account with identifier: _local

2015-08-14 10:01:07.919 PMDataDetectorsDynamicData[1308]Could not replace account with identifier: _local

2015-08-14 10:01:23.314 PMDock[238]void CGSShmemReleaseMappedMemory(CGSShmemID): failed to find shmem ID 49670.

2015-08-14 10:01:38.000 PMkernel[0]Sandbox: rm(21685) System Policy: deny file-write-unlink /Users/userx/.cache/fontconfig/a1a78d9c18cd095d3829c724810e6ffb-le64.cache-4

2015-08-14 10:01:38.000 PMkernel[0]Sandbox: rm(21685) System Policy: deny file-write-unlink /Users/userx/.cache/fontconfig/bc06c1eea3e636f72101cafc3fb39508-le64.cache-4

2015-08-14 10:01:38.000 PMkernel[0]Sandbox: rm(21685) System Policy: deny file-write-unlink /Users/userx/.fontconfig/84c0f976e30e948e99073af70f4ae876-le64.cache-4

2015-08-14 10:01:45.971 PMwarmd[60][_bootcachectl_playlist_for_file:3202] Unable to generate playlist for file: 2 No such file or directory

2015-08-14 10:01:45.973 PMwarmd[60][_bootcachectl_playlist_for_file:3202] Unable to generate playlist for file: 2 No such file or directory

2015-08-14 10:01:45.975 PMdiagnostics_agent[351]Error saving state to file:///Users/userx/Library/Application%20Support/CrashReporter/Intervals_B3E4DC58-72F6-5718-B2FD-F0C1D34474B5.plist

2015-08-14 10:01:45.977 PMwarmd[60][_bootcachectl_playlist_for_file:3202] Unable to generate playlist for file: 2 No such file or directory

2015-08-14 10:01:45.979 PMwarmd[60][_bootcachectl_playlist_for_file:3202] Unable to generate playlist for file: 2 No such file or directory

2015-08-14 10:01:45.979 PMwarmd[60][_bootcachectl_playlist_for_file:3202] Unable to generate playlist for file: 2 No such file or directory

2015-08-14 10:03:15.000 PMbootlog[0]BOOT_TIME 1439586195 0

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.AccountPolicyHelper" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.authd" sharing output destination "/var/log/asl" with ASL Module "com.apple.asl".

Output parameters from ASL Module "com.apple.asl" override any specified in ASL Module "com.apple.authd".

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.authd" sharing output destination "/var/log/system.log" with ASL Module "com.apple.asl".

Output parameters from ASL Module "com.apple.asl" override any specified in ASL Module "com.apple.authd".

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.authd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.awdd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.callhistory.asl.conf" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.cloudd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.clouddocs" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.commerce.asl" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.CoreDuetAdmissionControl" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.eventmonitor" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.family.asl" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.ical" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.icloud.FindMyDevice" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.install" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.iokit.power" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.mail" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.MessageTracer" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.networking.symptoms" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.networking.symptoms" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.performance" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.sandbox.telemetry" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.secinitd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.securityd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.securityd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.securityd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.securityd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.securityd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.securityd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMsyslogd[45]Configuration Notice:

ASL Module "com.apple.securityd" claims selected messages.

Those messages may not appear in standard system log files or in the ASL database.

2015-08-14 10:03:19.000 PMkernel[0]Longterm timer threshold: 1000 ms

2015-08-14 10:03:19.000 PMkernel[0]PMAP: PCID enabled

2015-08-14 10:03:19.000 PMkernel[0]PMAP: Supervisor Mode Execute Protection enabled

2015-08-14 10:03:19.000 PMkernel[0]Darwin Kernel Version 14.4.0: Thu May 28 11:35:04 PDT 2015; root:xnu-2782.30.5~1/RELEASE_X86_64

2015-08-14 10:03:19.000 PMkernel[0]vm_page_bootstrap: 3949351 free pages and 212185 wired pages

2015-08-14 10:03:19.000 PMkernel[0]kext submap [0xffffff7f80a00000 - 0xffffff8000000000], kernel text [0xffffff8000200000 - 0xffffff8000a00000]

2015-08-14 10:03:19.000 PMkernel[0]zone leak detection enabled

2015-08-14 10:03:19.000 PMkernel[0]"vm_compressor_mode" is 4

2015-08-14 10:03:19.693 PMcom.apple.xpc.launchd[1](com.apple.alf) The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.

