Q: onclickads - malware or virus?

Mine came back this morning too.  Do you still have your remote administration enabled?

Hello everyone, apparantly, this issue is caused by a worm that affects Linksys routers.

The worm is called TheMoon. It bypasses router usernames and passwords and changes the DNS settings to:

199.182.166.168

199.182.166.169

In order to redirect browser clicks to ads. It infects Linksys routers that have "enable remote admin" turned on. The way to get rid of it is to reset your router to factory and ensure that remote admin is disabled.

I suspect the fake Flash download is a way for the worm to get onto the router. So JIC, uninstalling flash and re-downloading is likely a good idea as well...

I suspect the fake Flash download is a way for the worm to get onto the router.

Nope, that is a symptom, not a cause. Once you see that fake Flash page, your router has already been hacked. The vulnerabilities in these routers allow them to be hacked remotely without any need for the user to do anything.

NIce! Time to get an AirPort...

If you don't have the budget for a new router, you can always install the DD-WRT router firmware instead, as has been suggested earlier.

I was recently looking for a movie online and I got into a website that supposedly stream it. Since I have my adblocker on, there was a message that says the video wont play without disabling it first. Being the dummy that I am, I disabled my adblocker for that site and the chaos started. Suddenly my screen went all white and the esc button wasn't functioning. I used my 3 fingers to swipe over the screen and luckily it worked. However, whenever I open my safari, the all white background returns again. I pressed the shift button when trying to open the safari (to avoid automatically reopening prior task), and somehow the "virus" seemed to be gone now. I tried looking for any malware using the procedures on the other discussions and removed those that ends with .helper.plst under the LaunchAgent file.

tl;dr

I dont know if there are still something left, so could anyone please check it for me? Here's the result of my etrecheck. Thank you so much!!!

EtreCheck version: 2.9.11 (264)

Report generated 2016-04-25 00:02:30

Download EtreCheck from https://etrecheck.com

Runtime 3:13

Performance: Good

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Problem: No problem - just checking

Hardware Information: ⓘ

    MacBook Pro (13-inch, Mid 2012)

    [Technical Specifications] - [User Guide] - [Warranty & Service]

    MacBook Pro - model: MacBookPro9,2

    1 2.5 GHz Intel Core i5 CPU: 2-core

    4 GB RAM Upgradeable - [Instructions]

        BANK 0/DIMM0

            2 GB DDR3 1600 MHz ok

        BANK 1/DIMM0

            2 GB DDR3 1600 MHz ok

    Bluetooth: Good - Handoff/Airdrop2 supported

    Wireless:  en1: 802.11 a/b/g/n

    Battery: Health = Normal - Cycle count = 548

Video Information: ⓘ

    Intel HD Graphics 4000

        Color LCD 1280 x 800

System Software: ⓘ

    OS X Yosemite 10.10 (14A389) - Time since boot: less than an hour

Disk Information: ⓘ

    APPLE HDD HTS547550A9E384 disk0 : (500.11 GB) (Rotational)

        EFI (disk0s1) <not mounted> : 210 MB

        Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

        Media (disk0s4) /Volumes/Media : 160.00 GB (152.46 GB free)

        Macintosh HD 2  (disk0s5) /Volumes/Macintosh HD 2  : 114.62 GB (114.40 GB free)

        Macintosh HD 3 (disk0s6) /Volumes/Macintosh HD 3 : 114.22 GB (16.80 GB free)

        Macintosh HD (disk1) / : 109.63 GB (34.57 GB free)

            Core Storage: disk0s2 110.00 GB Online

    MATSHITADVD-R  UJ-8A8 disk2 : (196.8 MB) ()

USB Information: ⓘ

    Apple Inc. FaceTime HD Camera (Built-in)

    Apple Inc. BRCM20702 Hub

        Apple Inc. Bluetooth USB Host Controller

    Apple Computer, Inc. IR Receiver

    Apple Inc. Apple Internal Keyboard / Trackpad

Thunderbolt Information: ⓘ

    Apple Inc. thunderbolt_bus

Gatekeeper: ⓘ

    Mac App Store

Kernel Extensions: ⓘ

        /System/Library/Extensions

    [not loaded]    com.devguru.driver.SamsungComposite (1.4.18 - SDK 10.6 - 2016-03-22) [Support]

        /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns

    [not loaded]    com.devguru.driver.SamsungACMControl (1.4.18 - SDK 10.6 - 2014-01-27) [Support]

