Mohy El Din

Q: how can i know if there are viruses on my laptop and how can i clean them

how can i know if there are viruses on my laptop and how can i clean them?

MacBook Pro, OS X El Capitan (10.11), Viruses

Posted on May 11, 2016 3:20 PM

Close

Q: how can i know if there are viruses on my laptop and how can i clean them

  • All replies
  • Helpful answers

  • by stedman1,

    stedman1 stedman1 May 11, 2016 3:22 PM in response to Mohy El Din
    Level 9 (73,259 points)
    Apple Watch
    May 11, 2016 3:22 PM in response to Mohy El Din

    Please elaborate as to why you feel there is a virus on your computer.

  • by Mohy El Din,

    Mohy El Din Mohy El Din May 11, 2016 3:24 PM in response to stedman1
    Level 1 (8 points)
    Mac OS X
    May 11, 2016 3:24 PM in response to stedman1

    i have seen popups that there is a virus on my laptop and the laptop isn't fast for example when i want to open an application it would take so long

     

  • by stedman1,Helpful

    stedman1 stedman1 May 11, 2016 3:53 PM in response to Mohy El Din
    Level 9 (73,259 points)
    Apple Watch
    May 11, 2016 3:53 PM in response to Mohy El Din

    Please review the article below, download EtreCheck and post back with test results.

     

    Using EtreCheck

  • by Mohy El Din,

    Mohy El Din Mohy El Din May 11, 2016 3:46 PM in response to stedman1
    Level 1 (8 points)
    Mac OS X
    May 11, 2016 3:46 PM in response to stedman1

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-05-11 23:57:50

    Download EtreCheck from https://etrecheck.com

    Runtime 5:18

    Performance: Below Average

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Remove] links to remove adware.

     

    Problem: Computer is too slow

    Description:

    There may be a virus on my computer

     

    Hardware Information:

        MacBook Pro (13-inch, Mid 2012)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Pro - model: MacBookPro9,2

        1 2.5 GHz Intel Core i5 CPU: 2-core

        4 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                2 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                2 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en1: 802.11 a/b/g/n

        Battery: Health = Normal - Cycle count = 516

     

    Video Information:

        Intel HD Graphics 4000

            Color LCD 1280 x 800

     

    System Software:

        OS X El Capitan 10.11.4 (15E65) - Time since boot: less than an hour

     

    Disk Information:

        APPLE HDD HTS545050A7E362 disk0 : (500.11 GB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

            Macintosh HD (disk1) / : 498.88 GB (40.54 GB free)

                Encrypted AES-XTS Unlocked

                Core Storage: disk0s2 499.25 GB Online

     

        MATSHITADVD-R   UJ-8A8   ()

     

    USB Information:

        Apple Inc. FaceTime HD Camera (Built-in)

        Apple Inc. Apple Internal Keyboard / Trackpad

        Apple Computer, Inc. IR Receiver

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Configuration files:

        /etc/hosts - Count: 1

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Adware:

        /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client

        ~/Library/Application Support/Genieo

        ~/Library/Application Support/com.genieoinnovation.Installer

        ~/Library/Caches/com.apple.Safari/Extensions/Omnibar.safariextension

        ~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

        ~/Library/LaunchAgents/com.jdibackup.ZipCloud.backupstart.plist

        ~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist

        7 adware files found. [Remove]

     

    Kernel Extensions:

            /System/Library/Extensions

        [not loaded]    com.ZTE.driver.ZTEUSBCDCACMData (ZTEDriver_MacV1.3.35 - 2016-04-15) [Support]

        [not loaded]    com.ZTE.driver.ZTEUSBMassStorageFilter (ZTEDriver_MacV1.3.35 - 2016-04-15) [Support]

        [not loaded]    com.zte.driver.cdc_ecm_qmi (1.0.26 - 2016-04-15) [Support]

        [not loaded]    com.zte.driver.cdc_usb_bus (1.0.26 - 2016-04-15) [Support]

     

    Startup Items:

