-
All replies
-
Helpful answers
-
May 11, 2016 3:22 PM in response to Mohy El Dinby stedman1,Please elaborate as to why you feel there is a virus on your computer.
-
May 11, 2016 3:24 PM in response to stedman1by Mohy El Din,i have seen popups that there is a virus on my laptop and the laptop isn't fast for example when i want to open an application it would take so long
-
May 11, 2016 3:53 PM in response to Mohy El Dinby stedman1,★HelpfulPlease review the article below, download EtreCheck and post back with test results.
-
May 11, 2016 3:46 PM in response to stedman1by Mohy El Din,EtreCheck version: 2.9.12 (265)
Report generated 2016-05-11 23:57:50
Download EtreCheck from https://etrecheck.com
Runtime 5:18
Performance: Below Average
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Remove] links to remove adware.
Problem: Computer is too slow
Description:
There may be a virus on my computer
MacBook Pro (13-inch, Mid 2012)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro9,2
1 2.5 GHz Intel Core i5 CPU: 2-core
4 GB RAM Upgradeable - [Instructions]
BANK 0/DIMM0
2 GB DDR3 1600 MHz ok
BANK 1/DIMM0
2 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n
Battery: Health = Normal - Cycle count = 516
Intel HD Graphics 4000
Color LCD 1280 x 800
OS X El Capitan 10.11.4 (15E65) - Time since boot: less than an hour
APPLE HDD HTS545050A7E362 disk0 : (500.11 GB) (Rotational)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / : 498.88 GB (40.54 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 499.25 GB Online
MATSHITADVD-R UJ-8A8 ()
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Computer, Inc. IR Receiver
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. thunderbolt_bus
/etc/hosts - Count: 1
Mac App Store and identified developers
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
~/Library/Application Support/Genieo
~/Library/Application Support/com.genieoinnovation.Installer
~/Library/Caches/com.apple.Safari/Extensions/Omnibar.safariextension
~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
~/Library/LaunchAgents/com.jdibackup.ZipCloud.backupstart.plist
~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist
7 adware files found. [Remove]
/System/Library/Extensions
[not loaded] com.ZTE.driver.ZTEUSBCDCACMData (ZTEDriver_MacV1.3.35 - 2016-04-15) [Support]
[not loaded] com.ZTE.driver.ZTEUSBMassStorageFilter (ZTEDriver_MacV1.3.35 - 2016-04-15) [Support]
[not loaded] com.zte.driver.cdc_ecm_qmi (1.0.26 - 2016-04-15) [Support]
[not loaded] com.zte.driver.cdc_usb_bus (1.0.26 - 2016-04-15) [Support]
HWNetMgr: Path: /Library/StartupItems/HWNetMgr
HWPortDetect: Path: /Library/StartupItems/HWPortDetect
Startup items are obsolete in OS X Yosemite
[not loaded] 7 Apple tasks
[loaded] 154 Apple tasks
[running] 47 Apple tasks
[killed] 30 Apple tasks
30 processes killed due to insufficient RAM
[not loaded] 46 Apple tasks
[loaded] 161 Apple tasks
[running] 61 Apple tasks
[killed] 21 Apple tasks
21 processes killed due to insufficient RAM
[not loaded] com.adobe.AAM.Updater-1.0.plist (2013-10-19) [Support]
[loaded] com.adobe.SwitchBoard.plist (2013-10-19) [Support]
[loaded] com.adobe.fpsaud.plist (2016-04-16) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2010-08-25) [Support]
[loaded] com.google.keystone.agent.plist (2016-03-01) [Support]
[loaded] com.jdibackup.ZipCloud.autostart.plist (2016-05-08) Adware! [Remove]
[loaded] com.jdibackup.ZipCloud.backupstart.plist (2016-05-08) Adware! [Remove]
[failed] com.jdibackup.ZipCloud.notify.plist (2016-05-08) Adware! [Remove]
