Phishing & out of date certificates

[mazzy]

I posted here when I first got my mac because I had been hacked using windows, and was still paranoid. You calmed my fears and I've felt safe until recently. Hopefully, you can either calm my fears again, or help me resolve my problems.

Both of my kids use Windows and have gotten horrible viruses and trojans from using myspace. We use the same router to connect to the internet, but don't share files or connections. Now suddenly, I think I'm being redirected to spoofed sites. I've had certificates pop-up that I can't shut down without force quitting my browser, and I've tried it with all 3 browsers, Safari, Firefox, and Opera. I'm also having java problems. The first time it happened, a certificate warning popped up, and I was stupid enough to click on whether or not to verify it. It was of course out of date. And this is the same problems that I'd been having when I got hacked using windows. Or at least this is how it began, and then it escalated into several other users logged on when I was supposed to be the only one. One other thing that was common is the redirection to sites that are Eastern European or Asian.

So is it still paranoia?

I really appreciate the good work you guys do! Doctors for the paranoid patients!

 

[Satcomer]

OK. I am not sure short of reformatting the Windows machines. first you want to stop anything from pointing your web address into another direction. So go to OpenDNS.com and follow the directions for changing the DNS (Domain Name Server) in YOUR ROUTER. OpenDNS.com will walk you through in setting up changing where you get your DNS names.

The best part of this service is it is FREE. I urge you to sign up for an account so your can block phishing sites as well as site YOU designate that you don't want your kids looking at.

Doing OpenDNS.com doesn't change anything in your computers and your kids will know nothing happened at all.

For your Trojan problems on the Windows machines, wipe them and reformat the machines. This is the only safe way of making sure you get rid of all the problems. Plus make sure you keep the latest VIRUS protection on the Windows machines. You can even get pretty good free ones like AVG.

Good Luck.

 

[mazzy]

Thank you. Hopefully this will resolve my problems!

 

[Mikuro]

There was recently a trojan horse released for OS X that could change your Mac's DNS server. DNS servers are what resolve domain names (e.g., www.apple.com) to actual internet addresses, so having it changed to something malicious could send you to fake sites when you enter trusted URLs like www.apple.com or something like that.

For info on how to detect if you have this trojan and how to remove it if you do, see http://www.macworld.com/2007/10/firstlooks/trojanhorse/index.php

This is, as far as I know, the first (and only) case of malware for OS X in the wild.

 

[mazzy]

Mikuro, thanks for the information re the trojan. As soon as I finish posting here, I'll check out the info, as that may very well be what I have going on.

I'm unable to update my router using OpenDNS.com. I've tried to modify some settings, but then I'm unable to log in, and I've had to do an archive and install. I should probably do a clean install, but I have too many things that I need to save, and haven't had the time to back it all up.

My router settings show my DHCP Server as 10.228.192.1. Which means it's not coming through rr, right? Lookup says BLACKHOLE-1.IANA.ORG, which sounds really scary.......

And can anyone tell me what this is?
/private/tftpboot/private/tftpboot
The last tftpboot is a symlink to my entire harddrive.

xxxxx-computer:~ xxxx$ sysctl -A vfs | sort
vfs.cd9660 has 0 mounted instances
vfs.devfs has 1 mounted instance
vfs.fdesc has 1 mounted instance
vfs.generic.nfs.client.initialdowndelay: 12
vfs.generic.nfs.client.nextdowndelay: 30
vfs.generic.vfsidlist: Format:S,fsid Length:40 Dump:0x0200000e11000000745f880213000000...
vfs.hfs has 2 mounted instances
vfs.nfs has 1 mounted instance
vfs.ufs has 0 mounted instances
vfs.union has 0 mounted instances
vfs.volfs has 1 mounted instance


I don't really understand all of this, so sorry if this is normal.

I had a rootkit on my Windows machine that allowed other users to own it. And today I find this in my console log--
Assert failed: /Users/dave/dev/flash/player/FlashPlayer/platform/mac/plugins/../../generic/genericjpeg.cpp:85

......Whos's dave?

 

[mazzy]

I'm not certain that I found the problem. but I think I'm getting down to it.

I must have a variant of the trojan mentioned by Mikuro. I followed the link that he posted and followed the directions. But I'm unable to shutdown anything. It restarts almost immediately. I've managed to cripple cron for now,by hacking the files, but I see it waiting for me to reboot. If I delete something it returns as a .gz file hidden in a man folder, then restores itself at boot. I also found a file named Conf.plist in /Library/Receipts/Essentials.pkg/Contents/Resources/.