        HWNetMgr: Path: /Library/StartupItems/HWNetMgr

        HWPortDetect: Path: /Library/StartupItems/HWPortDetect

        Startup items are obsolete in OS X Yosemite

     

    System Launch Agents:

        [not loaded]    7 Apple tasks

        [loaded]    154 Apple tasks

        [running]    47 Apple tasks

        [killed]    30 Apple tasks

        30 processes killed due to insufficient RAM

     

    System Launch Daemons:

        [not loaded]    46 Apple tasks

        [loaded]    161 Apple tasks

        [running]    61 Apple tasks

        [killed]    21 Apple tasks

        21 processes killed due to insufficient RAM

     

    Launch Agents:

        [not loaded]    com.adobe.AAM.Updater-1.0.plist (2013-10-19) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.SwitchBoard.plist (2013-10-19) [Support]

        [loaded]    com.adobe.fpsaud.plist (2016-04-16) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2010-08-25) [Support]

     

    User Launch Agents:

        [loaded]    com.google.keystone.agent.plist (2016-03-01) [Support]

        [loaded]    com.jdibackup.ZipCloud.autostart.plist (2016-05-08) Adware!  [Remove]

        [loaded]    com.jdibackup.ZipCloud.backupstart.plist (2016-05-08) Adware!  [Remove]

        [failed]    com.jdibackup.ZipCloud.notify.plist (2016-05-08) Adware!  [Remove]

     

    User Login Items:

        iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        RealPlayer Downloader Agent    Application  (~/Library/Application Support/RealNetworks/RealPlayer Downloader Agent.app)

        Safari    Application  (/Applications/Safari.app)

     

    Other Apps:

        [loaded]    com.google.Chrome.57952

        [running]    com.pcv.hlpramc

        [running]    com.realnetworks.realplayerdownloaderagent.95072

        [loaded]    404 Apple tasks

        [running]    125 Apple tasks

        [killed]    54 Apple tasks

     

    Internet Plug-ins:

        FlashPlayer-10.6: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]

        QuickTime Plugin: 7.7.3 (2016-03-12)

        Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]

        AdobePDFViewer: 10.1.1 (2013-10-19) [Support]

        Default Browser: 601 - SDK 10.11 (2016-03-12)

        SharePointBrowserPlugin: 14.0.0 (2010-08-25) [Support]

        JavaAppletPlugin: 15.0.1 - SDK 10.7 (2014-11-28) Check version

     

    User internet Plug-ins:

        RealPlayer Plugin: Unknown (2015-08-17) [Support]

     

    Safari Extensions:

        AppaRajah - Aparajita Gillian - http://www.yahoo.com (2015-10-03)

        Omnibar (cache only) (2014-11-07) Adware!  [Remove]

     

    3rd Party Preference Panes:

        Flash Player (2016-04-16) [Support]

     

    Time Machine:

        Time Machine not configured!

     

    Top Processes by CPU:

            15%    Google Chrome Helper(36)

             5%    WindowServer

             3%    kernel_task

             1%    com.apple.WebKit.WebContent(8)

             1%    RealPlayer Downloader Agent

     

    Top Processes by Memory:

        2.51 GB    Google Chrome Helper(36)

        548 MB    kernel_task

        348 MB    com.apple.WebKit.WebContent(8)

        98 MB    Google Chrome

        78 MB    mdworker(5)

     

    Virtual Memory Information:

        27 MB    Free RAM

        3.97 GB    Used RAM (652 MB Cached)

        40 MB    Swap Used

     

    Diagnostics Information:

        May 11, 2016, 11:43:18 PM    /Library/Logs/DiagnosticReports/RealPlayer Downloader_2016-05-11-234318_[redacted].hang

            /Applications/RealPlayer.app/Contents/Resources/RealPlayer Downloader.app/Contents/MacOS/RealPlayer Downloader

        May 11, 2016, 11:19:25 PM    /Library/Logs/DiagnosticReports/Microsoft Excel_2016-05-11-231925_[redacted].hang

            /Applications/Microsoft Office 2011/Microsoft Excel.app/Contents/MacOS/Microsoft Excel

