Created
April 13, 2012 19:57
-
-
Save rockpapergoat/2379668 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/tmp/ | |
Error: Couldn't move %@ to %@: %s | |
com.apple.ServiceManagement.daemons.modify | |
Error: AuthorizationCreate for kSMRightModifySystemDaemons failed with %d | |
Error: SMJobRemove: %@ | |
Error: SMJobSetEnabled: %@ | |
Exiting because caught signal %d | |
Error: Couldn't connect to agent | |
com.apple.mrt | |
com.apple.mrt.uiagent | |
/System/Library/CoreServices/MRTAgent.app | |
/System/Library/LaunchAgents/com.apple.mrt.uiagent.plist | |
/System/Library/LaunchDaemons/com.apple.mrt.plist | |
/usr/libexec/MRT | |
drain | |
release | |
displayUserNotification | |
setDidFinishScan: | |
saveFoundMalwareInCache | |
init | |
stringByAppendingPathComponent: | |
stringWithCString:encoding: | |
lastPathComponent | |
fileURLWithPath: | |
code | |
localizedDescription | |
NSURL | |
NSString | |
NSAutoreleasePool | |
RemovalDelegate | |
LSDownloadContentTypeKey | |
Error: File %@ is not a file URL | |
LaunchServices | |
Matches | |
Type | |
Description | |
Error: Unknown identity %@ | |
Error %@ getting NSURLIsRegularFileKey for %@ | |
LSDownloadDestinationURLKey | |
Error: Unknown pattern type: %@ | |
Error opening path for pattern match: %s | |
Warning: Cannot map path for identity: %s | |
Error generating reading file | |
Failed to unmap executable file | |
com.apple.ResourceFork | |
Error: Unable to get resource size: %s | |
Error: Unable to allocate memory for resource fork | |
MatchType | |
Match | |
Pattern | |
MatchFile | |
Identity | |
MatchAll | |
MatchAny | |
DescriptionFromBundle | |
performCheckWithFileURL:andProperties:withSignature: | |
@20@0:4@8@12@16 | |
doesFileOrDirectory:matchSignatureArray:useCache:matchAny: | |
c24@0:4@8@12@16c20 | |
doesFileOrDirectory:matchSignature:withSelector:withFilter:useCache: | |
c28@0:4@8@12:16@20@24 | |
doesFile:matchSignature:withSelector:withFilter:useCache: | |
doesFile:matchPattern:useCache: | |
c20@0:4@8@12@16 | |
doesFile:matchIdentity:useCache: | |
returnTrue:ignore:ignore: | |
copyDownloadContentTypeForFile: | |
NSObject | |
numberWithInt: | |
isFileURL | |
isEqualToString: | |
addObject: | |
array | |
countByEnumeratingWithState:objects:count: | |
enumeratorAtURL:includingPropertiesForKeys:options:errorHandler: | |
arrayWithObjects: | |
defaultManager | |
getReturnValue: | |
invoke | |
setArgument:atIndex: | |
setSelector: | |
setTarget: | |
invocationWithMethodSignature: | |
methodSignatureForSelector: | |
compare: | |
doesMatchOn: | |
doMatch | |
autorelease | |
initWithFileDescriptor: | |
alloc | |
isEqualToData: | |
class | |
setObject:forKey: | |
dataWithBytes:length: | |
unsignedLongLongValue | |
fileSystemRepresentation | |
copy | |
getResourceValue:forKey:error: | |
NSDictionary | |
NSFileHandle | |
NSInvocation | |
NSFileManager | |
NSNumber | |
Error: Unable to compile matchString '%@' into regular expression: %s | |
Error: Unable to exec regex '%@' into regular expression: %s | |
Error: Object type not supported %@ (%@) | |
c12@0:4@8 | |
PatternMatching | |
isEqualTo: | |
respondsToSelector: | |
className | |
isKindOfClass: | |
absoluteString | |
objectForKey: | |
containsObject: | |
allKeys | |
cStringUsingEncoding: | |
substringWithRange: | |
hasSuffix: | |
hasPrefix: | |
%02x | |
0123456789ABCDEF | |
Error: Unknown pattern: %@ | |
Error: end parentheses missing | |
Error: ? found, which is not supported | |
Error: not enough data left | |
Error: odd or short hexpart: %@ (%lu) | |
Error: cannot stat file for pattern check %s | |
Unable to read file for pattern check: %s | |
Error: Cannot map file for pattern check: %s | |
{*?( | |
pattern | |
patternScanner | |
