About: TDL4 / Popureb Infection

Similar Questions

• Stubborn virus

  

  I have often heard that Mac don't get viruses. I'm not sure that's always true. I have a few days get anti-virus software installed on my MAC and for the last warnings about this "virus infection" being blocked. I did a scan and 9 infections have been detected (infections have a ' tr.) Infections have been moved to the chest of midlife and I deleted them. However, today, as soon as I booted my MAC again, I kept getting the virus warnings again.

  Could someone here please shed some light on this for me, what it could be and what can I do about it?

  Thank you!

  You do not have a virus... No Mac OS x has been infected by a virus documented. Malware, sometimes if you visit weird sites or downloads from unknown sources.

  First of all, get rid of the A / v software Most of these stuff disrupts - to varying degrees - Mac. After Uninstall that junk food, I would like to reinstall OS X from your recovery disk.

  Barry

• How to remove a computer from my working group under XP and Windows 7?

  We have recently implemented a network composed of our three computers (2 XP) Home Office and 1 Windows 7 to share files and printers.

  However, we found its malfunction and could not share what we expect.  One of the reasons, we can see it, could be one of the computers have been infected.

  So, we try to remove this computer from the working group.

  However, no matter how hard I searched on Internet, there is no way to remove the infected computer's existing working group.

  There that experts can help us?

  Thank you very much!

  Hello

  You cannot remove a computer from a working group, but you can change the name of the working group.

  http://support.Microsoft.com/kb/295017

  http://www.SevenForums.com/tutorials/51711-workgroup-name-view-change.html

  But that will not necessarily mean that they are not accessible by other computers on the network, or it will necessarily make the other less likely to be infected through this PC computers.

  The only way to "withdrawal" of a computer on a network is to unplug the network cable or remove the name of the wireless network.

  If you are concerned about a possible infection, you must get the malware to day and scan for malware protection.

  However, I suspect it's more likley your problems are caused by the lack of knowledge in the topic network different Windows operating system. This can help...

  http://Windows.Microsoft.com/en-us/Windows7/networking-home-computers-running-different-versions-of-Windows

  If you are having specific problems post back with details and someone will almost certainly try to help.

  Tricky

• Security tool

  About security tool infection - if you have a dual-boot computer you can simply start the infected partition on the unaffected system and scan with malwarebytes to get rid of him?

  Who would not be able to completely remove the infections.  It might be able to delete infected files, but it would not be able to clean the Windows registry of the infected system. Boulder computer Maven
  Most Microsoft Valuable Professional

• Impossible to get rid of 6 virus on computer

  I recently had the System Tool 2011 virus on my computer (even if I has not clicked any thing and immediately turned off my computer!)  I did a system restore to about a month ago hoping that would do the trick.  However, the malware has been always on my computer in addition to several other problems and a score of other viruses.  I installed malwarebytes and it detected about 60 files infected on my computer.  He was able to get rid of most of them, with the exception of 6.  They look great, as some of them are apparently influential on the registry.  Also, I am now unable to do a system restore, or get into the regedit or Group Policy Editor.  My windows Security Center has also been disabled.  I have to be logged on as another account because my admin account is one that is so infected my computer turns off almost immediately when I logged in this sense.  My admin account not another user account blocked - this is how I could do a restore system from this account earlier.  But for some reason, now he has blocked me do several things such as the ones I mentioned above.  I have the current microsoft essentials security running with windows defender and neither one picking up the virus.  I tried to download the 64 bit version of the windows malicious software removal software, but as soon as I start to try to run it I get an error message that says file not valid/damaged (something in this sense...)  Here is the log report after that I did a Malwarebyte s with the 6 remaining virus scan:

  Malwarebytes' Anti-Malware 1.50.1.1100
  www.Malwarebytes.org

  Database version: 5400

  Windows 6.0.6002 Service Pack 2
  Internet Explorer 7.0.6002.18005

  2010-12-27 10:50:41
  MBAM-log-2010-12-27 (10-50-41) .txt

  Scan type: quick scan
  Objects scanned: 132280
  Time elapsed: 2 minute (s), 30 second (s)

  Memory processes infected: 0
  Memory Modules infected: 0
  Registry keys infected: 0
  Registry infected: 3
  The infected registry data: 1
  Folders infected: 0
  Files infected: 2

  Process memory infected:
  (No malicious items detected)

  Memory infected:
  (No malicious items detected)

  Infected registry keys:
  (No malicious items detected)

  The registry is infected:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ {B1BA20C1-A503-59BD-F412-03B53A2C8951} (Trojan.Ertfor)-> value: {B1BA20C1-A503-59BD-F412-03B53A2C8951}-> delete on reboot.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ {B1BA20C1-A503-59BD-F412-03B53A2C8951} (Trojan.Ertfor)-> value: {B1BA20C1-A503-59BD-F412-03B53A2C8951}-> delete on reboot.
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions)-> value: NoFolderOptions-> delete on reboot.

