angloargie

Q: Trovi unwanted adds and heuristics phishing

Can someone please advise me ?I noticed today that i have been getting lots iof adds sliding in from bothe sides and the bottom of each web page I open.I alsonoticed a new search engine caled Trovi appeared despite the default being set on Google.I then used ClamXav to scan for virus and the only one that came up was this heuristics phishing, the path associated with it is- Users/my name/Library/Thunderrbird?Profiles/99lyvfqs.default/ImapMail/imap.talktalk.net? INBOX.sbd/Sent .I ahve no idea what i shopuld do nexct to rectify the situation so could you please advise me .Thanks

AppleTV 2, Mac OS X (10.7.4)

Posted on May 4, 2014 11:38 AM

Close

Q: Trovi unwanted adds and heuristics phishing

  • All replies
  • Helpful answers

Page 1 of 3 last Next
  • by MadMacs0,Helpful

    MadMacs0 MadMacs0 May 4, 2014 2:27 PM in response to angloargie
    Level 5 (4,791 points)
    May 4, 2014 2:27 PM in response to angloargie

    Try using this new Adware Removal Tool and see if that takes care of it.

     

    Do not use ClamXav or any other A-V software to move or delete e-mail, especially those identified by heuristics means. They must be read and deleted within Thunderbird itself. For further assistance please visit the ClamXav Forum.

  • by angloargie,

    angloargie angloargie May 5, 2014 12:44 AM in response to MadMacs0
    Level 1 (9 points)
    Desktops
    May 5, 2014 12:44 AM in response to MadMacs0

    well i tried that application as suggested but the adds are still there Ias is the Trovi search engine. Instead I got this message from the TSM adware removal tool

    cat:/Users/myname/Library/ApplicationSupport/Firefox/Profiles/20619w2i.default/e xtensions/staged/install.rdf  No such directory

  • by MadMacs0,Helpful

    MadMacs0 MadMacs0 May 5, 2014 1:35 AM in response to angloargie
    Level 5 (4,791 points)
    May 5, 2014 1:35 AM in response to angloargie

    I've asked the developer to drop by and take a look. He'll probably want you to run some additional diagnostices, but in the meantime can you please download, run and post the results of EtreCheck so we can get a better idea of what all you have installed.

  • by angloargie,

    angloargie angloargie May 5, 2014 2:37 AM in response to MadMacs0
    Level 1 (9 points)
    Desktops
    May 5, 2014 2:37 AM in response to MadMacs0

    these are the results

     

     

    Hardware Information:

              iMac (21.5-inch, Mid 2011)

              iMac - model: iMac12,1

              1 2.5 GHz Intel Core i5 CPU: 4 cores

              4 GB RAM

     

    Video Information:

              AMD Radeon HD 6750M - VRAM: 512 MB

     

    System Software:

              OS X 10.9.2 (13C1021) - Uptime: 0 days 2:27:49

     

    Disk Information:

              ST3500418AS disk0 : (500.11 GB)

                        EFI (disk0s1) <not mounted>: 209.7 MB

                        Macintosh HD (disk0s2) / [Startup]: 499.25 GB (260.61 GB free)

                        Recovery HD (disk0s3) <not mounted>: 650 MB

     

              HL-DT-STDVDRW  GA32N 

     

    USB Information:

              Apple Internal Memory Card Reader

     

              Apple Computer, Inc. IR Receiver

     

              Apple Inc. FaceTime HD Camera (Built-in)

     

              Apple Inc. BRCM2046 Hub

                        Apple Inc. Bluetooth USB Host Controller

     

    Thunderbolt Information:

              Apple Inc. thunderbolt_bus

     

    Gatekeeper:

              Mac App Store and identified developers

     

    Kernel Extensions:

