Q: Removing a suspicious service

It seems to be a VPN client of some kind.

Any third-party software that doesn't install from the App Store or by drag-and-drop into the Applications folder, and uninstall by drag-and-drop to the Trash, is a system modification.

Whenever you remove system modifications, they must be removed completely, and the only way to do that is to use the uninstallation tool, if any, provided by the developers, or to follow their instructions. If the software has been incompletely removed, you may have to re-download or even reinstall it in order to finish the job.

I never install system modifications myself, and except as stated in this comment, I don't know how to uninstall them. You'll have to do your own research to find that information.

Here are some general guidelines to get you started. Suppose you want to remove something called “BrickMyMac” (a hypothetical example.) First, consult the product's Help menu, if there is one, for instructions. Finding none there, look on the developer's website, say www.brickmymac.com. (That may not be the actual name of the site; if necessary, search the Web for the product name.) If you don’t find anything on the website or in your search, contact the developer. While you're waiting for a response, download BrickMyMac.dmg and open it. There may be an application in there such as “Uninstall BrickMyMac.” If not, open “BrickMyMac.pkg” and look for an Uninstall button. The uninstaller might also be accessed by clicking the Customize button, if there is one.

Back up all data before making any changes.

You will generally have to restart the computer in order to complete an uninstallation. Until you do that, there may be no effect, or unpredictable effects.

If you can’t remove software in any other way, you’ll have to erase and install OS X. Never install any third-party software unless you're sure you know how to uninstall it; otherwise you may create problems that are very hard to solve.

Trying to remove complex system modifications by hunting for files by name often will not work and may make the problem worse. The same goes for "utilities" such as "AppCleaner" and the like that purport to remove software.

What you have is not on any Apple website. The iOS version is in the iTunes App Store. It can be removed in the same way as any other iOS app. As for OS X system modifications, as I wrote above, I don't know how to uninstall them. Apple Support wouldn't know either. Reinstalling the OS in place won't remove them. If all else fails, you would have to follow the instructions I linked above to do a clean reinstallation, and then restore everything except the unwanted software. That's why you should never install any software unless you're absolutely sure you know how to remove it.

But Apple also holds some responsibility here.  Keeping a program on it's website may not legally constitute an endorsement (I'm sure it's in the EULA), but that is how most interpret it.  And keeping a product which has a one star rating is irresponsible.  At the least, they should remove it and they should have a manual somewhere to delete traces of applications that hang around.

Programs from the App Store cannot install code or resources into shared locations. They must be self-contained. Also, if they ask you to install additional code after install from App Store are prohibited.

The App Store version of HideMe VPN does not install anything into /usr/local/bin as it cannot exist in the App Store if it did.

The HideMe VPN Pro that you can download separately from the App Store will install that service.

I don't know if they have an uninstaller, but here is what and where it installs:

It's quite simple. The version in the App Store is - or at least should be - harmless and easy to remove. The 'Pro' version you seem to have obtained can do or contain anything, including installing things that can royally mess up your Mac.

Third party applications are allowed to write to the /usr/local folder.  Even with SIP enabled on El Capitan, an app from the App Store can write to /usr/local.

About System Integrity Protection on your Mac - Apple Support

chroot wrote:

 

Third party applications are allowed to write to the /usr/local folder.  Even with SIP enabled on El Capitan, an app from the App Store can write to /usr/local.

That is irrelevant to this discussion.

Perhaps an article that said, is where you may find malware and this is how to remove it.  I cannot say for sure all that this program has done, but it showed up thousands of time per day in error logs.

I don't believe it is malware. It looks like a legitimate VPN program based on its installations. The fact that it repeats in the logs doesn't make it malware, just likely incompatible with El Capitan.

Barney, can you explain the following:

 

The App Store version of HideMe VPN does not install anything into /usr/local/bin as it cannot exist in the App Store if it did.

The HideMe VPN Pro that you can download separately from the App Store will install that service.

An App Store app must be self-contained and not install anything besides the Application bundle which goes into Applications. It is also cannot ask you to install additional code on first-run. If it did either of those things, it would be removed from the App Store. The App Store version could not of installed anything into /usr/local at all because that is prohibited by the App Store.

The HideMe VPN Pro app does install into /usr/local/bin, among other things. I posted a screen shot of where it installs all of its support files so you can remove them all, if you desire.