Continuing to malware / adware problem


I have finally upgraded to El Capitan at last week. I had no problem until today when I downloaded a new Java Update, which I think may have also installed some sort of adware / malware on my system. Since the installation of new advertising tabs open (on both Firefox and Safari) when I click on some normal links on some sites. I also see underlined green links ad on some pages.

I tried all the tips I can find online, including of Malwarebytes, Avast, reinstall browsers, try a new user, follow the instructions to remove "DownLite" etc. I also checked the LaunchAgent and LaunchDaemons folders in my library, and they seem to be something unusual.

Any help with this would be much appreciated because it becomes extremely frustrating Apple have advised me to reinstall OS X, but I would try other options first as it may seem a bit drastic!

Thank you very much


You may have installed ad-injecting malicious software ("adware").

Do not use any type of product, "anti-virus" or "anti-malware" on a Mac. You have already seen that it does not work.

Save all data first.

If you are not already running the latest version of Mac OS X, update or upgrade in the App Store you risk adware remove automatically. If you are already using the latest version, please log off or restart the computer. Still, some types of malware will be deleted, not all. There is no such thing as the automatic removal of all possible malware, either by OS X third party software. That's why you can't rely on software to protect you.

If the malware is deleted in your case, you will still need to make changes to the way you use your computer to protect you from new attacks. Ask if you need advice.

If the malware is not removed automatically, see below.

This simple procedure to detect any type of adware that I know. Disabling is a procedure distinct and better still.

Some legitimate software is funded by advertising and may display advertisements in its own windows or in a web browser while it is running. It's not malware and it may not appear. In addition, some Web sites display advertising intrusive popup that can be confused with adware.

If none of your web browsers work well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.

Step 1

Please triple - click on the line below on this page to select it, and then copy the text to the Clipboard by pressing Control-C key combination:


In the Finder, select

Go ▹ go to the folder...

from the menu bar and paste it into the box that opens by pressing command + v press return. Open a folder named "LaunchAgents", or you will get a notice stating that the file cannot be found. If the file is not found, proceed to the next step.

If the folder opens, press the combination of keys command-2 to select the display of the list, if it is not already selected. Please don't skip this step.

There should be a column in the update Finder window. Click this title two times to sort the content by date with the most recent at the top. If necessary, enlarge the window so that all the content show.

Follow the instructions in this support article under the heading "take a screenshot of a window." An image file with a name starting in 'Screenshot' should be saved to the desktop. Open the capture screen and make sure it is readable. If this isn't the case, capture a small part of the screen indicating that what needs to be shown.

Start a reply to this message. Drag the image file in the editing window downloading. Alternatively, you can include text in the response.

Leave the case open for now.

Step 2

Do as in step 1 with this line:


The record which can open up will have the same name but is not the same as in step 1. In this step, the folder does not exist.

Step 3

Repeat with this line:


This time the file will be called "LaunchDaemons."

Step 4

Open Safari preferences window and select the tab 'Extensions'. If the extensions are listed, post a screenshot. If there are no extensions, or if you cannot launch Safari, skip this step.

Step 5

If you use Firefox or Chrome browser, open the list of extensions and do as in step 4.

Tags: Mac OS & System Software

Similar Questions

  • Check for the presence of malware/adware/spyware software

    I'm currently looking if I have no malware/adware/spyware on my computer. I followed the steps on the other discussions as removing the. Agent.plist and other daemon.plist. Right now I don't see any symptoms (such as force redirection Web site or just completely frozen screen) but I don't know if there is nothing else left. Could someone there check it please for me? Thank you!

    EtreCheck version: 2.9.11 (264)

    Report generated 2016-04-25 00:02:30

    Download EtreCheck from

    Length 03:13

    Performance: good

    Click the [Support] links to help with non-Apple products.

    Click [details] for more information on this line.

    Problem: No problem - just check

    Hardware Information:

    MacBook Pro (13-inch, mid-2012)

    [Data sheet] - [User Guide] - [warranty & Service]

    MacBook Pro - model: MacBookPro9, 2

    1 2.5 GHz Intel Core i5 CPU: 2 strands

    4 GB of RAM expandable - [Instructions]

    BANK 0/DIMM0

    OK 2 GB DDR3 1600 MHz

    BANK 1/DIMM0

    OK 2 GB DDR3 1600 MHz

    Bluetooth: Good - transfer/Airdrop2 taken in charge

    Wireless: en1: 802.11 a/b/g/n

    Battery: Health = Normal - Cycle count = 548

    Video information:

    Graphics Intel HD 4000

    Color LCD 1280 x 800


    OS X Yosemite 10.10 (A 14, 389) - since startup time: less than an hour

    Disc information:

    HTS547550A9E384 disk HARD APPLE disk0: (500,11 GB) (rotation)