        May 11, 2016, 11:19:24 PM    /Library/Logs/DiagnosticReports/Microsoft Word_2016-05-11-231924_[redacted].hang

            /Applications/Microsoft Office 2011/Microsoft Word.app/Contents/MacOS/Microsoft Word

        May 11, 2016, 11:10:58 PM    Self test - passed

        May 10, 2016, 10:41:20 PM    /Library/Logs/DiagnosticReports/Microsoft Word_2016-05-10-224120_[redacted].cpu_resource.diag [Details]

     

  • by Old Toad,

    Old Toad Old Toad May 11, 2016 3:46 PM in response to Mohy El Din
    Level 10 (140,898 points)
    Photos for Mac
    May 11, 2016 3:46 PM in response to Mohy El Din

    Since there are no know viruses for Macs what you're seeing is more likely adware.  Those can be removed with Etrecheck.  If it finds them there should be a Remove button next to it in the report.

     

    A simple, quick and safe way to remove adware and malware is to download and use  Malwarebytes Anti-Malware for Macs. It's was developed by one of the most respected and top contributors in these forums and recommended by nearly all of the top contributors here.

     

    If you would prefer to do it manually follow these instructions from theSafeMac.com site (author of Malwarebytes): Adware Removal Guide

    OTsig.png

  • by Linc Davis,

    Linc Davis Linc Davis May 11, 2016 3:49 PM in response to Mohy El Din
    Level 10 (207,926 points)
    Applications
    May 11, 2016 3:49 PM in response to Mohy El Din

    You may have installed ad-injection malware ("adware").

    Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

    Back up all data first.

    If you're not already running the latest version of OS X, updating or upgrading in the App Store may cause the adware to be removed automatically. If you are already running the latest version, please log out or restart the computer. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

    If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

    If the malware is not removed automatically, see below.

    This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

    Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

    If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.

    Step 1

    Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

    If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

    There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

    Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

    Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

    Leave the folder open for now.

    Step 2

    Do as in Step 1 with this line:

    /Library/LaunchAgents

    The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

    Step 3

    Repeat with this line:

    /Library/LaunchDaemons

    This time the folder will be named "LaunchDaemons."

    Step 4

    Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

    Step 5

    If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

  • by Mohy El Din,

    Mohy El Din Mohy El Din May 11, 2016 4:02 PM in response to Linc Davis
    Level 1 (8 points)
    Mac OS X
    May 11, 2016 4:02 PM in response to Linc Davis

    Screen Shot 2016-05-12 at 12.15.01 AM.png

  • by Linc Davis,

    Linc Davis Linc Davis May 11, 2016 4:08 PM in response to Mohy El Din
    Level 10 (207,926 points)
    Applications
    May 11, 2016 4:08 PM in response to Mohy El Din

    Anything from the other steps?

  • by Mohy El Din,

    Mohy El Din Mohy El Din May 11, 2016 4:12 PM in response to Linc Davis
    Level 1 (8 points)
    Mac OS X
    May 11, 2016 4:12 PM in response to Linc Davis

    Screen Shot 2016-05-12 at 12.26.23 AM.pngScreen Shot 2016-05-12 at 12.26.44 AM.png

  • by pinkstones,

    pinkstones pinkstones May 11, 2016 4:28 PM in response to Mohy El Din
    Level 5 (4,209 points)
    Safari
    May 11, 2016 4:28 PM in response to Mohy El Din

    Mohy El Din wrote:

     

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-05-11 23:57:50

    Download EtreCheck from https://etrecheck.com

    Runtime 5:18

    Performance: Below Average

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Remove] links to remove adware.