              [kext loaded] com.Cycling74.driver.Soundflower (1.6.6 - SDK 10.6) Support

              [not loaded] com.devguru.driver.SamsungACMControl (1.4.14 - SDK 10.6) Support

              [not loaded] com.devguru.driver.SamsungACMData (1.4.14 - SDK 10.6) Support

              [not loaded] com.devguru.driver.SamsungComposite (1.4.14 - SDK 10.6) Support

              [not loaded] com.devguru.driver.SamsungMTP (1.4.14 - SDK 10.5) Support

              [not loaded] com.devguru.driver.SamsungSerial (1.4.14 - SDK 10.6) Support

              [not loaded] net.pocketmac.driver.PocketMacKNetMO (3.9.2b24) Support

     

    Launch Daemons:

              [loaded] com.adobe.fpsaud.plist Support

              [loaded] com.bresink.system.securityagent3a.plist Support

              [invalid] com.oracle.java.Helper-Tool.plist

              [loaded] com.oracle.java.JavaUpdateHelper.plist Support

              [failed] com.torch.update.agent.plist Support

              [running] com.trusteer.rooks.rooksd.plist Support

              [failed] com.tvmobili.tvmobilisvcd.plist Support

              [not loaded] com.vsearch.daemon.plist Support

              [running] com.vsearch.helper.plist Support

              [running] net.pocketmac.pocketmacd.plist Support

     

    Launch Agents:

              [not loaded] com.adobe.AAM.Updater-1.0.plist Support

              [invalid] com.oracle.java.Java-Updater.plist

              [running] com.sourceforge.macgpg2.gpg-agent.plist Support

              [failed] com.trusteer.rapport.rapportd.plist Support

              [failed] com.tvmobili.artwork.plist Support

              [running] com.vsearch.agent.plist Support

     

    User Launch Agents:

              [loaded] com.adobe.AAM.Updater-1.0.plist Support

              [loaded] com.adobe.ARM.[...].plist Support

              [loaded] com.facebook.videochat.[redacted].plist Support

              [loaded] com.google.keystone.agent.plist Support

              [running] com.spotify.webhelper.plist Support

              [not loaded] jp.co.canon.Inkjet_Extended_Survey_Agent.plist Support

     

    User Login Items:

              iSyncr

              iTunesHelper

              TinkerTool System

              Safari

              laciebackupd

              Music Manager

              ElementsAutoAnalyzer

              Hightail Desktop App

              Canon IJ Network Scanner Selector EX

              RealPlayer Downloader Agent

              TuneupMyMac

              fuspredownloader

     

    Internet Plug-ins:

              JavaAppletPlugin: Version: 14.9.0 - SDK 10.7 Check version

              Google Earth Web Plug-in: Version: 5.2 Support

              Default Browser: Version: 537 - SDK 10.9

              Flip4Mac WMV Plugin: Version: 3.2.0.16   - SDK 10.8 Support

              NP2020Player: Version: 5.0.4.0 Support

              RealPlayer Plugin: Version: (null) Support

              AdobePDFViewerNPAPI: Version: 11.0.06 - SDK 10.6 Support

              FlashPlayer-10.6: Version: 13.0.0.206 - SDK 10.6 Support

              Silverlight: Version: 5.1.20913.0 - SDK 10.6 Support

              Flash Player: Version: 13.0.0.206 - SDK 10.6 Support

              QuickTime Plugin: Version: 7.7.3

              AdobePDFViewer: Version: 11.0.06 - SDK 10.6 Support

              EPPEX Plugin: Version: 10.0 Support

              DirectorShockwave: Version: 12.0.7r148 - SDK 10.6 Support

     

    Safari Extensions:

              ClickToFlash: Version: 2.9.3

              Facebook Cleaner: Version: 3.3

              1-ClickWeather: Version: 1.0

              Video Converter: Version: 3.5.0

              mySupermarket Companion: Version: 1.101

              Facebook Photo Zoom: Version: 1.1206.11.1

              Conduit Search for Safari: Version: 1.0

              Add To Amazon Wish List: Version: 1.8

              ClickToPlugin: Version: 2.9.3

     

    Audio Plug-ins:

              BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9

              AirPlay: Version: 2.0 - SDK 10.9

              AppleAVBAudio: Version: 203.2 - SDK 10.9

              InstantOn: Version: 7.1.2 - SDK 10.8 Support

              iSightAudio: Version: 7.7.3 - SDK 10.9

     

    iTunes Plug-ins:

