Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected MacBook Pro


  • Please log in to reply
10 replies to this topic

#1 flower51

flower51

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 01 January 2015 - 05:52 PM

Infected with AdWare and possibly other bad items. Symptoms include periodic uncontrollable cursor, uncontrolled highlighting of sections of websites, very slow operations, etc. Need your advice on how to clean this syste up.



BC AdBot (Login to Remove)

 


m

#2 dante12

dante12

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 02 January 2015 - 08:09 AM

Hello flower51,

 

Please Backup all you data!

 

1. Please download AdwareMedic

- Open the DMG-File and move the app to your program folder.

- Start the Application and click on the button scan for Adware

- You will get a Message if any Adware found they will move to the trash.

 

2. Restart the Mac

 

3. Download EtreCheck

- Extract the zip-file and move the app to the program folder or in any folder on your desktop.

- Start the Application. Click on Start Etrecheck

- After done click on the button Copy report to Clipboard

- Paste the Log with Command-V here in this thread in Code-Tags.

 

4. Open AdwareMedic again and choose from the menu Scanner the point Open Log File

- Copy and Paste all Lines here in the Thread in Code-Tags.

 

Note: Using Code-Tags

- Click on the Code-Selector (see pic). A new window will open.

- Choose from the Top of the Window Code Type and set it to none.

- Starting Line Number: not needed

- Select all lines (Command-A) and Paste (Command-V) the Log in the free space of the window and click ok.

 

 

See Pic below using manually the Code-Tag-Selector.

4lthubcd46s.png


Edited by dante12, 03 January 2015 - 06:07 AM.


#3 flower51

flower51
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 02 January 2015 - 05:36 PM

Dante....your recommendation in (1) to use AdwareMedic didn't work....I have an older OSX ver 10.6.8 and got an error message taht this program is only compatible with OSX ver 10.7 of higher. Please advise.



#4 Buddyme2

Buddyme2

  • Members
  • 690 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 02 January 2015 - 06:27 PM

AdwareMedic manual removal instructions

 

Twenty steps to help and fix system issues

 

You need to provide us more info about your Mac. Which Mac and the specs, amount of RAM installed, the size of HDD and how much free, etc. 



#5 dante12

dante12

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 02 January 2015 - 07:21 PM

I'm sorry. Can you please start at point 3 for EtreCheck Log? 

 

Dante....your recommendation in (1) to use AdwareMedic didn't work....I have an older OSX ver 10.6.8 and got an error message taht this program is only compatible with OSX ver 10.7 of higher. Please advise.


Edited by dante12, 02 January 2015 - 07:21 PM.


#6 flower51

flower51
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 04 January 2015 - 02:38 PM

EtreCheck%20Log%204Jan2015.rtf       Unsure how to get this file from MyDocuments and pasted here....please advise how to do this if you can't open.
 
Computer Model: MacBookPro5.5
Mac OS X ver 10.6.8
Processor: 2.26 GHz Intel Core2 Duo
Memory: 2GB  L2 Cache 3MB


#7 flower51

flower51
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 04 January 2015 - 02:41 PM

EtreCheck version: 2.1.5 (108)

Report generated January 4, 2015 2:03:32 PM EST

 

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Adware] links for help removing adware.

 

Hardware Information:

MacBook Pro (13-inch, Mid 2009) (Verified)

MacBook Pro - model: MacBookPro5,5

1 2.26 GHz Intel Core 2 Duo CPU: 2-core

2 GB RAM 

BANK 0/DIMM0

1 GB DDR3 1067 MHz ok

BANK 1/DIMM0

1 GB DDR3 1067 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless:  en1: 802.11 a/b/g/n

 

Video Information:

NVIDIA GeForce 9400M - VRAM: 256 MB

Color LCD 1280 x 800

spdisplays_display_connector 

 

System Software:

Mac OS X 10.6.8 (10K549) - Uptime: 0:27:14

 

Disk Information:

Hitachi HTS545016B9SA02 disk0 : (149.05 GB)

- (disk0s1) <not mounted> : 210 MB 

Macintosh HD (disk0s2) / : 159.70 GB (100.24 GB free)

 

MATbleepADVD-R   UJ-868  

 

USB Information:

Apple Inc. Built-in iSight 

Apple Internal Memory Card Reader 

Apple Inc. Apple Internal Keyboard / Trackpad 

Apple Computer, Inc. IR Receiver 

Apple Inc. BRCM2046 Hub 

Apple Inc. Bluetooth USB Host Controller 

 

Kernel Extensions:

/System/Library/Extensions

[not loaded] com.novatelwireless.driver.3G (3.0.2) [Support]

[not loaded] com.novatelwireless.driver.DisableAutoInstall (2.0.6) [Support]

[not loaded] com.seagate.driver.PowSecDriverCore (5.2.6 - SDK 10.4) [Support]

[not loaded] com.sierrawireless.driver.SierraSupport (1.4.11) [Support]