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Genieo Application (/Incompatible Software/Genieo.app)
Genieo Application (/Incompatible Software/Genieo.app)
Genieo Application (/Incompatible Software/Genieo.app)
Genieo Application (/Incompatible Software/Genieo.app)
Genieo Application (/Incompatible Software/Genieo.app)
RealPlayer Downloader Agent Application (~/Library/Application Support/RealNetworks/RealPlayer Downloader Agent.app)
Safari Application (/Applications/Safari.app)
[loaded] com.google.Chrome.57952
[running] com.pcv.hlpramc
[running] com.realnetworks.realplayerdownloaderagent.95072
[loaded] 404 Apple tasks
[running] 125 Apple tasks
[killed] 54 Apple tasks
FlashPlayer-10.6: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]
QuickTime Plugin: 7.7.3 (2016-03-12)
Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]
AdobePDFViewer: 10.1.1 (2013-10-19) [Support]
Default Browser: 601 - SDK 10.11 (2016-03-12)
SharePointBrowserPlugin: 14.0.0 (2010-08-25) [Support]
JavaAppletPlugin: 15.0.1 - SDK 10.7 (2014-11-28) Check version
RealPlayer Plugin: Unknown (2015-08-17) [Support]
AppaRajah - Aparajita Gillian - http://www.yahoo.com (2015-10-03)
Omnibar (cache only) (2014-11-07) Adware! [Remove]
Flash Player (2016-04-16) [Support]
Time Machine not configured!
15% Google Chrome Helper(36)
5% WindowServer
3% kernel_task
1% com.apple.WebKit.WebContent(8)
1% RealPlayer Downloader Agent
2.51 GB Google Chrome Helper(36)
548 MB kernel_task
348 MB com.apple.WebKit.WebContent(8)
98 MB Google Chrome
78 MB mdworker(5)
27 MB Free RAM
3.97 GB Used RAM (652 MB Cached)
40 MB Swap Used
May 11, 2016, 11:43:18 PM /Library/Logs/DiagnosticReports/RealPlayer Downloader_2016-05-11-234318_[redacted].hang
/Applications/RealPlayer.app/Contents/Resources/RealPlayer Downloader.app/Contents/MacOS/RealPlayer Downloader
May 11, 2016, 11:19:25 PM /Library/Logs/DiagnosticReports/Microsoft Excel_2016-05-11-231925_[redacted].hang
/Applications/Microsoft Office 2011/Microsoft Excel.app/Contents/MacOS/Microsoft Excel
May 11, 2016, 11:19:24 PM /Library/Logs/DiagnosticReports/Microsoft Word_2016-05-11-231924_[redacted].hang
/Applications/Microsoft Office 2011/Microsoft Word.app/Contents/MacOS/Microsoft Word
May 11, 2016, 11:10:58 PM Self test - passed
May 10, 2016, 10:41:20 PM /Library/Logs/DiagnosticReports/Microsoft Word_2016-05-10-224120_[redacted].cpu_resource.diag [Details]
-
May 11, 2016 3:46 PM in response to Mohy El Dinby Old Toad,Since there are no know viruses for Macs what you're seeing is more likely adware. Those can be removed with Etrecheck. If it finds them there should be a Remove button next to it in the report.
A simple, quick and safe way to remove adware and malware is to download and use Malwarebytes Anti-Malware for Macs. It's was developed by one of the most respected and top contributors in these forums and recommended by nearly all of the top contributors here.
If you would prefer to do it manually follow these instructions from theSafeMac.com site (author of Malwarebytes): Adware Removal Guide
-
May 11, 2016 3:49 PM in response to Mohy El Dinby Linc Davis,You may have installed ad-injection malware ("adware").
Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.
Back up all data first.
If you're not already running the latest version of OS X, updating or upgrading in the App Store may cause the adware to be removed automatically. If you are already running the latest version, please log out or restart the computer. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.
If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.
If the malware is not removed automatically, see below.
