Within the past week I noticed some strange behaviour on my Snow Leopard MacBook Pro.
A few of my windows in the background closed themselves without me doing anything while I was working. Then I noticed some graphical "glitching". Dragged windows would leave "trails" of themselves, and my menubar was showing some strange glitching and spacing that had never been there before. This particular behaviour has not repeated itself (other than a new graphical "momentary glitch" every time I start up). However…
Shortly after that (not immediately, but within a couple of days) I could not access the internet with my Airport. With cable is ok, but when I try to access via Airport (all browsers) I get "ERROR 106: The internet connection has been lost".
After Googling, I tried a few Airport reset solutions which didn't help. Sooo…
I thought it could be a virus of some kind. I downloaded Avast (on a recommendation.. I already have ClamXav) and scanned. I found some infected .exe files which I had never opened, but also a number of infections (13) in my Java cache like this >>
vload.class: infection Java:Jade-C [Heur] vmain.class: infection
Java:CVE-2010-0094-C [Expl] been/piro.class: infection Java:Agent-DU
[Expl] plugin/sportGame.class: infection Java:Agent-DR [Expl]
So now I thought there may be a serious problem. I downloaded the trial of Kapersky Anti-Virus (upon further reading it seemed like it might be a more "pro" app) .. and did another scan. Found the same infections and a few more. So I disinfected them. Zap.
Now I thought it might be a good idea to do an Onyx cleanup of my system. Upon repairing permissions I found a lot of these…
Permissions differ on System/Library/Frameworks/JavaVM.framework/Versions/A/Resources/Deploy.bundle/Contents/Home/lib/security/cacerts, should be -rw-r--r-- , they are lrwxr-xr-x
Permissions differ on System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Remote Desktop Message.app/Contents/Resources/ko.lproj/UIAgent.nib, should be drwxr-xr-x , they are -rwxr-xr-x
Permissions differ on System/Library/CoreServices/Menu Extras/RemoteDesktop.menu/Contents/Resources/zh_TW.lproj/RemoteDesktopMenu.nib, should be drwxr-xr-x , they are -rwxr-xr-x
.. I won't list them all unless asked, but basically they are all pertaining to either System/Library/CoreServices/RemoteManagement/
or
System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Resources/
I also found
Warning: SUID file
"System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent"
has been modified and will not be repaired
.. but I discovered this is nothing to worry about)
So now I still can't access internet via Airport, and.. I get a freeze when I try to shut down. I go to bluescreen and the progress wheel just keeps circling, until I force a shut down with the power button. Thank god it restarts afterwards (the first time I thought "Oh no..")
Anyone have any ideas what my next steps should be? I am "on the road" at the moment in Berlin, and all I have is my laptop and an external drive. Not being able to use wireless is seriously hampering my work, and on top of that my money situation is not great right now. I don't know how I can afford the money or "computerless time" if I have to somehow go in for repair.
I always have "Hands Off" running, and I thought that would take care of any kind of remote hacking, but I could be wrong. I have downloaded some "trial" versions of music software from Frostwire, so perhaps that could be the culprit. But none of these files came up positive on my scans.
I'll end with that. Sorry for the long post. Hopefully someone can throw some guidance my way. Have I been hacked? What should be my next steps?
Best Answer
I don't think you have been hacked, but you do seem to have a lot of other issues that have to be fixed anyway. In addition more AV programs do not generally make you any safer, but they do slow down your computer to a crawl.