              Quartz Composer Visualizer: Version: 1.4 - SDK 10.9

     

    3rd Party Preference Panes:

              Flash Player  Support

              Flip4Mac WMV  Support

              MusicManager  Support

              Trusteer Endpoint Protection  Support

     

    Time Machine:

              Skip System Files: NO

              Mobile backups: OFF

              Auto backup: YES

              Volumes being backed up:

                        Macintosh HD: Disk size: 464.96 GB Disk used: 222.25 GB

              Destinations:

                        user files [Local] (Last used)

                        Total size: 0 B

                        Total number of backups: (null)

                        Size of backup disk: Too small

                                  Backup size 0 B < (Disk used 222.25 GB X 3)

              Time Machine details may not be accurate.

              All volumes being backed up may not be listed.

     

    Top Processes by CPU:

                   2%          WindowServer

                   1%          fontd

                   0%          RealPlayer Downloader Agent

                   0%          com.apple.WebKit.Networking

                   0%          com.apple.WebKit.WebContent

     

    Top Processes by Memory:

              168 MB          com.apple.IconServicesAgent

              152 MB          Safari

              139 MB          com.apple.WebKit.WebContent

              135 MB          softwareupdated

              131 MB          thunderbird

     

    Virtual Memory Information:

              312 MB          Free RAM

              1.69 GB          Active RAM

              1.14 GB          Inactive RAM

              852 MB          Wired RAM

              821 MB          Page-ins

              24 MB          Page-outs

  • by angloargie,

    angloargie angloargie May 5, 2014 2:41 AM in response to angloargie
    Level 1 (9 points)
    Desktops
    May 5, 2014 2:41 AM in response to angloargie

    I got this reply fropm Clam Xav

     

    We can give you a little help with the Thunderbird issue, but Adware is not generally something ClamXav or any other A-V software will be able to locate.


    "Heuristics" means that they are from or mention a financial institution and may be a phishing attempt which is attempting to obtain privacy information (e.g. UserID and Password credentials). It has not been positively identified as such, just that something about the format is suspicious. You can see exactly where a link will take you by hovering the cursor over the underlined words or image in the e-mail. Don't click the link or open an attachment unless you are certain that it is legitimate. There is a significant probability that these are legitimate e-mail messages from a financial institution that you need, so trashing them could very well be a mistake. The only way to know is to read them. There is also a distinct possibility that you or your e-mail system have already decided that they are spam / junk / phishing and they came from your Spam / Junk / Deleted Items / Trash folders, so you should always check to make certain they are not needed and then delete them before running an e-mail scan. Without the exact infection name, that's about all I can tell you about it.


    Unfortunately, Thunderbird uses large files containing multiple e-mails, so it's not possible for you to identify the exact message which is being identified as possibly infected. About all we know is that it is in your "Sent" mailbox for TalkTalk. I'm not sure why you would be sending out an e-mail involving a financial institution that is a possible phishing attempt unless you forwarded something you received to see if it was valid.


    If you are unable to locate it then I would simply ignore it. It isn't responsible for your Adware problem and if you happen to read the message, no harm can come of it unless you click a link to a fake site or fill out a form with privacy information and send it to a fake address.


    Hope this helps.

  • by andyBall_uk,

    andyBall_uk andyBall_uk May 5, 2014 2:58 AM in response to angloargie
    Level 7 (20,495 points)
    May 5, 2014 2:58 AM in response to angloargie

    Since you still have vsearch/downlite installed & partially running, it seems that the removal tool didn't complete properly. Try the manual instructions : Adware Removal Guide : DownLite

     

    I would also remove the conduit & amazon wishlist Safari extensions, and consider removing Rapport, since it causes problems for many users here, albeit completely unrelated to adverts etc.

  • by MadMacs0,

    MadMacs0 MadMacs0 May 5, 2014 3:31 AM in response to angloargie
    Level 5 (4,791 points)
    May 5, 2014 3:31 AM in response to angloargie

    You still have pieces of adware installed, possibly because the tool did not complete it's mission.