[not loaded] com.sierrawireless.driver.SierraSwitch (1.2.2) [Support]

[not loaded] com.sierrawireless.driver.SierraSwitchKicker (1.0.0) [Support]

[not loaded] com.smithmicro.driver.SMSIWirelessModem (3.2.6) [Support]

 

/System/Library/Extensions/NovatelWireless3G.kext/Contents/Plugins

[not loaded] com.novatelwireless.driver.3GData (3.0.2) [Support]

 

/System/Library/Extensions/SMSIWirelessModem.kext/Contents/PlugIns

[not loaded] com.smithmicro.driver.SMSIWirelessCDC (3.2.6) [Support]

[not loaded] com.smithmicro.driver.SMSIWirelessSerial (3.2.6) [Support]

 

/System/Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns

[not loaded] com.seagate.driver.PowSecLeafDriver_10_4 (5.2.6 - SDK 10.4) [Support]

[not loaded] com.seagate.driver.PowSecLeafDriver_10_5 (5.2.6 - SDK 10.5) [Support]

[not loaded] com.seagate.driver.SeagateDriveIcons (5.2.6 - SDK 10.4) [Support]

 

Problem System Launch Daemons:

[running] com.seagate.TBDecorator.plist [Support]

[not loaded] org.samba.winbindd.plist [Support]

 

Launch Daemons:

[loaded] com.adobe.fpsaud.plist [Support]

 

User Launch Agents:

[invalid?] com.adobe.ARM.[...].plist [Support]

[loaded] com.yahoo.YahooContactSyncAgent.plist [Support]

 

User Login Items:

Keynote Application (/Applications/iWork '09/Keynote.app)

SpeechSynthesisServer Application (/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/Resources/SpeechSynthesisServer.app)

iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Safari Application (/Applications/Safari.app)

 

Internet Plug-ins:

Flip4Mac WMV Plugin: Version: 2.4.4.2 [Support]

FlashPlayer-10.6: Version: 16.0.0.235 - SDK 10.6 [Support]

JavaAppletPlugin: Version: 13.9.8 - SDK 10.6 Check version

AdobePDFViewerNPAPI: Version: 11.0.07 - SDK 10.6 [Support]

Flash Player: Version: 16.0.0.235 - SDK 10.6 [Support]

AdobePDFViewer: Version: 11.0.07 - SDK 10.6 [Support]

QuickTime Plugin: Version: 7.6.6

Unity Web Player: Version: UnityPlayer version 4.3.5f1 - SDK 10.6 [Support]

Silverlight: Version: 4.0.50524.0 [Support]

SlingPlayer: Version: Unknown - SDK 10.8 [Support]

iPhotoPhotocast: Version: 7.0

 

Audio Plug-ins:

iSightAudio: Version: 7.6.6

 

3rd Party Preference Panes:

Flash Player  [Support]

Flip4Mac WMV  [Support]

Seagate Dashboard for Mac OSX  [Support]

 

Time Machine:

Time Machine information requires OS X 10.7 "Lion" or later.

 

Top Processes by CPU:

    5% WebProcess

    2% WindowServer

    1% fontd

    0% ps

    0% usbmuxd

 

Top Processes by Memory:

239 MB WebProcess

56 MB Safari

37 MB mds

37 MB WindowServer

30 MB Keynote

 

Virtual Memory Information:

841 MB Free RAM

677 MB Active RAM

126 MB Inactive RAM

233 MB Wired RAM

190 MB Page-ins

0 B Page-outs

 

Diagnostics Information:

Jan 4, 2015, 01:36:53 PM Self test - passed



#8 dante12

dante12

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 04 January 2015 - 06:12 PM

Hello,

 

I've not found any suspect thinks on your laptop. As I see there are many Applications loaded at startup. This will eat much memory because you have on 2 GB of them.

See if you need the following entries (except itunes.helper)

Keynote Application (/Applications/iWork '09/Keynote.app)
SpeechSynthesisServer Application (/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/Resources/SpeechSynthesisServer.app)
Safari Application (/Applications/Safari.app)

You have running a server in the background (SpeechSynthesisServer). This allows you to hear the time of an hour or speech input. Ich you don't need this you should remove from Login.

 

How to remove User Login Start Items:

 

- Open System Preferences

- Go to User and Groups and choose your Account.

- On the right side you see the button described as "Startup Items". I really don't now how it looks below OS X version 10.7

- Choose any item that you don't know and click on the (-) minus to remove. 

 

Are you Syncing Something with Yahoo? 

User Launch Agents
com.yahoo.YahooContactSyncAgent.plist

This will come up every time you logged in. If you don't need you should remove them. See in your Applications folder however for a Yahoo Uninstaller. I think this will be the problem to got pop ups an so on.  Before we remove Yahoo please tell me if you have installed it yourself or not.