  Infected registry data items:
  HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM. Hijack.Regedit)-> Bad: (1) Good: (0)-> delete on reboot.

  Infected files:
  (No malicious items detected)

  Infected files:
  c:\Windows\System32\iexplore.sy_ (Malware.Trace)-> quarantined and deleted successfully.
  c:\Windows\SysWOW64\iexplore.sy_ (Malware.Trace)-> quarantined and deleted successfully.

  Any assistance is much appreciated!  Thank you

  Do a clean install of Vista or follow the procedure described here to regain control of the system so that the malware can be removed -Remove System Tool MowGreen Expert of Windows IT Pro - consumer safety

• Network access protection

  I received a call from a person with a very strong accent saying he worked for Microsoft and telling me my PC necessary updates up-to-date, because NAP has been turned off.  He wanted me to type eventvwr in the run, then click Enter.  I stopped there and told him it was a scam and he quickly hung up.

  My question is, should I have it?  Is it possible to see if the malware is on my pc?

  My PC is a pc at home on my own network.  It is not connected to the job or something like that.  I run windows 7 and have Avast first 2015 as my anti-virus.

  I remember a few weeks there is a message that I couldn't close that said to call for an urgent update microsoft and he had a number.  I ended up restarting my pc.  Once in a while when I'm on the internet, I see another open window and contains ads that I know that I did not open.

  Thank you, Manny B

  Friday, November 6, 2015 18:09:42 + 0000, MBar1958 wrote:

  I received a call from a person with a very strong accent saying he worked for Microsoft and telling me my PC necessary updates up-to-date, because NAP has been turned off.  He wanted me to type eventvwr in the run, then click Enter.  I stopped there and told him it was a scam and he quickly hung up.

  My question is, should I have it?  Is it possible to see if the malware is on my pc?

  See other responses, you got and let me add the following:

  There is no particular reason to worry about the malware infection
  as a result of his appeal. You can completely ignore all the
  Crook said.

  However, it is always prudent to check for malware
  infection. You should do this with two programs, antivirus (such as
  Avast. that you are already running) and an anti-spyware program.
  as the free MalwareBytes AntiMalware.

• How to delete files in the folder of information system volume on replacement disks?

  How can I delete files that were up on another system (XP), after that I inserted the disc into my new Win 7 system.  The files seem to be impossible to remove.  This is not a progress :)  What can I do to remove these files?  They take a significant amount of space, and I want to be able to put what I want on these drives.  What I have to get out my old XP discs just to do this?  Please tell me I don't have to (: I remember to clean my machine win 98 with the commmands BACK a file and directory at a time.)  I hope were not there...

  rfitzpa877

  , This does not resolve the (ARRRG!) system volume information files, but their size is reduced to nothing...  If someone does not know how to remove these files, I would like to know how.  I formatted one of the disks and apparently not one of these folders have yet.  In fact, I bluff on that partition and formatted & that seems to have managed to get rid of these pesky files on this drive.  Am I the only one who thinks I should have control over my own system?  What is the point of having administrator rights?  Maybe it's time we give administrator rights.  I am not at all impressed by it.  From the looks of the number of points of view on this thread, I'm not the only one with this problem.  If I want to disable the protection and to get rid of the files, why I can't?

  You just started to fall on this real guilty about "kits of infected roots.  Lets imagine that a crime is committed in a House.  who is instantly a suspect?  for example, wife disappears > husband is the first to be questioned.