@"NSScanner" | |
dataAddr | |
dataSize | |
chunkSizes | |
matchChunkAtOffset:canLookahead:doBacktrack: | |
c24@0:4q8I16c20 | |
handleOr: | |
c16@0:4q8 | |
handleNBytes: | |
handleQuestionAtOffset: | |
handleWildcardAtOffset: | |
handleHex:atOffset:lookAhead: | |
c24@0:4@8q12I20 | |
matchDataForString: | |
*12@0:4@8 | |
byteForHex: | |
C12@0:4@8 | |
dealloc | |
v8@0:4 | |
initWithPattern:onFileWrapper: | |
@16@0:4@8@12 | |
PatternMatch | |
scannerWithString: | |
removeLastObject | |
count | |
setScanLocation: | |
substringFromIndex: | |
characterSetWithCharactersInString: | |
string | |
isAtEnd | |
scanLocation | |
unsignedLongValue | |
lastObject | |
scanCharactersFromSet:intoString: | |
decimalDigitCharacterSet | |
scanString:intoString: | |
numberWithUnsignedLong: | |
characterAtIndex: | |
substringToIndex: | |
fileDescriptor | |
retain | |
NSMutableArray | |
NSCharacterSet | |
NSScanner | |
XProtectMalwareType | |
XProtectDetectionType | |
XProtectAnalysisError | |
XProtectSignatureName | |
%02X | |
description | |
hash | |
/Library/Caches/ | |
mrt_found_cache | |
foundMalwareNames | |
didFinishScan | |
Error: Removal file moved | |
com.apple.xprotect.removal | |
com.apple.message.domain | |
XProtect: malware removed | |
%@: %d | |
failure | |
com.apple.message.result | |
com.apple.message.signature | |
XProtect: malware removal encountered error | |
%@: deleted | |
success | |
kr == BOOTSTRAP_SUCCESS | |
/SourceCache/XProtectRemoval/XProtectRemoval-24/RemovalDelegate.m | |
Unable to create notification source | |
reboot | |
info | |
names | |
@"NSMutableDictionary" | |
currentRemoval | |
@"NSString" | |
@"NSMutableArray" | |
foundFileInfo | |
notificationResult | |
notificationSource | |
^{dispatch_source_s=} | |
requiresReboot | |
@8@0:4 | |
v12@0:4c8 | |
c8@0:4 | |
sendDataToAgent: | |
copyHexStringForData: | |
v16@0:4@8@12 | |
removeMalwareFromCache | |
removeMalwareCache | |
loadFoundMalwareFromCache | |
Tc,VrequiresReboot | |
Tc,VdidFinishScan | |
T@"NSMutableDictionary",R,VfoundFiles | |
performSelectorOnMainThread:withObject:waitUntilDone: | |
numberWithUnsignedInt: | |
dataFromPropertyList:format:errorDescription: | |
unsignedIntValue | |
runUntilDate: | |
dateWithTimeIntervalSinceNow: | |
mainRunLoop | |
timeIntervalSinceDate: | |
date | |
UTF8String | |
stringWithFormat: | |
removeMalwareAtURL: | |
relativePath | |
objectAtIndex: | |
appendFormat: | |
initWithCapacity: | |
dictionary | |
length | |
writeToFile:atomically: | |
numberWithBool: | |
boolValue | |
setDictionary: | |
setArray: | |
NSMutableDictionary | |
NSBundle | |
NSMutableString | |
NSDate | |
NSRunLoop | |
NSPropertyListSerialization | |
-[RemovalDelegate displayUserNotification] | |
MRT_ApplicationEnvironmentSearch | |
LSEnvironment | |
DYLD_ | |
/Users/*/.MacOSX/environment.plist | |
OneLevelSearch | |
MRT_LaunchAgentSearch | |
MRT_LaunchDaemonSearch | |
Unhandled file type: %@ | |
Error %@ getting NSURLIsDirectoryKey for %@ | |
Error: Cannot search within non-directory location | |
Error: %@ enumerating %@ | |
Error %@ getting NSURLTypeIdentifierKey for %@ | |
Contents/Info.plist | |
Error: Unable to open Info.plist for writing at %@ | |
Error: Unable to overwrite Info.plist: %@ (%@) | |
ProgramArguments | |
Label | |
/Users/*/Library/LaunchAgents/*.plist | |
/Library/LaunchDaemons/*.plist | |
public.executable | |
Killing %d | |
Error: Received non-executable file | |
Error getting pids for path | |
public.script | |
TextSegmentPath | |
OverrideExecutable | |
Error: No LS UTI in %@ | |
Unable to get root bootstrap port | |
Unable to get info on user %@ | |
bootstrap_look_up_per_user(): %u | |
task_set_bootstrap_port(): 0x%x: %s | |
_vprocmgr_getsocket(): %u | |
