Continuing to malware / adware problem

Similar Questions

• Check for the presence of malware/adware/spyware software

  I'm currently looking if I have no malware/adware/spyware on my computer. I followed the steps on the other discussions as removing the. Agent.plist and other daemon.plist. Right now I don't see any symptoms (such as force redirection Web site or just completely frozen screen) but I don't know if there is nothing else left. Could someone there check it please for me? Thank you!

  
  

  
  

  EtreCheck version: 2.9.11 (264)

  Report generated 2016-04-25 00:02:30

  Download EtreCheck from https://etrecheck.com

  Length 03:13

  Performance: good

  Click the [Support] links to help with non-Apple products.

  Click [details] for more information on this line.

  Problem: No problem - just check

  Hardware Information: ⓘ

  MacBook Pro (13-inch, mid-2012)

  [Data sheet] - [User Guide] - [warranty & Service]

  MacBook Pro - model: MacBookPro9, 2

  1 2.5 GHz Intel Core i5 CPU: 2 strands

  4 GB of RAM expandable - [Instructions]

  BANK 0/DIMM0

  OK 2 GB DDR3 1600 MHz

  BANK 1/DIMM0

  OK 2 GB DDR3 1600 MHz

  Bluetooth: Good - transfer/Airdrop2 taken in charge

  Wireless: en1: 802.11 a/b/g/n

  Battery: Health = Normal - Cycle count = 548

  Video information: ⓘ

  Graphics Intel HD 4000

  Color LCD 1280 x 800

  Software: ⓘ

  OS X Yosemite 10.10 (A 14, 389) - since startup time: less than an hour

  Disc information: ⓘ

  HTS547550A9E384 disk HARD APPLE disk0: (500,11 GB) (rotation)

  EFI (disk0s1) < not mounted >: 210 MB

  Recovery HD (disk0s3) < not mounted > [recovery]: 650 MB

  Media (disk0s4) / Volumes/media: 160.00 go-go (152,46 free)

  Macintosh HD 2 (disk0s5) / Volumes/Macintosh HD 2: 114.62 (114,40 GB free)

  Macintosh HD 3 (disk0s6) / Volumes/Macintosh HD 3: 114.22 (16,80 free go-go)

  Macintosh HD (disk 1) /: 109,63 go-go (34,57 free)

  Storage of carrots: disk0s2 110.00 GB Online

  MATSHITADVD-R UJ - 8à8 disk2: () (196.8 MB)

  USB information: ⓘ

  Apple Inc. FaceTime HD camera (built-in)

  Apple Inc. BRCM20702 hub.

  Apple Inc. Bluetooth USB host controller.

  Computer, Inc. Apple IR receiver.

  Apple Inc. Apple keyboard / Trackpad

  Lightning information: ⓘ

  Apple Inc. Thunderbolt_bus.

  Guardian: ⓘ

  Mac App Store

  Kernel extensions: ⓘ

  / System/Library/Extensions

  com.devguru.driver.SamsungComposite [no charge] (1.4.18 - 10.6 SDK - 2016-03-22) [Support]

  /System/Library/Extensions/ssuddrv.kext/contents/plugins

  com.devguru.driver.SamsungACMControl [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]

  com.devguru.driver.SamsungACMData [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]

  com.devguru.driver.SamsungMTP [no charge] (1.4.18 - SDK 10.5 - 2014-01-27) [Support]

  com.devguru.driver.SamsungSerial [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]

  Launch system officers: ⓘ

  [loaded] 5 tasks of Apple

  [loading] 142 tasks Apple

  [operation] 56 tasks Apple

  Launch system demons: ⓘ

  [loaded] 45 tasks Apple

  [loading] 137 tasks Apple

  [operation] 80 tasks Apple

  Launch demons: ⓘ

  [loading] com.adobe.SwitchBoard.plist (2012-08-11) [Support]

  [loading] com.adobe.fpsaud.plist (2016-04-05) [Support]

  [loading] com.malwarebytes.MBAMHelperTool.plist (2016-04-11) [Support]

  [loading] com.oracle.java.Helper - Tool.plist (2014-09-20) [Support]

  User launch officers: ⓘ

  com.apple.CSConfigDotMacCert [fail]-[...] @me.com - SharedServices.Agent.plist

  [failure] com.facebook.videochat. [entrenched passage] .plist (2014-08-13) [Support]

  [loading] com.google.keystone.agent.plist (2016-03-02) [Support]

  [operation] com.spotify.webhelper.plist (2016-04-24) [Support]

  Items in user login: ⓘ

  iTunesHelper Application (/ Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

  Agent application of file transfer Android (~/Library/Application Support/Google/Android File transfer/Android File Transfer Agent.app)

  Hidden Spotify Application (/ Applications/Spotify.app)

  Other applications: ⓘ

  [ongoing] com.google.Chrome.5996

  [ongoing] com.Google.Android.mtpagent.98864

  [ongoing] com.spotify.client.49448

  [loading] 357 tasks Apple

  [operation] 163 tasks Apple

  Plug-ins Internet: ⓘ

  FlashPlayer - 10.6: 21.0.0.213 - SDK 10.6 (2016-04-08) [Support]

  QuickTime Plugin: 7.7.3 (2014-11-06)

  Flash Player: 21.0.0.213 - SDK 10.6 (2016-04-08) obsolete! Update

  EPPEX plugin: 4.1.0.0 (2011-07-26) [Support]

  Default browser: 600 - SDK 10.10 (2014-11-06)

  SharePointBrowserPlugin: 14.3.4 - SDK 10.6 (2013-05-19) [Support]

  Silverlight: 5.1.30317.0 - SDK 10.6 (2014-05-20) [Support]

  JavaAppletPlugin: Java 8 update 65 build 17 (2015-11-09) check the version of

  3rd party preference panes: ⓘ

  Flash Player (2016-04-05) [Support]

  Java (2015-11-09) [Support]

  Time Machine: ⓘ

  Automatic backup: YES

  Volumes to back up:

  Macintosh HD: Disc size: 109,63 GB disc used: 75,06 GB

  Destinations:

  Macintosh HD 3 [Local]

  Total size: 114,22 GB

  Total number of backups: 60

  An older backup: 01/07/15, 16:44

  Last backup: 24/04/16 18:40

  Backup disk size: too small

  Backup size GB 114,22 < (disc 75,06 GB X 3)

  Top of page process CPU: ⓘ

  5% mdworker (9)

  3% kernel_task

  3% Google Chrome

  2% Google Chrome Helper (6)

  2% fontd

  Top of page process of memory: ⓘ

  766 MB Google Chrome Helper (6)

  Kernel_task 447 MB

  209 MB Google Chrome

  Mdworker (9) 147 MB

  Image 119 MB

  Virtual memory information: ⓘ

  320 MB of free RAM

  3.69 used GB RAM (1.02 GB being cached)

  Used Swap 0 B

  Diagnostic information: ⓘ

  24 April 2016, 23:19:51 self-test - spent

  24 April 2016, 19:05:27 /Library/Logs/DiagnosticReports/storedownloadd_2016-04-24-190527_[redacted].cpu _resource.diag [details]

  /System/Library/PrivateFrameworks/CommerceKit.Framework/versions/A/resources/St oredownloadd

  April 23, 2016, 23:14:57 ~/Library/Logs/DiagnosticReports/VTDecoderXPCService_2016-04-23-231457_[redacte d] .crash

  /System/Library/frameworks/VideoToolbox.Framework/versions/A/XPCServices/VTDeco derXPCService.xpc/Contents/MacOS/VTDecoderXPCService

  If you see no evidence of malicious programs (and I see no evidence of it in the etrecheck report), you can read this post for more insight.

  Viruses, Trojans, Malware - and other aspects of Internet Security

  Apple - Support-Apple security updates

  http://www.reedcorner.NET/MMG/

  http://www.thexlab.com/FAQs/malspyware.html

• Redirection Adware problem

  I am new user of MacBook (less than 24 hours) and already makes it painful to use because someone told me there is no virus for Mac, I was carelessly downloading of programs and I am here... My browsers (Chrome and Safari) are double tabs, we repeat just what is already open, and a other advertising. Also, I got pop ups and ads around some sites like imdb or other trusted sites. Now it's better, maybe because I've done a few things to try to remove this, but the redirect is still a huge problem. Here is the results of my diagnosis, I hope someone can help

  Boot Mode: Normal

  Model: MacBookAir7, 2

  The System Diagnostics

  2016-01-20 com.purevpn.macapp crash

  2016-01-20 com.purevpn.macapp crash

  2016-01-20 com.purevpn.macapp crash

  2016-01-20 com.purevpn.macapp crash

  2016-01-20 com.purevpn.macapp crash

  Diagnosis of the user

  2016-01-20 PureVPN crash

  2016-01-20 storeassetd crash

  Accident activity Monitor 2016-01-21

  2016 01-21 SystemUIServer crash

  Kernel messages

  January 20 09:39:44 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

  January 20 09:39:50 [IGPU] Planner gas CAP = 100ms.

  Jan 20 16:21:06 excessive release of assertions about the importance of the inner core for pid 701 (storeassetd), let fall 1 assertions, but the task only has 59 remaining (59 external).

  20 January 23:11:01 hfs: mounted PopcornTime on disk2s2 of the device

  20 January 23:18:50 hfs: disassemble insiders on PopcornTime on disk2s2 of device

  20 January 23:38:36 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

  20 January 23:38:37 [IGPU] Planner gas CAP = 100ms.

  Jan 21 00:30:33 launchd process [1]-l' system of limitation of disabling i/o level

  Jan 21 00:30:33 launchd process [1] disable the CPU - the system-wide limit

  Jan 21 00:30:48 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

  Jan 21 00:30:49 [IGPU] Planner gas CAP is 100ms.

  21 Jan 01:15:31 launchd process [1]-l' system of limitation of disabling i/o level

  21 Jan 01:15:31 launchd process [1] disable the CPU - the system-wide limit

  21 Jan 01:15:45 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

  21 Jan 01:15:46 [IGPU] Planner gas CAP is 100ms.

  Extrinsic demons

  com.purevpn.MacApp

  com.Adobe.fpsaud

  Extrinsic agents

  com ShopTool.agent

  com SoftwareUpdater.agent

  com.google.Keystone.User.agent

  launchd items

  / Library/LaunchAgents/com. ShopTool.agent.plist

  (ShopTool.agent com)

  / Library/LaunchAgents/com. SoftwareUpdater.agent.plist

  (SoftwareUpdater.agent com)

  /Library/LaunchDaemons/com.Adobe.fpsaud.plist

  (com.adobe.fpsaud)

  /Library/LaunchDaemons/com.purevpn.MacApp.plist

  (com.purevpn.macapp)

  Library/LaunchAgents/com.google.keystone.agent.plist

  (com.google.keystone.user.agent)

  Com/library/LaunchAgents. ShopTool.agent.plist

  (ShopTool.agent com)

  Com/library/LaunchAgents. SoftwareUpdater.agent.plist

  (SoftwareUpdater.agent com)

  Extrinsic loadable bundles

  / / Library/Internet Plug-Ins/Flash Player.plugin

  (com.macromedia.Flash Player.plugin)

  / Library/PreferencePanes/Flash Player.prefPane

  (com.adobe.flashplayerpreferences)

  Proxies

  ProxyAutoConfigEnable: 0

  ProxyAutoDiscoveryEnable: 0

  DNS (for not)

  no DHCP): 8.8.8.8

  Profiles: 1

  Restricted user files: 6

  Time elapsed (s): 92

  Click here and follow the instructions, or if it is not a type of adware is covered by them on the computer, these. If you would rather not remove it manually, you can run rather MalwareBytes for Mac.

  MalwareBytes is a removal tool and does not stop adware or other malware from entering the computer. What said you is true that viruses are concerned, but does not apply to other types of malware. For effective protection, do not download software from sources other than the Mac App Store or Developer Web sites.

  (138614)

• Software malware/adware removal instructions

  OS: 10.11.3

  Symptoms: popup on chrome (wonderlandads)

  I search on google and found pop - up for wonderlandads is adware/malware.

  I scanned my system with Avast / avira and malware bytes. He did not find anything

  I checked the extension and did not find any suspicious extension (only lastpass extenstion is here)

  I have reset the browser, erased the history and cache, check the default search and page by default, everything seems to be OK.

  The pop-up window becomes very irritating.

  How can I identify and remove this adware.

  I guess that there are legitimate software that delivered adware, but I don't know which.

  Help, please

  Vik

• RootKit/Malware/Virus problem - windows cannot access the specified device file or the path, you don't have permissions

  Hello

  I have a problem with my computer it has been infected by a virus that is not visible in normal mode. It prevents running any application that would help in the detection and removal. I tried running mrt, mcaffe, trendmicro rootkit detector rootkit detector, spybotSD, analysis windows Defender online Windows live onecar. All these works for a minute and then shutsdown, when I click it again I get the error, as mentioned in the title, 'windows cannot access the specified device file or the path, you do not have permissions.

  This problem has a solution or re - install is the only way out?

  The pointers/help appreciated.

  Just to add, I am able to connect using my last known good configuration and only safe mode configurations.

  Thank you

  Id2View,

  1. follow all the instructions in this thread: How to get rid of malware

  2. If still no joy you can find Microsoft MVPs and other trained analysts on the following support sites:
  Aumha.org
  Atribune.org
  SpywareHammer
  BleepingComputer
  Safer-Networking

  3. If you need help with virus-related issues, contact the Support Services Microsoft product.

  To support the Canada and the United States, call toll-free (866) PCSAFETY (727-2338).

  For support outside the United States and the Canada, visit the page Web of Product Support Services.

  4. If you need more assistance for the position of the newsgroup Microsoft - security - virusvirus/worm.
  Through your News Reader:
  News://msnews.Microsoft.com/Microsoft.public.Security.virus
  Via the Web:
  http://www.Microsoft.com/communities/newsgroups/list/en-us/default.aspx?DG=Microsoft.public.Security.virus

  Hope this helps,

  Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & security - since 2003. ~ ~ ~ My MVP profile: https://mvp.support.microsoft.com/profile/Vincenzo

• Email Thunderbird became unresponsive. I tried closing and reopening, but it continues to be a problem. What can I do to rememdy this?

  I have upgraded to Windows 10, when it became available. Had no problem with anything. All of a sudden today Thunderbird keeps stalling out. I don't think that it has nothing to do with Windows 10 since he has worked for weeks.

  How can I solve this problem?

  Margaret Richmnan

  Try to start * Windows * in safe mode with active network.
  -Win10 http://windows.microsoft.com/en-us/windows-10/change-startup-settings-in-windows-10#v1h=tab01

  Always in Windows safe mode, start Thunderbird in safe mode.
  - https://support.mozilla.org/en-US/kb/safe-mode

  The problem goes away?

• When I go to netflix for a movie he continues saying theres a problem with Sliverlight: error code 2105

  When I go to netflix to watch a movie it still says theres a problem with the installation Sliverlight 2105 error code. I uninstalled and reinstall but get the same message.

  Run this Microsoft Fix it

• Adware problem

  How can I get rid of start.sweetpacks.com? I reinstalled Secunia yesterday due to some issues. I used the bad download and let him install some United Nations wanted to free software. I wasn't watching close enough to stop these free programs until it is too late. Now, I start.sweetpacks.com with my FF browser. This forum can help me or should I go somewhere else. I learned the hard way to monitor these bad programs when you use the links at the bottom of the load a program. Could you give me the link to download Secunia PSI. I have windows 8 os.

  The PSI link is http://secunia.com/vulnerability_scanning/personal/

  I'm not familiar with sweetpacks , so I can't comment on that.   Maybe someone else (Bugbatter, Joe, RedDawn or Iroc) can she?   If this isn't the case, you can still register for SpywareHammer.com one-we-we help.

• Why update firefox and got a 'free' bing search bar and two software malicious adware?

  After an automatic update - no, I do not download no matter what new version of any dangerous place - I found that I had the Bing search bar-which I think I've turned it off, not sure if - and two malware/adware problems. First was rvzr - a.akamaihd which arises a new tab when clicking first on a website, then I found that I had offerswizard adding banners - blocked most of them - and the creation of hiperlinks with mini pop ups when passed above it with the mouse - sorry if my English is not clear. I tried AVG free and there wasn't any warning. Finally, ad-block and rgiht, click on the arrow to search bing seems to fix the problem, however, offerswizard must be uninstalled manually - lightning enhance program, I think that - after a google search.
  The main question is... can I trust firefox download/upgrade to automatic update?

  Thank you all for your answers. I tried to mark it as resolved, but I doubt that I did.

  First I tried in windows / removal of unwanted software programs. Installed an adblocker for FF
  Then I downloaded the adware 3.8 removal tool and the problem is almost solved. Still a few details could be improved, but I can live with that.

  I think someone took advantage of the installation of FF and it makes any other malware on my computer.

  Thank you once again.

• I allowed Microsoft to run a scan for devices or Malware onto my PC with malware or adware and it discovered browser modifier on Win32

  After the repair of my new/used PC, I ran a scan with Malware/Adware which used to be LiveOne care safety Scanner and he discovered for me three potentially dangerous software or Adware and it has been partially removed. This to say that I still have potentially harmful Adware or Spyware left and can continue to wreak havoc on my computer? Or I'm sure even thogh he informed me that they were only partially removed? BrowserModifier:Win32 / partially deleted BaiduSobar and

  Program: Win32 / partially removed BaiduIebar please help me to advise on what I should do! Thank you! Have you ever heard of these guys before?

  Hello
  Try following the steps in this virus/malware removal guide: http://www.selectrealsecurity.com/malware-removal-guide
  It contains instructions which will remove most malware infections. I hope this helps you.
  Brian

• Anti-Virus detects but removes no adware/malware

  Hello

  I have a Readynas RN102 with 6.4.1. firmware. I have more installed anti-virus. Today it started to detect Adware (W32 / Adware.DEZV - 3749 or NsCPUMiner32.exe) and Bitcoinminer Trojan (W64Adware.DEZV - 3749 - NsCPUMiner64.exe). Both were hidden in a file called Info.zip.

  Because I couldn't see the files in the management web page / share (even when displaying of hidden files) I changed the anti-virus more to 'Action - Delete' setting and a scheduled scan. He had tested and found the files, but in log files, he repeats that I have to delete the infected file yourself.

  Any help on:

  -log file: why does not say what is it deleted the file or not

  -display and by deleting files myself manually

  -a specific malware / adware removal app for the ReadyNas

  Thanks in advance,

  Jan

  HA Kodhee,

  Thank you. I always keep my antivirus updated. So maybe this is the reason why no virus is detected (asuming it was a false alarm as well).

  I did what you suggested and selected / unselected files of several cards that were "infected" files It was an hour ago, and I don't have any message. More than my scan that I had planned this evening.

  I'll keep my fingers crossed and do a final check tomorrow morning.

• I have a HP a530n that restarts continually.

  I have a HP a530n that restarts continually.  I installed a reader of CAC, 2 days ago, and reboot to initialize the installation, he began a cycle restart nonstop.  I tried to go into safe mode, but it does the same thing.  I did a full install of windows xp sp2 on an existing installation "repair" and it always does.  Any ideas?  Anyone?  Bueller?

  My HP acted in the same way sometimes when restarting. What the Microsoft or HP solution method 2 to restore the system by using the Windows XP CD? See below.

  The solution that worked for me was a manual, I removed the hard drive to my HP a530n, attached to an adapter IDE - USB, changed the PIN back to act as a slave drive and connected to my laptop the drive installed as an external drive, then I opened the file ExternalDriveLetter: \Windows\System32\Drivers renamed file intelppm.sys XXXintelppm.syx removed the hard drive and then installed in the HP and it worked. (Before you reinstall the drive, change the rear pin hard drive master or Cable Select).

  Also, while the hard drive was still installed as an external for my laptop drive, I copied all my data files, bookmarks, Favorites, files of Outlook PST, user profiles... I then ran the hard disk Error-checking tool (right-click on the drive and select Properties, then select the Tools tab) to analyze all of the bad sectors of the disk, you must check both boxes to automatically fix errors system file and Scan for and attempt recovery of bad sectors, it will tell you if your HP hard drive begins to fail and must be replaced. Hear the sounds that weird car or see a lot of bad sectors during the analysis of error checking is a good sign to replace it until it goes dead. Also scan this external hard drive with a thorough virus & malware/adware scan. If you have a dead drive, I found a technician in Florida, which use a clean and restores the data from hard drive for a good price: hddsavers.com

  You might have corrupted Windows XP system files which prevents normal windows load upward or your hard drive fails mechanically. My original hard drive failed, and luckily I had a backup image (Acronis) of this to restore all my data and programs on a new disc. A failing drive can let you not do a Windows system restore if system files are located in a bad disk sector. But there are 2 types of system restore, it is done through Windows XP during the boot process (press F8) and the other is original of your hard drive has been installed with 2 partitions on the disk, one of them is a D-drive called HP_RECOVERY, it is possible with a new disk and software such as Paragon hard disk manager to copy to this partition and restart from zero (default) to install windows XP and programs and then copy on your data files, if you manage to install the old drive as an external drive to another computer. To use the HP recovery, you have access to this starts, it's the first blue light screen HP see you and down, it gives you the option button to select this restoration, if you don't see it, then go to the BIOS Setup (pressing F1 at startup) and there could be a selection to display the splash screen.

  If by chance, method 2 below works and Windows loads up again once as normal, you must always use the disk error checking to find bad sectors and you must parse the filesystem of Windows for corruption (start/run: sfc.exe/scannow). Also do a virus scan and spyware-malware throrough of the player (free programs: Avast, Malwarebytes, Ad-Aware & Spybot - I use all 4 looking for different things, free programs require usually manually update you and run).

  Method 2

  To work around this problem, run the recovery console by using the Windows XP CD. Then, select the recovery option. To run the Recovery Console from the diskette of starting Windows XP or the Windows XP CD, follow these steps:

  1. Insert the Windows XP startup disk into the floppy drive. Or, insert the Windows XP CD into the CD drive. Then, restart the computer.

     Note If you are prompted, click to select all the options required to start the computer from the CD drive.

  2. When the "Welcome" screen appears, press R to start the Recovery Console.
  3. If you have a dual-boot or multiboot computer, select the installation that you want to access from the Recovery Console.
  4. When you are prompted, type the administrator password.

     Note If the administrator password is blank, press ENTER.

  5. At the Recovery Console prompt, type the following command and press ENTER:
     Disable intelppm

• Adware attacked my computer... How can I get rid of him? pop ups everywhere

  New computer system Windows 8.1 with McAfee installed... shows no proofing problem. Have not changed the settings. Went to a variety of Web sites today, then suddenly ads popping up on my home page when I open it. Ads do not appear on the google search, I noticed.

  Other Web pages then start loading telling me to go to a place to fix the problem... saying adware of a certain type invaded my system... and it loads over and over and over again. long URL do recognize in it.

  Help!

  Try to start safe mode, sometimes this is caused by addons:

  • Firefox in Safe Mode

  Case, the problem does not occur in Mode safe:

  • Troubleshoot extensions, themes, and issues of hardware acceleration to resolve common problems of Firefox

  Sometimes, the problem may be malware:

  • Problems caused by malware

  In addition, you can use addons to block windows pops-up/announcements:

  • Adblock more
  • Simple Adblock
  • Pop-up Addon Adblock more

• If I am infected with malware?

  Hello!

  This is my first post in the forum, but I followed the discussions since I got my MacBook and the community is very useful.

  I decided to create this post to ask the experts of the view.

  I received a phone call from the network admin at my University saying that I (and a few other students) have been infected by trojan Zeus and he attacked the University network. I found very doubtful after doing a quick search on this Trojan horse and did not find any relationship of Zeus with OSX. Yet, it made me a bit paranoid so I keep changing my passwords and began to scan the system in order to find if there is some malware.

  One thing that is important to mention at this point, I sometimes use a machine virtual Windows 7 (Parallels Desktop) which is only used to interact with the instrumentation in the laboratory of the University. The virtual machine has a WiFi connection shared from OSX and to access the files, the folders shared. The virtual machine has only Microsoft Security Essentials 'antivirus' installed. And I don't remember installing any new software on the virtual Windows machine since the start of the alleged "attacks".

  So I unplugged my Mac from Internet, disabled sharing records of VM with OSX and began to analyze the Windows VM using different software and following the instructions on this website: https://malwaretips.com/blogs/zeus-trojan-virus/ , nothing has been detected.

  I proceeded to analyze OSX using MalwareBytes and even installed Kaspersky Internet Security to give it a try. Done a few scans and still nothing.

  I did a scan with EltreCheck and read the report. I've removed some of the plugins that I was not using more, since this installation of Mac OS x is always updated from Lion.

  This is the report of EltreCheck at the moment:

  EtreCheck version: 2.9.12 (265)

  Report generated 2016-05-18 12:07:22

  Download EtreCheck from https://etrecheck.com

  Time 01:47

  Performance: Excellent

  Click the [Support] links to help with non-Apple products.

  Click [details] for more information on this line.

  Problem: Another problem

  Hardware Information: ⓘ

  MacBook Pro (15 inch, early 2011)

  [Data sheet] - [User Guide] - [warranty & Service]

  MacBook Pro - model: MacBookPro8, 2

  1 2 GHz Intel Core i7 CPU: 4 strands

  8 GB of RAM expandable - [Instructions]

  BANK 0/DIMM0

  OK 4 GB DDR3 1333 MHz

  BANK 1/DIMM0

  OK 4 GB DDR3 1333 MHz

  Bluetooth: Old - transfer/Airdrop2 not supported

  Wireless: en1: 802.11 a/b/g/n

  Battery: Health = Normal - Cycle count = 931

  Video information: ⓘ

  Intel HD Graphics 3000

  Color LCD 1440 x 900

  AMD Radeon HD 6490M - VRAM: 256 MB

  Software: ⓘ

  OS X El Capitan 10.11.4 (15E65) - since the start time: about an hour

  Disc information: ⓘ

  TOSHIBA THNSNH128GBST disk0: (128,04 GB) (Solid State - TRIM: Yes)

  EFI (disk0s1) < not mounted >: 210 MB

  Recovery HD (disk0s3) < not mounted > [recovery]: 650 MB

  Macintosh HD (disk 1) /: 126,80 go-go (32,74 free)

  Storage of carrots: disk0s2 127,18 GB Online

  TOSHIBA MK5065GSXF disk2: (500,11 GB) (rotation)

  EFI (disk2s1) < not mounted >: 210 MB

  DATA (disk2s2) / Volumes/DATA: GB 499,76 (15,47 GB) free

  USB information: ⓘ

  Computer, Inc. Apple IR receiver.

  Apple Inc. FaceTime HD camera (built-in)

  Apple Inc. Apple keyboard / Trackpad

  Apple Inc. BRCM2070 hub.

  Apple Inc. Bluetooth USB host controller.

  Lightning information: ⓘ

  Apple Inc. Thunderbolt_bus.

  Configuration files: ⓘ

  / etc/hosts - number: 2

  Guardian: ⓘ

  Any where

  Kernel extensions: ⓘ

  / Applications/Parallels Desktop.app

  com.parallels.kext.hypervisor [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

  com.parallels.kext.NetBridge [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

  com.parallels.kext.usbconnect [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

  com.parallels.kext.vnic [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

  / Applications/Radio Silence.app

  [loading] com.radiosilenceapp.nke.filter (2.0 - SDK 10.11 - 2016-05-07) [Support]

  / Library/Extensions

  [loading] com.kaspersky.kext.klif (3.4.0a25 - 2016-05-17) [Support]

  [loading] com.kaspersky.nke (2.1.0 - 2016-05-17) [Support]

  org.cindori.TrimEnabler [no charge] (1.0 - SDK 10.10 - 2016-05-17) [Support]

  Startup items: ⓘ

  TuxeraNTFSUnmountHelper: Path: / Library/StartupItems/TuxeraNTFSUnmountHelper

  Startup items are obsolete in OS X Yosemite

  Launch system officers: ⓘ

  [loaded] 8 tasks Apple

  [loading] 160 tasks Apple

  [operation] 70 tasks Apple

  Launch system demons: ⓘ

  [loaded] 45 tasks Apple

  [loading] 159 tasks Apple

  [operation] 85 tasks Apple

  Launch officers: ⓘ

  [no charge] com.adobe.AAM.Updater - 1.0.plist (2015-06-30) [Support]

  [operation] com.brother.LOGINserver.plist (2015-03-12) [Support]

  [loading] com.google.keystone.agent.plist (2016-03-03) [Support]

  com.maintain.PurgeInactiveMemory.plist [no charge] (2014-11-15) [Support]

  com.maintain.Restart.plist [no charge] (2014-11-15) [Support]

  com.maintain.ShutDown.plist [no charge] (2014-11-15) [Support]

  [operation] com.maintain.SystemEvents.plist (2014-11-15) [Support]

  [loading] com.oracle.java.Java - Updater.plist (2014-11-06) [Support]

  [loading] com.radiosilenceapp.agent.plist (2016-04-17) [Support]

  [operation] com.rosettastone.rosettastonedaemon.plist (2015-06-05) [Support]

  [loading] org.macosforge.xquartz.startx.plist (2015-10-16) [Support]

  Launch demons: ⓘ

  [failure] com.adobe.fpsaud.plist (2016-04-16) [Support]

  [loading] com.google.keystone.daemon.plist (2016-03-03) [Support]

  com.maintain.HideSpotlightMenuBarIcon.plist [no charge] (2014-11-15) [Support]

  [loading] com.malwarebytes.MBAMHelperTool.plist (2016-01-18) [Support]

  [loading] com.microsoft.autoupdate.helpertool.plist (2015-10-15) [Support]

  [loading] com.microsoft.office.licensingV2.helper.plist (2015-08-15) [Support]

  [loading] com.oracle.java.Helper - Tool.plist (2014-11-06) [Support]

  [loading] com.radiosilenceapp.nke.plist (2016-04-17) [Support]

  [loading] com.wdc.WDPrivilegedHelper.plist (2015-08-23) [Support]

  [loading] org.cindori.TEAuth.plist (2015-08-11) [Support]

  [loading] org.macosforge.xquartz.privileged_startx.plist (2015-10-16) [Support]

  User launch officers: ⓘ

  [loading] com.bittorrent.uTorrent.plist (2016-02-23) [Support]

  [operation] com.spotify.webhelper.plist (2016-05-14) [Support]

  Items in user login: ⓘ

  Application of flow (~ / Applications/Flux.app)

  Fan of Macs control application (/ Applications/Mac Fan Control.app)

  gfxCardStatus Application (/ Applications/gfxCardStatus.app)

  iTunesHelper Application (/ Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

  Application of caffeine (/ Applications/Caffeine.app)

  Plane 2 Application (/ Applications/airmail service of 2.app)

  BetterTouchTool Application (/ Applications/BetterTouchTool.app)

  Other applications: ⓘ

  com.batteryProject.FruitJuiceHelper [loading]

  [ongoing] com.batteryProject.FruitJuiceMAS.112992

  [ongoing] com.brother.utility.NETserver.99552

  [ongoing] com.brother.utility.USBserver.99232

  [ongoing] com.codykrieger.gfxCardStatus.98912

  [ongoing] com.crystalidea.MacsFanControl.51872

  [ongoing] com.etresoft.EtreCheck.147232

  [ongoing] com.hegenberg.BTTRelaunch.178592

  [ongoing] com.hegenberg.BetterTouchTool.153632

  [ongoing] com.lightheadsw.caffeine.47072

  [ongoing] com.mendeley.desktop.53472

  [ongoing] com.radiosilenceapp.client.256672

  [ongoing] it.Bloop.airmail2.105632

  [ongoing] org.herf.Flux.85152

  [loading] 412 tasks Apple

  [operation] 194 tasks Apple

  Plug-ins Internet: ⓘ

  AdobeAAMDetect: AdobeAAMDetect 1.0.0.0 - SDK 10.6 (2015-06-30) [Support]

  FlashPlayer - 10.6: 21.0.0.226 - SDK 10.6 (2016-04-30) [Support]

  QuickTime Plugin: 7.7.3 (2016-04-05)

  AdobePDFViewerNPAPI: 11.0.11 - SDK 10.6 (2015-06-30) [Support]

  AdobePDFViewer: 11.0.11 - SDK 10.6 (2015-06-30) [Support]

  Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-30) obsolete! Update

  Default browser: 601 - SDK 10.11 (2016-04-05)

  o1dbrowserplugin: 5.41.3.0 - 10.8 SDK (2015-12-11) [Support]

  googletalkbrowserplugin: 5.41.3.0 - 10.8 SDK (2015-12-11) [Support]

  Silverlight: 5.1.41105.0 - SDK 10.6 (2015-12-09) [Support]

  JavaAppletPlugin: Java 8 update 91 build 14 (2016-05-09) check the version of

  Safari extensions: ⓘ

  AdBlock - BetaFish, Inc. - https://getadblock.com (2015-10-25)

  Blocker JS 5 - Travis novel - http://jsblocker.toggleable.com/ (2016-04-27)

  Open in Internet Explorer - Parallels - http://www.Parallels.com/fr/ (2015-10-21)

  3rd party preference panes: ⓘ

  Flash Player (2016-04-16) [Support]

  GIFPaperPrefs (2014-02-23) [Support]

  Java (2016-05-09) [Support]

  Tuxera NTFS (2015-10-26) [Support]

  Time Machine: ⓘ

  Skip system files: No.

  Mobile backups: OFF

  Automatic backup: YES

  Volumes to back up:

  Macintosh HD: Disc size: 126,80 GB disc used: 94,06 GB

  Destinations:

  TIME [Local]

  Total size: 1.00 TB

  Total number of backups: 8

  An older backup: 29/02/16 09:00

  Last backup: 30/04/16-13:06

  Size of backup drive: Excellent

  Backup size 1.00 TB > (disk size 126,80 GB X 3)

  Top of page process CPU: ⓘ

  com.apple.WebKit.WebContent (20) 18%

  3% safari

  2% WindowServer

  2% fontd

  1% kernel_task

  Top of page process of memory: ⓘ

  2.78 GB com.apple.WebKit.WebContent (20)

  819 MB Safari

  750 MB kernel_task

  180 MB mds_stores

  180 MB DashboardClient (4)

  Virtual memory information: ⓘ

  75 MB of free RAM

  used 7.92 GB RAM (960 MB cache)

  Used Swap 0 B

  Diagnostic information: ⓘ

  18 may 2016, 10:42:09 self-test - spent

  I installed as well the "firewall" Radio Silence to analyze applications and connections. After Google search on some processes, always about 'weird' jump.

  I'm ready to do a clean install of Mac OS x, but since I am each week make backups Time Machine, my main worries:

  -What happens if my files on my external backup drive are infected by malware, I can't get back them without "infect" once again cleaning installation of Mac OS x, right?

  I would like to ask your advice about the vulnerability of my system and any suggestion on further analysis for the detection of malicious software supposed to.

  Sorry for this long post,

  I would really appreciate the help

  You must change your settings for call control.  Set it to "Anywhere" is dangerous.  Go to system-> Security and privacy preferences and change it to "Mac App Store and identified developers.»  Two, you have uTorrent installed - unless you are in the rare, rare, very small minority of people who use torrents for legal reasons, I think we both know that you use it for, and which may cause your system damage if you download something that is infected with malware or adware, as are most of the torrent offers.  I don't see no malware/adware on your hard drive, at least through your EtreCheck report, so you should be fine.

  I would also add that if you have anti-virus for your Windows partition, it is one thing, you don't need anti-virus for your Mac.  Anti-virus programs cannot protect you from malware or adware, and that's what Mac users needs to worry.  In addition, many AV programs negatively affects the performance of Mac because they don't play nice with them.  Therefore, I would like to uninstall Kaspersky and keep the program AV that you use for your Windows installation.  Windows needs an antivirus protection, OS X is not.

• is it decent software anti malware for osx 10.5.8

  I think there's malware on the iMac. It is a G5 with osx 10.5.6. I go down to drop windows in Safari, kind of randomly, who says that Safari cannot identify a particular site, and I want to go? I always click on leave. Tumblr or something as it is one of the sites - the other mentions adware, I think.

  Does anyone know anti-malware that I can use with this iMac intel os and pre?

  Thank you

  You may need to consider TenFourFox browser because it is updated.

  Safari is not. Four of the 10 Fox is a mozilla derived from generation customized for Mac PPC.

  You can choose a different browser as system by default in Safari preferences

  This is a way to bypass many of the problems with obsolete Safari. I've seen

  is no evidence in any of my two Macs on the G4 (10.5.8) adware or malware running.

  It is the TenFourFox for Mac PPC browser homepage; link to note G5 edition:

  http://www.floodgap.com/software/tenfourfox/

  And if market 10.5.6 download the Combo update to 10.5.8 Leopard.

  For Safari in Mac later, there are suggestions in the following article on adware

  and this may seem like malware. I had no adware or malware in my

  Macs PowerPC G4; There may be instructions in the manual on how to search for songs of

  suspicious content in this support page. Avoid products such as AdwareMedic

  or malwarebytes anti-malware for Mac because it works in later Macs intel who use OS X.

  • Stop the pop-up ads and advertising on Safari - Apple Support

  Phony 'technical support' / 'ransomware' popups and web pages

  How to install adware - or avoid it.

  Manual methods for malware, adware, performance problems can still be here:

  http://www.thesafemac.com/tech-guides/

  Good luck & happy computing!

  {PS: this thread was transferred for vintage iMac PPC iMac Intel section by guest}