 

Delete unwanted extensions

 

- Open Safari 

- Choose Preferences and then Extensions

- Delete all unwanted extensions

 

Second Option is to reset Safari. Look in the menu "Safari" or in the Settings "Privacy" to reset the Cache (you should tell me the version of Safari your're running for better assist):

 

Repair disk Permissions

- Open Disk Utility located in the Program-Folder under Utilities. 

- Choose your main drive (startup drive)

- on the bottom left, first choose "check permissions" and second "repair permissions"

 

Installed software 

 

This is a point that I no needed for assist regularly but look inside (especially older Version of OS X) give me a closer look what is installed.

 

- Please open the Terminal and copy and paste the following entry into it. You need your password to complete the command.

sudo ls -Al /Applications > ~/Desktop/appl.txt
 

This will create a file called "appl.txt" on your Desktop.

- Open the file with click on it and select all entries  (Command-A). Copy (Command-C)  and Paste (Command-V) the log in this thread.

 

Empty you Cache

 

- Create an new Folder on your Desktp (Right-Click with your mouse and choose "new folder")

- Name this as "UserCache"

- Open the following folder /home/<yourusername>/Library/Caches 

- Select all entries with Command-A and move it to your new created folder on your desktop.

 

After all steps done restart your Mac.

Write down if changed anything.

 

Greetings,

-dante



#9 buddy215

buddy215

  • BC Advisor
  • 12,616 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:44 AM

Posted 04 January 2015 - 07:15 PM

Use CCleaner to clean the temporary files and caches. Requires an Apple Mac running OS X 10.5 to 10.9 Mavericks

CCleaner for Mac OS X

 

Then check the add-ons/ extensions in your browser. Remove any that you did not install intentionally. If you added one

the same day the ads started appearing then that is the culprit.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 flower51

flower51
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:44 AM

Posted 05 January 2015 - 02:54 PM

1. Safari version 5.1.10 (6534.59.10). Opened Safari and emptied cache, turned on "Block Pop-Up Windows". 

 

2. Transfered significant amount of old residual downloads from on-line games to Trash and deleted.

 

3. Went to System Preferences and placed checkmark to "hide" SpeechSynthesisServer and KeynoteApplication.

 

4. Created new UserCache folder on desktop per instructions. 

 

5. Created "appl.txt" folder on desktop per instructions. However after opening nothing showed up after Command-A and Command-C. When CommandV pressed only the copied Terminal entry shown in your instruction appears...so I didn't copy this to the thread.

 

6. Could not find the Yahoo info you indicated above, User Launch Agents...... Also, I think we had yahoo added by Apple tech when we first bought this computer. No "uninstall yahoo" in Applications.

 

7. The most confusing info came attempting to use Disk Utility to "check permissions" and "repair permissions". I selected "Macintosh HD" and started "check permissions". Log indicated a lot of problems (30+) of different formats, some of which are repeated, following :

(a) Permissions differ on "System/Library/CoreServices/RemoteManagement?MenuExtras/RemoteDesktop.menu/Contents/Resources/French.lproj/RemoteDesktopMenu.nib

(B) OpenError 5: "Input/output error on System Library Core Services/Remote Management/ARDAgent.app/Contents/Support/RemoteDesktopMessage.app/Contents/Resources/French.lproj/InfoPlist.strings...and /localizeable strings.....and /UIAagent.nib.....and /UIAagent.nib/keyedobjects.nib

© User differs on "System/Library/Frameworks/Versions 1.6.0/home/library"...should be 95, user is 0.

(d) Warning. SUID file "System/Library/CoreServices.......has been changed and will not be repaired".

 

I decided NOT to select "repair permissions" until consulting with you on what all these apparent permission discrepancies mean?



#11 dante12

dante12

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:44 AM

Posted 05 January 2015 - 05:11 PM

Hello,

 

The created appl.txt is not really a problem. You can move it to the trash.

 

Please make a  backup of all your files. This is an essential step for all operations that you do.

 

1. Delete Yahoo

 

- Open the folder /home/your-username/Library/LaunchAgents

- move the following entry in your trash

com.yahoo.YahooContactSyncAgent.plist

2. Download the search Tool Find Any File

 

- Download Find Any File and save it to any location on your drive

- Extract the zip-file and start the Application

- On the search field type in "yahoo"

- Hold down the ALT-Key and click on the Button Search as Root you need your Password for Access search on root level.

- After done, select all the entries Copy and Paste it here (in Code-Tags please. See Instruction earlier in this thread).

 

3. Correct permission (you should do) - if you not sure, execute disk utility again, copy the entries and paste here in the thread.

 

- To repair the Permissions is an essential way to correct system settings. Third Party Software that need root-rights to install often change permissions.

-  Maybe some Applications need to reinstall or need additional rights after start. (Repair permissions not remove any Applications but Settings may be changed)

 

Additional Information: http://support.apple.com/en-us/HT201560

 

4. Restart the Computer

- Some loaded files and the resetting disk permissions need a restart.

 

 

 


Edited by dante12, 05 January 2015 - 05:22 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users