This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.
Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.
If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.
Step 1
Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.
If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.
There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.
Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.
Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.
Leave the folder open for now.
Step 2
Do as in Step 1 with this line:
/Library/LaunchAgents
The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.
Step 3
Repeat with this line:
/Library/LaunchDaemons
This time the folder will be named "LaunchDaemons."
Step 4
Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.
Step 5
If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.
-
-
-
-
May 11, 2016 4:28 PM in response to Mohy El Dinby pinkstones,Mohy El Din wrote:
EtreCheck version: 2.9.12 (265)
Report generated 2016-05-11 23:57:50
Download EtreCheck from https://etrecheck.com
Runtime 5:18
Performance: Below Average
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Remove] links to remove adware.
Problem: Computer is too slow
Description:
There may be a virus on my computer
MacBook Pro (13-inch, Mid 2012)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro9,2
1 2.5 GHz Intel Core i5 CPU: 2-core
4 GB RAM Upgradeable - [Instructions]
BANK 0/DIMM0
2 GB DDR3 1600 MHz ok
BANK 1/DIMM0
2 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n
Battery: Health = Normal - Cycle count = 516
Intel HD Graphics 4000
Color LCD 1280 x 800
OS X El Capitan 10.11.4 (15E65) - Time since boot: less than an hour
APPLE HDD HTS545050A7E362 disk0 : (500.11 GB) (Rotational)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / : 498.88 GB (40.54 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 499.25 GB Online
MATSHITADVD-R UJ-8A8 ()
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Computer, Inc. IR Receiver
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. thunderbolt_bus
/etc/hosts - Count: 1
Mac App Store and identified developers
/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
~/Library/Application Support/Genieo
~/Library/Application Support/com.genieoinnovation.Installer
~/Library/Caches/com.apple.Safari/Extensions/Omnibar.safariextension
~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
~/Library/LaunchAgents/com.jdibackup.ZipCloud.backupstart.plist
~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist
7 adware files found. [Remove]
/System/Library/Extensions
[not loaded] com.ZTE.driver.ZTEUSBCDCACMData (ZTEDriver_MacV1.3.35 - 2016-04-15) [Support]
[not loaded] com.ZTE.driver.ZTEUSBMassStorageFilter (ZTEDriver_MacV1.3.35 - 2016-04-15) [Support]
[not loaded] com.zte.driver.cdc_ecm_qmi (1.0.26 - 2016-04-15) [Support]
[not loaded] com.zte.driver.cdc_usb_bus (1.0.26 - 2016-04-15) [Support]
HWNetMgr: Path: /Library/StartupItems/HWNetMgr
HWPortDetect: Path: /Library/StartupItems/HWPortDetect
Startup items are obsolete in OS X Yosemite
[not loaded] 7 Apple tasks
[loaded] 154 Apple tasks
[running] 47 Apple tasks
[killed] 30 Apple tasks
30 processes killed due to insufficient RAM
[not loaded] 46 Apple tasks
[loaded] 161 Apple tasks
[running] 61 Apple tasks
[killed] 21 Apple tasks
21 processes killed due to insufficient RAM
[not loaded] com.adobe.AAM.Updater-1.0.plist (2013-10-19) [Support]
[loaded] com.adobe.SwitchBoard.plist (2013-10-19) [Support]
[loaded] com.adobe.fpsaud.plist (2016-04-16) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2010-08-25) [Support]
[loaded] com.google.keystone.agent.plist (2016-03-01) [Support]
[loaded] com.jdibackup.ZipCloud.autostart.plist (2016-05-08) Adware! [Remove]
[loaded] com.jdibackup.ZipCloud.backupstart.plist (2016-05-08) Adware! [Remove]