     

    There's a new version 6 posted and if you run the one you have again it will download the new version for you. See if that takes care of the issue.

     

    You have several pieces of software that are invalid or failing that need to be attended to. The ones are shown as "not loaded" aren't currently causing any issues, but may be leftover files from software you thought had been removed. Make sure you recognize everything listed as something you currently need. Some is out-of-date when you get a chance to check.

     

    You normally don't need disk software other than what is included with OS X, so you might not need the Samsung software.

     

    TuneupMyMac is not needed and could be causing you issues.

     

    Same with Rapport Trusteer.

     

    There are a few items I don't recognize at all.

  • by angloargie,

    angloargie angloargie May 5, 2014 5:06 AM in response to MadMacs0
    Level 1 (9 points)
    Desktops
    May 5, 2014 5:06 AM in response to MadMacs0

    not sure I am fully understanding you re the download .I did the update ,clicked on the tool and all i got was this :

     

    cat:/Users/myname/Library/ApplicationSupport/Firefox/Profiles/20619w2i.default/e xtensions/staged/install.rdf  No such directory

     

    Nothing else happened i have the apple script whichi was going to cut and paste but its very   long

     

     

    I'll  delete the other items you mentioned

  • by angloargie,

    angloargie angloargie May 5, 2014 5:24 AM in response to MadMacs0
    Level 1 (9 points)
    Desktops
    May 5, 2014 5:24 AM in response to MadMacs0

    is this the way to remove the conduit ?

    You installed the Conduit spyware. To remove it, back up all data, then follow these instructions.

     

    If the instructions don't work, proceed as follows.

     

     

    Triple-click the line below on this page to select it:

     

    ~/Library/Application Support/Conduit

     

    Copy the selected text to the Clipboard by pressing the key combination command-C. From the Finder menu bar, select

     

    Go â–¹ Go to Folder…

     

    Paste into the box that opens (command-V), then press return. A Finder window should open with a folder named "Conduit" selected. If it does, delete the selected item.

     

    Repeat with this line:

    /Applications/Toolbars

     

    Now you're deleting a folder named "Toolbars". You may be prompted for your login password. Next, copy this line: 

    /Library

     

     

    Select Go to Folder… again and paste. Don't delete the Library folder. Delete only the following items inside it, if they exist.

     

     

    • Application Support/Conduit
    • InputManagers/CTLoader
    • LaunchAgents/com.conduit.loader.agent.plist
    • ScriptingAdditions/ct_scripting.osax

    Close the Finder windows you opened. Log out and log back in.


    I've seen a report that Conduit may be bundled with a scam "utility" called "MacKeeper." If you installed MacKeeper, you should remove it according to the developer's instructions. It's worthless and causes many problems reported on this site.

  • by andyBall_uk,

    andyBall_uk andyBall_uk May 5, 2014 5:46 AM in response to angloargie
    Level 7 (20,495 points)
    May 5, 2014 5:46 AM in response to angloargie
  • by angloargie,

    angloargie angloargie May 5, 2014 5:49 AM in response to andyBall_uk
    Level 1 (9 points)
    Desktops
    May 5, 2014 5:49 AM in response to andyBall_uk

    ok. I asked  because you mentioned conuit as in -"I would also remove the conduit & amazon wishlist Safari extensions" and i am not sure hiow ot do that

  • by andyBall_uk,

    andyBall_uk andyBall_uk May 5, 2014 5:54 AM in response to angloargie
    Level 7 (20,495 points)
    May 5, 2014 5:54 AM in response to angloargie

    Sorry , I see what you mean : the report only shows a Conduit Safari extension, rather than the other files. You can just uninstall that from Safari - Preferences - Extensions.

