Click on that screenshot. Go ahead. It won’t bite. In case you’re not brave enough, it’s a Yahoo search of gibberish in Safari. Which opened by itself on my beloved iMac with no input from me.
Now click on this next one. That’s a new email message filled with gibberish in the body. Mail opened all by itself and created this beauty all by itself without my input.
And these weren’t one-time events. I saw several new email messages create themselves and random Google and Yahoo searches execute – all without any input from me whatsoever – for several days in a row in late January. What the hell was causing this? I was not taking any prescription meds or recreational drugs that would cause such hallucinations. And Macs don’t get viruses, right? Or had I somehow found a brand new one all by my little self?
Though Mac viruses are very rare, I researched the possibility high and low anyway and found nothing about a new virus or malware that exhibited this type of behavior. Despite this, I downloaded Virus Barrier Express from the Mac App Store and ran what felt like at least 835 scans in a row, which yielded nothing aside from worms in spam email attachments (which I had not opened). I also tried ClamXav, which found more or less the same thing.
I went through my Applications folder several times to see if I’d downloaded an obvious app that could be doing this, like that MacDefender virus, with no luck. I left Activity Monitor open all the time to keep an eye on active processes and pored through Console logs several times a day and found only one hint: whatever it was, I had authorized it since everything I saw indicated that Safari and Mail were opening legitimately under my admin-level user account.
I had a strong suspicion about what had caused it and I was pretty sure I had done something stupid and brought this all on myself. See, I had had an old iPhone 4 to get rid of and I had wanted to update it to iOS 5.0.1 and unlock it to get top dollar for it through Craigslist. So I was busy downloading the latest jailbreaking tools for it one Saturday and I remember a very specific point when I clicked on something I shouldn’t have when downloading RedSn0w from one of those janky download sites. And when I installed RedSn0w, I had to enter my admin password.
Yeah. All my fault.
I cursed myself seven ways from Sunday for that. Why couldn’t I have just made do with Pwnage, which I got from what I knew was a legit source? But, no, I had to get all fancy and try out RedSn0w. And this is what it got me.
I deleted RedSn0w and all the jailbreaking tools I’d downloaded, as well as their plist files and anything else that looked remotely related. But the symptoms continued, to my utter dismay and confusion.
Beyond searching and troubleshooting on my own, I asked a few people who are very knowledgeable about Macs but my problem stumped them. I racked my brain over and over again for ways to find and eliminate the source of the problem but came up empty each time.
I was concerned that there were nastier things going on behind the scenes and that any personal information I’d entered while the virus/malware/whatever was active could have been compromised and my next drastic step was to simply wipe the hard drive and do a clean install of Mac OS X Lion and start from scratch.
I was so not looking forward to doing that.
But before I did that, I tried a few more searches and went back to a page with Mac virus and malware information written by Thomas Reed and decided on a whim to reach out to him and see if he might have any advice. I wrote him a long-winded email filled with as much detail as possible ––and laced with a heavy dose of desperation–– to provide as much information for him to diagnose the problem, if he could. And he wrote back in less than 10 minutes with his thoughts along with one incredibly useful line:
The problem is that you’ve got Dragon dictation software installed.
He was right. I *did* have a Dragon dictation app installed. A Google search with this news led me to other accounts of people experiencing the same exact thing with some version of Dragon dictation software on their Macs:
The fact that these people were also worried that these symptoms indicated the presence of a virus or malware made me feel a little less silly.
I had installed the Dragon Express Mac app a few weeks ago to try it out and possibly review it for work. Apparently, it has some sort of bug that will randomly activate the microphone and generate a new email or web search all by itself.
I quit the app, which had always been running in the background, and the problem disappeared completely. Halleleujah! It wasn’t a virus or malware, just a rogue app doing weird sh*t for no apparent reason. I didn’t need to zero out my hard drive, reinstall Lion and start over from scratch, a process that would have taken me countless hours to get my iMac back to the way I need it. Yay!
In case you’re wondering, I haven’t opened Dragon Express on any of my Macs since. Even though I know it’s not a malicious app, I’m still bitter about the whole experience. In thinking it was a virus or malware, I’d actually felt a little violated. My iMac is my main machine that I use every single day for my job and personal stuff and the thought of it being compromised made me heartsick.
I haven’t yet reported this problem officially to Nuance but I will do so soon (along with a reference this blog post so they can experience the full brunt of the frustration and anxiety I’d felt because of it). If there are any other Dragon Express users who have been experiencing the same thing, please post a comment here so Nuance and others who might be in the same boat can see it.
[frame]I’m back to using my iMac without any problems at all. I admit that my Mac geek pride took quite a hit when this happened. I’m supposed to know all about Macs and be able to fix problems like this by myself, right? And I’m supposed to be smart enough to avoid issues like this to begin with. Oh well. Live and learn and all that. I just hope that my experience here, no matter how embarrassing it is for me to describe, helps save someone else a little anguish.[/frame]