2015-08-14 10:03:19.000 PMkernel[0]multiq scheduler config: deep-drain 0, urgent first 1, depth limit 4, band limit 127, sanity check 0

2015-08-14 10:03:19.000 PMkernel[0]standard timeslicing quantum is 10000 us

2015-08-14 10:03:19.000 PMkernel[0]standard background quantum is 2500 us

2015-08-14 10:03:19.000 PMkernel[0]mig_table_max_displ = 13

2015-08-14 10:03:19.000 PMkernel[0]TSC Deadline Timer supported and enabled

2015-08-14 10:03:19.000 PMkernel[0]AppleACPICPU: ProcessorId=1 LocalApicId=0 Enabled

2015-08-14 10:03:19.000 PMkernel[0]AppleACPICPU: ProcessorId=2 LocalApicId=2 Enabled

2015-08-14 10:03:19.000 PMkernel[0]AppleACPICPU: ProcessorId=3 LocalApicId=1 Enabled

2015-08-14 10:03:19.000 PMkernel[0]AppleACPICPU: ProcessorId=4 LocalApicId=3 Enabled

2015-08-14 10:03:19.000 PMkernel[0]AppleACPICPU: ProcessorId=5 LocalApicId=255 Disabled

2015-08-14 10:03:19.000 PMkernel[0]AppleACPICPU: ProcessorId=6 LocalApicId=255 Disabled

2015-08-14 10:03:19.000 PMkernel[0]AppleACPICPU: ProcessorId=7 LocalApicId=255 Disabled

2015-08-14 10:03:19.000 PMkernel[0]AppleACPICPU: ProcessorId=8 LocalApicId=255 Disabled

2015-08-14 10:03:19.000 PMkernel[0]calling mpo_policy_init for TMSafetyNet

2015-08-14 10:03:19.000 PMkernel[0]Security policy loaded: Safety net for Time Machine (TMSafetyNet)

2015-08-14 10:03:19.000 PMkernel[0]calling mpo_policy_init for AMFI

2015-08-14 10:03:19.000 PMkernel[0]Security policy loaded: Apple Mobile File Integrity (AMFI)

2015-08-14 10:03:19.000 PMkernel[0]calling mpo_policy_init for Sandbox

2015-08-14 10:03:19.000 PMkernel[0]Security policy loaded: Seatbelt sandbox policy (Sandbox)

2015-08-14 10:03:19.000 PMkernel[0]calling mpo_policy_init for Quarantine

2015-08-14 10:03:19.000 PMkernel[0]Security policy loaded: Quarantine policy (Quarantine)

2015-08-14 10:03:19.000 PMkernel[0]Copyright (c) 1982, 1986, 1989, 1991, 1993

2015-08-14 10:03:19.000 PMkernel[0]The Regents of the University of California. All rights reserved.

2015-08-14 10:03:19.000 PMkernel[0]MAC Framework successfully initialized

2015-08-14 10:03:19.000 PMkernel[0]using 16384 buffer headers and 10240 cluster IO buffer headers

2015-08-14 10:03:19.000 PMkernel[0]AppleKeyStore starting (BUILT: May 28 2015 11:11:45)

2015-08-14 10:03:19.000 PMkernel[0]IOAPIC: Version 0x20 Vectors 64:103

2015-08-14 10:03:19.000 PMkernel[0]ACPI: sleep states S0 S3 S4 S5

2015-08-14 10:03:19.000 PMkernel[0]pci (build 11:17:08 May 28 2015), flags 0xe3400, pfm64 (39 cpu) 0x7f80000000, 0x80000000

2015-08-14 10:03:19.000 PMkernel[0][ PCI configuration begin ]

2015-08-14 10:03:19.000 PMkernel[0]console relocated to 0x7f90000000

2015-08-14 10:03:19.000 PMkernel[0][ PCI configuration end, bridges 12, devices 12 ]

2015-08-14 10:03:19.000 PMkernel[0]AppleThunderboltNHIType2::setupPowerSavings - GPE based runtime power management

2015-08-14 10:03:19.000 PMkernel[0]SATA WARNING: IDENTIFY DEVICE checksum not implemented.