LAUNCHD_SOCKET | |
UnsetUserEnvironment | |
copyHashForFileOrDirectory: | |
@12@0:4@8 | |
combineHash:andHash: | |
i12@0:4@8 | |
killRunningExecutablesWithDelegate:forClasses: | |
killExecutablesWithFilePath:conformTo:requireTextPaths: | |
v20@0:4@8@12@16 | |
disableLaunchItemWithDelegate:forClasses: | |
removeLaunchItemWithLabel:isAgent: | |
i16@0:4@8c12 | |
searchOneLevel:withDelegate: | |
c16@0:4@8@12 | |
filesForGlobPath: | |
searchLaunch:isAgent:withDelegate: | |
c20@0:4@8c12@16 | |
removeFromEnvironmentWithDelegate:forClasses: | |
unsetLaunchEnvironmentValue:forUser: | |
searchAppEnvironment:withDelegate: | |
copyUTIForFile: | |
search:withDelegate: | |
RemovalUtils | |
hashOfFile: | |
bytes | |
mutableBytes | |
appendData: | |
initWithLength: | |
setLength: | |
executableURL | |
bundleWithURL: | |
path | |
nextObject | |
rangeOfString: | |
arrayWithObject: | |
arrayWithArray: | |
stringWithUTF8String: | |
fileExistsAtPath: | |
foundFiles | |
removeItemAtPath:error: | |
setRequiresReboot: | |
pathComponents | |
close | |
writePropertyList:toStream:format:options:error: | |
open | |
outputStreamToFileAtPath:append: | |
removeObjectForKey: | |
mutableCopy | |
fileReferenceURL | |
dictionaryWithContentsOfFile: | |
didFindFile:withRemovalDict: | |
stringByStandardizingPath | |
infoDictionary | |
bundleWithPath: | |
dictionaryWithObject:forKey: | |
PatternMatchingCheck | |
NSOutputStream | |
NSMutableData | |
0%'c | |
OSX.FlashBack.iii | |
494F536572766963653A2F00494F506C6174666F726D55554944007C00*00687474703A2F2F257325730025732E25750025732E257300*5F494F5265676973747279456E747279437265617465434650726F7065727479*494F5265676973747279456E74727946726F6D50617468*5F646C6F70656E*5F737472746F6B5F7200*5F73797363746C6E616D65746F6D6962*405F73797374656D*5F5F6D685F657865637574655F686561646572 | |
{^\..*} | |
OSX.FlashBack.iv | |
5F5F6C64706174685F5F2F*005F686F6F6B5F43465265616453747265616D52656164005F686F6F6B5F4346577269746553747265616D577269746500*5F675F696E6A64796C6962*5F726967687450726F63657373*5F5F78785F6B73796D73*5F66726F6D64796C69625F4346577269746553747265616D5772697465 | |
/Applications/Firefox.app | |
/Applications/Safari.app | |
{(^\..*)|(.*\.dylib)} | |
68772E6D616368696E65*6B65726E2E6F7372656C65617365*494F536572766963653A2F00494F506C6174666F726D5555494400*557365722D4167656E7400*676F6F676C652E00*4142434445464748494A4B4C4D4E4F505152535455565758595A6162636465666768696A6B6C6D6E6F707172737475767778797A30313233343536373839 | |
4142434445464748494A4B4C4D4E4F505152535455565758595A6162636465666768696A6B6C6D6E6F707172737475767778797A30313233343536373839*494F536572766963653A2F00494F506C6174666F726D5555494400*557365722D4167656E7400*676F6F676C652E00*68772E6D616368696E65*6B65726E2E6F7372656C65617365 | |
4142434445464748494A4B4C4D4E4F505152535455565758595A6162636465666768696A6B6C6D6E6F707172737475767778797A30313233343536373839*557365722D4167656E7400*676F6F676C652E00*494F536572766963653A2F00494F506C6174666F726D5555494400*68772E6D616368696E65*6B65726E2E6F7372656C65617365 | |
4142434445464748494A4B4C4D4E4F505152535455565758595A6162636465666768696A6B6C6D6E6F707172737475767778797A30313233343536373839*68772E6D616368696E65*6B65726E2E6F7372656C65617365*494F536572766963653A2F00494F506C6174666F726D5555494400*557365722D4167656E7400*676F6F676C652E00 | |
/Applications/Google Chrome.app | |
/Users/*/Library/Preferences | |
/Users/*/Library/Application Support | |
/Users/Shared | |
/Applications/Safari.app/Contents/Resources | |
removeWithDelegate: | |
v12@0:4@8 | |
Flashback | |
RemovalClass | |
removeDiscoveredFilesForType: | |
dictionaryWithObjectsAndKeys: | |
resetForRemovalType: | |
NSArray | |
NSData |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment