Please visit the new Mac-Forums Facebook page:
Join Us @ Mac-Forums Facebook Page



Results 1 to 9 of 9
  1. #1
    My OS X 10.9.1 seems compromised.
    Yesterday, my iMac Model 10.1 running OS X 10.9.1 operated as usual. Today my OS X 10.9.1 will not recognise many programs in the "Applications" folder. The icons have been replaced with a generic icon, such appears when installing a downloaded software program during the installation/ agree procedure.

    I have screen capture images to illustrate this problem but do not know how to present them here.

    Having detected the System anomaly, I inserted "Disk Warrior” Ver. 4.4 disc containing Mac OS X 10.6.7 and selected the DVD as a start up disc.

    The system was rebuilt and, after restarting, back on the internal OS X 10.9.1 system, the application files are still replaced with a generic icon AND those applications will not open.

    Can anyone help, please?

  2. #2
    My OS X 10.9.1 seems compromised.
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    59,361
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Catalina
    Rep Power
    54
    Did you by chance change the name of your home folder or your user name? And are you sure that you're logged on to the proper account?

  3. #3
    Hello chscag,

    I didn't consciously change the name of my home folder; I don't know what my home folder is. I assume my user name (Paul Collins Admin) is still unchanged. Opening 'System Prefs/Users & Groups' shows Paul Collins Admin is the active user.

    There now appears also 'user Admin' and 'Guest User Enabled, Managed' which I do not recall seeing before. My iMac is used at home by me alone so any additional users showing as alternate users is not logical.

    The only mention of "account" I could see under System Prefs" was Internet Accounts which shows
    "southernphone.com.au" Mail. I clicked "Enable This Account". Is this the 'proper account' you're asking if I'm logged on to?

    I opened 'Disk Utility' and selected Macintosh HD and clicked "Repair Disk Permissions". The report showed that the various permissions (quite a few) requiring repair, were repaired. The only anomaly I could see in the report reads:-
    "Warning: SUID file “System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent” has been modified and will not be repaired."

    Is that 'Warning' significant, please?

    I hope I have understood what information you requested.

    Thank you again for your kind advice.

    P.S. I could not get Safari to stay open on my selected home page - it continually "Quit Unexpectedly". So I tried clicking the link in your generous responding email (from within "Mail") and Safari opened at the linked page. The "Mail" screen also flickered noticably.

    However, screen redraws are almost "strobe" like in redrawing the screen or when moving the Safari open window by dragging its title bar across the screen. That did not happen before these software recognition problems occurred.

    P.P.S. I will leave the iMac running with Safari still open as I'm not confident that it would reopen tomorrow. I have an external HD of similar capacity to the internal 500 GB HD. It is formatted Mac OS Extended (Journaled).

    If I could install a System (OS X 10.9.1) on that drive, I could select it as a Start Up disc and at least operate from a clean install System which might recognise the compromised applications I currently cannot use.

    Thank you sincerely, Paul Collins.

  4. #4
    MacInWin
    Guest
    I'm sure this is a really long, long shot, but the flickering and "strobing" screen almost sounds like you are booted into safe mode. I see that same strobe-like effect and flickering when I safe boot. I know that in Safe mode, some drivers are not loaded as part of the boot process. I wonder if they are missing or damaged on your machine. You did say you used Disk Warrior booted from 10.6.8, but then repaired 10.9.1. I wonder if that messed with the drivers? If you have a backup in TM I'd say reinstall 10.9.1 from scratch, formatting the internal drive and starting fresh. Once you know it's running, you can restore from TM.

  5. #5
    My OS X 10.9.1 seems compromised.
    chscag's Avatar
    Member Since
    Jan 23, 2008
    Location
    Keller, Texas
    Posts
    59,361
    Your Mac's Specs
    2017 27" iMac, 10.5" iPad Pro, iPhone 7+, iPhone 8, Numerous iPods, Catalina
    Rep Power
    54
    There now appears also 'user Admin' and 'Guest User Enabled, Managed' which I do not recall seeing before. My iMac is used at home by me alone so any additional users showing as alternate users is not logical.
    Are you sure you're not logged into one of the accounts you mentioned above rather than than the account you normally log on to? The symptoms you described in your first post sometimes turn out to be either a user name or home folder change. Also logging into a new or guest account can cause the same thing to happen. And be sure to follow through on what Jake stated in his reply.

  6. #6
    Thank you 'MacInMin' and 'chscag' for your generous help.

    I didn't know that I ever logged into an account. All I've ever done is click the power button on the back of the iMac and wait for the startup to complete and the 'Desktop' to appear.

    Jake's comment about booting into 'safe mode' rings a bell; I booted the usual Macintosh HD using the power button, holding down the ‘shift' key immediately after the 'Startup' chime sounded. I think that explains the flickering which Jake possibly ascribes to being in 'Safe Boot' but I think that was to somehow address the problem of the 3rd party apps such as Adobe PSE 8 not being recognised nor able to launch.

    I also quit all open Apple programs e.g. Mail and Safari until only Finder was open. I opened 'Force Quit' under Apple menu and relaunched Finder. This I performed several times but still the problem persisted without improvement.

    I phoned Apple Support to learn how to install a clean Mac OS X Mavericks onto a separate 500GB external HD connected to the iMac, formatted to Mac OS Extended (Journaled). I copied all files from that external HD onto my internal HD (into a new. separate folder.) I then erased/formatted the external HD to allow a clean Mavericks installation.