  • by angloargie,

    angloargie angloargie May 5, 2014 11:28 PM in response to andyBall_uk
    Level 1 (9 points)
    Desktops
    May 5, 2014 11:28 PM in response to andyBall_uk

    I have made the changes suggested and this is another Etrecheck report

     

    Hardware Information:

              iMac (21.5-inch, Mid 2011)

              iMac - model: iMac12,1

              1 2.5 GHz Intel Core i5 CPU: 4 cores

              4 GB RAM

     

    Video Information:

              AMD Radeon HD 6750M - VRAM: 512 MB

     

    System Software:

              OS X 10.9.2 (13C1021) - Uptime: 0 days 1:2:6

     

    Disk Information:

              ST3500418AS disk0 : (500.11 GB)

                        EFI (disk0s1) <not mounted>: 209.7 MB

                        Macintosh HD (disk0s2) / [Startup]: 499.25 GB (259.95 GB free)

                        Recovery HD (disk0s3) <not mounted>: 650 MB

     

              HL-DT-STDVDRW  GA32N 

     

    USB Information:

              Apple Inc. FaceTime HD Camera (Built-in)

     

              Apple Inc. BRCM2046 Hub

                        Apple Inc. Bluetooth USB Host Controller

     

              Apple Computer, Inc. IR Receiver

     

              Apple Internal Memory Card Reader

     

    FireWire Information:

              LaCie d2 quadra (button) 400mbit - 800mbit max

                        disk1s1 (disk1s1) <not mounted>: 32 KB

                        disk1s2 (disk1s2) <not mounted>: 29 KB

                        disk1s3 (disk1s3) <not mounted>: 29 KB

                        disk1s4 (disk1s4) <not mounted>: 29 KB

                        disk1s5 (disk1s5) <not mounted>: 29 KB

                        disk1s6 (disk1s6) <not mounted>: 262 KB

                        disk1s7 (disk1s7) <not mounted>: 262 KB

                        disk1s8 (disk1s8) <not mounted>: 262 KB

                        whole contents (disk1s10) /Volumes/whole contents: 249.92 GB (106.92 GB free)

                        user files (disk1s12) /Volumes/user files: 249.92 GB (36.19 GB free)

     

    Thunderbolt Information:

              Apple Inc. thunderbolt_bus

     

    Gatekeeper:

              Mac App Store and identified developers

     

    Kernel Extensions:

              [kext loaded] com.Cycling74.driver.Soundflower (1.6.6 - SDK 10.6) Support

              [not loaded] com.devguru.driver.SamsungACMControl (1.4.14 - SDK 10.6) Support

              [not loaded] com.devguru.driver.SamsungACMData (1.4.14 - SDK 10.6) Support

              [not loaded] com.devguru.driver.SamsungComposite (1.4.14 - SDK 10.6) Support

              [not loaded] com.devguru.driver.SamsungMTP (1.4.14 - SDK 10.5) Support

              [not loaded] com.devguru.driver.SamsungSerial (1.4.14 - SDK 10.6) Support

              [not loaded] net.pocketmac.driver.PocketMacKNetMO (3.9.2b24) Support

     

    Launch Daemons:

              [loaded] com.adobe.fpsaud.plist Support

              [loaded] com.bresink.system.securityagent3a.plist Support

              [invalid] com.oracle.java.Helper-Tool.plist

              [loaded] com.oracle.java.JavaUpdateHelper.plist Support

              [failed] com.torch.update.agent.plist Support

              [failed] com.tvmobili.tvmobilisvcd.plist Support

              [running] net.pocketmac.pocketmacd.plist Support

     

    Launch Agents:

              [not loaded] com.adobe.AAM.Updater-1.0.plist Support

              [invalid] com.oracle.java.Java-Updater.plist

              [running] com.sourceforge.macgpg2.gpg-agent.plist Support

              [failed] com.tvmobili.artwork.plist Support

     

    User Launch Agents:

              [loaded] com.adobe.AAM.Updater-1.0.plist Support

              [loaded] com.adobe.ARM.[...].plist Support

              [loaded] com.facebook.videochat.[redacted].plist Support

              [loaded] com.google.keystone.agent.plist Support

              [running] com.spotify.webhelper.plist Support

              [not loaded] jp.co.canon.Inkjet_Extended_Survey_Agent.plist Support

     