<key>ConfFilesToMigrate</key>
<dict>
<key>/private/etc/httpd/httpd.conf</key>
<dict>
<key>UpdatableChecksums</key>
<array>
<string>1163449114</string>
<string>1659306689</string>
<string>2345894286</string>
<string>2038725909</string>
</array>
<key>UpdateBehavior</key>
<string>LeaveInstalledCopyActive</string>
</dict>
<key>/private/etc/cups/cupsd.conf</key>
<dict>
<key>UpdatableChecksums</key>
<array>
<string>273726302</string>
<string>1438806504</string>
<string>2397287665</string>
<string>1484694433</string>
<string>1508800307</string>
</array>
<key>UpdateBehavior</key>
<string>LeaveUserCopyActive</string>
</dict>
<key>/private/etc/cups/printers.conf</key>
<dict>
<key>UpdatableChecksums</key>
<array>
<string>2550502157</string>
<string>4206362881</string>
</array>
<key>UpdateBehavior</key>
<string>LeaveUserCopyActive</string>
</dict>
<key>/private/etc/cups/classes.conf</key>
<dict>
<key>UpdatableChecksums</key>
<array>
<string>919518434</string>
<string>3003026938</string>
<string>1009940033</string>
</array>
<key>UpdateBehavior</key>
<string>LeaveUserCopyActive</string>
</dict>
<key>/private/etc/cups/client.conf</key>
<dict>
<key>UpdatableChecksums</key>
<array>
<string>839651443</string>
<string>1721921387</string>
<string>344085176</string>
</array>
<key>UpdateBehavior</key>
<string>LeaveUserCopyActive</string>
</dict>
<key>/private/etc/sudoers</key>
<dict>
<key>UpdatableChecksums</key>
<array>
<string>1950132601</string>
</array>
<key>UpdateBehavior</key>
<string>LeaveUserCopyActive</string>
</dict>

Activity monitor shows--
kernel_task
launchd - dynamic_pager, kextd, KernelEventAgent, mDNSResponder, netinfod, syslogd
configd - blued
coreaudiod
diskarbitrationd
memberd
securityd
notifyd
distnoted
DirectoryService
update
loginwindow - pbs
coreservicesd
WindowServer- Dock, SystemUIServer, UniversalAccessApp, AppleSpell,
Safari, Finder
Activity Monitor- pmTool
WindowServer- Dock, SystemUIServer, UniversalAccessApp
Terminal - login sh
ATSServer
crashreporterd
mds
cupsd
lookupd
ntpd
nfsiod
rpc.lockd
automount
automount

And some of my files are wine files I think--plist shows MerlotPackageData.

That really makes me nervous because on windows I had some sort of FreeBSD rootkit, and many of the files were wine.

Can anyone tell me what to do?

Or maybe, just tell me it's all normal.........

 

[Mikuro]

All of that (from both of the last two posts) looks normal enough. At least, it's pretty much in line with the results I get, and nothing's wrong with my system.

I don't know who Dave is, but he's not part of OS X. Is there any folder called "dave" in the /Users folder? Maybe from a previous owner of the machine? What about in the Accounts section of System Preferences?

The /Library/Receipts/Essentials.pkg/Contents/Resources/Conf.plist file you posted is identical to mine. It shouldn't be a problem.

What happened when you ran the commands detailed in that article ("sudo crontab -l" and the scutil command to show DNS servers)?

I've never heard of MerlotPackageData, but then I've never used Wine, so I guess I wouldn't have. What plist referred to this?

 

[mazzy]

I finally was able to update using OpenDNS.com, and now I get the message "no crontab for root", and scutil shows the open DNS addresses. Before, I got the message that I had to log in as root, or something to that affect, even thought I ran it with sudo.

But I'm still not sure everything is resolved. What is NFS.StartupItem found in /private/var/run? I opened it, and it only has a 0. Sorry for dumb questions.

Thanks for all your help!

 

[Mikuro]

I'm not sure exactly what NFS.StartupItem does, but I assume it has something to do with booting from a remote disk (NFS stands for Network File System). My file is the same as yours, so I'm sure it's nothing to worry about.

It sounds to me like everything is in order. Are you still having those strange problems with certificates?

