Continuing to malware / adware problem
Hello
I have finally upgraded to El Capitan at last week. I had no problem until today when I downloaded a new Java Update, which I think may have also installed some sort of adware / malware on my system. Since the installation of new advertising tabs open (on both Firefox and Safari) when I click on some normal links on some sites. I also see underlined green links ad on some pages.
I tried all the tips I can find online, including of Malwarebytes, Avast, reinstall browsers, try a new user, follow the instructions to remove "DownLite" etc. I also checked the LaunchAgent and LaunchDaemons folders in my library, and they seem to be something unusual.
Any help with this would be much appreciated because it becomes extremely frustrating Apple have advised me to reinstall OS X, but I would try other options first as it may seem a bit drastic!
Thank you very much
Tomai
You may have installed ad-injecting malicious software ("adware").
Do not use any type of product, "anti-virus" or "anti-malware" on a Mac. You have already seen that it does not work.
Save all data first.
If you are not already running the latest version of Mac OS X, update or upgrade in the App Store you risk adware remove automatically. If you are already using the latest version, please log off or restart the computer. Still, some types of malware will be deleted, not all. There is no such thing as the automatic removal of all possible malware, either by OS X third party software. That's why you can't rely on software to protect you.
If the malware is deleted in your case, you will still need to make changes to the way you use your computer to protect you from new attacks. Ask if you need advice.
If the malware is not removed automatically, see below.
This simple procedure to detect any type of adware that I know. Disabling is a procedure distinct and better still.
Some legitimate software is funded by advertising and may display advertisements in its own windows or in a web browser while it is running. It's not malware and it may not appear. In addition, some Web sites display advertising intrusive popup that can be confused with adware.
If none of your web browsers work well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.
Step 1
Please triple - click on the line below on this page to select it, and then copy the text to the Clipboard by pressing Control-C key combination:
~/Library/LaunchAgents
In the Finder, select
Go ▹ go to the folder...
from the menu bar and paste it into the box that opens by pressing command + v press return. Open a folder named "LaunchAgents", or you will get a notice stating that the file cannot be found. If the file is not found, proceed to the next step.
If the folder opens, press the combination of keys command-2 to select the display of the list, if it is not already selected. Please don't skip this step.
There should be a column in the update Finder window. Click this title two times to sort the content by date with the most recent at the top. If necessary, enlarge the window so that all the content show.
Follow the instructions in this support article under the heading "take a screenshot of a window." An image file with a name starting in 'Screenshot' should be saved to the desktop. Open the capture screen and make sure it is readable. If this isn't the case, capture a small part of the screen indicating that what needs to be shown.
Start a reply to this message. Drag the image file in the editing window downloading. Alternatively, you can include text in the response.
Leave the case open for now.
Step 2
Do as in step 1 with this line:
/Library/LaunchAgents
The record which can open up will have the same name but is not the same as in step 1. In this step, the folder does not exist.
Step 3
Repeat with this line:
/Library/LaunchDaemons
This time the file will be called "LaunchDaemons."
Step 4
Open Safari preferences window and select the tab 'Extensions'. If the extensions are listed, post a screenshot. If there are no extensions, or if you cannot launch Safari, skip this step.
Step 5
If you use Firefox or Chrome browser, open the list of extensions and do as in step 4.
Tags: Mac OS & System Software
Similar Questions
-
Check for the presence of malware/adware/spyware software
I'm currently looking if I have no malware/adware/spyware on my computer. I followed the steps on the other discussions as removing the. Agent.plist and other daemon.plist. Right now I don't see any symptoms (such as force redirection Web site or just completely frozen screen) but I don't know if there is nothing else left. Could someone there check it please for me? Thank you!
EtreCheck version: 2.9.11 (264)
Report generated 2016-04-25 00:02:30
Download EtreCheck from https://etrecheck.com
Length 03:13
Performance: good
Click the [Support] links to help with non-Apple products.
Click [details] for more information on this line.
Problem: No problem - just check
MacBook Pro (13-inch, mid-2012)
[Data sheet] - [User Guide] - [warranty & Service]
MacBook Pro - model: MacBookPro9, 2
1 2.5 GHz Intel Core i5 CPU: 2 strands
4 GB of RAM expandable - [Instructions]
BANK 0/DIMM0
OK 2 GB DDR3 1600 MHz
BANK 1/DIMM0
OK 2 GB DDR3 1600 MHz
Bluetooth: Good - transfer/Airdrop2 taken in charge
Wireless: en1: 802.11 a/b/g/n
Battery: Health = Normal - Cycle count = 548
Graphics Intel HD 4000
Color LCD 1280 x 800
OS X Yosemite 10.10 (A 14, 389) - since startup time: less than an hour
HTS547550A9E384 disk HARD APPLE disk0: (500,11 GB) (rotation)
EFI (disk0s1) < not mounted >: 210 MB
Recovery HD (disk0s3) < not mounted > [recovery]: 650 MB
Media (disk0s4) / Volumes/media: 160.00 go-go (152,46 free)
Macintosh HD 2 (disk0s5) / Volumes/Macintosh HD 2: 114.62 (114,40 GB free)
Macintosh HD 3 (disk0s6) / Volumes/Macintosh HD 3: 114.22 (16,80 free go-go)
Macintosh HD (disk 1) /: 109,63 go-go (34,57 free)
Storage of carrots: disk0s2 110.00 GB Online
MATSHITADVD-R UJ - 8à8 disk2: () (196.8 MB)
Apple Inc. FaceTime HD camera (built-in)
Apple Inc. BRCM20702 hub.
Apple Inc. Bluetooth USB host controller.
Computer, Inc. Apple IR receiver.
Apple Inc. Apple keyboard / Trackpad
Apple Inc. Thunderbolt_bus.
Mac App Store
/ System/Library/Extensions
com.devguru.driver.SamsungComposite [no charge] (1.4.18 - 10.6 SDK - 2016-03-22) [Support]
/System/Library/Extensions/ssuddrv.kext/contents/plugins
com.devguru.driver.SamsungACMControl [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]
com.devguru.driver.SamsungACMData [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]
com.devguru.driver.SamsungMTP [no charge] (1.4.18 - SDK 10.5 - 2014-01-27) [Support]
com.devguru.driver.SamsungSerial [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]
[loaded] 5 tasks of Apple
[loading] 142 tasks Apple
[operation] 56 tasks Apple
[loaded] 45 tasks Apple
[loading] 137 tasks Apple
[operation] 80 tasks Apple
[loading] com.adobe.SwitchBoard.plist (2012-08-11) [Support]
[loading] com.adobe.fpsaud.plist (2016-04-05) [Support]
[loading] com.malwarebytes.MBAMHelperTool.plist (2016-04-11) [Support]
[loading] com.oracle.java.Helper - Tool.plist (2014-09-20) [Support]
com.apple.CSConfigDotMacCert [fail]-[...] @me.com - SharedServices.Agent.plist
[failure] com.facebook.videochat. [entrenched passage] .plist (2014-08-13) [Support]
[loading] com.google.keystone.agent.plist (2016-03-02) [Support]
[operation] com.spotify.webhelper.plist (2016-04-24) [Support]
iTunesHelper Application (/ Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Agent application of file transfer Android (~/Library/Application Support/Google/Android File transfer/Android File Transfer Agent.app)
Hidden Spotify Application (/ Applications/Spotify.app)
[ongoing] com.google.Chrome.5996
[ongoing] com.Google.Android.mtpagent.98864
[ongoing] com.spotify.client.49448
[loading] 357 tasks Apple
[operation] 163 tasks Apple
FlashPlayer - 10.6: 21.0.0.213 - SDK 10.6 (2016-04-08) [Support]
QuickTime Plugin: 7.7.3 (2014-11-06)
Flash Player: 21.0.0.213 - SDK 10.6 (2016-04-08) obsolete! Update
EPPEX plugin: 4.1.0.0 (2011-07-26) [Support]
Default browser: 600 - SDK 10.10 (2014-11-06)
SharePointBrowserPlugin: 14.3.4 - SDK 10.6 (2013-05-19) [Support]
Silverlight: 5.1.30317.0 - SDK 10.6 (2014-05-20) [Support]
JavaAppletPlugin: Java 8 update 65 build 17 (2015-11-09) check the version of
Flash Player (2016-04-05) [Support]
Java (2015-11-09) [Support]
Automatic backup: YES
Volumes to back up:
Macintosh HD: Disc size: 109,63 GB disc used: 75,06 GB
Destinations:
Macintosh HD 3 [Local]
Total size: 114,22 GB
Total number of backups: 60
An older backup: 01/07/15, 16:44
Last backup: 24/04/16 18:40
Backup disk size: too small
Backup size GB 114,22 < (disc 75,06 GB X 3)
5% mdworker (9)
3% kernel_task
3% Google Chrome
2% Google Chrome Helper (6)
2% fontd
Top of page process of memory: ⓘ
766 MB Google Chrome Helper (6)
Kernel_task 447 MB
209 MB Google Chrome
Mdworker (9) 147 MB
Image 119 MB
320 MB of free RAM
3.69 used GB RAM (1.02 GB being cached)
Used Swap 0 B
24 April 2016, 23:19:51 self-test - spent
24 April 2016, 19:05:27 /Library/Logs/DiagnosticReports/storedownloadd_2016-04-24-190527_[redacted].cpu _resource.diag [details]
/System/Library/PrivateFrameworks/CommerceKit.Framework/versions/A/resources/St oredownloadd
April 23, 2016, 23:14:57 ~/Library/Logs/DiagnosticReports/VTDecoderXPCService_2016-04-23-231457_[redacte d] .crash
/System/Library/frameworks/VideoToolbox.Framework/versions/A/XPCServices/VTDeco derXPCService.xpc/Contents/MacOS/VTDecoderXPCService
If you see no evidence of malicious programs (and I see no evidence of it in the etrecheck report), you can read this post for more insight.
Viruses, Trojans, Malware - and other aspects of Internet Security
Apple - Support-Apple security updates
http://www.reedcorner.NET/MMG/
-
I am new user of MacBook (less than 24 hours) and already makes it painful to use because someone told me there is no virus for Mac, I was carelessly downloading of programs and I am here... My browsers (Chrome and Safari) are double tabs, we repeat just what is already open, and a other advertising. Also, I got pop ups and ads around some sites like imdb or other trusted sites. Now it's better, maybe because I've done a few things to try to remove this, but the redirect is still a huge problem. Here is the results of my diagnosis, I hope someone can help
Boot Mode: Normal
Model: MacBookAir7, 2
The System Diagnostics
2016-01-20 com.purevpn.macapp crash
2016-01-20 com.purevpn.macapp crash
2016-01-20 com.purevpn.macapp crash
2016-01-20 com.purevpn.macapp crash
2016-01-20 com.purevpn.macapp crash
Diagnosis of the user
2016-01-20 PureVPN crash
2016-01-20 storeassetd crash
Accident activity Monitor 2016-01-21
2016 01-21 SystemUIServer crash
Kernel messages
January 20 09:39:44 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765
January 20 09:39:50 [IGPU] Planner gas CAP = 100ms.
Jan 20 16:21:06 excessive release of assertions about the importance of the inner core for pid 701 (storeassetd), let fall 1 assertions, but the task only has 59 remaining (59 external).
20 January 23:11:01 hfs: mounted PopcornTime on disk2s2 of the device
20 January 23:18:50 hfs: disassemble insiders on PopcornTime on disk2s2 of device
20 January 23:38:36 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765
20 January 23:38:37 [IGPU] Planner gas CAP = 100ms.
Jan 21 00:30:33 launchd process [1]-l' system of limitation of disabling i/o level
Jan 21 00:30:33 launchd process [1] disable the CPU - the system-wide limit
Jan 21 00:30:48 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765
Jan 21 00:30:49 [IGPU] Planner gas CAP is 100ms.
21 Jan 01:15:31 launchd process [1]-l' system of limitation of disabling i/o level
21 Jan 01:15:31 launchd process [1] disable the CPU - the system-wide limit
21 Jan 01:15:45 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765
21 Jan 01:15:46 [IGPU] Planner gas CAP is 100ms.
Extrinsic demons
com.purevpn.MacApp
com.Adobe.fpsaud
Extrinsic agents
com ShopTool.agent
com SoftwareUpdater.agent
com.google.Keystone.User.agent
launchd items
/ Library/LaunchAgents/com. ShopTool.agent.plist
(ShopTool.agent com)
/ Library/LaunchAgents/com. SoftwareUpdater.agent.plist
(SoftwareUpdater.agent com)
/Library/LaunchDaemons/com.Adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.purevpn.MacApp.plist
(com.purevpn.macapp)
Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.user.agent)
Com/library/LaunchAgents. ShopTool.agent.plist
(ShopTool.agent com)
Com/library/LaunchAgents. SoftwareUpdater.agent.plist
(SoftwareUpdater.agent com)
Extrinsic loadable bundles
/ / Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/ Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
Proxies
ProxyAutoConfigEnable: 0
ProxyAutoDiscoveryEnable: 0
DNS (for not)
no DHCP): 8.8.8.8
Profiles: 1
Restricted user files: 6
Time elapsed (s): 92
Click here and follow the instructions, or if it is not a type of adware is covered by them on the computer, these. If you would rather not remove it manually, you can run rather MalwareBytes for Mac.
MalwareBytes is a removal tool and does not stop adware or other malware from entering the computer. What said you is true that viruses are concerned, but does not apply to other types of malware. For effective protection, do not download software from sources other than the Mac App Store or Developer Web sites.
(138614)
-
Software malware/adware removal instructions
OS: 10.11.3
Symptoms: popup on chrome (wonderlandads)
I search on google and found pop - up for wonderlandads is adware/malware.
I scanned my system with Avast / avira and malware bytes. He did not find anything
I checked the extension and did not find any suspicious extension (only lastpass extenstion is here)
I have reset the browser, erased the history and cache, check the default search and page by default, everything seems to be OK.
The pop-up window becomes very irritating.
How can I identify and remove this adware.
I guess that there are legitimate software that delivered adware, but I don't know which.
Help, please
Vik
-
Hello
I have a problem with my computer it has been infected by a virus that is not visible in normal mode. It prevents running any application that would help in the detection and removal. I tried running mrt, mcaffe, trendmicro rootkit detector rootkit detector, spybotSD, analysis windows Defender online Windows live onecar. All these works for a minute and then shutsdown, when I click it again I get the error, as mentioned in the title, 'windows cannot access the specified device file or the path, you do not have permissions.
This problem has a solution or re - install is the only way out?
The pointers/help appreciated.
Just to add, I am able to connect using my last known good configuration and only safe mode configurations.
Thank you
Id2View,
1. follow all the instructions in this thread: How to get rid of malware
2. If still no joy you can find Microsoft MVPs and other trained analysts on the following support sites:
Aumha.org
Atribune.org
SpywareHammer
BleepingComputer
Safer-Networking3. If you need help with virus-related issues, contact the Support Services Microsoft product.
To support the Canada and the United States, call toll-free (866) PCSAFETY (727-2338).
For support outside the United States and the Canada, visit the page Web of Product Support Services.
4. If you need more assistance for the position of the newsgroup Microsoft - security - virusvirus/worm.
Through your News Reader:
News://msnews.Microsoft.com/Microsoft.public.Security.virus
Via the Web:
http://www.Microsoft.com/communities/newsgroups/list/en-us/default.aspx?DG=Microsoft.public.Security.virusHope this helps,
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & security - since 2003. ~ ~ ~ My MVP profile: https://mvp.support.microsoft.com/profile/Vincenzo
-
I have upgraded to Windows 10, when it became available. Had no problem with anything. All of a sudden today Thunderbird keeps stalling out. I don't think that it has nothing to do with Windows 10 since he has worked for weeks.
How can I solve this problem?
Margaret Richmnan
Try to start * Windows * in safe mode with active network.
-Win10 http://windows.microsoft.com/en-us/windows-10/change-startup-settings-in-windows-10#v1h=tab01Always in Windows safe mode, start Thunderbird in safe mode.
- https://support.mozilla.org/en-US/kb/safe-modeThe problem goes away?
-
When I go to netflix to watch a movie it still says theres a problem with the installation Sliverlight 2105 error code. I uninstalled and reinstall but get the same message.
Run this Microsoft Fix it
-
How can I get rid of start.sweetpacks.com? I reinstalled Secunia yesterday due to some issues. I used the bad download and let him install some United Nations wanted to free software. I wasn't watching close enough to stop these free programs until it is too late. Now, I start.sweetpacks.com with my FF browser. This forum can help me or should I go somewhere else. I learned the hard way to monitor these bad programs when you use the links at the bottom of the load a program. Could you give me the link to download Secunia PSI. I have windows 8 os.
The PSI link is http://secunia.com/vulnerability_scanning/personal/
I'm not familiar with sweetpacks , so I can't comment on that. Maybe someone else (Bugbatter, Joe, RedDawn or Iroc) can she? If this isn't the case, you can still register for SpywareHammer.com one-we-we help.
-
Why update firefox and got a 'free' bing search bar and two software malicious adware?
After an automatic update - no, I do not download no matter what new version of any dangerous place - I found that I had the Bing search bar-which I think I've turned it off, not sure if - and two malware/adware problems. First was rvzr - a.akamaihd which arises a new tab when clicking first on a website, then I found that I had offerswizard adding banners - blocked most of them - and the creation of hiperlinks with mini pop ups when passed above it with the mouse - sorry if my English is not clear. I tried AVG free and there wasn't any warning. Finally, ad-block and rgiht, click on the arrow to search bing seems to fix the problem, however, offerswizard must be uninstalled manually - lightning enhance program, I think that - after a google search.
The main question is... can I trust firefox download/upgrade to automatic update?Thank you all for your answers. I tried to mark it as resolved, but I doubt that I did.
First I tried in windows / removal of unwanted software programs. Installed an adblocker for FF
Then I downloaded the adware 3.8 removal tool and the problem is almost solved. Still a few details could be improved, but I can live with that.I think someone took advantage of the installation of FF and it makes any other malware on my computer.
Thank you once again.
-
After the repair of my new/used PC, I ran a scan with Malware/Adware which used to be LiveOne care safety Scanner and he discovered for me three potentially dangerous software or Adware and it has been partially removed. This to say that I still have potentially harmful Adware or Spyware left and can continue to wreak havoc on my computer? Or I'm sure even thogh he informed me that they were only partially removed? BrowserModifier:Win32 / partially deleted BaiduSobar and
Program: Win32 / partially removed BaiduIebar please help me to advise on what I should do! Thank you! Have you ever heard of these guys before?
HelloTry following the steps in this virus/malware removal guide: http://www.selectrealsecurity.com/malware-removal-guideIt contains instructions which will remove most malware infections. I hope this helps you.Brian -
Anti-Virus detects but removes no adware/malware
Hello
I have a Readynas RN102 with 6.4.1. firmware. I have more installed anti-virus. Today it started to detect Adware (W32 / Adware.DEZV - 3749 or NsCPUMiner32.exe) and Bitcoinminer Trojan (W64Adware.DEZV - 3749 - NsCPUMiner64.exe). Both were hidden in a file called Info.zip.
Because I couldn't see the files in the management web page / share (even when displaying of hidden files) I changed the anti-virus more to 'Action - Delete' setting and a scheduled scan. He had tested and found the files, but in log files, he repeats that I have to delete the infected file yourself.
Any help on:
-log file: why does not say what is it deleted the file or not
-display and by deleting files myself manually
-a specific malware / adware removal app for the ReadyNas
Thanks in advance,
Jan
HA Kodhee,
Thank you. I always keep my antivirus updated. So maybe this is the reason why no virus is detected (asuming it was a false alarm as well).
I did what you suggested and selected / unselected files of several cards that were "infected" files It was an hour ago, and I don't have any message. More than my scan that I had planned this evening.
I'll keep my fingers crossed and do a final check tomorrow morning.
-
I have a HP a530n that restarts continually.
I have a HP a530n that restarts continually. I installed a reader of CAC, 2 days ago, and reboot to initialize the installation, he began a cycle restart nonstop. I tried to go into safe mode, but it does the same thing. I did a full install of windows xp sp2 on an existing installation "repair" and it always does. Any ideas? Anyone? Bueller?
My HP acted in the same way sometimes when restarting. What the Microsoft or HP solution method 2 to restore the system by using the Windows XP CD? See below.
The solution that worked for me was a manual, I removed the hard drive to my HP a530n, attached to an adapter IDE - USB, changed the PIN back to act as a slave drive and connected to my laptop the drive installed as an external drive, then I opened the file ExternalDriveLetter: \Windows\System32\Drivers renamed file intelppm.sys XXXintelppm.syx removed the hard drive and then installed in the HP and it worked. (Before you reinstall the drive, change the rear pin hard drive master or Cable Select).
Also, while the hard drive was still installed as an external for my laptop drive, I copied all my data files, bookmarks, Favorites, files of Outlook PST, user profiles... I then ran the hard disk Error-checking tool (right-click on the drive and select Properties, then select the Tools tab) to analyze all of the bad sectors of the disk, you must check both boxes to automatically fix errors system file and Scan for and attempt recovery of bad sectors, it will tell you if your HP hard drive begins to fail and must be replaced. Hear the sounds that weird car or see a lot of bad sectors during the analysis of error checking is a good sign to replace it until it goes dead. Also scan this external hard drive with a thorough virus & malware/adware scan. If you have a dead drive, I found a technician in Florida, which use a clean and restores the data from hard drive for a good price: hddsavers.com
You might have corrupted Windows XP system files which prevents normal windows load upward or your hard drive fails mechanically. My original hard drive failed, and luckily I had a backup image (Acronis) of this to restore all my data and programs on a new disc. A failing drive can let you not do a Windows system restore if system files are located in a bad disk sector. But there are 2 types of system restore, it is done through Windows XP during the boot process (press F8) and the other is original of your hard drive has been installed with 2 partitions on the disk, one of them is a D-drive called HP_RECOVERY, it is possible with a new disk and software such as Paragon hard disk manager to copy to this partition and restart from zero (default) to install windows XP and programs and then copy on your data files, if you manage to install the old drive as an external drive to another computer. To use the HP recovery, you have access to this starts, it's the first blue light screen HP see you and down, it gives you the option button to select this restoration, if you don't see it, then go to the BIOS Setup (pressing F1 at startup) and there could be a selection to display the splash screen.
If by chance, method 2 below works and Windows loads up again once as normal, you must always use the disk error checking to find bad sectors and you must parse the filesystem of Windows for corruption (start/run: sfc.exe/scannow). Also do a virus scan and spyware-malware throrough of the player (free programs: Avast, Malwarebytes, Ad-Aware & Spybot - I use all 4 looking for different things, free programs require usually manually update you and run).
Method 2
To work around this problem, run the recovery console by using the Windows XP CD. Then, select the recovery option. To run the Recovery Console from the diskette of starting Windows XP or the Windows XP CD, follow these steps:
- Insert the Windows XP startup disk into the floppy drive. Or, insert the Windows XP CD into the CD drive. Then, restart the computer.
Note If you are prompted, click to select all the options required to start the computer from the CD drive.
- When the "Welcome" screen appears, press R to start the Recovery Console.
- If you have a dual-boot or multiboot computer, select the installation that you want to access from the Recovery Console.
- When you are prompted, type the administrator password.
Note If the administrator password is blank, press ENTER.
- At the Recovery Console prompt, type the following command and press ENTER:Disable intelppm
- Insert the Windows XP startup disk into the floppy drive. Or, insert the Windows XP CD into the CD drive. Then, restart the computer.
-
New computer system Windows 8.1 with McAfee installed... shows no proofing problem. Have not changed the settings. Went to a variety of Web sites today, then suddenly ads popping up on my home page when I open it. Ads do not appear on the google search, I noticed.
Other Web pages then start loading telling me to go to a place to fix the problem... saying adware of a certain type invaded my system... and it loads over and over and over again. long URL do recognize in it.
Help!
Try to start safe mode, sometimes this is caused by addons:
Case, the problem does not occur in Mode safe:
Sometimes, the problem may be malware:
In addition, you can use addons to block windows pops-up/announcements:
-
If I am infected with malware?
Hello!
This is my first post in the forum, but I followed the discussions since I got my MacBook and the community is very useful.
I decided to create this post to ask the experts of the view.
I received a phone call from the network admin at my University saying that I (and a few other students) have been infected by trojan Zeus and he attacked the University network. I found very doubtful after doing a quick search on this Trojan horse and did not find any relationship of Zeus with OSX. Yet, it made me a bit paranoid so I keep changing my passwords and began to scan the system in order to find if there is some malware.
One thing that is important to mention at this point, I sometimes use a machine virtual Windows 7 (Parallels Desktop) which is only used to interact with the instrumentation in the laboratory of the University. The virtual machine has a WiFi connection shared from OSX and to access the files, the folders shared. The virtual machine has only Microsoft Security Essentials 'antivirus' installed. And I don't remember installing any new software on the virtual Windows machine since the start of the alleged "attacks".
So I unplugged my Mac from Internet, disabled sharing records of VM with OSX and began to analyze the Windows VM using different software and following the instructions on this website: https://malwaretips.com/blogs/zeus-trojan-virus/ , nothing has been detected.
I proceeded to analyze OSX using MalwareBytes and even installed Kaspersky Internet Security to give it a try. Done a few scans and still nothing.
I did a scan with EltreCheck and read the report. I've removed some of the plugins that I was not using more, since this installation of Mac OS x is always updated from Lion.
This is the report of EltreCheck at the moment:
EtreCheck version: 2.9.12 (265)
Report generated 2016-05-18 12:07:22
Download EtreCheck from https://etrecheck.com
Time 01:47
Performance: Excellent
Click the [Support] links to help with non-Apple products.
Click [details] for more information on this line.
Problem: Another problem
MacBook Pro (15 inch, early 2011)
[Data sheet] - [User Guide] - [warranty & Service]
MacBook Pro - model: MacBookPro8, 2
1 2 GHz Intel Core i7 CPU: 4 strands
8 GB of RAM expandable - [Instructions]
BANK 0/DIMM0
OK 4 GB DDR3 1333 MHz
BANK 1/DIMM0
OK 4 GB DDR3 1333 MHz
Bluetooth: Old - transfer/Airdrop2 not supported
Wireless: en1: 802.11 a/b/g/n
Battery: Health = Normal - Cycle count = 931
Intel HD Graphics 3000
Color LCD 1440 x 900
AMD Radeon HD 6490M - VRAM: 256 MB
OS X El Capitan 10.11.4 (15E65) - since the start time: about an hour
TOSHIBA THNSNH128GBST disk0: (128,04 GB) (Solid State - TRIM: Yes)
EFI (disk0s1) < not mounted >: 210 MB
Recovery HD (disk0s3) < not mounted > [recovery]: 650 MB
Macintosh HD (disk 1) /: 126,80 go-go (32,74 free)
Storage of carrots: disk0s2 127,18 GB Online
TOSHIBA MK5065GSXF disk2: (500,11 GB) (rotation)
EFI (disk2s1) < not mounted >: 210 MB
DATA (disk2s2) / Volumes/DATA: GB 499,76 (15,47 GB) free
Computer, Inc. Apple IR receiver.
Apple Inc. FaceTime HD camera (built-in)
Apple Inc. Apple keyboard / Trackpad
Apple Inc. BRCM2070 hub.
Apple Inc. Bluetooth USB host controller.
Apple Inc. Thunderbolt_bus.
/ etc/hosts - number: 2
Any where
/ Applications/Parallels Desktop.app
com.parallels.kext.hypervisor [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]
com.parallels.kext.NetBridge [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]
com.parallels.kext.usbconnect [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]
com.parallels.kext.vnic [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]
/ Applications/Radio Silence.app
[loading] com.radiosilenceapp.nke.filter (2.0 - SDK 10.11 - 2016-05-07) [Support]
/ Library/Extensions
[loading] com.kaspersky.kext.klif (3.4.0a25 - 2016-05-17) [Support]
[loading] com.kaspersky.nke (2.1.0 - 2016-05-17) [Support]
org.cindori.TrimEnabler [no charge] (1.0 - SDK 10.10 - 2016-05-17) [Support]
TuxeraNTFSUnmountHelper: Path: / Library/StartupItems/TuxeraNTFSUnmountHelper
Startup items are obsolete in OS X Yosemite
[loaded] 8 tasks Apple
[loading] 160 tasks Apple
[operation] 70 tasks Apple
[loaded] 45 tasks Apple
[loading] 159 tasks Apple
[operation] 85 tasks Apple
[no charge] com.adobe.AAM.Updater - 1.0.plist (2015-06-30) [Support]
[operation] com.brother.LOGINserver.plist (2015-03-12) [Support]
[loading] com.google.keystone.agent.plist (2016-03-03) [Support]
com.maintain.PurgeInactiveMemory.plist [no charge] (2014-11-15) [Support]
com.maintain.Restart.plist [no charge] (2014-11-15) [Support]
com.maintain.ShutDown.plist [no charge] (2014-11-15) [Support]
[operation] com.maintain.SystemEvents.plist (2014-11-15) [Support]
[loading] com.oracle.java.Java - Updater.plist (2014-11-06) [Support]
[loading] com.radiosilenceapp.agent.plist (2016-04-17) [Support]
[operation] com.rosettastone.rosettastonedaemon.plist (2015-06-05) [Support]
[loading] org.macosforge.xquartz.startx.plist (2015-10-16) [Support]
[failure] com.adobe.fpsaud.plist (2016-04-16) [Support]
[loading] com.google.keystone.daemon.plist (2016-03-03) [Support]
com.maintain.HideSpotlightMenuBarIcon.plist [no charge] (2014-11-15) [Support]
[loading] com.malwarebytes.MBAMHelperTool.plist (2016-01-18) [Support]
[loading] com.microsoft.autoupdate.helpertool.plist (2015-10-15) [Support]
[loading] com.microsoft.office.licensingV2.helper.plist (2015-08-15) [Support]
[loading] com.oracle.java.Helper - Tool.plist (2014-11-06) [Support]
[loading] com.radiosilenceapp.nke.plist (2016-04-17) [Support]
[loading] com.wdc.WDPrivilegedHelper.plist (2015-08-23) [Support]
[loading] org.cindori.TEAuth.plist (2015-08-11) [Support]
[loading] org.macosforge.xquartz.privileged_startx.plist (2015-10-16) [Support]
[loading] com.bittorrent.uTorrent.plist (2016-02-23) [Support]
[operation] com.spotify.webhelper.plist (2016-05-14) [Support]
Application of flow (~ / Applications/Flux.app)
Fan of Macs control application (/ Applications/Mac Fan Control.app)
gfxCardStatus Application (/ Applications/gfxCardStatus.app)
iTunesHelper Application (/ Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Application of caffeine (/ Applications/Caffeine.app)
Plane 2 Application (/ Applications/airmail service of 2.app)
BetterTouchTool Application (/ Applications/BetterTouchTool.app)
com.batteryProject.FruitJuiceHelper [loading]
[ongoing] com.batteryProject.FruitJuiceMAS.112992
[ongoing] com.brother.utility.NETserver.99552
[ongoing] com.brother.utility.USBserver.99232
[ongoing] com.codykrieger.gfxCardStatus.98912
[ongoing] com.crystalidea.MacsFanControl.51872
[ongoing] com.etresoft.EtreCheck.147232
[ongoing] com.hegenberg.BTTRelaunch.178592
[ongoing] com.hegenberg.BetterTouchTool.153632
[ongoing] com.lightheadsw.caffeine.47072
[ongoing] com.mendeley.desktop.53472
[ongoing] com.radiosilenceapp.client.256672
[ongoing] it.Bloop.airmail2.105632
[ongoing] org.herf.Flux.85152
[loading] 412 tasks Apple
[operation] 194 tasks Apple
AdobeAAMDetect: AdobeAAMDetect 1.0.0.0 - SDK 10.6 (2015-06-30) [Support]
FlashPlayer - 10.6: 21.0.0.226 - SDK 10.6 (2016-04-30) [Support]
QuickTime Plugin: 7.7.3 (2016-04-05)
AdobePDFViewerNPAPI: 11.0.11 - SDK 10.6 (2015-06-30) [Support]
AdobePDFViewer: 11.0.11 - SDK 10.6 (2015-06-30) [Support]
Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-30) obsolete! Update
Default browser: 601 - SDK 10.11 (2016-04-05)
o1dbrowserplugin: 5.41.3.0 - 10.8 SDK (2015-12-11) [Support]
googletalkbrowserplugin: 5.41.3.0 - 10.8 SDK (2015-12-11) [Support]
Silverlight: 5.1.41105.0 - SDK 10.6 (2015-12-09) [Support]
JavaAppletPlugin: Java 8 update 91 build 14 (2016-05-09) check the version of
AdBlock - BetaFish, Inc. - https://getadblock.com (2015-10-25)
Blocker JS 5 - Travis novel - http://jsblocker.toggleable.com/ (2016-04-27)
Open in Internet Explorer - Parallels - http://www.Parallels.com/fr/ (2015-10-21)
Flash Player (2016-04-16) [Support]
GIFPaperPrefs (2014-02-23) [Support]
Java (2016-05-09) [Support]
Tuxera NTFS (2015-10-26) [Support]
Skip system files: No.
Mobile backups: OFF
Automatic backup: YES
Volumes to back up:
Macintosh HD: Disc size: 126,80 GB disc used: 94,06 GB
Destinations:
TIME [Local]
Total size: 1.00 TB
Total number of backups: 8
An older backup: 29/02/16 09:00
Last backup: 30/04/16-13:06
Size of backup drive: Excellent
Backup size 1.00 TB > (disk size 126,80 GB X 3)
com.apple.WebKit.WebContent (20) 18%
3% safari
2% WindowServer
2% fontd
1% kernel_task
Top of page process of memory: ⓘ
2.78 GB com.apple.WebKit.WebContent (20)
819 MB Safari
750 MB kernel_task
180 MB mds_stores
180 MB DashboardClient (4)
75 MB of free RAM
used 7.92 GB RAM (960 MB cache)
Used Swap 0 B
18 may 2016, 10:42:09 self-test - spent
I installed as well the "firewall" Radio Silence to analyze applications and connections. After Google search on some processes, always about 'weird' jump.
I'm ready to do a clean install of Mac OS x, but since I am each week make backups Time Machine, my main worries:
-What happens if my files on my external backup drive are infected by malware, I can't get back them without "infect" once again cleaning installation of Mac OS x, right?
I would like to ask your advice about the vulnerability of my system and any suggestion on further analysis for the detection of malicious software supposed to.
Sorry for this long post,
I would really appreciate the help
You must change your settings for call control. Set it to "Anywhere" is dangerous. Go to system-> Security and privacy preferences and change it to "Mac App Store and identified developers.» Two, you have uTorrent installed - unless you are in the rare, rare, very small minority of people who use torrents for legal reasons, I think we both know that you use it for, and which may cause your system damage if you download something that is infected with malware or adware, as are most of the torrent offers. I don't see no malware/adware on your hard drive, at least through your EtreCheck report, so you should be fine.
I would also add that if you have anti-virus for your Windows partition, it is one thing, you don't need anti-virus for your Mac. Anti-virus programs cannot protect you from malware or adware, and that's what Mac users needs to worry. In addition, many AV programs negatively affects the performance of Mac because they don't play nice with them. Therefore, I would like to uninstall Kaspersky and keep the program AV that you use for your Windows installation. Windows needs an antivirus protection, OS X is not.
-
is it decent software anti malware for osx 10.5.8
I think there's malware on the iMac. It is a G5 with osx 10.5.6. I go down to drop windows in Safari, kind of randomly, who says that Safari cannot identify a particular site, and I want to go? I always click on leave. Tumblr or something as it is one of the sites - the other mentions adware, I think.
Does anyone know anti-malware that I can use with this iMac intel os and pre?
Thank you
You may need to consider TenFourFox browser because it is updated.
Safari is not. Four of the 10 Fox is a mozilla derived from generation customized for Mac PPC.
You can choose a different browser as system by default in Safari preferences
This is a way to bypass many of the problems with obsolete Safari. I've seen
is no evidence in any of my two Macs on the G4 (10.5.8) adware or malware running.
It is the TenFourFox for Mac PPC browser homepage; link to note G5 edition:
http://www.floodgap.com/software/tenfourfox/
And if market 10.5.6 download the Combo update to 10.5.8 Leopard.
For Safari in Mac later, there are suggestions in the following article on adware
and this may seem like malware. I had no adware or malware in my
Macs PowerPC G4; There may be instructions in the manual on how to search for songs of
suspicious content in this support page. Avoid products such as AdwareMedic
or malwarebytes anti-malware for Mac because it works in later Macs intel who use OS X.
• Stop the pop-up ads and advertising on Safari - Apple Support
Phony 'technical support' / 'ransomware' popups and web pages
How to install adware - or avoid it.
Manual methods for malware, adware, performance problems can still be here:
http://www.thesafemac.com/tech-guides/
Good luck & happy computing!
{PS: this thread was transferred for vintage iMac PPC iMac Intel section by guest}
Maybe you are looking for
-
Satellite C660 - is don't turn does not on
Hi all Just got a new laptop Satellite C660-PSC1LA-00J001, which initially had 2 GB of ram in the shop, but has been improved with another 2 GB to 4 GB (upgraded in-store). Have unpacked box and the connection of all the cords power supply etc., powe
-
want to 7640: OCR on hp envy 7640?
I'm considering buying a desire 7640. Can someone tell me if it is able to OCR? If so, the software is included, or I have to buy separately (and what's the name?) Thank you in advance for your help! ~ KBo
-
I bought a laptop HP pavilion 15-p203tx about 6 months ago. It came with windows pre-installed 8.1 64-bit. It is workng everything fine and smooth. Just a little while back, I received my upgrade reserved windows 10. I upgraded my laptop with the sam
-
I just bought an ACER Iconia A3 - A10, I thought that read me the description of the Tablet until I bought that I could use a SD card and SIM card... Am I wrong? Because I inserted the 16 GB SD card and I'll in ' SETTINGS' > 'STORAGE' and only shows
-
I lost a computer to viruses, to express myself here
When I got the virus, I did a test for my University. Yesterday, I talked about how among the MICROSOFT trusted partners does not have the privilege of having the opportunity to work with Microsoft, putting pop - up and unethical to carry OUT incorre