Ticket Options
Question Details
TICKET ARCHIVE -> Hacktool.underhand
Somerton - May 3, 2005 - 11:59 am
Dear Friends,
It appears that my Mac DV SE running OS 10.2.8 is infected with something called "Hacktool.Underhand." I have recieved Norton Anti-Virus Repair Alerts indicating that Hacktool.Underhand has infected "Swapfile1" and that Norton could not make repairs. Now every so often I will get a blue screen at which time I must reboot my Mac. Also, the kernal panic screen will apear occasionally and, of course, I must reboot.
OK, everything I have been told and have read indicates that Macs don't get viruses and such, however, I seem to have cought something now! I am not a Mac novice, but I have not been able to find a solution for this problem. What to do?
Thank you!
~Somerton
It appears that my Mac DV SE running OS 10.2.8 is infected with something called "Hacktool.Underhand." I have recieved Norton Anti-Virus Repair Alerts indicating that Hacktool.Underhand has infected "Swapfile1" and that Norton could not make repairs. Now every so often I will get a blue screen at which time I must reboot my Mac. Also, the kernal panic screen will apear occasionally and, of course, I must reboot.
OK, everything I have been told and have read indicates that Macs don't get viruses and such, however, I seem to have cought something now! I am not a Mac novice, but I have not been able to find a solution for this problem. What to do?
Thank you!
~Somerton
kainjow - May 3, 2005 - 12:23 pm
I searched Google for "Hacktool.Underhand" and didn't find anything helpful (except for some Japanese web page).
It most likely is something from a PC but I really don't know. What I do know is Norton's software for the Mac isn't good, and Norton's software does and will cause kernel panics.
The next time you do experience a kernel panic, look at the /Library/Logs/panic.log file and it will get some cryptic info about the crash. If you post it somewhere on a forums on back on here we'd be able to help determine the problem (whether it was the Mac itself or Norton's software).
If you have a .Mac account I'd sugest you use the Virex software that comes with that. I'd stay away from Norton's software because it's quite buggy.
Kevin
It most likely is something from a PC but I really don't know. What I do know is Norton's software for the Mac isn't good, and Norton's software does and will cause kernel panics.
The next time you do experience a kernel panic, look at the /Library/Logs/panic.log file and it will get some cryptic info about the crash. If you post it somewhere on a forums on back on here we'd be able to help determine the problem (whether it was the Mac itself or Norton's software).
If you have a .Mac account I'd sugest you use the Virex software that comes with that. I'd stay away from Norton's software because it's quite buggy.
Kevin
Somerton - May 3, 2005 - 2:21 pm
Hi kevin,
as requested, i have included information on my most recent crash. thanks again for looking into this. oh, by the way, where is "swapfile1" and can it be deleted? of further interest, i ran techtool pro 4.0.3 and my problem still didn't get corrected.
