It’s Probably Not a Virus

Disk Utility

Image via Wikipedia

The other day a friend of mine came to me with a set of symptoms his iMac was exhibiting and wondered (against the odds) if he might have a virus.

He described how his Mac would sometimes stutter when displaying the fast user switching animation (the cube animation when switching users), long delays from the time he clicked print to when a document actually spit out of his printer, requests for administrator credentials when trying to create folders on the desktop or his home folder, the Mac’s refusal to sleep, and long shutdown times.

I’ll be honest; the first thing I thought in my head was, “There’s no way you have a virus. You own a Mac. Period. End of story.” But, years of troubleshooting computers have taught me, anything is possible. So I kept an open mind.

However, after asking him to elaborate and judging by the combination of symptoms, I’m sticking to my initial skepticism. Here’s why:

Many Mac users are blissfully unaware (or if they’re recent Mac converts, acutely aware) of the horrendous life a Windows user lives dodging viruses, spyware, adware, and bloatware (a bunch of ‘wares worthy of a blog post all their own). Whether you subscribe to the “security by obscurity” maxim or think that Macs are somehow better protected from the get-go, you have to admit, we just don’t have much to worry about in the malware arena. As a result, Mac users may not be familiar with the more common symptoms of a virus or some other kind of malware.

It’s possible that a virus may bog down your Mac by using it to attack other computers on the Internet, or even worse might keep an eye on everything you type, and then report that back to its master, but more likely what you’ll have are the symptoms of scareware or adware: browser windows popping up all over the place with ads to remove the viruses that these companies have supposedly just found on your Mac. Or in rare circumstances a message that you are infected and no other option but to buy software to remove the message. In some cases, these “windows” will look like the real Windows XP, or Windows 7 interface; which is a dead giveaway that there is no real threat, since these are appearing on your Mac.

If your symptoms aren’t so blatant though, there are some other things to keep in mind when trying to determine if you have a virus: Did you recently open an email from a company or person you aren’t all that familiar with? Did you click a link or open an attachment in that email? If you did, then you might have caught something. I’m sure you’ve heard it before, but it always bears repeating: if you don’t know who the email came from, or weren’t expecting it, don’t click or open anything in the email. Delete it.

But, if you don’t recall doing anything like that, and you’re not seeing a bunch of ads displayed in your internet browser or a big warning that you have an “infection”; then you probably don’t have a virus. But if you want to be sure, then by all means, get a Mac antivirus application and run a scan.

Most of the major vendors offer antivirus solutions for the Mac. Probably the best free antivirus solution is ClamXav. Other options are IntegoKasperskyMcAfee, Norton, and Sophos (free).

Now, what to do when you’ve come to the conclusion that it’s probably not a virus? In the case of my friend’s symptoms which included permissions issues creating folders, refusal to sleep, and long shutdown delays, there are a couple of relatively painless things to try:

First off, start with the old reliable “repair permissions” routine: From your Macintosh HD, open Applications > Utilities > Disk Utility.

Once in Disk Utility, on the left side of the window, choose Macintosh HD, then on the right, make sure you have the “First Aid” tab selected, and then click “Repair Disk Permissions”. Depending on your OS and your Mac, it might take anywhere from 5 minutes to a couple hours to check and repair your permissions. Once Disk Utility is done you will see “Permissions repair complete” toward the bottom of the Disk Utility window.

Disk Utility

Repairing permissions using Disk Utility.

Now, here’s the kicker: run it again. Hopefully the second time around you’ll see less “Permission differ on…” and “Repaired…” messages.  You may still see some, but there should be less than the first time.

Okay, next you’ll need to “Repair Disk”. So on the left side of Disk Utility click the top level of your hard drive, which will have the size of your drive as the first thing listed next to the name, like: “250.06 GB FUJITSU MHZ225…”, then on the right side, click the button that says “Repair Disk”.  There is a button to “Verify Disk”, but I just skip right to the “Repair Disk” phase because if you click “Verify Disk” and it does find a problem, then you’re gonna want to run a repair anyway, right? So just kill two birds with one stone and click “Repair Disk”.

Repair Disk

Repairing a disk using Disk Utility.

You’ll see some text go by that starts with, “Verifying and repairing partition map for…” and then lines that say Checking This, Checking That, etc. Once that process is done you’ll see a report at the bottom that hopefully states, “The partition map appears to be OK”. If you see an error message instead, run the repair again. If you still see an error message then you may need to try booting from your system disks, and then run Disk Utility from there. If you have Mac OS X 10.7 “Lion” installed, then you would need to restart and hold down Command-R to boot from the recovery partition. Then run Disk Utility from there and try “Repair Disk” again.

These two steps are the easiest place to start when you have weird things going on with your Mac and no specific error message or reproducible problem to go on. Once you’ve done these, shutdown your Mac and try to start from scratch: Remove any devices you have connected to your Mac (other than your keyboard and mouse) like a printer, scanner, external hard drive, or whatever might be connected to it that didn’t come with it when you pulled it out of its original box. Then turn it back on again and see if any of the problems reoccur.

In the case of my friend who reported that documents sent to his printer were taking a long time to actually print out, I would suggest rebooting the printer and also deleting it and then adding it back to his Mac from “Print & Scan” in System Preferences. To do this, highlight the printer in question, then click the minus sign on the lower left of the “Print & Scan” window.

Once you think your Mac is acting more like normal, you can begin to reconnect your external devices. Preferably you should do this one by one to test to make sure one of the devices isn’t the culprit of any of your problems. But, I know, that can be a time consuming way to do things. Feel free to reconnect everything at once, but be advised that if your problem reappears then you’ll need to disconnect everything again, and then one by one reconnect a device, make sure your Mac seems to act normal for a while, and then continue on with each of your other devices.

If your problems continue there are more involved and complex troubleshooting steps like checking console logs, creating a test user, or reinstalling Mac OS X. I’ll discuss those procedures in a future post.