    EFI (disk0s1) < not mounted >: 210 MB

    Recovery HD (disk0s3) < not mounted > [recovery]: 650 MB

    Media (disk0s4) / Volumes/media: 160.00 go-go (152,46 free)

    Macintosh HD 2 (disk0s5) / Volumes/Macintosh HD 2: 114.62 (114,40 GB free)

    Macintosh HD 3 (disk0s6) / Volumes/Macintosh HD 3: 114.22 (16,80 free go-go)

    Macintosh HD (disk 1) /: 109,63 go-go (34,57 free)

    Storage of carrots: disk0s2 110.00 GB Online

    MATSHITADVD-R UJ - 8à8 disk2: () (196.8 MB)

    USB information:

    Apple Inc. FaceTime HD camera (built-in)

    Apple Inc. BRCM20702 hub.

    Apple Inc. Bluetooth USB host controller.

    Computer, Inc. Apple IR receiver.

    Apple Inc. Apple keyboard / Trackpad

    Lightning information:

    Apple Inc. Thunderbolt_bus.


    Mac App Store

    Kernel extensions:

    / System/Library/Extensions

    com.devguru.driver.SamsungComposite [no charge] (1.4.18 - 10.6 SDK - 2016-03-22) [Support]


    com.devguru.driver.SamsungACMControl [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]

    com.devguru.driver.SamsungACMData [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]

    com.devguru.driver.SamsungMTP [no charge] (1.4.18 - SDK 10.5 - 2014-01-27) [Support]

    com.devguru.driver.SamsungSerial [no charge] (1.4.18 - 10.6 SDK - 2014-01-27) [Support]

    Launch system officers:

    [loaded] 5 tasks of Apple

    [loading] 142 tasks Apple

    [operation] 56 tasks Apple

    Launch system demons:

    [loaded] 45 tasks Apple

    [loading] 137 tasks Apple

    [operation] 80 tasks Apple

    Launch demons:

    [loading] com.adobe.SwitchBoard.plist (2012-08-11) [Support]

    [loading] com.adobe.fpsaud.plist (2016-04-05) [Support]

    [loading] com.malwarebytes.MBAMHelperTool.plist (2016-04-11) [Support]

    [loading] - Tool.plist (2014-09-20) [Support]

    User launch officers: [fail]-[...] - SharedServices.Agent.plist

    [failure] com.facebook.videochat. [entrenched passage] .plist (2014-08-13) [Support]

    [loading] (2016-03-02) [Support]

    [operation] com.spotify.webhelper.plist (2016-04-24) [Support]

    Items in user login:

    iTunesHelper Application (/ Applications/

    Agent application of file transfer Android (~/Library/Application Support/Google/Android File transfer/Android File Transfer

    Hidden Spotify Application (/ Applications/

    Other applications:


    [ongoing] com.Google.Android.mtpagent.98864

    [ongoing] com.spotify.client.49448

    [loading] 357 tasks Apple

    [operation] 163 tasks Apple

    Plug-ins Internet:

    FlashPlayer - 10.6: - SDK 10.6 (2016-04-08) [Support]

    QuickTime Plugin: 7.7.3 (2014-11-06)

    Flash Player: - SDK 10.6 (2016-04-08) obsolete! Update

    EPPEX plugin: (2011-07-26) [Support]

    Default browser: 600 - SDK 10.10 (2014-11-06)

    SharePointBrowserPlugin: 14.3.4 - SDK 10.6 (2013-05-19) [Support]

    Silverlight: 5.1.30317.0 - SDK 10.6 (2014-05-20) [Support]

    JavaAppletPlugin: Java 8 update 65 build 17 (2015-11-09) check the version of

    3rd party preference panes:

    Flash Player (2016-04-05) [Support]

    Java (2015-11-09) [Support]

    Time Machine:

    Automatic backup: YES

    Volumes to back up:

    Macintosh HD: Disc size: 109,63 GB disc used: 75,06 GB


    Macintosh HD 3 [Local]

    Total size: 114,22 GB

    Total number of backups: 60

    An older backup: 01/07/15, 16:44

    Last backup: 24/04/16 18:40

    Backup disk size: too small

    Backup size GB 114,22 < (disc 75,06 GB X 3)

    Top of page process CPU:

    5% mdworker (9)

    3% kernel_task

    3% Google Chrome

    2% Google Chrome Helper (6)

    2% fontd

    Top of page process of memory:

    766 MB Google Chrome Helper (6)

    Kernel_task 447 MB

    209 MB Google Chrome

    Mdworker (9) 147 MB

    Image 119 MB

    Virtual memory information:

    320 MB of free RAM

    3.69 used GB RAM (1.02 GB being cached)

    Used Swap 0 B

    Diagnostic information:

    24 April 2016, 23:19:51 self-test - spent

    24 April 2016, 19:05:27 /Library/Logs/DiagnosticReports/storedownloadd_2016-04-24-190527_[redacted].cpu _resource.diag [details]

    /System/Library/PrivateFrameworks/CommerceKit.Framework/versions/A/resources/St oredownloadd

    April 23, 2016, 23:14:57 ~/Library/Logs/DiagnosticReports/VTDecoderXPCService_2016-04-23-231457_[redacte d] .crash

    /System/Library/frameworks/VideoToolbox.Framework/versions/A/XPCServices/VTDeco derXPCService.xpc/Contents/MacOS/VTDecoderXPCService

    If you see no evidence of malicious programs (and I see no evidence of it in the etrecheck report), you can read this post for more insight.

    Viruses, Trojans, Malware - and other aspects of Internet Security

    Apple - Support-Apple security updates


  • Redirection Adware problem

    I am new user of MacBook (less than 24 hours) and already makes it painful to use because someone told me there is no virus for Mac, I was carelessly downloading of programs and I am here... My browsers (Chrome and Safari) are double tabs, we repeat just what is already open, and a other advertising. Also, I got pop ups and ads around some sites like imdb or other trusted sites. Now it's better, maybe because I've done a few things to try to remove this, but the redirect is still a huge problem. Here is the results of my diagnosis, I hope someone can help

    Boot Mode: Normal

    Model: MacBookAir7, 2

    The System Diagnostics

    2016-01-20 com.purevpn.macapp crash

    2016-01-20 com.purevpn.macapp crash

    2016-01-20 com.purevpn.macapp crash

    2016-01-20 com.purevpn.macapp crash

    2016-01-20 com.purevpn.macapp crash

    Diagnosis of the user

    2016-01-20 PureVPN crash

    2016-01-20 storeassetd crash

    Accident activity Monitor 2016-01-21

    2016 01-21 SystemUIServer crash

    Kernel messages

    January 20 09:39:44 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/ dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

    January 20 09:39:50 [IGPU] Planner gas CAP = 100ms.

    Jan 20 16:21:06 excessive release of assertions about the importance of the inner core for pid 701 (storeassetd), let fall 1 assertions, but the task only has 59 remaining (59 external).

    20 January 23:11:01 hfs: mounted PopcornTime on disk2s2 of the device

    20 January 23:18:50 hfs: disassemble insiders on PopcornTime on disk2s2 of device

    20 January 23:38:36 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/ dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

    20 January 23:38:37 [IGPU] Planner gas CAP = 100ms.

    Jan 21 00:30:33 launchd process [1]-l' system of limitation of disabling i/o level

    Jan 21 00:30:33 launchd process [1] disable the CPU - the system-wide limit

    Jan 21 00:30:48 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/ dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

    Jan 21 00:30:49 [IGPU] Planner gas CAP is 100ms.

    21 Jan 01:15:31 launchd process [1]-l' system of limitation of disabling i/o level

    21 Jan 01:15:31 launchd process [1] disable the CPU - the system-wide limit

    21 Jan 01:15:45 AssertMacros: tmpData (value: 0x0), leader: /BuildRoot/Library/Caches/ dentialManager-82.10.1/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

    21 Jan 01:15:46 [IGPU] Planner gas CAP is 100ms.

    Extrinsic demons



    Extrinsic agents

    com ShopTool.agent

    com SoftwareUpdater.agent

    launchd items

    / Library/LaunchAgents/com. ShopTool.agent.plist

    (ShopTool.agent com)

    / Library/LaunchAgents/com. SoftwareUpdater.agent.plist

    (SoftwareUpdater.agent com)







    Com/library/LaunchAgents. ShopTool.agent.plist

    (ShopTool.agent com)

    Com/library/LaunchAgents. SoftwareUpdater.agent.plist

    (SoftwareUpdater.agent com)

    Extrinsic loadable bundles

    / / Library/Internet Plug-Ins/Flash Player.plugin

    (com.macromedia.Flash Player.plugin)

    / Library/PreferencePanes/Flash Player.prefPane



    ProxyAutoConfigEnable: 0

    ProxyAutoDiscoveryEnable: 0

    DNS (for not)

    no DHCP):

    Profiles: 1

    Restricted user files: 6

    Time elapsed (s): 92

    Click here and follow the instructions, or if it is not a type of adware is covered by them on the computer, these. If you would rather not remove it manually, you can run rather MalwareBytes for Mac.

    MalwareBytes is a removal tool and does not stop adware or other malware from entering the computer. What said you is true that viruses are concerned, but does not apply to other types of malware. For effective protection, do not download software from sources other than the Mac App Store or Developer Web sites.


  • Software malware/adware removal instructions

    OS: 10.11.3

    Symptoms: popup on chrome (wonderlandads)

    I search on google and found pop - up for wonderlandads is adware/malware.

    I scanned my system with Avast / avira and malware bytes. He did not find anything

    I checked the extension and did not find any suspicious extension (only lastpass extenstion is here)

    I have reset the browser, erased the history and cache, check the default search and page by default, everything seems to be OK.

    The pop-up window becomes very irritating.

    How can I identify and remove this adware.

    I guess that there are legitimate software that delivered adware, but I don't know which.

    Help, please


  • RootKit/Malware/Virus problem - windows cannot access the specified device file or the path, you don't have permissions


    I have a problem with my computer it has been infected by a virus that is not visible in normal mode. It prevents running any application that would help in the detection and removal. I tried running mrt, mcaffe, trendmicro rootkit detector rootkit detector, spybotSD, analysis windows Defender online Windows live onecar. All these works for a minute and then shutsdown, when I click it again I get the error, as mentioned in the title, 'windows cannot access the specified device file or the path, you do not have permissions.

    This problem has a solution or re - install is the only way out?

    The pointers/help appreciated.

    Just to add, I am able to connect using my last known good configuration and only safe mode configurations.

    Thank you


    1. follow all the instructions in this thread: How to get rid of malware

    2. If still no joy you can find Microsoft MVPs and other trained analysts on the following support sites:

    3. If you need help with virus-related issues, contact the Support Services Microsoft product.

    To support the Canada and the United States, call toll-free (866) PCSAFETY (727-2338).

    For support outside the United States and the Canada, visit the page Web of Product Support Services.

    4. If you need more assistance for the position of the newsgroup Microsoft - security - virusvirus/worm.
    Through your News Reader:
    Via the Web:

    Hope this helps,

    Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & security - since 2003. ~ ~ ~ My MVP profile:

  • Email Thunderbird became unresponsive. I tried closing and reopening, but it continues to be a problem. What can I do to rememdy this?

    I have upgraded to Windows 10, when it became available. Had no problem with anything. All of a sudden today Thunderbird keeps stalling out. I don't think that it has nothing to do with Windows 10 since he has worked for weeks.

    How can I solve this problem?

    Margaret Richmnan

    Try to start * Windows * in safe mode with active network.

    Always in Windows safe mode, start Thunderbird in safe mode.

    The problem goes away?

  • When I go to netflix for a movie he continues saying theres a problem with Sliverlight: error code 2105

    When I go to netflix to watch a movie it still says theres a problem with the installation Sliverlight 2105 error code. I uninstalled and reinstall but get the same message.

    Run this Microsoft Fix it

  • Adware problem

    How can I get rid of I reinstalled Secunia yesterday due to some issues. I used the bad download and let him install some United Nations wanted to free software. I wasn't watching close enough to stop these free programs until it is too late. Now, I with my FF browser. This forum can help me or should I go somewhere else. I learned the hard way to monitor these bad programs when you use the links at the bottom of the load a program. Could you give me the link to download Secunia PSI. I have windows 8 os.

    The PSI link is

    I'm not familiar with sweetpacks , so I can't comment on that.   Maybe someone else (Bugbatter, Joe, RedDawn or Iroc) can she?   If this isn't the case, you can still register for one-we-we help.

  • Why update firefox and got a 'free' bing search bar and two software malicious adware?

    After an automatic update - no, I do not download no matter what new version of any dangerous place - I found that I had the Bing search bar-which I think I've turned it off, not sure if - and two malware/adware problems. First was rvzr - a.akamaihd which arises a new tab when clicking first on a website, then I found that I had offerswizard adding banners - blocked most of them - and the creation of hiperlinks with mini pop ups when passed above it with the mouse - sorry if my English is not clear. I tried AVG free and there wasn't any warning. Finally, ad-block and rgiht, click on the arrow to search bing seems to fix the problem, however, offerswizard must be uninstalled manually - lightning enhance program, I think that - after a google search.
    The main question is... can I trust firefox download/upgrade to automatic update?

    Thank you all for your answers. I tried to mark it as resolved, but I doubt that I did.

    First I tried in windows / removal of unwanted software programs. Installed an adblocker for FF
    Then I downloaded the adware 3.8 removal tool and the problem is almost solved. Still a few details could be improved, but I can live with that.

    I think someone took advantage of the installation of FF and it makes any other malware on my computer.

    Thank you once again.

  • I allowed Microsoft to run a scan for devices or Malware onto my PC with malware or adware and it discovered browser modifier on Win32

    After the repair of my new/used PC, I ran a scan with Malware/Adware which used to be LiveOne care safety Scanner and he discovered for me three potentially dangerous software or Adware and it has been partially removed. This to say that I still have potentially harmful Adware or Spyware left and can continue to wreak havoc on my computer? Or I'm sure even thogh he informed me that they were only partially removed? BrowserModifier:Win32 / partially deleted BaiduSobar and

    Program: Win32 / partially removed BaiduIebar please help me to advise on what I should do! Thank you! Have you ever heard of these guys before?