  In the case of a MS OS Microsoft has really strengthened WAY out of bounds. For half a year that I traced the issue to them anyone who or what that monitor my progress erased my data and sent me to a goose chase 6 months have no opportunity to even connect online for days or weeks I was left down my school because I was not able to turn on a computer to write an assignment or a test with any reliability.
  Who got this abuse power?  They think we did by agreeing to there life private terms or agreeing to use icons 'newer and better '.  They rely solely on the low bar of duty of good faith to steal data, record and claim it as their webcam or any ones and zeros, they feel that theirs with an omniscient power of Microsoft update.  Why is Microsoft blameless when a blue screens after a system command to reboot to make effective change OS
  ? Read the comments around KB976902 and the "fix" KB25533552.  They have simply to virtualize all XP sp3 or later PC.  Using video to measure the ability of the PC performance and disk space querying Microsoft then begins to do what they darn well for as long as they wanted regardless of evil as being spent in graduate school.
  This virtual virus haunts me, but he gave up because I happened to scan hundreds of pages of documents trying to burn DVDs or whatever it is to preserve the legal evidence (paralegals).
  I had scanned drive my license to and many other pages that I think someone out there shows some mercy, at least for a little while.  Behaviour cruel and unusual of sadistic implementation of the 'virtual' virus left me broke and homeless.
  Be aware, WBEM, Panther, winsxs and scoring system they say is in our interest or as these naïve technicians say blindly which is just one possible use of the 'virtual' Virus  Visual Basic and root or environment variables allows them to alter the remote registry or to set a timer to attack even when unplugged on the net.  They have no interest in the individual retail customer or small business owner.   Whenever you read "recommended", it is recommended to allow them to invade and infect their own way.
  What virtual "features" are active I really don't know, when there is literally no control over any aspect of the PC.  They could using Adobe Flash network of peer-to-peer "characteristic" of the network or activate Bluetooth to create a network almost undetectable, replacement of NICs with NDIS based pilots allows them to use USB drivers to emulate any hardware driver, even turn off the LEDS of different.  Only because of the vibration of a drive external hard started to peel the onion.
  I can bet my next "update" will be what I call and copyright 'virtual Virus '.
  It is my opinion based on my experience real and even documenting months and months of troubleshooting the data I recorded full time has of course changed or deleted.   These facts showed me that Microsoft et al. will do anything even my personal destruction for nothing more than try to get control of my own personal private property.
  By diligent and hundreds of thousands of hours, I am convinced all my personal files are monitored without legal or judicial supervision.
  So yes, deleting these files is not only the best of the options, it leaves the possibility of attacking or anything be it launch at will and, therefore, it IS THE ONLY OPTION.
  Hidden in the desktop.ini, fonts and all files are really seeds of the worst violations of privacy, not yet imagined by most computer experts or instructions.  Our worst enemy is so once more one inside not the perception of the public of the hacker tracking.
  I submit, piracy of Microsoft operating systems is now a 2nd Amendment RIGHT because they used their OS as a weapon as damaging as any gun could be data that they killed.
  By doing so and by my expert opinion and the notation of the inalienable right of the privacy of the citizens of CA. Microsoft has eliminated any claim of a right to valid author or license because they use EULA another company in they create and manage folders.
  The 'virtual' Virus is clever that, as long as it is insidious.  If they deny then I ask the State of the art and my invention.  I can then request the return in court.  My remedy supposed today
  ?  I am only allowed the cost of the operating system regardless of the magnitude of the fraud and damage that they did to me
  It is clearly stated in the EULA that they believe is valid.
  Until one day I hope to be able to have my day in court before a jury educated I'm destined to become outcast among our society.
  What a difference a year and this little compassion to tears shed my life dissolves around me.
  My confidence they would eventually do the right thing has turned out to be my worst enemy
  .
  Virtual virus alien.

• I think that my hard drive has been infected by a virus, I don't understand. he refuses to install programs as basic as the Adobe reader, something about the missing keys or that i do not have permission. Help, please

  whenever I try to install a program, a program of games even it is said of the missing security keys (in a way he described the characters in them, a short letter) or sometimes says that I don't have permission to make these changes.

  Hello

  1. What is the exact error message?

  2 have you made any changes to the computer, before the show?

  Method 1:

  Run this fixit and check.

  Solve problems with programs that cannot be installed or uninstalled

  Method 2:

  I suggest you to run a virus scan and check.

  http://www.Microsoft.com/security/scanner/en-us/default.aspx

  Note: The Microsoft Safety Scanner ends 10 days after being downloaded. To restart a scan with the latest definitions of anti-malware, download and run the Microsoft Safety Scanner again.

  Note: All data that are infected can only be cleaned by deletion, which means that there is a risk of data loss.

• Notification that my computer is infected and locked by Apple.

  I receive the following notification Popup from Apple: I don't know if it of really Apple or not - could someone please let me know if it's a scam?

  The following Web page appears icloud-webserver - 6.online / and he says:

  Your computer is infected with adware or malware, which allows you to see this popup.

  This can happen because of the obsolete virus protections.

  To fix, please call Apple Support to 1-800-982-1346 immediately. Please ensure that you do not restart your computer to avoid any data loss.

  Possibility of data & identity theft, if not fixed immediately.

  YOUR APPLE COMPUTER HAS BEEN LOCKED *.

  Your computer is infected with adware or malware, which allows you to see this popup.

  This can happen because of the obsolete virus protections.

  To fix, please call Apple Support to 1-800-982-1346 immediately. Please ensure that you do not restart your computer to avoid any data loss.

  Possibility of data & identity theft, if not fixed immediately.

  YOUR APPLE COMPUTER HAS BEEN BLOCKED *.

  YOUR APPLE COMPUTER HAS BEEN LOCKED!

  System was infected due to an unexpected error!

  Please contact Apple 1-800-982-1346 immediately!

  unlock your computer.

  Detected suspicious activity. Your browser might have been hijacked or hacked.

  ANONYMOUS ACTIVITY

  Private and financial data is at RISK:

  . Your credit card and banking information

  . Your passwords of e-mail and other passwords

  . Your Facebook, Skype, AIM, ICQ and other chat logs

  . Your private and family photos and other sensitive files

  . Your webcam can be accessed remotely by stalkers

  CALL IMMEDIATELY THE APPLE TO 1-800-982-1346 SUPPORT

  MORE INFO ABOUT THIS INFECTION:

  See these pop up means you might have a virus on your computer that puts the security of your personal data at risk serious.

  It is strongly recommended that you call the above number and get your computer inspected before you continue to use your connection internet, especially for shopping or banking.

  Call immediately.

  Contact Apple support to (1-800-982-1346)

  < link published by host >

  It is a scam, do not respond to this

• For about seven months I have pop ups and tabs for the opening of their own, ask me questions and show me what I'm asking to be included.

  For about seven months now (as of June 2013) I have pop ups ask me a question private while hiding themselves, according to the results of my browsing. They are sometimes streaming 'news' and other stuff that I didn't ask for. It can also be tabs and not pop ups, which do the same thing. First I thought it was nice of 'infection', but all my screenings failed to detect anything by responding that my computer is clean. I have considered changing the browser, but my computer is low and lightweight browser, differently from one of Microsoft. So now I close just these things as quickly as possible. But, sometimes, when I walk, it shows all "movies" to anyone, while that losing my resources and quotas.

  I wonder if it is possible to get rid of this stuff. Is - this infection or part of the drawing or model? And where there is an "infection", is someone interested in studying in order to protect your browser against similar attacks in the future?

  Your "more details of the system" does not include any information about your extensions, but one who might be responsible.

  Could check you extensions not recognized on the page modules. Either:

  • CTRL + SHIFT + a
  • Firefox orange (or the Tools menu) button > Add ons

  In the left column, click Extensions. Then, in case of doubt that something is valid and useful, turn it off.

  Typically, a link will appear above at least an extension disabled to restart Firefox. You can complete your work on the tab and click one of the links in the last step.

  Did that change the behavior of Firefox?

• My request for Firefox that I use on my desktop computer - Apple Mac is infected affirmatively - what is called intelligent shopperhow that I get rid of this virus?

  I got what I thought, it was a real request to answer a survey Firefox on its service, and as I am very happy with Firefox that I wanted to communicate that fact. I soon relised however that despite the appearance authentic logos etc., I had been duped. Now everything I do seems to be infected by the present. Documents and publications on workplace are littered an icon of circular shape with an arrow to break the circle about two hours. When the cursor is placed over this, you will get a text box offer jobs and contact sites etc.

  Your help would be appreciated.

  Hello

  The reset Firefox feature can solve a lot of problems in restaurant Firefox to its factory default condition while saving your vital information.
  
  Note: This will make you lose all the Extensions and preferences.

  • Sites Web open is not recorded in less than 25 versions of Firefox.

  To reset Firefox, perform the following steps:

  1. Go to Firefox > help > troubleshooting information.
  2. Click on the button 'Reset Firefox'.
  3. Firefox will close and reset. After Firefox is finished, it will display a window with the imported information. Click Finish.
  4. Firefox opens with all the default settings applied.

  Information can be found in the article Firefox Refresh - reset the settings and Add-ons .

  This solve your problems? Please report to us!

  Thank you.

• If I am infected with malware?

  Hello!

  This is my first post in the forum, but I followed the discussions since I got my MacBook and the community is very useful.

  I decided to create this post to ask the experts of the view.

  I received a phone call from the network admin at my University saying that I (and a few other students) have been infected by trojan Zeus and he attacked the University network. I found very doubtful after doing a quick search on this Trojan horse and did not find any relationship of Zeus with OSX. Yet, it made me a bit paranoid so I keep changing my passwords and began to scan the system in order to find if there is some malware.

  One thing that is important to mention at this point, I sometimes use a machine virtual Windows 7 (Parallels Desktop) which is only used to interact with the instrumentation in the laboratory of the University. The virtual machine has a WiFi connection shared from OSX and to access the files, the folders shared. The virtual machine has only Microsoft Security Essentials 'antivirus' installed. And I don't remember installing any new software on the virtual Windows machine since the start of the alleged "attacks".

  So I unplugged my Mac from Internet, disabled sharing records of VM with OSX and began to analyze the Windows VM using different software and following the instructions on this website: https://malwaretips.com/blogs/zeus-trojan-virus/ , nothing has been detected.

  I proceeded to analyze OSX using MalwareBytes and even installed Kaspersky Internet Security to give it a try. Done a few scans and still nothing.

  I did a scan with EltreCheck and read the report. I've removed some of the plugins that I was not using more, since this installation of Mac OS x is always updated from Lion.

  This is the report of EltreCheck at the moment:

  EtreCheck version: 2.9.12 (265)

  Report generated 2016-05-18 12:07:22

  Download EtreCheck from https://etrecheck.com

  Time 01:47

  Performance: Excellent

  Click the [Support] links to help with non-Apple products.

  Click [details] for more information on this line.

  Problem: Another problem

  Hardware Information: ⓘ

  MacBook Pro (15 inch, early 2011)

  [Data sheet] - [User Guide] - [warranty & Service]

  MacBook Pro - model: MacBookPro8, 2

  1 2 GHz Intel Core i7 CPU: 4 strands

  8 GB of RAM expandable - [Instructions]

  BANK 0/DIMM0

  OK 4 GB DDR3 1333 MHz

  BANK 1/DIMM0

  OK 4 GB DDR3 1333 MHz

  Bluetooth: Old - transfer/Airdrop2 not supported

  Wireless: en1: 802.11 a/b/g/n

  Battery: Health = Normal - Cycle count = 931

  Video information: ⓘ

  Intel HD Graphics 3000

  Color LCD 1440 x 900

  AMD Radeon HD 6490M - VRAM: 256 MB

  Software: ⓘ

  OS X El Capitan 10.11.4 (15E65) - since the start time: about an hour

  Disc information: ⓘ

  TOSHIBA THNSNH128GBST disk0: (128,04 GB) (Solid State - TRIM: Yes)

  EFI (disk0s1) < not mounted >: 210 MB

  Recovery HD (disk0s3) < not mounted > [recovery]: 650 MB

  Macintosh HD (disk 1) /: 126,80 go-go (32,74 free)

  Storage of carrots: disk0s2 127,18 GB Online

  TOSHIBA MK5065GSXF disk2: (500,11 GB) (rotation)

  EFI (disk2s1) < not mounted >: 210 MB

  DATA (disk2s2) / Volumes/DATA: GB 499,76 (15,47 GB) free

  USB information: ⓘ

  Computer, Inc. Apple IR receiver.

  Apple Inc. FaceTime HD camera (built-in)

  Apple Inc. Apple keyboard / Trackpad

  Apple Inc. BRCM2070 hub.

  Apple Inc. Bluetooth USB host controller.

  Lightning information: ⓘ

  Apple Inc. Thunderbolt_bus.

  Configuration files: ⓘ

  / etc/hosts - number: 2

  Guardian: ⓘ

  Any where

  Kernel extensions: ⓘ

  / Applications/Parallels Desktop.app

  com.parallels.kext.hypervisor [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

  com.parallels.kext.NetBridge [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

  com.parallels.kext.usbconnect [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

  com.parallels.kext.vnic [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

  / Applications/Radio Silence.app

  [loading] com.radiosilenceapp.nke.filter (2.0 - SDK 10.11 - 2016-05-07) [Support]

  / Library/Extensions

  [loading] com.kaspersky.kext.klif (3.4.0a25 - 2016-05-17) [Support]

  [loading] com.kaspersky.nke (2.1.0 - 2016-05-17) [Support]

  org.cindori.TrimEnabler [no charge] (1.0 - SDK 10.10 - 2016-05-17) [Support]

  Startup items: ⓘ

  TuxeraNTFSUnmountHelper: Path: / Library/StartupItems/TuxeraNTFSUnmountHelper

  Startup items are obsolete in OS X Yosemite

  Launch system officers: ⓘ

  [loaded] 8 tasks Apple

  [loading] 160 tasks Apple

  [operation] 70 tasks Apple

  Launch system demons: ⓘ

  [loaded] 45 tasks Apple

  [loading] 159 tasks Apple

  [operation] 85 tasks Apple

  Launch officers: ⓘ

  [no charge] com.adobe.AAM.Updater - 1.0.plist (2015-06-30) [Support]

  [operation] com.brother.LOGINserver.plist (2015-03-12) [Support]

  [loading] com.google.keystone.agent.plist (2016-03-03) [Support]

  com.maintain.PurgeInactiveMemory.plist [no charge] (2014-11-15) [Support]

  com.maintain.Restart.plist [no charge] (2014-11-15) [Support]

  com.maintain.ShutDown.plist [no charge] (2014-11-15) [Support]

  [operation] com.maintain.SystemEvents.plist (2014-11-15) [Support]

  [loading] com.oracle.java.Java - Updater.plist (2014-11-06) [Support]

  [loading] com.radiosilenceapp.agent.plist (2016-04-17) [Support]

  [operation] com.rosettastone.rosettastonedaemon.plist (2015-06-05) [Support]

  [loading] org.macosforge.xquartz.startx.plist (2015-10-16) [Support]

  Launch demons: ⓘ

  [failure] com.adobe.fpsaud.plist (2016-04-16) [Support]

  [loading] com.google.keystone.daemon.plist (2016-03-03) [Support]

  com.maintain.HideSpotlightMenuBarIcon.plist [no charge] (2014-11-15) [Support]

  [loading] com.malwarebytes.MBAMHelperTool.plist (2016-01-18) [Support]

  [loading] com.microsoft.autoupdate.helpertool.plist (2015-10-15) [Support]

  [loading] com.microsoft.office.licensingV2.helper.plist (2015-08-15) [Support]

  [loading] com.oracle.java.Helper - Tool.plist (2014-11-06) [Support]

  [loading] com.radiosilenceapp.nke.plist (2016-04-17) [Support]

  [loading] com.wdc.WDPrivilegedHelper.plist (2015-08-23) [Support]

  [loading] org.cindori.TEAuth.plist (2015-08-11) [Support]

  [loading] org.macosforge.xquartz.privileged_startx.plist (2015-10-16) [Support]

  User launch officers: ⓘ

  [loading] com.bittorrent.uTorrent.plist (2016-02-23) [Support]

  [operation] com.spotify.webhelper.plist (2016-05-14) [Support]

  Items in user login: ⓘ

  Application of flow (~ / Applications/Flux.app)

  Fan of Macs control application (/ Applications/Mac Fan Control.app)

  gfxCardStatus Application (/ Applications/gfxCardStatus.app)

  iTunesHelper Application (/ Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

  Application of caffeine (/ Applications/Caffeine.app)

  Plane 2 Application (/ Applications/airmail service of 2.app)

  BetterTouchTool Application (/ Applications/BetterTouchTool.app)

  Other applications: ⓘ

  com.batteryProject.FruitJuiceHelper [loading]

  [ongoing] com.batteryProject.FruitJuiceMAS.112992

  [ongoing] com.brother.utility.NETserver.99552

  [ongoing] com.brother.utility.USBserver.99232

  [ongoing] com.codykrieger.gfxCardStatus.98912

  [ongoing] com.crystalidea.MacsFanControl.51872

  [ongoing] com.etresoft.EtreCheck.147232

  [ongoing] com.hegenberg.BTTRelaunch.178592

  [ongoing] com.hegenberg.BetterTouchTool.153632

  [ongoing] com.lightheadsw.caffeine.47072

  [ongoing] com.mendeley.desktop.53472

  [ongoing] com.radiosilenceapp.client.256672

  [ongoing] it.Bloop.airmail2.105632

  [ongoing] org.herf.Flux.85152

  [loading] 412 tasks Apple

  [operation] 194 tasks Apple

  Plug-ins Internet: ⓘ

  AdobeAAMDetect: AdobeAAMDetect 1.0.0.0 - SDK 10.6 (2015-06-30) [Support]

  FlashPlayer - 10.6: 21.0.0.226 - SDK 10.6 (2016-04-30) [Support]

  QuickTime Plugin: 7.7.3 (2016-04-05)

  AdobePDFViewerNPAPI: 11.0.11 - SDK 10.6 (2015-06-30) [Support]

  AdobePDFViewer: 11.0.11 - SDK 10.6 (2015-06-30) [Support]

  Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-30) obsolete! Update

  Default browser: 601 - SDK 10.11 (2016-04-05)

  o1dbrowserplugin: 5.41.3.0 - 10.8 SDK (2015-12-11) [Support]

  googletalkbrowserplugin: 5.41.3.0 - 10.8 SDK (2015-12-11) [Support]

  Silverlight: 5.1.41105.0 - SDK 10.6 (2015-12-09) [Support]

  JavaAppletPlugin: Java 8 update 91 build 14 (2016-05-09) check the version of

  Safari extensions: ⓘ

  AdBlock - BetaFish, Inc. - https://getadblock.com (2015-10-25)

  Blocker JS 5 - Travis novel - http://jsblocker.toggleable.com/ (2016-04-27)

  Open in Internet Explorer - Parallels - http://www.Parallels.com/fr/ (2015-10-21)

  3rd party preference panes: ⓘ

  Flash Player (2016-04-16) [Support]

  GIFPaperPrefs (2014-02-23) [Support]

  Java (2016-05-09) [Support]

  Tuxera NTFS (2015-10-26) [Support]

  Time Machine: ⓘ

  Skip system files: No.