~charles owen
date/time: 2005-05-02 18:45:18 -0400
os version: 10.2.8 (build 6r73)
host: localhost
command: windowserver
pid: 187
exception: exc_bad_access (0x0001)
code[0]: 0x0000000acode[1]: 0xb0c49000
thread 0 crashed:
#0 0x937ea9b8 in cgsfillvram8by1
#1 0x9371c938 in cgblt_fillbytes
#2 0x9370f3a8 in cgsdecompressrle32
#3 0x9370e6c0 in decompressdata
#4 0x9374fe54 in cgxbackingstoredecompress
#5 0x937346d0 in cgxwindowtilecacheget
#6 0x936f3390 in cgxredrawdisplay
#7 0x937225d4 in cgxreenableupdate
#8 0x93723bb4 in _cgxreenableupdate
#9 0x9372996c in _xreenableupdate
#10 0x937022ac in cgxservices_server
#11 0x936fbf90 in connectionhandler
#12 0x936f9060 in cgxpostportdata
#13 0x936f80e4 in cgxrunoneserverpass
#14 0x936f8540 in cgxrunoneservicespass
#15 0x93709338 in cgxserverloop
#16 0x93861c1c in cgxserver
#17 0x00002dac in main
#18 0x00002b48 in _start
#19 0x000029c8 in start
thread 1:
#0 0x9003e9a8 in semaphore_wait_signal_trap
#1 0x9003e7c4 in _pthread_cond_wait
#2 0x936f8d94 in cgslocklock
#3 0x93700ec0 in cgxlockserverfunnel
#4 0x9371c250 in eventthread
#5 0x90020c28 in _pthread_body
thread 2:
#0 0x90073ba8 in mach_msg_trap
#1 0x90005ed0 in mach_msg
#2 0xc000569c in __ape_internal
#3 0xc000563c in __ape_internal
#4 0x90020c28 in _pthread_body
ppc thread state:
srr0: 0x937ea9b8 srr1: 0x0000f030 vrsave: 0x00000000
xer: 0x20000000 lr: 0x937ea898 ctr: 0x9370f2ec mq: 0x00000000
r0: 0x0000000f r1: 0xbffeef20 r2: 0x0000007c r3: 0x0000007c
r4: 0x00000001 r5: 0x00000004 r6: 0x00000000 r7: 0xb0c49000
r8: 0x00000000 r9: 0x00000000 r10: 0x00000000 r11: 0x00000001
r12: 0x00000000 r13: 0x00000024 r14: 0x00000001 r15: 0x0004ec30
r16: 0x00000000 r17: 0x001b49e4 r18: 0x00000000 r19: 0x00143720
r20: 0xa36f1ed4 r21: 0xbffef3c8 r22: 0xbffef3c4 r23: 0x00000200
r24: 0x0000001f r25: 0x00000080 r26: 0x00000000 r27: 0x00000000
r28: 0x00000000 r29: 0x00000000 r30: 0xb0c49000 r31: 0x937ea898
**********
date/time: 2005-05-03 10:51:16 -0400
os version: 10.2.8 (build 6r73)
host: charles-owens-computer.local.
command: windowserver
pid: 189
exception: exc_bad_access (0x0001)
code[0]: 0x0000000acode[1]: 0xb0003000
thread 0 crashed:
#0 0x93746b84 in mem_free
#1 0x9373707c in shmem_free
#2 0x93746068 in cgxbackingstorerelease
#3 0x937328ec in _cgxreleasewindow
#4 0x93780098 in _cgxreleaseconnectionwindows
#5 0x9377a480 in processconnectionportdeath
#6 0x93788264 in cgxpostportnotification
#7 0x93788180 in notifyhandler
#8 0x936f9060 in cgxpostportdata
#9 0x936f80e4 in cgxrunoneserverpass
#10 0x936f8540 in cgxrunoneservicespass
#11 0x93709338 in cgxserverloop
#12 0x93861c1c in cgxserver
#13 0x00002dac in main
#14 0x00002b48 in _start
#15 0x000029c8 in start
thread 1:
#0 0x90073ba8 in mach_msg_trap
#1 0x90005ed0 in mach_msg
#2 0x9371c2e4 in eventthread
#3 0x90020c28 in _pthread_body
thread 2:
#0 0x90073ba8 in mach_msg_trap
#1 0x90005ed0 in mach_msg
#2 0xc000569c in __ape_internal
#3 0xc000563c in __ape_internal
#4 0x90020c28 in _pthread_body
ppc thread state:
srr0: 0x93746b84 srr1: 0x0000f030 vrsave: 0x00000000
xer: 0x00000000 lr: 0x93746a04 ctr: 0x90497570 mq: 0x00000000
r0: 0xb0003000 r1: 0xbfff7380 r2: 0x84004280 r3: 0x0004a690
r4: 0xb0004bf0 r5: 0xb0004bf0 r6: 0x00000010 r7: 0x00000010
r8: 0x000e3010 r9: 0x00001c10 r10: 0xb0004be0 r11: 0xb0003000
r12: 0x90497570 r13: 0x00000000 r14: 0x00000000 r15: 0x00000000
r16: 0x00000000 r17: 0x00000000 r18: 0x00000000 r19: 0x00000000
r20: 0x00000000 r21: 0x00000000 r22: 0x00000000 r23: 0x00000000
r24: 0x00000000 r25: 0x0000dd17 r26: 0x00000000 r27: 0xa36f7014
r28: 0xb0004bf0 r29: 0x000e40f0 r30: 0x0004a690 r31: 0x93746a04
as requested, i have included information on my most recent crash. thanks again for looking into this. oh, by the way, where is "swapfile1" and can it be deleted? of further interest, i ran techtool pro 4.0.3 and my problem still didn't get corrected.