    Try following the steps in this virus/malware removal guide:
    It contains instructions which will remove most malware infections. I hope this helps you.
  • Anti-Virus detects but removes no adware/malware


    I have a Readynas RN102 with 6.4.1. firmware. I have more installed anti-virus. Today it started to detect Adware (W32 / Adware.DEZV - 3749 or NsCPUMiner32.exe) and Bitcoinminer Trojan (W64Adware.DEZV - 3749 - NsCPUMiner64.exe). Both were hidden in a file called

    Because I couldn't see the files in the management web page / share (even when displaying of hidden files) I changed the anti-virus more to 'Action - Delete' setting and a scheduled scan. He had tested and found the files, but in log files, he repeats that I have to delete the infected file yourself.

    Any help on:

    -log file: why does not say what is it deleted the file or not

    -display and by deleting files myself manually

    -a specific malware / adware removal app for the ReadyNas

    Thanks in advance,


    HA Kodhee,

    Thank you. I always keep my antivirus updated. So maybe this is the reason why no virus is detected (asuming it was a false alarm as well).

    I did what you suggested and selected / unselected files of several cards that were "infected" files It was an hour ago, and I don't have any message. More than my scan that I had planned this evening.

    I'll keep my fingers crossed and do a final check tomorrow morning.

  • I have a HP a530n that restarts continually.

    I have a HP a530n that restarts continually.  I installed a reader of CAC, 2 days ago, and reboot to initialize the installation, he began a cycle restart nonstop.  I tried to go into safe mode, but it does the same thing.  I did a full install of windows xp sp2 on an existing installation "repair" and it always does.  Any ideas?  Anyone?  Bueller?

    My HP acted in the same way sometimes when restarting. What the Microsoft or HP solution method 2 to restore the system by using the Windows XP CD? See below.

    The solution that worked for me was a manual, I removed the hard drive to my HP a530n, attached to an adapter IDE - USB, changed the PIN back to act as a slave drive and connected to my laptop the drive installed as an external drive, then I opened the file ExternalDriveLetter: \Windows\System32\Drivers renamed file intelppm.sys XXXintelppm.syx removed the hard drive and then installed in the HP and it worked. (Before you reinstall the drive, change the rear pin hard drive master or Cable Select).

    Also, while the hard drive was still installed as an external for my laptop drive, I copied all my data files, bookmarks, Favorites, files of Outlook PST, user profiles... I then ran the hard disk Error-checking tool (right-click on the drive and select Properties, then select the Tools tab) to analyze all of the bad sectors of the disk, you must check both boxes to automatically fix errors system file and Scan for and attempt recovery of bad sectors, it will tell you if your HP hard drive begins to fail and must be replaced. Hear the sounds that weird car or see a lot of bad sectors during the analysis of error checking is a good sign to replace it until it goes dead. Also scan this external hard drive with a thorough virus & malware/adware scan. If you have a dead drive, I found a technician in Florida, which use a clean and restores the data from hard drive for a good price:

    You might have corrupted Windows XP system files which prevents normal windows load upward or your hard drive fails mechanically. My original hard drive failed, and luckily I had a backup image (Acronis) of this to restore all my data and programs on a new disc. A failing drive can let you not do a Windows system restore if system files are located in a bad disk sector. But there are 2 types of system restore, it is done through Windows XP during the boot process (press F8) and the other is original of your hard drive has been installed with 2 partitions on the disk, one of them is a D-drive called HP_RECOVERY, it is possible with a new disk and software such as Paragon hard disk manager to copy to this partition and restart from zero (default) to install windows XP and programs and then copy on your data files, if you manage to install the old drive as an external drive to another computer. To use the HP recovery, you have access to this starts, it's the first blue light screen HP see you and down, it gives you the option button to select this restoration, if you don't see it, then go to the BIOS Setup (pressing F1 at startup) and there could be a selection to display the splash screen.

    If by chance, method 2 below works and Windows loads up again once as normal, you must always use the disk error checking to find bad sectors and you must parse the filesystem of Windows for corruption (start/run: sfc.exe/scannow). Also do a virus scan and spyware-malware throrough of the player (free programs: Avast, Malwarebytes, Ad-Aware & Spybot - I use all 4 looking for different things, free programs require usually manually update you and run).

    Method 2

    To work around this problem, run the recovery console by using the Windows XP CD. Then, select the recovery option. To run the Recovery Console from the diskette of starting Windows XP or the Windows XP CD, follow these steps:

    1. Insert the Windows XP startup disk into the floppy drive. Or, insert the Windows XP CD into the CD drive. Then, restart the computer.

      Note If you are prompted, click to select all the options required to start the computer from the CD drive.

    2. When the "Welcome" screen appears, press R to start the Recovery Console.
    3. If you have a dual-boot or multiboot computer, select the installation that you want to access from the Recovery Console.
    4. When you are prompted, type the administrator password.

      Note If the administrator password is blank, press ENTER.

    5. At the Recovery Console prompt, type the following command and press ENTER:
      Disable intelppm
  • Adware attacked my computer... How can I get rid of him? pop ups everywhere

    New computer system Windows 8.1 with McAfee installed... shows no proofing problem. Have not changed the settings. Went to a variety of Web sites today, then suddenly ads popping up on my home page when I open it. Ads do not appear on the google search, I noticed.

    Other Web pages then start loading telling me to go to a place to fix the problem... saying adware of a certain type invaded my system... and it loads over and over and over again. long URL do recognize in it.


    Try to start safe mode, sometimes this is caused by addons:

    Case, the problem does not occur in Mode safe:

    Sometimes, the problem may be malware:

    In addition, you can use addons to block windows pops-up/announcements:

  • If I am infected with malware?


    This is my first post in the forum, but I followed the discussions since I got my MacBook and the community is very useful.

    I decided to create this post to ask the experts of the view.

    I received a phone call from the network admin at my University saying that I (and a few other students) have been infected by trojan Zeus and he attacked the University network. I found very doubtful after doing a quick search on this Trojan horse and did not find any relationship of Zeus with OSX. Yet, it made me a bit paranoid so I keep changing my passwords and began to scan the system in order to find if there is some malware.

    One thing that is important to mention at this point, I sometimes use a machine virtual Windows 7 (Parallels Desktop) which is only used to interact with the instrumentation in the laboratory of the University. The virtual machine has a WiFi connection shared from OSX and to access the files, the folders shared. The virtual machine has only Microsoft Security Essentials 'antivirus' installed. And I don't remember installing any new software on the virtual Windows machine since the start of the alleged "attacks".

    So I unplugged my Mac from Internet, disabled sharing records of VM with OSX and began to analyze the Windows VM using different software and following the instructions on this website: , nothing has been detected.

    I proceeded to analyze OSX using MalwareBytes and even installed Kaspersky Internet Security to give it a try. Done a few scans and still nothing.

    I did a scan with EltreCheck and read the report. I've removed some of the plugins that I was not using more, since this installation of Mac OS x is always updated from Lion.

    This is the report of EltreCheck at the moment:

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-05-18 12:07:22

    Download EtreCheck from

    Time 01:47

    Performance: Excellent

    Click the [Support] links to help with non-Apple products.

    Click [details] for more information on this line.

    Problem: Another problem

    Hardware Information:

    MacBook Pro (15 inch, early 2011)

    [Data sheet] - [User Guide] - [warranty & Service]

    MacBook Pro - model: MacBookPro8, 2

    1 2 GHz Intel Core i7 CPU: 4 strands

    8 GB of RAM expandable - [Instructions]

    BANK 0/DIMM0

    OK 4 GB DDR3 1333 MHz

    BANK 1/DIMM0

    OK 4 GB DDR3 1333 MHz

    Bluetooth: Old - transfer/Airdrop2 not supported

    Wireless: en1: 802.11 a/b/g/n

    Battery: Health = Normal - Cycle count = 931

    Video information:

    Intel HD Graphics 3000

    Color LCD 1440 x 900

    AMD Radeon HD 6490M - VRAM: 256 MB


    OS X El Capitan 10.11.4 (15E65) - since the start time: about an hour

    Disc information:

    TOSHIBA THNSNH128GBST disk0: (128,04 GB) (Solid State - TRIM: Yes)

    EFI (disk0s1) < not mounted >: 210 MB

    Recovery HD (disk0s3) < not mounted > [recovery]: 650 MB

    Macintosh HD (disk 1) /: 126,80 go-go (32,74 free)

    Storage of carrots: disk0s2 127,18 GB Online

    TOSHIBA MK5065GSXF disk2: (500,11 GB) (rotation)

    EFI (disk2s1) < not mounted >: 210 MB

    DATA (disk2s2) / Volumes/DATA: GB 499,76 (15,47 GB) free

    USB information:

    Computer, Inc. Apple IR receiver.

    Apple Inc. FaceTime HD camera (built-in)

    Apple Inc. Apple keyboard / Trackpad

    Apple Inc. BRCM2070 hub.

    Apple Inc. Bluetooth USB host controller.

    Lightning information:

    Apple Inc. Thunderbolt_bus.

    Configuration files:

    / etc/hosts - number: 2


    Any where

    Kernel extensions:

    / Applications/Parallels

    com.parallels.kext.hypervisor [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

    com.parallels.kext.NetBridge [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

    com.parallels.kext.usbconnect [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

    com.parallels.kext.vnic [no charge] (11.0.2 31348 - SDK 10.9-2015-10-21) [Support]

    / Applications/Radio

    [loading] com.radiosilenceapp.nke.filter (2.0 - SDK 10.11 - 2016-05-07) [Support]

    / Library/Extensions

    [loading] com.kaspersky.kext.klif (3.4.0a25 - 2016-05-17) [Support]

    [loading] com.kaspersky.nke (2.1.0 - 2016-05-17) [Support]

    org.cindori.TrimEnabler [no charge] (1.0 - SDK 10.10 - 2016-05-17) [Support]

    Startup items:

    TuxeraNTFSUnmountHelper: Path: / Library/StartupItems/TuxeraNTFSUnmountHelper

    Startup items are obsolete in OS X Yosemite

    Launch system officers:

    [loaded] 8 tasks Apple

    [loading] 160 tasks Apple

    [operation] 70 tasks Apple

    Launch system demons:

    [loaded] 45 tasks Apple

    [loading] 159 tasks Apple

    [operation] 85 tasks Apple

    Launch officers:

    [no charge] com.adobe.AAM.Updater - 1.0.plist (2015-06-30) [Support]

    [operation] (2015-03-12) [Support]

    [loading] (2016-03-03) [Support]

    com.maintain.PurgeInactiveMemory.plist [no charge] (2014-11-15) [Support]

    com.maintain.Restart.plist [no charge] (2014-11-15) [Support]

    com.maintain.ShutDown.plist [no charge] (2014-11-15) [Support]

    [operation] com.maintain.SystemEvents.plist (2014-11-15) [Support]

    [loading] - Updater.plist (2014-11-06) [Support]

    [loading] com.radiosilenceapp.agent.plist (2016-04-17) [Support]

    [operation] com.rosettastone.rosettastonedaemon.plist (2015-06-05) [Support]

    [loading] org.macosforge.xquartz.startx.plist (2015-10-16) [Support]

    Launch demons:

    [failure] com.adobe.fpsaud.plist (2016-04-16) [Support]

    [loading] (2016-03-03) [Support]

    com.maintain.HideSpotlightMenuBarIcon.plist [no charge] (2014-11-15) [Support]

    [loading] com.malwarebytes.MBAMHelperTool.plist (2016-01-18) [Support]

    [loading] (2015-10-15) [Support]

    [loading] (2015-08-15) [Support]

    [loading] - Tool.plist (2014-11-06) [Support]

    [loading] com.radiosilenceapp.nke.plist (2016-04-17) [Support]

    [loading] com.wdc.WDPrivilegedHelper.plist (2015-08-23) [Support]

    [loading] org.cindori.TEAuth.plist (2015-08-11) [Support]

    [loading] org.macosforge.xquartz.privileged_startx.plist (2015-10-16) [Support]

    User launch officers:

    [loading] com.bittorrent.uTorrent.plist (2016-02-23) [Support]

    [operation] com.spotify.webhelper.plist (2016-05-14) [Support]

    Items in user login:

    Application of flow (~ / Applications/

    Fan of Macs control application (/ Applications/Mac Fan

    gfxCardStatus Application (/ Applications/

    iTunesHelper Application (/ Applications/

    Application of caffeine (/ Applications/

    Plane 2 Application (/ Applications/airmail service of

    BetterTouchTool Application (/ Applications/

    Other applications:

    com.batteryProject.FruitJuiceHelper [loading]

    [ongoing] com.batteryProject.FruitJuiceMAS.112992



    [ongoing] com.codykrieger.gfxCardStatus.98912

    [ongoing] com.crystalidea.MacsFanControl.51872

    [ongoing] com.etresoft.EtreCheck.147232

    [ongoing] com.hegenberg.BTTRelaunch.178592

    [ongoing] com.hegenberg.BetterTouchTool.153632

    [ongoing] com.lightheadsw.caffeine.47072

    [ongoing] com.mendeley.desktop.53472

    [ongoing] com.radiosilenceapp.client.256672

    [ongoing] it.Bloop.airmail2.105632

    [ongoing] org.herf.Flux.85152

    [loading] 412 tasks Apple

    [operation] 194 tasks Apple

    Plug-ins Internet:

    AdobeAAMDetect: AdobeAAMDetect - SDK 10.6 (2015-06-30) [Support]

    FlashPlayer - 10.6: - SDK 10.6 (2016-04-30) [Support]

    QuickTime Plugin: 7.7.3 (2016-04-05)

    AdobePDFViewerNPAPI: 11.0.11 - SDK 10.6 (2015-06-30) [Support]

    AdobePDFViewer: 11.0.11 - SDK 10.6 (2015-06-30) [Support]

    Flash Player: - SDK 10.6 (2016-04-30) obsolete! Update

    Default browser: 601 - SDK 10.11 (2016-04-05)

    o1dbrowserplugin: - 10.8 SDK (2015-12-11) [Support]

    googletalkbrowserplugin: - 10.8 SDK (2015-12-11) [Support]

    Silverlight: 5.1.41105.0 - SDK 10.6 (2015-12-09) [Support]

    JavaAppletPlugin: Java 8 update 91 build 14 (2016-05-09) check the version of

    Safari extensions:

    AdBlock - BetaFish, Inc. - (2015-10-25)

    Blocker JS 5 - Travis novel - (2016-04-27)

    Open in Internet Explorer - Parallels - (2015-10-21)

    3rd party preference panes:

    Flash Player (2016-04-16) [Support]

    GIFPaperPrefs (2014-02-23) [Support]

    Java (2016-05-09) [Support]

    Tuxera NTFS (2015-10-26) [Support]

    Time Machine:

    Skip system files: No.

    Mobile backups: OFF

    Automatic backup: YES

    Volumes to back up:

    Macintosh HD: Disc size: 126,80 GB disc used: 94,06 GB


    TIME [Local]

    Total size: 1.00 TB

    Total number of backups: 8

    An older backup: 29/02/16 09:00

    Last backup: 30/04/16-13:06

    Size of backup drive: Excellent

    Backup size 1.00 TB > (disk size 126,80 GB X 3)

    Top of page process CPU: (20) 18%

    3% safari

    2% WindowServer

    2% fontd

    1% kernel_task

    Top of page process of memory:

    2.78 GB (20)

    819 MB Safari

    750 MB kernel_task

    180 MB mds_stores

    180 MB DashboardClient (4)

    Virtual memory information:

    75 MB of free RAM

    used 7.92 GB RAM (960 MB cache)

    Used Swap 0 B

    Diagnostic information:

    18 may 2016, 10:42:09 self-test - spent

    I installed as well the "firewall" Radio Silence to analyze applications and connections. After Google search on some processes, always about 'weird' jump.

    I'm ready to do a clean install of Mac OS x, but since I am each week make backups Time Machine, my main worries:

    -What happens if my files on my external backup drive are infected by malware, I can't get back them without "infect" once again cleaning installation of Mac OS x, right?

    I would like to ask your advice about the vulnerability of my system and any suggestion on further analysis for the detection of malicious software supposed to.

    Sorry for this long post,

    I would really appreciate the help

    You must change your settings for call control.  Set it to "Anywhere" is dangerous.  Go to system-> Security and privacy preferences and change it to "Mac App Store and identified developers.»  Two, you have uTorrent installed - unless you are in the rare, rare, very small minority of people who use torrents for legal reasons, I think we both know that you use it for, and which may cause your system damage if you download something that is infected with malware or adware, as are most of the torrent offers.  I don't see no malware/adware on your hard drive, at least through your EtreCheck report, so you should be fine.

    I would also add that if you have anti-virus for your Windows partition, it is one thing, you don't need anti-virus for your Mac.  Anti-virus programs cannot protect you from malware or adware, and that's what Mac users needs to worry.  In addition, many AV programs negatively affects the performance of Mac because they don't play nice with them.  Therefore, I would like to uninstall Kaspersky and keep the program AV that you use for your Windows installation.  Windows needs an antivirus protection, OS X is not.

  • is it decent software anti malware for osx 10.5.8

    I think there's malware on the iMac. It is a G5 with osx 10.5.6. I go down to drop windows in Safari, kind of randomly, who says that Safari cannot identify a particular site, and I want to go? I always click on leave. Tumblr or something as it is one of the sites - the other mentions adware, I think.

    Does anyone know anti-malware that I can use with this iMac intel os and pre?

    Thank you

    You may need to consider TenFourFox browser because it is updated.

    Safari is not. Four of the 10 Fox is a mozilla derived from generation customized for Mac PPC.

    You can choose a different browser as system by default in Safari preferences

    This is a way to bypass many of the problems with obsolete Safari. I've seen

    is no evidence in any of my two Macs on the G4 (10.5.8) adware or malware running.

    It is the TenFourFox for Mac PPC browser homepage; link to note G5 edition:

    And if market 10.5.6 download the Combo update to 10.5.8 Leopard.

    For Safari in Mac later, there are suggestions in the following article on adware

    and this may seem like malware. I had no adware or malware in my

    Macs PowerPC G4; There may be instructions in the manual on how to search for songs of

    suspicious content in this support page. Avoid products such as AdwareMedic

    or malwarebytes anti-malware for Mac because it works in later Macs intel who use OS X.

    • Stop the pop-up ads and advertising on Safari - Apple Support

    Phony 'technical support' / 'ransomware' popups and web pages

    How to install adware - or avoid it.

    Manual methods for malware, adware, performance problems can still be here:

    Good luck & happy computing!

    {PS: this thread was transferred for vintage iMac PPC iMac Intel section by guest}

Maybe you are looking for