    User Login Items:

              iSyncr

              iTunesHelper

              TinkerTool System

              Safari

              laciebackupd

              Music Manager

              ElementsAutoAnalyzer

              Hightail Desktop App

              Canon IJ Network Scanner Selector EX

              RealPlayer Downloader Agent

              TuneupMyMac

              fuspredownloader

     

    Internet Plug-ins:

              JavaAppletPlugin: Version: 14.9.0 - SDK 10.7 Check version

              Google Earth Web Plug-in: Version: 5.2 Support

              Default Browser: Version: 537 - SDK 10.9

              Flip4Mac WMV Plugin: Version: 3.2.0.16   - SDK 10.8 Support

              NP2020Player: Version: 5.0.4.0 Support

              RealPlayer Plugin: Version: (null) Support

              AdobePDFViewerNPAPI: Version: 11.0.06 - SDK 10.6 Support

              FlashPlayer-10.6: Version: 13.0.0.206 - SDK 10.6 Support

              Silverlight: Version: 5.1.20913.0 - SDK 10.6 Support

              Flash Player: Version: 13.0.0.206 - SDK 10.6 Support

              QuickTime Plugin: Version: 7.7.3

              AdobePDFViewer: Version: 11.0.06 - SDK 10.6 Support

              EPPEX Plugin: Version: 10.0 Support

              DirectorShockwave: Version: 12.0.7r148 - SDK 10.6 Support

     

    Safari Extensions:

              ClickToFlash: Version: 2.9.3

              Facebook Cleaner: Version: 3.3

              1-ClickWeather: Version: 1.0

              Video Converter: Version: 3.5.0

              mySupermarket Companion: Version: 1.101

              Facebook Photo Zoom: Version: 1.1206.11.1

              ClickToPlugin: Version: 2.9.3

     

    Audio Plug-ins:

              BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9

              AirPlay: Version: 2.0 - SDK 10.9

              AppleAVBAudio: Version: 203.2 - SDK 10.9

              InstantOn: Version: 7.1.2 - SDK 10.8 Support

              iSightAudio: Version: 7.7.3 - SDK 10.9

     

    iTunes Plug-ins:

              Quartz Composer Visualizer: Version: 1.4 - SDK 10.9

     

    3rd Party Preference Panes:

              Flash Player  Support

              Flip4Mac WMV  Support

              MusicManager  Support

     

    Time Machine:

              Skip System Files: NO

              Mobile backups: OFF

              Auto backup: YES

              Volumes being backed up:

                        Macintosh HD: Disk size: 464.96 GB Disk used: 222.86 GB

              Destinations:

                        user files [Local] (Last used)

                        Total size: 0 B

                        Total number of backups: 1

                        Oldest backup: 2013-07-30 15:01:23 +0000

                        Last backup: 2013-07-30 15:01:23 +0000

                        Size of backup disk: Too small

                                  Backup size 0 B < (Disk used 222.86 GB X 3)

              Time Machine details may not be accurate.

              All volumes being backed up may not be listed.

     

    Top Processes by CPU:

                  34%          backupd

                   2%          WindowServer

                   1%          Finder

                   1%          fontd

                   0%          RealPlayer Downloader Agent

     

    Top Processes by Memory:

              168 MB          Finder

              168 MB          com.apple.IconServicesAgent

              131 MB          mds_stores

              98 MB          Safari

              61 MB          WindowServer

     

    Virtual Memory Information:

              1.33 GB          Free RAM

              1.69 GB          Active RAM

              127 MB          Inactive RAM

              868 MB          Wired RAM

              399 MB          Page-ins

              0 B          Page-outs

  • by angloargie,

    angloargie angloargie May 5, 2014 11:51 PM in response to angloargie
    Level 1 (9 points)
    Desktops
    May 5, 2014 11:51 PM in response to angloargie

    well the adds seemed to have stopped but Trovi still seems appear as the search engine despite having either Google or yahoo as the default one.How can i get rid of that?

Page 1 of 3 last Next