~charles owen
date/time: 2005-05-02 18:45:18 -0400
os version: 10.2.8 (build 6r73)
host: localhost
command: windowserver
pid: 187
exception: exc_bad_access (0x0001)
code[0]: 0x0000000acode[1]: 0xb0c49000
thread 0 crashed:
#0 0x937ea9b8 in cgsfillvram8by1
#1 0x9371c938 in cgblt_fillbytes
#2 0x9370f3a8 in cgsdecompressrle32
#3 0x9370e6c0 in decompressdata
#4 0x9374fe54 in cgxbackingstoredecompress
#5 0x937346d0 in cgxwindowtilecacheget
#6 0x936f3390 in cgxredrawdisplay
#7 0x937225d4 in cgxreenableupdate
#8 0x93723bb4 in _cgxreenableupdate
#9 0x9372996c in _xreenableupdate
#10 0x937022ac in cgxservices_server
#11 0x936fbf90 in connectionhandler
#12 0x936f9060 in cgxpostportdata
#13 0x936f80e4 in cgxrunoneserverpass
#14 0x936f8540 in cgxrunoneservicespass
#15 0x93709338 in cgxserverloop
#16 0x93861c1c in cgxserver
#17 0x00002dac in main
#18 0x00002b48 in _start
#19 0x000029c8 in start
thread 1:
#0 0x9003e9a8 in semaphore_wait_signal_trap
#1 0x9003e7c4 in _pthread_cond_wait
#2 0x936f8d94 in cgslocklock
#3 0x93700ec0 in cgxlockserverfunnel
#4 0x9371c250 in eventthread
#5 0x90020c28 in _pthread_body
thread 2:
#0 0x90073ba8 in mach_msg_trap
#1 0x90005ed0 in mach_msg
#2 0xc000569c in __ape_internal
#3 0xc000563c in __ape_internal
#4 0x90020c28 in _pthread_body
ppc thread state:
srr0: 0x937ea9b8 srr1: 0x0000f030 vrsave: 0x00000000
xer: 0x20000000 lr: 0x937ea898 ctr: 0x9370f2ec mq: 0x00000000
r0: 0x0000000f r1: 0xbffeef20 r2: 0x0000007c r3: 0x0000007c
r4: 0x00000001 r5: 0x00000004 r6: 0x00000000 r7: 0xb0c49000
r8: 0x00000000 r9: 0x00000000 r10: 0x00000000 r11: 0x00000001
r12: 0x00000000 r13: 0x00000024 r14: 0x00000001 r15: 0x0004ec30
r16: 0x00000000 r17: 0x001b49e4 r18: 0x00000000 r19: 0x00143720
r20: 0xa36f1ed4 r21: 0xbffef3c8 r22: 0xbffef3c4 r23: 0x00000200
r24: 0x0000001f r25: 0x00000080 r26: 0x00000000 r27: 0x00000000
r28: 0x00000000 r29: 0x00000000 r30: 0xb0c49000 r31: 0x937ea898
**********
date/time: 2005-05-03 10:51:16 -0400
os version: 10.2.8 (build 6r73)
host: charles-owens-computer.local.
command: windowserver
pid: 189
exception: exc_bad_access (0x0001)
code[0]: 0x0000000acode[1]: 0xb0003000
thread 0 crashed:
#0 0x93746b84 in mem_free
#1 0x9373707c in shmem_free
#2 0x93746068 in cgxbackingstorerelease
#3 0x937328ec in _cgxreleasewindow
#4 0x93780098 in _cgxreleaseconnectionwindows
#5 0x9377a480 in processconnectionportdeath
#6 0x93788264 in cgxpostportnotification
#7 0x93788180 in notifyhandler
#8 0x936f9060 in cgxpostportdata
#9 0x936f80e4 in cgxrunoneserverpass
#10 0x936f8540 in cgxrunoneservicespass
#11 0x93709338 in cgxserverloop
#12 0x93861c1c in cgxserver
#13 0x00002dac in main
#14 0x00002b48 in _start
#15 0x000029c8 in start
thread 1:
#0 0x90073ba8 in mach_msg_trap
#1 0x90005ed0 in mach_msg
#2 0x9371c2e4 in eventthread
#3 0x90020c28 in _pthread_body
thread 2:
#0 0x90073ba8 in mach_msg_trap
#1 0x90005ed0 in mach_msg
#2 0xc000569c in __ape_internal
#3 0xc000563c in __ape_internal
#4 0x90020c28 in _pthread_body
ppc thread state:
srr0: 0x93746b84 srr1: 0x0000f030 vrsave: 0x00000000
xer: 0x00000000 lr: 0x93746a04 ctr: 0x90497570 mq: 0x00000000
r0: 0xb0003000 r1: 0xbfff7380 r2: 0x84004280 r3: 0x0004a690
r4: 0xb0004bf0 r5: 0xb0004bf0 r6: 0x00000010 r7: 0x00000010
r8: 0x000e3010 r9: 0x00001c10 r10: 0xb0004be0 r11: 0xb0003000
r12: 0x90497570 r13: 0x00000000 r14: 0x00000000 r15: 0x00000000
r16: 0x00000000 r17: 0x00000000 r18: 0x00000000 r19: 0x00000000
r20: 0x00000000 r21: 0x00000000 r22: 0x00000000 r23: 0x00000000
r24: 0x00000000 r25: 0x0000dd17 r26: 0x00000000 r27: 0xa36f7014
r28: 0xb0004bf0 r29: 0x000e40f0 r30: 0x0004a690 r31: 0x93746a04
kainjow - May 3, 2005 - 4:12 pm
How often do you get the kernel panics? Do you have any third-party hardware connected to your computer? If so, try disconnecting them all and run your computer for a few days and see if it still gives you kernel panics.
Any extra third-party haxies or non-Apple interface enhancements installed recently?
If we aren't able to solve the problem, you're best bet is to do an Archive and Install from the 10.2 CD that came with your computer (or that you bought).
Kevin
Any extra third-party haxies or non-Apple interface enhancements installed recently?
If we aren't able to solve the problem, you're best bet is to do an Archive and Install from the 10.2 CD that came with your computer (or that you bought).
Kevin
Somerton - May 6, 2005 - 11:41 am
Kevin,
As it turns out, the kernel panics, etc. were caused by a bad software update from Norton Anti-Virus. I read yesterday that Norton produced a new update that resolved the Hacktool.Underhand problem. I can't say for sure if it could have solved the problem because I removed all Norton software from my computer. Once I did that, everything went back to normal.
Of interest, there is now an explosion of google references to Hacktool.Underhand. Check it out!
Thanks for your all your help.
~C.O.
As it turns out, the kernel panics, etc. were caused by a bad software update from Norton Anti-Virus. I read yesterday that Norton produced a new update that resolved the Hacktool.Underhand problem. I can't say for sure if it could have solved the problem because I removed all Norton software from my computer. Once I did that, everything went back to normal.
Of interest, there is now an explosion of google references to Hacktool.Underhand. Check it out!
Thanks for your all your help.
~C.O.
kainjow - May 6, 2005 - 11:59 am
Whoa, there is a lot more info about it now 
I'm glad you got your Mac working fine again!
Kevin
I'm glad you got your Mac working fine again!
Kevin
IF THIS IS YOUR QUESTION AND YOU WISH TO RESPOND, LOGIN HERE FIRST.
