Rick's Escaping NJ

Q: Removing a suspicious service

I have dozens of folders and startup files and logs that refer to hideme.  There are several lines in my startup and I cannot disable them.  Logs in the library refer to it.  For example, in system diagnostic reports I see:

 

Process:               HideMeService [74]

Path:                  /usr/local/bin/HideMeService

Identifier:            HideMeService

Responsible:           HideMeService [74]

    __TEXT                 0000000103b93000-0000000103b97000 [   16K] r-x/rwx SM=COW  /usr/local/bin/HideMeService

1   HideMeService                 0x0000000103b95c4c UpdateDns + 92

2   HideMeService                 0x0000000103b96838 main + 136

       0x103b93000 -        0x103b96fff +HideMeService (0) <E7924F66-A2A1-312E-B87B-9667EF795C1B> /usr/local/bin/HideMeService

 

The company pretends they have nothing to do with this and merely tell you to move the app to trash.

 

In system log queries, I see dozens of these:

 

com.apple.xpc.launchd:

(io.hideme.mac[74]) Service exited due to signal: Segmentation fault: 11

 

I have reinstalled the operating system.

 

There are dozens and dozens of references to this in logs, all of which have errors.   I have had slow responses and other weird things. 

 

 

What is this?  SHould I clean this up?  HOW do I do that?

MacBook Pro, OS X Yosemite (10.10.5), late 2011 13 inch

Posted on Dec 16, 2015 8:06 PM

Close

Q: Removing a suspicious service

  • All replies
  • Helpful answers

  • by Linc Davis,

    Linc Davis Linc Davis Dec 16, 2015 8:40 PM in response to Rick's Escaping NJ
    Level 10 (208,037 points)
    Applications
    Dec 16, 2015 8:40 PM in response to Rick's Escaping NJ

    It seems to be a VPN client of some kind.

    Any third-party software that doesn't install from the App Store or by drag-and-drop into the Applications folder, and uninstall by drag-and-drop to the Trash, is a system modification.

    Whenever you remove system modifications, they must be removed completely, and the only way to do that is to use the uninstallation tool, if any, provided by the developers, or to follow their instructions. If the software has been incompletely removed, you may have to re-download or even reinstall it in order to finish the job.

    I never install system modifications myself, and except as stated in this comment, I don't know how to uninstall them. You'll have to do your own research to find that information.

    Here are some general guidelines to get you started. Suppose you want to remove something called “BrickMyMac” (a hypothetical example.) First, consult the product's Help menu, if there is one, for instructions. Finding none there, look on the developer's website, say www.brickmymac.com. (That may not be the actual name of the site; if necessary, search the Web for the product name.) If you don’t find anything on the website or in your search, contact the developer. While you're waiting for a response, download BrickMyMac.dmg and open it. There may be an application in there such as “Uninstall BrickMyMac.” If not, open “BrickMyMac.pkg” and look for an Uninstall button. The uninstaller might also be accessed by clicking the Customize button, if there is one.

    Back up all data before making any changes.

    You will generally have to restart the computer in order to complete an uninstallation. Until you do that, there may be no effect, or unpredictable effects.

    If you can’t remove software in any other way, you’ll have to erase and install OS X. Never install any third-party software unless you're sure you know how to uninstall it; otherwise you may create problems that are very hard to solve.

    Trying to remove complex system modifications by hunting for files by name often will not work and may make the problem worse. The same goes for "utilities" such as "AppCleaner" and the like that purport to remove software.

  • by Rick's Escaping NJ,

    Rick's Escaping NJ Rick's Escaping NJ Dec 16, 2015 9:33 PM in response to Linc Davis
    Level 1 (8 points)
    Apple TV
    Dec 16, 2015 9:33 PM in response to Linc Davis

    Linc,

     

    First, thank you.  You provided valuable advice.


    I have already done the above.


    1. I did remove it some months back by moving the App to the trash.  There was no de-install program.
    2. The company that makes this only says to move the app to the trash (after almost an hour of trying me to give up personal data).  There is no support manual or any documentation.  (FYI it's available on iTunes and the Apple Store.)
    3. I reinstalled El Capitan yesterday (using Command R).  The situation has not changed.


         What's next?  The company is not going to help.  I felt they were going to ask me for a credit card to de-install.  By the way their home page is filled with FAQs.  All the FAQs deal with improper charges to the person's credit card or improper debits to bank account.  There isn't even any technical information.  What does that say?


         But Apple also holds some responsibility here.  Keeping a program on it's website may not legally constitute an endorsement (I'm sure it's in the EULA), but that is how most interpret it.  And keeping a product which has a one star rating is irresponsible.  At the least, they should remove it and they should have a manual somewhere to delete traces of applications that hang around.

     

         Oh, by the way, I noticed that hideme was also on my iphone.  I deleted it.  I was wondering if somehow if the phone somehow sent this to the computer via itunes or backup?

     

    I tried to get through to Apple Support on the follow up to my reinstall of El Capitan but no luck tonight.

     

    Thanks again,

  • by Linc Davis,

    Linc Davis Linc Davis Dec 16, 2015 9:56 PM in response to Rick's Escaping NJ
    Level 10 (208,037 points)
    Applications
    Dec 16, 2015 9:56 PM in response to Rick's Escaping NJ

    What you have is not on any Apple website. The iOS version is in the iTunes App Store. It can be removed in the same way as any other iOS app. As for OS X system modifications, as I wrote above, I don't know how to uninstall them. Apple Support wouldn't know either. Reinstalling the OS in place won't remove them. If all else fails, you would have to follow the instructions I linked above to do a clean reinstallation, and then restore everything except the unwanted software. That's why you should never install any software unless you're absolutely sure you know how to remove it.

  • by Barney-15E,

    Barney-15E Barney-15E Dec 17, 2015 5:49 AM in response to Rick's Escaping NJ
    Level 9 (50,757 points)
    Mac OS X
    Dec 17, 2015 5:49 AM in response to Rick's Escaping NJ

    But Apple also holds some responsibility here.  Keeping a program on it's website may not legally constitute an endorsement (I'm sure it's in the EULA), but that is how most interpret it.  And keeping a product which has a one star rating is irresponsible.  At the least, they should remove it and they should have a manual somewhere to delete traces of applications that hang around.

    Programs from the App Store cannot install code or resources into shared locations. They must be self-contained. Also, if they ask you to install additional code after install from App Store are prohibited.

     

    The App Store version of HideMe VPN does not install anything into /usr/local/bin as it cannot exist in the App Store if it did.

    The HideMe VPN Pro that you can download separately from the App Store will install that service.

     

    I don't know if they have an uninstaller, but here is what and where it installs:

    HideMe VPN.png

  • by Rick's Escaping NJ,

    Rick's Escaping NJ Rick's Escaping NJ Dec 25, 2015 12:33 AM in response to Barney-15E
    Level 1 (8 points)
    Apple TV
    Dec 25, 2015 12:33 AM in response to Barney-15E

    Barney and Linc,

     

    Thank you both. I only wish this information was available from Apple.  Perhaps an article that said, is where you may find malware and this is how to remove it.  I cannot say for sure all that this program has done, but it showed up thousands of time per day in error logs.

     

    Barney, can you explain the following:

     

    The App Store version of HideMe VPN does not install anything into /usr/local/bin as it cannot exist in the App Store if it did.

    The HideMe VPN Pro that you can download separately from the App Store will install that service.

  • by Esquared,

    Esquared Esquared Dec 25, 2015 12:49 AM in response to Rick's Escaping NJ
    Level 6 (8,518 points)
    Mac OS X
    Dec 25, 2015 12:49 AM in response to Rick's Escaping NJ

    It's quite simple. The version in the App Store is - or at least should be - harmless and easy to remove. The 'Pro' version you seem to have obtained can do or contain anything, including installing things that can royally mess up your Mac.

  • by chroot,

    chroot chroot Dec 25, 2015 1:35 AM in response to Barney-15E
    Level 4 (1,099 points)
    Dec 25, 2015 1:35 AM in response to Barney-15E

    Third party applications are allowed to write to the /usr/local folder.  Even with SIP enabled on El Capitan, an app from the App Store can write to /usr/local.

     

    About System Integrity Protection on your Mac - Apple Support

  • by Barney-15E,

    Barney-15E Barney-15E Dec 25, 2015 6:22 AM in response to chroot
    Level 9 (50,757 points)
    Mac OS X
    Dec 25, 2015 6:22 AM in response to chroot

    chroot wrote:

     

    Third party applications are allowed to write to the /usr/local folder.  Even with SIP enabled on El Capitan, an app from the App Store can write to /usr/local.

    That is irrelevant to this discussion.

  • by Barney-15E,

    Barney-15E Barney-15E Dec 25, 2015 6:28 AM in response to Rick's Escaping NJ
    Level 9 (50,757 points)
    Mac OS X
    Dec 25, 2015 6:28 AM in response to Rick's Escaping NJ
    Perhaps an article that said, is where you may find malware and this is how to remove it.  I cannot say for sure all that this program has done, but it showed up thousands of time per day in error logs.

    I don't believe it is malware. It looks like a legitimate VPN program based on its installations. The fact that it repeats in the logs doesn't make it malware, just likely incompatible with El Capitan.

    Barney, can you explain the following:

     

    The App Store version of HideMe VPN does not install anything into /usr/local/bin as it cannot exist in the App Store if it did.

    The HideMe VPN Pro that you can download separately from the App Store will install that service.

    An App Store app must be self-contained and not install anything besides the Application bundle which goes into Applications. It is also cannot ask you to install additional code on first-run. If it did either of those things, it would be removed from the App Store. The App Store version could not of installed anything into /usr/local at all because that is prohibited by the App Store.

     

    The HideMe VPN Pro app does install into /usr/local/bin, among other things. I posted a screen shot of where it installs all of its support files so you can remove them all, if you desire.