Jump to content

Malware Removal on OSX 10.6.8


Recommended Posts

Hi there,

I have to use OSX 10.6.8 because I still use some old applications that doesn't work on newer OS.

But my MacBook Air and now iMac too recently start having frequent crashes. And Safari seems to be hacked by MacKeeper. What can I use to check and clean malware on 10.6.8?

Preferably free...

TIA

IMG_0843.JPG

Edited by dam
missed something
Link to post
Share on other sites
  • Staff

We don't have anything that scans 10.6.8. I don't know of anything that is both free and that will do a remotely decent job of scanning 10.6.8, unfortunately. I believe that ClamXav will scan 10.6.8 fairly well, but it is no longer free.

I notice that the screenshot you've provided indicates that the machine is suffering from kernel panics. These are generally caused by one of three things: bad third-party software (specifically, software that installs a kernel extension), a badly-corrupt system or bad hardware. None of these are likely to be caused by any kind of Mac threat. Very few Mac threats involve kernel extensions.

On a system old enough to be capable of running 10.6.8, this very well could be a hardware failure. This is one major hazard of remaining reliant on such an old system: sooner or later, you're going to have to replace your hardware, and there's a dwindling supply of used hardware found in places like eBay that is capable of running 10.6.8. Sooner or later, you're going to have to find a way to upgrade to more recent hardware and a more recent system. It would be better to do that on your terms than being forced to by a hardware failure coupled with inability to quickly locate replacement hardware.

Link to post
Share on other sites

Thanks treed, I'm really grateful for your reply,.

OK, I'll see about ClamXav.
Regarding kernel panics -- I never had such things happening before. I work on Macs since 1992. The hardware should not be so old -- my Air is late 2010 and iMac mid 2011. Both are declared Apple suppoted models. I run 10.6.8 because I still use FreeHand and still annoyed with Illustrator.
Yap, you are right, guess I'll have to upgrade the system sometime soon and  I admit I'm trying to delay it as much as possible.
In the meantime -- is there any way to address this kernel panic attacks?

Wishing you all the best in 2017 ... and over it.

 

Link to post
Share on other sites
  • Staff

If you're having kernel panics on both of those machines that started around the same time, that's almost certainly going to be due to some software you installed on both. It's very unlikely for both to have simultaneously had hardware failures or had their systems corrupted in just the right way to cause kernel panics. However, that software is unlikely to be malware.

Open the Terminal app - found in the Utilities folder in the Applications folder - and paste the following command in:

kextstat | grep -v com.apple

Then press return. What is the output that produces?

Link to post
Share on other sites

Hi treed.

Great! Never knew about it. Here is the output:

@ iMac:

Index Refs Address            Size       Wired      Name (Version) <Linked Against>
   45    0 0xffffff7f80800000 0x46000    0x46000    at.obdev.nke.LittleSnitch (2.3.19) <7 5 4 3 1>
  101    0 0xffffff7f81603000 0xd000     0xd000     com.eltima.SyncMate.kext (0.2.5b15) <100 35 29 4 3 1>
  130    0 0xffffff7f80e53000 0x2000     0x2000     com.huawei.driver.HuaweiDataCardDriver (4.25.05) <29 5 4 3>
  131    0 0xffffff7f81151000 0x8000     0x8000     com.huawei.driver.HuaweiDataCardACMData (4.27.00) <100 29 5 4 3 1>
  132    0 0xffffff7f81159000 0x3000     0x3000     com.huawei.driver.HuaweiDataCardECMControl (1.28.00) <29 7 5 4 3 1>
  134    0 0xffffff7f811cc000 0xa000     0xa000     com.huawei.driver.HuaweiDataCardECMData (1.33.00) <35 29 7 5 4 3 1>
-----

@ Air:

Index Refs Address    Size       Wired      Name (Version) <Linked Against>
   48    0 0x909000   0x2e000    0x2d000    at.obdev.nke.LittleSnitch (2.3.19) <7 5 4 3 1>
-----

I see "at.obdev.nke" is present on both.
It's Little Snitch UIAgent.app, located in /Library/Little Snitch/Little Snitch UIAgent.app

I never had any problems with Little Snitch ... so far.

Link to post
Share on other sites
  • Staff

Looks like the only kernel extension those machines have in common, as you've found, is the one from LittleSnitch. Looks like that's a pretty outdated version of LittleSnitch, if the version number of the kernel extension is the same as the version number of the app. You may want to try updating it to 3.3.4, available from here:

https://www.obdev.at/products/littlesnitch/download-legacy.html

Alternately, you could also try uninstalling it on one of the Macs to see if that makes a difference.

Link to post
Share on other sites

Hi treed.

The version of the "Little Snitch UIAgent.app" is 2.3.6, i.e. not the same as what kextstat reported: at.obdev.nke.LittleSnitch (2.3.19) ... if that's what you wanted me to check.

Ups, wait... When I checked the About Little Snitch from its menue, I got this:

Version 2.3.6 (1937), Apr 27, 2011
Serial Number: 32RN3CWNU0-73DKZ-…
Little Snitch Configuration Version 247
Core System Version 1937
Kernel Version 2.3.19

Is that what you wanted me to find out?

Link to post
Share on other sites

Yes. So, the suggestion is to install 3.3.4 and try?

OK. I'm on the road now and I plan to do it in a couple of days, after I backup the machines ... just in case something goes wrong.

You have helped me a lot so far. Thank you very very much.

If the problem will persist, I'll probably contact you again.

Wishing you all the best,

Dam

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.