 

[mazzy]

Not since yesterday when I was finally able to update my router. Everything seems fine now. It's all running faster..... system and internet. Haven't had any crashes or hung apps. I was getting a lot of that before.

Thanks for taking time out to help. Don't know exactly what it was, but it seems to be all good now.

 

[simbalala]

So go to OpenDNS.com and follow the directions for changing the DNS (Domain Name Server) in YOUR ROUTER. OpenDNS.com will walk you through in setting up changing where you get your DNS names.

The best part of this service is it is FREE. I urge you to sign up for an account so your can block phishing sites as well as site YOU designate that you don't want your kids looking at.

Cool!

I didn't know about Open DNS and I'm glad I read this thread. In the past I've had to search around for DNS servers when my ISP's DNS Server was acting wonky and slow. Sometimes I'd find a good one and I felt almost like I was stealing. There are other public DNS servers but no one else has the features of this.

I'm sure this is faster than the my current ISP's server and it's especially noticeable when I do a refresh in Vienna when a bunch of sites are queried all at once.

 

[mazzy]

I'm not sure that all of my problems have been resolved. Today my mail asked if I wanted to apply the old passwords to my keychain since I'd updated mail, but I hadn't updated mail. However, since I last posted, automatic update keeps telling me that I need to update Java and Quicktime. I've updated this 3 or 4 times in the past week or 2. I don't know why I keep getting this message. I'm feeling very much like a target now.

Sorry to be a bother again!

 

[mazzy]

I forgot to post this log-- I don't know what it means, but maybe someone can tell me if it's normal. Why are there 4 lo0? What is gif0*? Why are there 2 en0?

Backing up NetInfo data

Checking subsystem status:

disks:
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/disk0s2 77814832 61512884 16045948 79% /

Last dump(s) done (Dump '>' file systems):

mail:
postqueue: warning: Mail system is down -- accessing queue directly
Mail queue is empty

network:
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lo0 16384 <Link#1> 17020 0 17020 0 0
lo0 16384 127 localhost 17020 - 17020 - -
lo0 16384 localhost ::1 17020 - 17020 - -
lo0 16384 roxys-compu fe80::1 17020 - 17020 - -
gif0* 1280 <Link#2> 0 0 0 0 0
stf0* 1280 <Link#3> 0 0 0 0 0
en0 1500 <Link#4> 00:16:cb:a2:a0:a9 911212 0 721703 0 0
en0 1500 192.168.1 192.168.1.2 911212 - 721703 - -
en1* 1500 <Link#5> 00:16:cb:04:b6:3b 0 0 0 0 0
wlt1 1500 <Link#6> 0 0 0 0 0
fw0* 2030 <Link#7> 00:16:cb:ff:fe:58:6f:76 0 0 0 0 0

ruptime: no hosts in /var/rwho.

Rotating log files: system.log


And while I'm writing this, with auto update waiting for me to give the go ahead to install the update, I find in my logs where it has already been installed tonight, although I never clicked ok.