    A chap from Apple Support talked me through a process whereby I rebooted (from the sole but compromised System on the Macintosh HD), holding down the Command and R keys to bring up a menu where I could choose the reinstall Mac OS X (now 10.9.2). I selected the external "G-DRIVE slim" HD and left the clean installation to complete.

    I couldn't find the "Users" folder mentioned by the Apple chap) within the comprised System folder in the Macintosh HD, only 2 folders which seemed to possibly have something to do with users, one of which I was not authorised to open. He had suggested I copy that 'Users' folder from Mac HD to the new, clean System on the external HD. As I couldn't find it and was unwilling to copy/paste a folder with a RED banned symbol (red circle with a diagonal red line across it) into a pristine System folder., I left the System folder (10.9.2) as it had been installed.

    Using the external HD as Startup disc, I then reinstalled Mac OS X 10.9.2 onto the Macintosh HD, thinking I would have to reset Desktop image, screen saver, mouse speed etc. and the clean reinstalled System on the Mac HD would recognise the 3rd party programs the compromised 10.9.1 would not.

    With a new, clean 10.9.2 on both the external and Mac HD, the programs are still not recognised. E.g. Double clicking Adobe Photoshop Elements 8 icon, brings up a window saying "You can't open the application "Adobe Photoshop Elements" because it may be damaged or incomplete".

    Despite all your kind and selfless advice, I remain in the same difficulties which sent me to seek your help initially. With generous forbearance, can you continue to help me at this point, please?

    Is there a setting in the ‘System Prefs’ that I can set to allow 3rd party software to be installed (or recognised, if already installed) that might help solve this problem.

    Thanking you both again, I remain

    Yours sincerely , PaulRanger1.

  7. #7
    MacInWin
    Guest
    Have you reinstalled Adobe PSE 8? If that isn't working, the problems isn't system wide, it's within PSE8. There is nothing that prevents third party software from being installed, you just have to acknowledge that it is legitimate software by entering your password when it tries to install. And once installed, nothing in OSX blocks it from being recognized except that if it was installed for only user A, then user B cannot use it.

    On the internal drive, the Users folder is in what is called the root of the drive. So if you can see a little drive icon on your desktop labelled Macintosh HD, then double clicking on that will open the drive to that root and you should see a folder labelled Users. That is the home for all the home folders for yours and any other accounts. For your folder and the Shared folder, you can see what's in them, but for other users the folders have a little red "Cannot see" mark on them to say that security is blocking you because they aren't YOUR folders. It's part of the inherent security system of OSX, so it's a GOOD thing to see. But the Users folders are NOT in the /System folder, it's separate, so that sentence from you was confusing:
    He had suggested I copy that 'Users' folder from Mac HD to the new, clean System on the external HD. As I couldn't find it and was unwilling to copy/paste a folder with a RED banned symbol (red circle with a diagonal red line across it) into a pristine System folder., I left the System folder (10.9.2) as it had been installed.
    There is one setting to disable the requirement to provide an admin password to install third party software, but I recommend strongly against it. It opens too much of a security hole, IMHO, to be used. In System Preferences/Security and Privacy/General, change the setting for "Allow apps downloaded from" to Anywhere and OSX will let you install anything without any checks at all. If you MUST try this, install what you want, but then please put it back to the default "Mac App Store and identified developers" setting for your own protection.

  8. #8
    Hello again Jake, et al,

    Thank you for your kind perseverance. I understand stand better now that the Users folder (my Home folder ?) will appear when the Mac HD icon is double clicked. That it is not in my System folder. As I am the only user of my iMac ever, the appearance of a System folder, blocked to MY access, seems strange.

    I unlocked/reset the System Preferences/Security and Privacy/ General to "Allow apps downloaded from" to Anywhere (thank you) and have inserted an iCalendar reminder in a week's time to remind me me to reset it back to "Mac App Stores and identifiers", after I have re downloaded software licences I have already purchased, to reduce the chance of (my) confusion during the restore non opening/responding software process.

    Yes, I have reinstalled Adobe PSE 8 from the original discs and it opens and seems to work.

    I reinstalled the penultimate Adobe Reader Ver. 11.0.04 as Ver. 11.0.06 failed to install.

    I will work my way through the list of 21 apps that clean installed Mavericks 10.9.2 will not recognise. Hopefully, the new System will perform as reliably as its predecessors.

    I am indebted beyond measure for your assistance as well as the kind responses from Spawn Dooley and old scribe. Thank you friends, as well.

    Warm regards, PaulRanger1.

  9. #9
    MacInWin
    Guest
    The /Users folder is NOT your "home folder." Within /Users you will find a fielder with your login name. THAT folder is your Home folder. There should also be a "Shared" folder that is not locked to you. If there are any other accounts on that machine, they will have folders as well, but you cannot get to them logged in as you because they do not belong to your login. If your account does not have admin privileges, you may see the /System folder blocked to your access as well. It's not strange, it's how security works in OSX.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. I've had my emails compromised but no idea how
    By photomegus in forum macOS - Operating System
    Replies: 4
    Last Post: 01-16-2015, 05:46 PM
  2. Account /Apple ID compromised
    By domlanic in forum macOS - Apps and Games
    Replies: 10
    Last Post: 10-31-2014, 01:05 PM
  3. Compromised Mac
    By DragerMAC in forum Security Awareness
    Replies: 4
    Last Post: 02-14-2014, 08:07 AM
  4. Is my Mac compromised?
    By pannix in forum macOS - Operating System
    Replies: 6
    Last Post: 09-18-2013, 12:30 PM
  5. Compromised ipod:
    By Driver in forum iOS and Apps
    Replies: 2
    Last Post: 12-30-2009, 09:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •