unidentified possible Trojan horse

I think that my computer is infected with some sort of Trojan. I bought this MacBook Air in October and it worked perfectly until today. I tried to read a Web site and page could not finish loading and it kept opening other tabs very suspicious. When I visited perfectly firefox regularly guarded site redirecting them to pages like this:

And there's always a pop up window asking me to download MacKeeper (I didn't download it!). The same thing happens when I use Safari.

I checked the Add-ons, and I don't know what could cause me (even if I don't know what these modules are Flash and Java). I read that Java can cause Trojans and I installed it recently. But it was earlier this week and I did not notice something different.

Then I not unhooked firefox and installed again, but nothing has changed. I googled and found that trojans and malware can be in the library, and then I found this:

What should I remove without damaging my brand new computer? One of them may be the Trojan horse that I'm looking for? Besides that I also found a local.cfg in Macintosh HD, is that suspicious?

I've updated to El Capitan earlier this week, and that's all right. A day earlier, I installed Adobe Illustrator and it required me to install Java, I don't like at all about Java. But as I said before this computer started showing this odd behavior today. Yesterday, I tried to download a pdf file from a Web site with a lot of pop ups, that could be the cause. But what can I do? I searched a lot of common trojans and found nothing.

I have a friend suggested that I should download Malwarebytes and run tests. But is it safe?

It's a scam jump upward. Do not call or click on anything either that it asks you. If you use Safari, force quit Safari then all by pressing and holding SHIFT restart Safari.

MalwareBytes is safe.

Tags: Mac OS & System Software

Similar Questions

  • IE possible Trojan horse?

    IE upwards, but immediately becomes Explorer 'INTERNET' and goes to a questionair with a chance to get the IPad after investigation

    Hello
     
    Your computer is probably infected with adware.
    Follow these instructions to remove the adware:
    Download and open AdwCleaner:
    When it opens, click on the button Delete. Restart your computer.
    Let us know if this helps you.
    Brian

  • Someone had this 'Trojan horse' flag?

    Trojan.Agent/Gen-cryptor [Virut]
    C:\TOSHIBA\WEBSHOPS\ADDEBAYTOOLBARBUTTON. EXE

    Fact a scan with Superantspyware and the above has been reported as a possible Trojan horse (only my second in 10 years and the other was a false positive)
    Google has only 3 entries for him and one is in German, where the poster is not sure if it's a false positive or a Trojan horse.

    I've quarantined it and realized several scans with AV and Malwarebytes and Defender that show everything clear, but she is always on my mind.

    Bravo for any guidance,
    Anthony

    Hey,.

    I searched a bit using Google and it seems to be the false positive. Only Superantispyware is showing this Trojan horse, but all other virus scanners do not show any alarm.

    Also this .exe file is already included in the image of recovery if she s no virus or Trojan horse.

    Don t you worry about this, everything is ok with your laptop!

  • Firewall Symantec warns against a Trojan horse for the address of my printer. is this possible?

    I have a Photosmart 7510 wifi printer running on a home network.  My Symantec Firewall software on my XP based computer regularly warns of blockage of the 5 different Trojans from the IP address of the printer.  Is this a false alarm based on the normal communication to the printer that are some of the same characteristics as the Trojans?  Is there a reasonable chance the warning would be for real?

    Hello
    What version of MS are you running? Make sure you use the latest version of the MS 11.0.7202 or MS 12.1 RU1 MP1.

    Would it be possible for you to provide us with a screenshot of Trojan horses different from the IP address of the printer?

    I would like that allows you to check this Article:

    Denial of service detected on network printers
    http://www.Symantec.com/docs/TECH139213

    If the problem is not resolved by following the steps described in the above article, check it below:

    (1) is there an upgrade to the latest drivers available for Photosmart 7510 wifi printer? If so, please install the same and check.
    (2) create a case with Symantec via Internet or phone Technical Support-

    How to create a new folder in MySupport

    http://www.Symantec.com/business/support/index?page=content&ID=TECH58873

    Numbers to contact Technical Support: -.

    Regional support phone numbers:

    United States: 800-342-0652 (407-357-7600 from outside the United States)
    Australia: 1300 365510 (+ 61 2 8220 7111 outside Australia)
    United Kingdom: + 44 (0) 870 606 6000

    Additional phone numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

    Hope that helps!

  • Satellite M30X: Trojan horse - total Formate with recovery disc?

    Hello

    I had a Trojan horse on my Satellite M30X. My Antivirus deleted, but every time I've been connected to the Internet, it appeared again. Not connected to the Internet it doesn't give me any problems. As I couldn't get rid of him, I backed up all my data and do a fresh install from the recovery disc. As long as the button for LAN wireless is disabled, everything works fine, but just a little while, after I turned on it, I get a blue screen. When I restart my computer with WIFI turned on, it produces a blue screen before Windows is properly loaded, even during installation. I tried restoring 3 times, but it's always the same result.

    1 is it possible, that the Trojan horse destroyed things of the pre installation?
    2. I can't choose to make a formatting during the recovery process. All data are lost, but I feel that's not formate the hard drive correctly, when everything is destroyed. It crushes just stuff?
    3. is there a way to make a good formatting, then install completely new Windows?

    It is not a problem of my WLAN card, internet being no problem under Linux.

    Thank you for your help

    Todier

    Hello!

    If you use the whole HARD disk Toshiba Recovery disk will be formatted so if you have any virus or Trojans on your laptop, they will be also deleted.

    But what BSOD code are you have? Are you sure that's the reason why the virus?
    You have the same problem if you connect a network cable to the laptop?

    Good bye

  • Is CSRSS.exe Trojan horse and how get rid of?

    I was told by one of the representatives of the Office to help HP that CSRSS.exe is a Trojan horse and the reason for which their printer is not working and why internet Explorer began to crash after I tried to install their printer... question is one CSRSS.exe Trojan and if I do I delete it from my computer.

    Hello

    If you need search malware here's my recommendations - they will allow you to
    scrutiny and the withdrawal without ending up with a load of spyware programs running
    resident who can cause as many questions as the malware and may be harder to detect as
    the cause.

    No one program cannot be used to detect and remove any malware. Added that often easy
    to detect malicious software often comes with a much harder to detect and remove the payload. Then
    its best to be thorough than paying the high price later now too. Check with them to one
    extreme overkill point and then run the cleaning only when you are sure that the system is clean.

    The methods below are for Windows 7 - Vista is very similar - for XP using RUN instead of
    Start - Search,.

    It can be made repeatedly in Mode safe - F8 tap that you start, however, you must also run
    the regular windows when you can.

    TDSSKiller.exe. - Download the desktop - so go ahead and right-click on it - RUN AS ADMIN
    It will display all the infections in the report after you run - if it will not run changed the name of
    TDSSKiller.exe to tdsskiller.com. If she finds something or not does not mean that you should not
    check with the other methods below.
    http://support.Kaspersky.com/viruses/solutions?QID=208280684

    Download malwarebytes and scan with it, run MRT and add Prevx to be sure that he is gone.
    (If Rootkits run UnHackMe)

    Download - SAVE - go to where you put it-right on - click RUN AS ADMIN

    Malwarebytes - free
    http://www.Malwarebytes.org/products/malwarebytes_free

    SuperAntiSpyware Portable Scanner - free
    http://www.SUPERAntiSpyware.com/portablescanner.HTML?tag=SAS_HOMEPAGE

    Run the malware removal tool from Microsoft

    Start - type in the search box-> find MRT top - right on - click RUN AS ADMIN.

    You should get this tool and its updates via Windows updates - if necessary, you can
    Download it here.

    Download - SAVE - go to where you put it-right on - click RUN AS ADMIN
    (Then run MRT as shown above.)

    Microsoft Malicious - 32-bit removal tool
    http://www.Microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

    Microsoft Malicious removal tool - 64 bit
    http://www.Microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495e-94E7-6349F4EFFC74&displaylang=en

    also install Prevx to be sure that it is all gone.

    Download - SAVE - go to where you put it-right on - click RUN AS ADMIN

    Prevx - Home - free - small, fast, exceptional CLOUD protection, working with others
    security programs. It is a single scanner, VERY EFFICIENT, if it finds something to come back
    here or use Google to see how to remove.
    http://www.prevx.com/   <-->
    http://info.prevx.com/downloadcsi.asp?prevx=Y  <-->

    Choice of PCmag editor - Prevx-
    http://www.PCMag.com/Article2/0, 2817,2346862,00.asp

    Try the demo version of Hitman Pro:

    Hitman Pro is a second scanner reviews, designed to save your computer from malicious software
    (viruses, Trojans, rootkits, etc.). who infected your computer despite safe
    what you have done (such as antivirus, firewall, etc.).
    http://www.SurfRight.nl/en/hitmanpro

    --------------------------------------------------------

    If necessary here are some free online scanners to help the

    http://www.eset.com/onlinescan/

    -----------------------------------

    Original version is now replaced by the Microsoft Safety Scanner
    http://OneCare.live.com/site/en-us/default.htm

    Microsoft safety scanner
    http://www.Microsoft.com/security/scanner/en-us/default.aspx

    ----------------------------------

    http://www.Kaspersky.com/virusscanner

    Other tests free online
    http://www.Google.com/search?hl=en&source=HP&q=antivirus+free+online+scan&AQ=f&OQ=&AQI=G1

    --------------------------------------------------------

    After the removal of the malware: (for VISTA and XP, you must use their recommended
    methods to perform the SFC and CHKDSK which are similar.)

    Also follow these steps for the General corruption of cleaning and repair/replace damaged/missing
    system files.

    Start - type this in the search box-> find COMMAND at the top and RIGHT CLICK – RUN AS ADMIN

    Enter this at the command prompt - sfc/scannow

    How to fix the system files of Windows 7 with the System File Checker
    http://www.SevenForums.com/tutorials/1538-SFC-SCANNOW-Command-System-File-Checker.html

    How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
    generates in Windows Vista cbs.log
    http://support.Microsoft.com/kb/928228

    Also run CheckDisk, so we cannot exclude as much as possible of the corruption.

    How to run check disk in Windows 7
    http://www.SevenForums.com/tutorials/433-disk-check.html

    -----------------------------------------------------------------------

    If we find Rootkits use this thread and other suggestions. (Run UnHackMe)

    http://social.answers.Microsoft.com/forums/en-us/InternetExplorer/thread/a8f665f0-C793-441A-a5b9-54b7e1e7a5a4/

    ======================================

    VISTA and XP need other methods for a repair Installation.

    If necessary AFTER you are sure that the machine is clean of any malware. (DO NOT USE IF)
    MALWARE IS STILL PRESENT).

    How to do a repair installation to fix Windows 7
    http://www.SevenForums.com/tutorials/3413-repair-install.html

    =======================================

    For extreme cases:

    Norton Power Eraser - eliminates deeply embedded and difficult to remove crimeware
    This traditional antivirus analysis does not always detect. Because the Norton Power Eraser
    uses aggressive methods to detect these threats, there is a risk that it can select some
    legitimate programs for removal. You should use this tool very carefully and only after
    you have exhausted other options.
    http://us.Norton.com/support/DIY/index.jsp

    ================================

    If you are in North America, you can call 866-727-2338 for virus and spyware help
    infections. See http://www.microsoft.com/protect/support/default.mspx for more details. For
    international information, see your subsidiary local Support site.

    Microsoft support - Virus and Security Solution Center
    http://support.Microsoft.com/contactus/cu_sc_virsec_master?ws=support#TAB0

    I hope this helps.

    Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle=""><- mark="" twain="" said="" it="">

  • conime says manufacturer UNKNOWN - it is a Trojan horse?

    In MSCONFIG I conime coming back without even when I turn it off.

    I removed all instances of this registry, including LOADCONIME. When I rebooted everything seemed to have disappeared. But when I rebooted again conime in msconfig.

    Startup item: Conime

    Manufacturer: unknown

    Command: %windir%\system32\conime.exe

    Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

    I can't locate a conime.exe file.

    Since the manufacturer is unknown I am afraid that it is a Trojan horse. How can I erase this?

    Here's what I've done...

    Removed all instances of the registry in safe mode - BUT they come back!

    I already ran McAfee scan, McaFee Stinger, Malwarebytes scan, MRT and ODILE.

    Clean up outside CANDY pulled up an old version of JAVA - feat: Java / CVE-2012-0507 and it has been deleted.

    Have also run SFC. This happens only with the following:

    Cannot repair the military record [l:24 {12}] "ieui.dll.mui" Microsoft-Windows - ieframe.Resources, Version 9.4.8112.16421, pA = PROCESSOR_ARCHITECTURE_AMD64 = (9), Culture = [l:10 {5}] 'en-US', VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, type neutral, TypeName neutral, neutral public key in the store, file is missing "
     
    2013-04-09 21:01:13, 000000f9 CSI Info [SR] cannot repair the military record [l:24 {12}] "ieui.dll.mui" Microsoft-Windows - ieframe.Resources, Version 9.4.8112.16421, pA = PROCESSOR_ARCHITECTURE_AMD64 = (9), Culture = [l:10 {5}] 'en-US', VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, type neutral, TypeName neutral, neutral public key in the store, file is missing "
    2013-04-09 21:01:13, 000000fa CSI Info [SR] this element is referenced by [l:220{110}]"Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~en-US~9.4.8112.16421.Internet-Explorer-amd64'
    2013-04-09 21:01:13, 000000fb CSI Info [SR] could not reproject corrupted file [ml:520 {260}, l:58 {29}] '------? \C:\Windows\System32\en-us"\[l:24{12}]"ieui.dll.MUI '; source file in the store is also corrupted

    Can someone tell me why this is not signed if it is a real process of Microsoft? What is a Trojan horse, and if so how can I get rid of him?

    Thank you

    Simon

    Hi Simon,.

    To help you to propose measures to solve the problem, I would appreciate if you could answer the following questions:

    1. you receive an error message or error code?

    2 did you do changes on the computer before the show?

    Follow the suggestions below for a possible solution:

    Method 1: There could be a possibility that your computer is infected virus or Trojan. I suggest you scan your computer with the Microsoft Security Scanner, which would help us to get rid of viruses, spyware and other malicious software.

    The Microsoft Security Scanner is a downloadable security tool for free which allows analysis at the application and helps remove viruses, spyware and other malware. It works with your current antivirus software.

    http://www.Microsoft.com/security/scanner/en-us/default.aspx

     

    Note: The Microsoft Safety Scanner ends 10 days after being downloaded. To restart a scan with the latest definitions of anti-malware, download and run the Microsoft Safety Scanner again.

    Important: During the scan of the hard drive if bad sectors are found, the scanner tries to repair this sector, all available on which data may be lost.

    Method 2: I recommend you to perform the restoration of the system to the point before the problem occurred.

    System restore

    http://Windows.Microsoft.com/en-us/Windows7/products/features/system-restore

     

    System Restore: frequently asked questions

    http://Windows.Microsoft.com/en-us/Windows7/system-restore-frequently-asked-questions

     

    NOTE: When you use system restore to restore the computer to a previous state, the programs and updates that you have installed are removed.

    Hope this information helps. Please come back for any clarification on this or any issue of Windows. We will be happy to help you.

  • What is a Backdoor Trojan horse?

    Hi I need to know how to remove a Trojan backdoor. Told me System Mechanic PC Total Care that there is a program on my computer that is part of a backdoor Trojan. Also something continues to change there settings of the default settings in the pc total care im guessing it is the Trojan horse. Also, what is Windows remote registry? Who is also running. The last thing wrong ask this question is I get the message that sysWOW64 is invalid and there's no information that I can find anywhere in total PC care. This is the file which has been infected in January and keep be reinfected even after complete healing and Yes you can say that is not possible, but yes, it's when who or what ever took my sysWOW64 folder and left me with a copy of it. I don't know much about computers that is why I did not how your supposed to ask the computer questions but I write by hand and the copy of file paths or places so I know Im asking the right question. And the reason why there are a hundred copies in my last"does that mean? "is because I copy / paste the entry of my event log recorded that there are more than three times the same error that many, but I can post only 6000 questions letter. Know if someone could please help me instead of tell me things I already know that I don't know who would be greatly apperciated. I have no computer experice befor January of 2012, so please be patient with me if you could I just need help to get the control to the back of my computer I had no idea what I was doing and no one to help me so much im learning the hard way please don't make it harder. Thank you for your help going on and support. Gruseb

    Hi again thanks for the reply that do if who ever has also hacked into my router? I did have to go online and put in place. All I had to do was plug it in and it was my old name and the network security key. I know that bad, but I think that a reason why it stops back in because he knows my routers ip, so it can be let right back in after I run a recovery. The other thing is his legal software that its use so my anti virus does not detect.

    Hi gruseb,.
    Try the sequence of steps 1 and 2 in this virus/malware removal guide: http://www.selectrealsecurity.com/malware-removal-guide
    It provides simple instructions on how to remove malware from a computer. If you have any questions, just ask. I hope this helps you.
    Brian

  • C:\hp\recovery\wizard\fscommand\*.exe files deleted due to Trojan Trojan horse - Spy.Win32.Agent.bdrd

    HP/Forum:

    Is it possible to get these filesexe fscommand to HP Recovery Wizardon the site of HP?  I have Zone Alarm Extreme Security 2010 and it quarentined them because of the trojan/virus Trojan-Spy - Win32.Agent.bdrd in a recent analysis.  I tried to clean them but could not and was forced to remove them:

    C:\hp\recovery\wizard\fscommand\AppRecoveryLink_ret.exe

    C:\hp\recovery\wizard\fscommand\CDLogic_ret.exe

    C:\hp\recovery\wizard\fscommand\CreatorLink_ret.exe

    C:\hp\recovery\wizard\fscommand\RestoreLink_ret.exe

    C:\hp\recovery\wizard\fscommand\RTCDLink_ret.exe

    C:\hp\recovery\wizard\fscommand\RunLink_ret.exe

    C:\hp\recovery\wizard\fscommand\SysRecoveryLink_ret.exe

    C:\hp\recovery\wizard\fscommand\WizardLink_ret.exe

    I'm on Windows XP SP3.  I did a virus scan on my Compaq Presario Recovery D: drive and no trace of the virus.

    Thank you!  User: MEJVMSJ (note the 2nd announcement: Correction on above files to include the "\wizard" folder.)

    Cheryl,

    Thank you!  I got the files from a backup I did earlier in the year.  About the fscommand * files, I don't think it's a false positive, that the files are not corrupt directly, but because of the research on the net, I think that flags to be Trojan.  So it's a matter of finding where the Trojan horse is in fact, that I do with Hijack this and other tools.

    This issue can be closed.  Thanks again!  User MEJVMSJ

  • How can firefox changed Trojan horse, I fix?

    Firefox changed Trojan horse. Whenever I hit a new tab, it changes the appearance of firefox and tries to open a new page, www.trovi.com/

    I uninstalled firefox and reinstalled, but which did not set it... Do I need a cleaning of the firefox and all the files?

    Any ideas?

    tried, impossible to find the broweser newtab url thing...

    So I just download an add on that solved the problem

  • Trojan horse on my mac!

    I ran the Bitdefender anti-virus on my MacBook Pro and it is Trojan.JS.RAN and I was surprised that I'm always careful what to download and install!

    I removed it, but now I'm not sure that this Trojan horse on my computer? and what should I do to make sure that there are more malware/virus on my computer? and what is the best antivirus/antimalware should I use in the future?

    NB: I've always updated my Mac every time that one updates see the place!

    Thank you

    Probably a false positive. Google has shown just this and a site similar listing Trojan.JS.RAN.  "Anti" software for mac not cause often false positive.

    http://pcsafer.joins.com/Service/BBS/e_service/content.asp?part=everyzone_notice & id = 2056 & GotoPage = 17 & block = 1 & count =-1

    No need for these apps 'anti '.

    Viruses, Trojans, Malware - and other aspects of Internet Security

    https://discussions.Apple.com/docs/doc-8573

    Effective defenses against software malware and other threats

    https://discussions.Apple.com/docs/doc-8841

  • Download Firefox contaminated by Artemis Trojan horse! B512E6316312CA8

    McKafee don't let me download Firefox from the official site because of this Trojan horse. As part of the download, I also had an analysis of registry (that I didn't ask for) and a program other than the name which I forgot. is this load of shit downloaded as part of the official download of firefox, and that Artemis is really a Trojan horse? If this is the case, then the site of Firefox is not sure.

    I suspect that supposed only occurs with the stub Installer Trojan horse detection.

    Have you tried to download the full Offline Installer?
    http://www.Mozilla.com/en-us/Firefox/all.html

  • When I have a link to update the modules for shockwave, I had a Trojan horse!

    I followed your link module - found with a Trojan horse that has blocked access to my home page (and online email) he charged also several other add-on of its own (the only one I can uninstall is called rocket tab.)
    There also change some network settings.

    I used MS security essentials to remove Trojan.

    How Firefox would allow that to happen?
    How can I erase tab Rocket from the notification area

    Update your Shockwave Flash v14. http://get.Adobe.com/Shockwave/
    Is the link for Flash: http://get.adobe.com/flashplayer/

  • Thunderbird is download Trojan horses to \AppData\Local\Temp\nsmail.tmp?

    I use Thunderbird on Win 8.1, 64 bit, Windows Defender and EMET. When I'm mischievous looking for emails (some with attachments) I do not open, but transmit to us - cert.gov and UCE.GOV reports e-mail addresses. I am emails in the mode display only text. I run a virus scan afterwards and detection has been coming for Trojan horses in container file C:\Users\ < username > \AppData\Local\Temp\nsmail.tmp, usually with a .scr extension file (as shown in the output of information Defender). An infected file is downloaded on my computer for the operations of Thunderbird? Is - this benign file until the opening? I was under the impression that it's just passed the folder from the server. Can anyone tell/explain about this? Thank you in advance!

    SCR files are Windows screensavers. Them are executable files and run and are processed by Windows exactly one. EXE file.

    The only risk they represent for you is if you actually run the attachment (Thunderbird cannot do it alone)

    The location of the file is where emails are assembled in an e-mail to be sent. The same location and name is used for each mail.

    There is no point sending such things for the U.S. Government or anyone else, unless they specifically ask for it. I'm sure you've heard of made massive data capture the NSA. They probably already have your email address, but more to the point, Government and business of cyber security as symantec, kaspersky labs, eset and the folk music of more black hat is all skimming data flowing around the internet. This is how they seem to be able to issue a definition of virus before getting a sample.

  • I think that my page has been hacked I uninstalled reinstalled same prob got viruses and Trojan horses open now uninstalled but I still want u

    When I opened Firefox last week another page came to the top of the home page could not remove the new homepage or mine recover (Google) anti viruses picked up 2 Trojans I uninstalled and reinstalled after put scan quarantine of the articles same thing happened, but got 3 Trojan horses and a virus could not GET normal page search engine (yahoo7) Impossible to get any page other then I uninstalled again now, I use it is to say that I don't like, but am afraid to reinstall Mozilla in the case where the same thing

    Hello terbow181, try the following steps after reinstalling firefox:

    1. Reset firefox (this will keep your bookmarks and passwords)
    2. then go to firefox > addons > extensions and where there are still extensions listed there, disable them.
    3. Finally, run a full scan of your system with security tools like the free version of malwarebytes and adwcleaner to ensure that adware is not present in other parts of your system as well.

    Fix Firefox problems caused by malicious software

Maybe you are looking for