Nov 27 22:40:10 roxys-computer Software Update[327]: Distribution: Final Cut Pro Update
Nov 27 22:40:13 roxys-computer Software Update[327]: Distribution: Aperture Update
Nov 27 22:40:13 roxys-computer Software Update[327]: Distribution: Remote Desktop Client
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: Remote Desktop Admin Update
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: iPhoto Update
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: Keynote Update
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: GarageBand Jam Pack Update
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: iMovie Update
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: iPhoto Update
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: iDVD Update
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: Final Cut Express
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: Logic Express Update
Nov 27 22:40:14 roxys-computer Software Update[327]: Distribution: Logic Pro Update
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: Motion 1.0.1
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: Motion Content Extras Update
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: GarageBand Update
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: iDVD Update
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: iMovie HD Update
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: Final Cut Pro HD
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: DVD Studio Pro
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: Shake
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: iMovie
Nov 27 22:40:15 roxys-computer Software Update[327]: Distribution: Compressor 1.2.1
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: Power Mac G5 Uniprocessor Firmware Update
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: Xserve G5 Firmware Update
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: Power Mac G5 (June 2004) Firmware Update
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: LiveType 1.2 for Final Cut Pro HD
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: Soundtrack 1.2
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: Apple Intermediate Codec
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: GarageBand Jam Pack 4 Update
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: Shake Qmaster Services Tools
Nov 27 22:40:16 roxys-computer Software Update[327]: Distribution: Shake Qmaster Applications
Nov 27 22:40:17 roxys-computer Software Update[327]: Distribution: WebObjects Developer Update
Nov 27 22:40:17 roxys-computer Software Update[327]: Distribution: SuperDrive Firmware Update
Nov 27 22:40:17 roxys-computer Software Update[327]: Distribution: QuickTime Broadcaster
Nov 27 22:40:17 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:17 roxys-computer Software Update[327]: Distribution: DVD Player
Nov 27 22:40:17 roxys-computer Software Update[327]: Distribution: LiveType Update
Nov 27 22:40:17 roxys-computer Software Update[327]: Distribution: Xserve RAID Driver Update
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: Compressor Update
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: Apple Qmaster Update
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: iMac G5 Sleep Light Update
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: Desktop Video Out
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: DVD Playback Update
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: Final Cut Express Update
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: WebObjects 5.3.1 Server Update
Nov 27 22:40:18 roxys-computer Software Update[327]: Distribution: DVD Studio Pro Update
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: Pro Applications Update 2005-02
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: iTunesPhoneDriver
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: Cinema Tools Update
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: Motion 2.0.1 Update
Nov 27 22:40:19 roxys-computer Software Update[327]: Distribution: Final Cut Pro Update
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: Soundtrack Pro Update
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: Power Mac G5 (Late 2004) System Firmware Update
Nov 27 22:40:20 roxys-computer Software Update[327]: JavaScript error "Undefined value" while running "__choice_su_visible"
Nov 27 22:40:20 roxys-computer Software Update[327]: __choice_su_visible returned error: Undefined value
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: Pro Applications Update 2005-01
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:20 roxys-computer Software Update[327]: JS: 10.4.11
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:20 roxys-computer Software Update[327]: JS: 10.4.11
Nov 27 22:40:20 roxys-computer Software Update[327]: Distribution: iMovie HD Combo Update
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: iMovie HD Update
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: Motion Update
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: iMac SMC Firmware Update
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: Mac mini SMC Firmware Update
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: MacBook Pro SMC Firmware Update
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: Pro Applications Update 2006-01
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: Soundtrack Pro Presets Update
Nov 27 22:40:21 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: iWeb Update
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: SuperDrive Firmware Update
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: Cinema Tools Update
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: MacBook Pro SMC Firmware Update
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: iWeb Update
Nov 27 22:40:22 roxys-computer Software Update[327]: __choice_su_visible returned wrong type (())
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: DVD Studio Pro Update
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: Server Admin Tools
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: Compressor Update
Nov 27 22:40:22 roxys-computer Software Update[327]: Distribution: Qmaster Update
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: Pro Applications Update 2006-02
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:23 roxys-computer Software Update[327]: JS: 10.4.11
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:23 roxys-computer Software Update[327]: JS: 10.4.11
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: Final Cut Express HD Update
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: iMovie HD Update
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:23 roxys-computer Software Update[327]: Distribution: MacBook Pro EFI Firmware Update
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: Mac mini EFI Firmware Update
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: MacBook EFI Firmware Update
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: iMac EFI Firmware Update
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: WWAN Support Update
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: MacBook SMC Firmware Update
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: Mac Pro EFI Firmware Update
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: RAID Admin
Nov 27 22:40:24 roxys-computer Software Update[327]: Distribution: X11 Update 2006