  Mobile backups: OFF

  Automatic backup: YES

  Volumes to back up:

  Macintosh HD: Disc size: 126,80 GB disc used: 94,06 GB

  Destinations:

  TIME [Local]

  Total size: 1.00 TB

  Total number of backups: 8

  An older backup: 29/02/16 09:00

  Last backup: 30/04/16-13:06

  Size of backup drive: Excellent

  Backup size 1.00 TB > (disk size 126,80 GB X 3)

  Top of page process CPU: ⓘ

  com.apple.WebKit.WebContent (20) 18%

  3% safari

  2% WindowServer

  2% fontd

  1% kernel_task

  Top of page process of memory: ⓘ

  2.78 GB com.apple.WebKit.WebContent (20)

  819 MB Safari

  750 MB kernel_task

  180 MB mds_stores

  180 MB DashboardClient (4)

  Virtual memory information: ⓘ

  75 MB of free RAM

  used 7.92 GB RAM (960 MB cache)

  Used Swap 0 B

  Diagnostic information: ⓘ

  18 may 2016, 10:42:09 self-test - spent

  I installed as well the "firewall" Radio Silence to analyze applications and connections. After Google search on some processes, always about 'weird' jump.

  I'm ready to do a clean install of Mac OS x, but since I am each week make backups Time Machine, my main worries:

  -What happens if my files on my external backup drive are infected by malware, I can't get back them without "infect" once again cleaning installation of Mac OS x, right?

  I would like to ask your advice about the vulnerability of my system and any suggestion on further analysis for the detection of malicious software supposed to.

  Sorry for this long post,

  I would really appreciate the help

  You must change your settings for call control.  Set it to "Anywhere" is dangerous.  Go to system-> Security and privacy preferences and change it to "Mac App Store and identified developers.»  Two, you have uTorrent installed - unless you are in the rare, rare, very small minority of people who use torrents for legal reasons, I think we both know that you use it for, and which may cause your system damage if you download something that is infected with malware or adware, as are most of the torrent offers.  I don't see no malware/adware on your hard drive, at least through your EtreCheck report, so you should be fine.

  I would also add that if you have anti-virus for your Windows partition, it is one thing, you don't need anti-virus for your Mac.  Anti-virus programs cannot protect you from malware or adware, and that's what Mac users needs to worry.  In addition, many AV programs negatively affects the performance of Mac because they don't play nice with them.  Therefore, I would like to uninstall Kaspersky and keep the program AV that you use for your Windows installation.  Windows needs an antivirus protection, OS X is not.

• Serving funmoods crapware, persistent about: config entries

  Hi there, long time user of Firefox (since 1.5) who met with an unusual problem.
  To cut a long story short, accidentally, I installed one of the versions the various toolbar + browser infect applications that are alarming almost be classified as a virus still claim connectivity social perks, Funmoods. As soon as I noticed it, I started to remove my main (Firefox) and my secondary browser (Chrome).
  No reason to get into the Chrome spesifics removing so here is what I did to just Firefox (for the most part in chronological order):
  
  1 remove the program via Revo Uninstaller
  
  2 restored the search engine on my best and deleted the one associated with Funmoods
  
  3 restored default Firefox home page.
  
  4. remove the addon/extension for Firefox, then restarted.
  
  5 confirm that the funmoods toolbar that I previously wasn't available.
  
  6. full scan with Malwarebytes Anti-Malware, found a few infections bad and removed.
  
  7 remove any file/folder containing the name funmoods from my hard drive.