    [not loaded]    com.devguru.driver.SamsungACMData (1.4.18 - SDK 10.6 - 2014-01-27) [Support]

    [not loaded]    com.devguru.driver.SamsungMTP (1.4.18 - SDK 10.5 - 2014-01-27) [Support]

    [not loaded]    com.devguru.driver.SamsungSerial (1.4.18 - SDK 10.6 - 2014-01-27) [Support]

System Launch Agents: ⓘ

    [not loaded]    5 Apple tasks

    [loaded]    142 Apple tasks

    [running]    56 Apple tasks

System Launch Daemons: ⓘ

    [not loaded]    45 Apple tasks

    [loaded]    137 Apple tasks

    [running]    80 Apple tasks

Launch Daemons: ⓘ

    [loaded]    com.adobe.SwitchBoard.plist (2012-08-11) [Support]

    [loaded]    com.adobe.fpsaud.plist (2016-04-05) [Support]

    [loaded]    com.malwarebytes.MBAMHelperTool.plist (2016-04-11) [Support]

    [loaded]    com.oracle.java.Helper-Tool.plist (2014-09-20) [Support]

User Launch Agents: ⓘ

    [failed]    com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist

    [failed]    com.facebook.videochat.[redacted].plist (2014-08-13) [Support]

    [loaded]    com.google.keystone.agent.plist (2016-03-02) [Support]

    [running]    com.spotify.webhelper.plist (2016-04-24) [Support]

User Login Items: ⓘ

    iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

    Android File Transfer Agent    Application  (~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)

    Spotify    Application Hidden (/Applications/Spotify.app)

Other Apps: ⓘ

    [running]    com.google.Chrome.5996

    [running]    com.google.android.mtpagent.98864

    [running]    com.spotify.client.49448

    [loaded]    357 Apple tasks

    [running]    163 Apple tasks

Internet Plug-ins: ⓘ

    FlashPlayer-10.6: 21.0.0.213 - SDK 10.6 (2016-04-08) [Support]

    QuickTime Plugin: 7.7.3 (2014-11-06)

    Flash Player: 21.0.0.213 - SDK 10.6 (2016-04-08) Outdated! Update

    EPPEX Plugin: 4.1.0.0 (2011-07-26) [Support]

    Default Browser: 600 - SDK 10.10 (2014-11-06)

    SharePointBrowserPlugin: 14.3.4 - SDK 10.6 (2013-05-19) [Support]

    Silverlight: 5.1.30317.0 - SDK 10.6 (2014-05-20) [Support]

    JavaAppletPlugin: Java 8 Update 65 build 17 (2015-11-09) Check version

3rd Party Preference Panes: ⓘ

    Flash Player (2016-04-05) [Support]

    Java (2015-11-09) [Support]

Time Machine: ⓘ

    Auto backup: YES

    Volumes being backed up:

        Macintosh HD: Disk size: 109.63 GB Disk used: 75.06 GB

    Destinations:

        Macintosh HD 3 [Local]

        Total size: 114.22 GB

        Total number of backups: 60

        Oldest backup: 7/1/15, 4:44 PM

        Last backup: 4/24/16, 6:40 PM

        Size of backup disk: Too small

            Backup size 114.22 GB < (Disk used 75.06 GB X 3)

Top Processes by CPU: ⓘ

        5%    mdworker(9)

        3%    kernel_task

        3%    Google Chrome

        2%    Google Chrome Helper(6)

        2%    fontd

Top Processes by Memory: ⓘ

    766 MB    Google Chrome Helper(6)

    447 MB    kernel_task

    209 MB    Google Chrome

    147 MB    mdworker(9)

    119 MB    imagent

Virtual Memory Information: ⓘ

    320 MB    Free RAM

    3.69 GB    Used RAM (1.02 GB Cached)

    0 B    Swap Used

Diagnostics Information: ⓘ

    Apr 24, 2016, 11:19:51 PM    Self test - passed

    Apr 24, 2016, 07:05:27 PM    /Library/Logs/DiagnosticReports/storedownloadd_2016-04-24-190527_[redacted].cpu _resource.diag [Details]

        /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/st oredownloadd

    Apr 23, 2016, 11:14:57 PM    ~/Library/Logs/DiagnosticReports/VTDecoderXPCService_2016-04-23-231457_[redacte d].crash

        /System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDeco derXPCService.xpc/Contents/MacOS/VTDecoderXPCService