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: GeForce 7300 GT Firmware Update
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: Remote Desktop Client
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: Remote Desktop Admin Update
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: iTunes Producer
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: AirPort Extreme Update 2007-002
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: WebObjects DST Update
Nov 27 22:40:25 roxys-computer Software Update[327]: Distribution: Backup
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: Battery Update
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: AirPort Extreme Update 2007-003
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: iDVD Extra Content
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: GarageBand ’08 Instruments and Apple Loops
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: LOM Update
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: QuickTime
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: Pro Applications Update 2007-01
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: Front Row Update
Nov 27 22:40:26 roxys-computer Software Update[327]: Distribution: Mac Pro SMC Firmware Update
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: MacBook Pro EFI Firmware Update
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: Hard Drive Update
Nov 27 22:40:27 roxys-computer Software Update[327]: JS: Firmware is up to date.
Nov 27 22:40:27 roxys-computer Software Update[327]: JS: Firmware is up to date.
Nov 27 22:40:27 roxys-computer Software Update[327]: JS: Firmware is up to date.
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: Final Cut Pro Update
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: Battery Update
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: Compressor 3.0.2 Update
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: Motion Update
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: Pro Applications Update 2007-02
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: AirPort Base Station Update 2007-002
Nov 27 22:40:27 roxys-computer Software Update[327]: Distribution: AirPort Base Station Update 2007-002
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: DVD Studio Pro Update
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: Color Update
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: Cinema Tools Update
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: AirPort Extreme Update 2007-004
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: Soundtrack Pro Update
Nov 27 22:40:28 roxys-computer Software Update[327]: Distribution: Pro Application Support
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: iDVD Update
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: Server Admin Tools
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:29 roxys-computer Software Update[327]: JavaScript error "Undefined value" while running "__choice_su_visible"
Nov 27 22:40:29 roxys-computer Software Update[327]: __choice_su_visible returned error: Undefined value
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: MainStage Update
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: iPhoto Update
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: Compatibility Update for QuickTime 7.2
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: Compressor Update
Nov 27 22:40:29 roxys-computer Software Update[327]: Distribution: MacBook MacBook Pro Software Update
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: iTunes
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: iMac EFI Firmware Update
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: MacBook Pro EFI Firmware Update
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: MacBook EFI Firmware Update
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: Xserve EFI Firmware Update
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: QuickTime
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: Mac Pro EFI Firmware Update
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:30 roxys-computer Software Update[327]: Distribution: iPhoto Update
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: MANUAL_TITLE
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: iLife Support
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: MacBook Pro Software Update
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: iMac Software Update
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: iMac Graphics Firmware Update
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: Security Update 2007-007 (Universal)
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: Security Update 2007-007 (PowerPC)
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: Security Update 2007-007 (PowerPC)
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: Mac OS X Server Update (PowerPC)
Nov 27 22:40:31 roxys-computer Software Update[327]: Distribution: Mac OS X Server Update Combined (PowerPC)
Nov 27 22:40:32 roxys-computer Software Update[327]: Distribution: Security Update (QuickTime 7.1.6)
Nov 27 22:40:32 roxys-computer Software Update[327]: Distribution: Mac OS X Update (PowerPC)
Nov 27 22:40:32 roxys-computer Software Update[327]: Distribution: Mac OS X Update Combined (PowerPC)
Nov 27 22:40:32 roxys-computer Software Update[327]: Distribution: Mac OS X Server Update (Universal)
Nov 27 22:40:32 roxys-computer Software Update[327]: Distribution: Mac OS X Server Update Combined (Universal)
Nov 27 22:40:32 roxys-computer Software Update[327]: Distribution: Mac OS X Update (Intel)
Nov 27 22:40:32 roxys-computer Software Update[327]: Distribution: Mac OS X Update Combined (Intel)
Nov 27 22:40:35 roxys-computer /System/Library/CoreServices/Software Update.app/Contents/MacOS/Software Update: Distribution: MANUAL_TITLE
Nov 27 22:40:35 roxys-computer /System/Library/CoreServices/Software Update.app/Contents/MacOS/Software Update: Distribution: QuickTime


What is going on?

 

[Satcomer]

You Mac is querying all the current updates from Apple.

Mazzy did you ever read this MacWorld Trojan finding article?

 

[mazzy]

You Mac is querying all the current updates from Apple.

So it's normal that it keeps wanting to update Java and Quicktime, although I installed these updates the day before, and the day before, and the day before........


And yes, I did read the article. And although I haven't been searching for any "less-than-flattering pictures of Britney Spears", I did install a flash something or codec so I could view an art gallery website. This is the only thing that I can think of.

 

[mazzy]

I'm about to pull my hair out!! Things just keep getting worse, so I decided to just wipe the slate clean and reinstall. I've done it twice now, zero'd the disk 7 times over, including free space, and it's reinstalling everything like it was, including my old cache. The update log that I posted earlier was for stuff I've never installed on my computer. I don't have most of that stuff, or I'm not supposed to....... Where is this coming from, and why can't I delete it? If anyone is interested, I'll post my install log, and maybe someone can help. I downloaded the VirusBarrierX app that was mention in the trojan article. I tried to update the definitions immediately, and I got a message saying that my trial period was over! In 5 minutes????

I no longer own my machine........