2015-08-14 10:03:19.000 PMkernel[0]mcache: 4 CPU(s), 64 bytes CPU cache line size

2015-08-14 10:03:19.000 PMkernel[0]mbinit: done [128 MB total pool size, (85/42) split]

2015-08-14 10:03:19.000 PMkernel[0]rooting via boot-uuid from /chosen: 0713DC30-6402-309A-895D-4518E3DC3435

2015-08-14 10:03:19.000 PMkernel[0]Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>

2015-08-14 10:03:19.000 PMkernel[0]com.apple.AppleFSCompressionTypeZlib kmod start

2015-08-14 10:03:19.000 PMkernel[0]com.apple.AppleFSCompressionTypeDataless kmod start

2015-08-14 10:03:19.000 PMkernel[0]com.apple.AppleFSCompressionTypeZlib load succeeded

2015-08-14 10:03:19.000 PMkernel[0]com.apple.AppleFSCompressionTypeDataless load succeeded

2015-08-14 10:03:19.000 PMkernel[0]CoreStorage: fsck_cs has finished for group "D68AEBA6-819D-4F6C-A378-EEA3BCE28852" with status 0x00

2015-08-14 10:03:19.000 PMkernel[0]ARPT: 1.248359: srom rev:11

2015-08-14 10:03:19.000 PMkernel[0]ARPT: 1.257582: BRCM tunables:

2015-08-14 10:03:19.000 PMkernel[0]ARPT: 1.257589:   pullmode[1] txringsize[  256] txsendqsize[1024] reapmin[   32] reapcount[  128]

2015-08-14 10:03:19.000 PMkernel[0]ARPT: 1.259315: wl0: Broadcom BCM43a0, vendorID[0x14e4] BAR0[0xb0600004]

2015-08-14 10:03:19.000 PMkernel[0]7.15.166.24 (r541488)

2015-08-14 10:03:19.000 PMkernel[0]CoreStorageFamily::unlockVEKs(23075B0E-4375-44A2-AD27-48BA34A509B6) was successful.

2015-08-14 10:03:19.000 PMkernel[0]Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/RP06@1C,5/IOPP/SSD0@0/AppleAHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/APPLE SSD SM0512F Media/IOGUIDPartitionScheme/Macintosh HD@2/CoreStoragePhysical/Macintosh HD/Macintosh HD

2015-08-14 10:03:19.000 PMkernel[0]BSD root: disk1, major 1, minor 4

2015-08-14 10:03:19.000 PMkernel[0]jnl: b(1, 4): replay_journal: from: 31946240 to: 21386752 (joffset 0x1a38b000)

2015-08-14 10:03:19.000 PMkernel[0]USB (XHCI Root Hub USB 2.0 Simulation)ort 3 on bus 0xa connected or disconnected: portSC(0xe0206e1)

2015-08-14 10:03:19.000 PMkernel[0]USB (XHCI Root Hub USB 2.0 Simulation)ort 5 on bus 0xa connected or disconnected: portSC(0xe0206e1)

2015-08-14 10:03:19.000 PMkernel[0]USBMSC Identifier (non-unique): 000000000820 0x5ac 0x8406 0x820, 3

2015-08-14 10:03:19.000 PMkernel[0]AppleUSBMultitouchDriver::checkStatus - received Status Packet, Payload 2: device was reinitialized

2015-08-14 10:03:19.000 PMkernel[0]jnl: b(1, 4): journal replay done.

2015-08-14 10:03:19.000 PMkernel[0]hfs: mounted Macintosh HD on device root_device

2015-08-14 10:03:19.000 PMkernel[0]XCPM: registered

2015-08-14 10:03:19.000 PMkernel[0]VM Swap Subsystem is ON

2015-08-14 10:03:19.000 PMkernel[0]hfs: Removed 2763 orphaned / unlinked files and 6318 directories 

2015-08-14 10:03:19.693 PMcom.apple.xpc.launchd[1](com.apple.audio.coreaudiod) Unknown key for array: seatbelt-profiles

2015-08-14 10:03:19.694 PMcom.apple.xpc.launchd[1](com.apple.auditd) The TimeOut key is no longer respected. It never did anything anyway.