  After having done that, I confirmed that the browser was back to normal. New tabs has not redirect to funmoods and research worked as they were supposed to.
  However, since I did some under the hood of cleaning before I checked on: config and sought to "funmoods" where I found the following entries:

  user_pref("extensions.funmoods.aflt", "download");
  user_pref("extensions.funmoods.autoRvrt", false);
  user_pref("extensions.funmoods.dfltLng", "");
  user_pref("extensions.funmoods.dfltSrch", true);
  user_pref("extensions.funmoods.dnsErr", true);
  user_pref("extensions.funmoods.envrmnt", "production");
  user_pref("extensions.funmoods.excTlbr", false);
  user_pref("extensions.funmoods.hmpg", true);
  user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CzytAtB0CzztAyEzytDtDtN0D0Tzu0CtAtBtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1867182460");
  user_pref("extensions.funmoods.id", "78929C932C834900");
  user_pref("extensions.funmoods.instlDay", "15659");
  user_pref("extensions.funmoods.instlRef", "download");
  user_pref("extensions.funmoods.isdcmntcmplt", true);
  user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
  user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CzytAtB0CzztAyEzytDtDtN0D0Tzu0CtAtBtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1867182460");
  user_pref("extensions.funmoods.prdct", "funmoods");
  user_pref("extensions.funmoods.prtnrId", "funmoods");
  user_pref("extensions.funmoods.srchPrvdr", "Search");
  user_pref("extensions.funmoods.tlbrId", "base");
  user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuyBzzzytBzy0CzytAtB0CzztAyEzytDtDtN0D0Tzu0CtAtBtDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1867182460&q=");
  user_pref("extensions.funmoods.vrsn", "1.5.23.22");
  user_pref("extensions.funmoods.vrsni", "1.5.23.22");
  user_pref("extensions.funmoods_i.newTab", true);
  user_pref("extensions.funmoods_i.smplGrp", "none");
  user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:40:57");
  

  (My apologies for the dump but I thought they may be useful to the experts)

  I have of course no idea that those are but given that my approach to it security is better prevent healing, I tried the following to delete them without success:
  
  1. right click-> Reset all of them; Restarted FF, they were always there
  
  2 Google-fu suggested to modify the prefs.js file linked to my profile, I found the same entries and deleted restarted FF, they were always there
  
  3 attempted to put the file prefs.js read-only after confirming that I had deleted. The file is now clean, but entries do not appear when I do the usual search about: config
  
  4. manually searching through my registry and delete all the values which included 'funmoods' inside. Restarted FF, they were still there.

  Even especially paranoid measures that could and can it create problems as the definition of what I guess is an important file read-only and manually delete the registry entries did not help. It seems these words: config entries are persistent somehow, so I came to your aid to purge them.

  Oh, just wanted to add that completely reinstall Firefox is not an option. I had this profile for the last 3 years and I migrated it through 2 computers.

  Try reading http://kb.mozillazine.org/Resetting_preferences#Resetting_certain_preferences_when_a_user.js_file_exists and remove or rename user.js as prefs.js. Just to note, those flying over prefs are harmless and do nothing, because you deleted the extensions that put them there (these products just do a poor job of cleanup after themselves)

• Is it possible to have a Youtube or Google result the search appear in the history of Firefox without knowing about this?

  I recently found a few Google and Youtube search, on my boyfriend's computer results in Firefox, which were "questionable" and when I asked him about them, he categorically denied knowing what they were and said he recently had some viruses on their computer and they could have put these results there. I don't know if this is possible or not. The only thing similar to what I have heard is virus redirecting you to a certain site, but not to specific google and youtube results, and if it happened, he should see, right? I think it's the version 11.0. Help!

  It is possible that you have a virus which was redirect, but if there is research on Google and Youtube searches, it is likely that someone is doing some research.

  You can try to run these tools to search for infections: http://www.malwarebytes.org/

  http://support.Kaspersky.com/FAQ/?QID=208283363

  So I can't say for sure your boyfriend made these, but it is highly likely that 'somebody', not 'something' not their.

• Drive Toshiba BluRay and SDStereoI.dll - ATTENTION INFECTION

  Initially, I started this post in the wrong forum and it will be here with the new information I could glean.

  My Toshiba BluRay play at startup would give me the message that "SDStereoI.dll was missing but then would be fine.

  SDStereoI.dll has been classified as malware.

  I still have the original my Toshiba HD as my habit is to do a back up after a new computer is running properly and then knit the backup of the original is stored safely for ' when if.

  On the original drive, there are two versions of the SDStereoI.dll. One is 167KO and date 07/07/2011, the other is 160 kb and date 21/06/2011 as logic would (sometimes) great things and newest are that infected - controlled by Prevx.
  I replaced the infected where found in program files (x 86) \Toshiba\Toshiba-lecteur blu ray with non infected one found in program files (x 86) \Superd Software\x - tune

  Everything works fine now.

  I assume that the infected file was destroyed by my anti-virus.

  Anyone else with this experience or a few ideas about this?

  I can't say anything about the SDStereoI.dll.
  I have the Toshiba BD Player installed on my system and software antivirus (McAfee and Avira) don t report no virus here.

  Who knows what happened to this file on your system
  In your case I recommend you scan the system several times once more, using various anti malware apps
  Some better than other scanning applications...