[failed] com.jdibackup.ZipCloud.notify.plist (2016-05-08) Adware! [Remove]
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Genieo Application (/Incompatible Software/Genieo.app)
Genieo Application (/Incompatible Software/Genieo.app)
Genieo Application (/Incompatible Software/Genieo.app)
Genieo Application (/Incompatible Software/Genieo.app)
Genieo Application (/Incompatible Software/Genieo.app)
RealPlayer Downloader Agent Application (~/Library/Application Support/RealNetworks/RealPlayer Downloader Agent.app)
Safari Application (/Applications/Safari.app)
[loaded] com.google.Chrome.57952
[running] com.pcv.hlpramc
[running] com.realnetworks.realplayerdownloaderagent.95072
[loaded] 404 Apple tasks
[running] 125 Apple tasks
[killed] 54 Apple tasks
FlashPlayer-10.6: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]
QuickTime Plugin: 7.7.3 (2016-03-12)
Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]
AdobePDFViewer: 10.1.1 (2013-10-19) [Support]
Default Browser: 601 - SDK 10.11 (2016-03-12)
SharePointBrowserPlugin: 14.0.0 (2010-08-25) [Support]
JavaAppletPlugin: 15.0.1 - SDK 10.7 (2014-11-28) Check version
RealPlayer Plugin: Unknown (2015-08-17) [Support]
AppaRajah - Aparajita Gillian - http://www.yahoo.com (2015-10-03)
Omnibar (cache only) (2014-11-07) Adware! [Remove]
Flash Player (2016-04-16) [Support]
Time Machine not configured!
15% Google Chrome Helper(36)
5% WindowServer
3% kernel_task
1% com.apple.WebKit.WebContent(8)
1% RealPlayer Downloader Agent
2.51 GB Google Chrome Helper(36)
548 MB kernel_task
348 MB com.apple.WebKit.WebContent(8)
98 MB Google Chrome
78 MB mdworker(5)
27 MB Free RAM
3.97 GB Used RAM (652 MB Cached)
40 MB Swap Used
May 11, 2016, 11:43:18 PM /Library/Logs/DiagnosticReports/RealPlayer Downloader_2016-05-11-234318_[redacted].hang
/Applications/RealPlayer.app/Contents/Resources/RealPlayer Downloader.app/Contents/MacOS/RealPlayer Downloader
May 11, 2016, 11:19:25 PM /Library/Logs/DiagnosticReports/Microsoft Excel_2016-05-11-231925_[redacted].hang
/Applications/Microsoft Office 2011/Microsoft Excel.app/Contents/MacOS/Microsoft Excel
May 11, 2016, 11:19:24 PM /Library/Logs/DiagnosticReports/Microsoft Word_2016-05-11-231924_[redacted].hang
/Applications/Microsoft Office 2011/Microsoft Word.app/Contents/MacOS/Microsoft Word
May 11, 2016, 11:10:58 PM Self test - passed
May 10, 2016, 10:41:20 PM /Library/Logs/DiagnosticReports/Microsoft Word_2016-05-10-224120_[redacted].cpu_resource.diag [Details]
Your system is absolutely loaded with malware. The top ways a computer gets bogged down with malware are downloading through torrents and using aggregate download sites. From now on, when you want to or need to download something, get it from either the Mac App Store or the developer's own website. If it's not available in those two places, then go without it. To remove the malware from your system, you have three options:
- Download Malwarebytes' Anti-Malware for Mac. It was developed by a trusted and respected contributor here. It's a simple, non- intrusive program that deletes known malware/adware from your hard drive. That's all it does. It doesn't add anything and it doesn't take away anything else.
- Use EtreCheck itself to remove it
- Follow the directions in this Apple support article to remove it manually --> http://support.apple.com/en-us/HT203987
-
May 11, 2016 4:44 PM in response to Mohy El Dinby Linc Davis,★HelpfulPlease back up all data, then delete the files with "ZipCloud" in the name from the folder in the first screenshot. Log out or restart the computer. That's all you need to do, contrary to what others may tell you. There is no other active malware.
There is also no reason to let any kind of software remove files automatically, and you should not do that.