2015-08-14 10:03:19.806 PMhidd[106]void __IOHIDPlugInLoadBundles(): Loaded 0 HID plugins

2015-08-14 10:03:19.806 PMfseventsd[49]event logs in /.fseventsd out of sync with volume.  destroying old logs. (287022 4 287115)

2015-08-14 10:03:19.812 PMhidd[106]IOHIDService compatibility thread running at priority 63 and schedule 2.

2015-08-14 10:03:19.834 PMcom.apple.SecurityServer[85]Session 100000 created

2015-08-14 10:03:19.694 PMcom.apple.xpc.launchd[1](com.apple.backupd-helper.status) The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.

2015-08-14 10:03:19.902 PMfseventsd[49]log dir: /.fseventsd getting new uuid: C090551C-DE6B-4AE6-B308-7A144CC5C020

2015-08-14 10:03:19.694 PMcom.apple.xpc.launchd[1](com.apple.backupd-auto) This service is defined to be constantly running and is inherently inefficient.

2015-08-14 10:03:19.694 PMcom.apple.xpc.launchd[1](com.apple.backupd-status) The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.

2015-08-14 10:03:19.694 PMcom.apple.xpc.launchd[1](com.apple.backupd.status.xpc) The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.

2015-08-14 10:03:19.694 PMcom.apple.xpc.launchd[1](com.apple.bsd.dirhelper) The TimeOut key is no longer respected. It never did anything anyway.

2015-08-14 10:03:19.695 PMcom.apple.xpc.launchd[1](com.apple.autofsd) This service is defined to be constantly running and is inherently inefficient.

2015-08-14 10:03:19.695 PMcom.apple.xpc.launchd[1](com.apple.configd) This service is defined to be constantly running and is inherently inefficient.

2015-08-14 10:03:19.695 PMcom.apple.xpc.launchd[1](com.apple.cmio.VDCAssistant) ThrottleInterval set to zero. You're not that important. Ignoring.

2015-08-14 10:03:19.695 PMcom.apple.xpc.launchd[1](com.apple.cmio.IIDCVideoAssistant) ThrottleInterval set to zero. You're not that important. Ignoring.

2015-08-14 10:03:19.696 PMcom.apple.xpc.launchd[1](com.apple.cmio.AVCAssistant) ThrottleInterval set to zero. You're not that important. Ignoring.

2015-08-14 10:03:19.696 PMcom.apple.xpc.launchd[1](com.apple.coreservicesd) The HopefullyExitsLast key is no longer respected. Please remove it.

2015-08-14 10:03:19.696 PMcom.apple.xpc.launchd[1](com.apple.coreduetd) This service is defined to be constantly running and is inherently inefficient.

2015-08-14 10:03:19.000 PMkernel[0]IO80211Controller::dataLinkLayerAttachComplete():  adding AppleEFINVRAM notification

2015-08-14 10:03:19.000 PMkernel[0]IO80211Interface::efiNVRAMPublished():  

2015-08-14 10:03:19.000 PMkernel[0]bpfAttach len 64 dlt 12

2015-08-14 10:03:19.982 PMwatchdogd[60] [watchdog_daemon] @(    wd_watchdog_open) - IOIteratorNext failed (kr=0)

2015-08-14 10:03:19.982 PMwatchdogd[60] [watchdog_daemon] @(      wd_daemon_init) - could not initialize the hardware watchdog

2015-08-14 10:03:19.982 PMwatchdogd[60] [watchdog_daemon] @(                main) - cannot initialize the watchdog service

2015-08-14 10:03:19.984 PMcom.apple.xpc.launchd[1](com.apple.watchdogd) Service only ran for 0 seconds. Pushing respawn out by 10 seconds.

2015-08-14 10:03:20.025 PMcom.apple.xpc.launchd[1](com.apple.FileSyncAgent.PHD.isRunning) The HideUntilCheckIn property is an architectural performance issue. Please transition away from it.

2015-08-14 10:03:20.030 PMcom.apple.xpc.launchd[1](com.apple.mbloginhelper.user) This key does not do anything: OnDemand

2015-08-14 10:03:20.037 PMcom.apple.xpc.launchd[1](com.apple.mbpluginhost.user) This key does not do anything: OnDemand

2015-08-14 10:03:20.050 PMcom.apple.xpc.launchd[1](com.apple.secd) This key does not do anything: OnDemand

2015-08-14 10:03:20.066 PMcom.apple.SecurityServer[85]Entering service

2015-08-14 10:03:20.050 PMcom.apple.xpc.launchd[1](com.apple.secd) The ServiceIPC key is no longer respected. Please remove it.

2015-08-14 10:03:20.062 PMcom.apple.xpc.launchd[1](com.apple.speech.speechsynthesisd) This key does not do anything: OnDemand

2015-08-14 10:03:20.063 PMcom.apple.xpc.launchd[1](com.apple.TrustEvaluationAgent) This key does not do anything: OnDemand

2015-08-14 10:03:20.140 PMpowerd[55]Activity changes from 0xffff to 0x1. Assertions:1 HidState:0

2015-08


----------



## Cheryl (Aug 16, 2015)

I suggest you read this article and follow the advice

https://discussions.apple.com/docs/DOC-2435


----------



## lesande (Aug 16, 2015)

Thank you


----------



## Satcomer (Aug 17, 2015)

Plus to make sure download and run the free applications EtreCheck. It will print out a System Report on all the applications extras in your system and show you path in the print out to manually delete those bad files.  The other free application is MalwareBytes.


----------



## chase_daniel (Aug 21, 2018)

That link provided to the fairly out-dated post about malware is somewhat useful but for anyone reading this years later keep in mind that it's by no means a fullproof strategy and if anything perpetuates the myth that Macs aren't vunerable to malware.

It's kinda funny that whenever a question like this pops up someone always drops in (as if searching for qustions like this to add this type of comment to on a regular basis) and says "download EtreCheck"

Now think for a second...you are having problems with malware and some anonymous person on the internet says go download this 3rd party app which can't make into the Mac App Store and then also asks you to hand over your adminstrator password all to get some very basic information about your computer and doing so is generally not recommended by Apple. 

There's very little that EtreCheck actually does other than provide an easy to use app interface to the utilities it uses to get the data included in the report. Sounds great except it's a little comical that it's using utilities (like the commands you can enter into Terminal) to get this information... So running something like system_profiler in Terminal will give you better information or using the options in the Apple Menu will too.

The really bad part is that EtreCheck is really a trojan horse malware program. Thanks to its ability to disguise itself as an antivirus-like product most people never even think twice when they download random files off the internet then type in their root password. Several hours or days even after you have run the program it will make communications with its malware servers. Many anti-virus companies have flagged it as malware but thanks to a small group of fanatical usernames recommending it, people seem to trust it and refuse to believe that there Mac isn't magical, it is infected, it probably has been for YEARS, and they probably downloaded the malware themselves...then gave it their password. 

Why won't Apple stop this? It's not in their best interest to blow the whistle on something they themselves have a lot of responsiblity for letting in the gates via the Apple Communities forum. Things are reaching a tipping point though in regards to public opinion on Mac malware and Apple reputation as mostly immune is at stake. Something that investors should be concerned about considering that a lot of the reason people switched away from PCs is that they were told that malware is strictly a PC issue. Remeber that old PC vs. Mac commercial?


----------



## Cheryl (Aug 21, 2018)

As a computer user, you must be aware of the tricks and games that are out there. Yes, for every OS there are apps that hide the fact that it is a malware. Click on an ad that touts 'what every Mac user should know' and you are brought to a page that insists you download their product. 

EtreCheck is a helpful app for those who are squeamish about using Terminal. Not everyone is a superuser. 

Can you give us the basis to your claims that it is a Malware? You say several anti-virus companies. - Who? Do you have evidence from your own experience?


----------