     

    Problem: Computer is too slow

    Description:

    There may be a virus on my computer

     

    Hardware Information:

        MacBook Pro (13-inch, Mid 2012)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Pro - model: MacBookPro9,2

        1 2.5 GHz Intel Core i5 CPU: 2-core

        4 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                2 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                2 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en1: 802.11 a/b/g/n

        Battery: Health = Normal - Cycle count = 516

     

    Video Information:

        Intel HD Graphics 4000

            Color LCD 1280 x 800

     

    System Software:

        OS X El Capitan 10.11.4 (15E65) - Time since boot: less than an hour

     

    Disk Information:

        APPLE HDD HTS545050A7E362 disk0 : (500.11 GB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

            Macintosh HD (disk1) / : 498.88 GB (40.54 GB free)

                Encrypted AES-XTS Unlocked

                Core Storage: disk0s2 499.25 GB Online

     

        MATSHITADVD-R   UJ-8A8   ()

     

    USB Information:

        Apple Inc. FaceTime HD Camera (Built-in)

        Apple Inc. Apple Internal Keyboard / Trackpad

        Apple Computer, Inc. IR Receiver

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Configuration files:

        /etc/hosts - Count: 1

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Adware:

        /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client

        ~/Library/Application Support/Genieo

        ~/Library/Application Support/com.genieoinnovation.Installer

        ~/Library/Caches/com.apple.Safari/Extensions/Omnibar.safariextension

        ~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

        ~/Library/LaunchAgents/com.jdibackup.ZipCloud.backupstart.plist

        ~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist

        7 adware files found. [Remove]

     

    Kernel Extensions:

            /System/Library/Extensions

        [not loaded]    com.ZTE.driver.ZTEUSBCDCACMData (ZTEDriver_MacV1.3.35 - 2016-04-15) [Support]

        [not loaded]    com.ZTE.driver.ZTEUSBMassStorageFilter (ZTEDriver_MacV1.3.35 - 2016-04-15) [Support]

        [not loaded]    com.zte.driver.cdc_ecm_qmi (1.0.26 - 2016-04-15) [Support]

        [not loaded]    com.zte.driver.cdc_usb_bus (1.0.26 - 2016-04-15) [Support]

     

    Startup Items:

        HWNetMgr: Path: /Library/StartupItems/HWNetMgr

        HWPortDetect: Path: /Library/StartupItems/HWPortDetect

        Startup items are obsolete in OS X Yosemite

     

    System Launch Agents:

        [not loaded]    7 Apple tasks

        [loaded]    154 Apple tasks

        [running]    47 Apple tasks

        [killed]    30 Apple tasks

        30 processes killed due to insufficient RAM

     

    System Launch Daemons:

        [not loaded]    46 Apple tasks

        [loaded]    161 Apple tasks

        [running]    61 Apple tasks

        [killed]    21 Apple tasks

        21 processes killed due to insufficient RAM

     

    Launch Agents:

        [not loaded]    com.adobe.AAM.Updater-1.0.plist (2013-10-19) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.SwitchBoard.plist (2013-10-19) [Support]

        [loaded]    com.adobe.fpsaud.plist (2016-04-16) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2010-08-25) [Support]

     

    User Launch Agents:

        [loaded]    com.google.keystone.agent.plist (2016-03-01) [Support]

        [loaded]    com.jdibackup.ZipCloud.autostart.plist (2016-05-08) Adware!  [Remove]

        [loaded]    com.jdibackup.ZipCloud.backupstart.plist (2016-05-08) Adware!  [Remove]

        [failed]    com.jdibackup.ZipCloud.notify.plist (2016-05-08) Adware!  [Remove]

     

    User Login Items:

        iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        Genieo    Application  (/Incompatible Software/Genieo.app)

        RealPlayer Downloader Agent    Application  (~/Library/Application Support/RealNetworks/RealPlayer Downloader Agent.app)

        Safari    Application  (/Applications/Safari.app)

     

    Other Apps:

        [loaded]    com.google.Chrome.57952

        [running]    com.pcv.hlpramc

        [running]    com.realnetworks.realplayerdownloaderagent.95072

        [loaded]    404 Apple tasks

        [running]    125 Apple tasks

        [killed]    54 Apple tasks

     

    Internet Plug-ins:

        FlashPlayer-10.6: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]

        QuickTime Plugin: 7.7.3 (2016-03-12)

        Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-21) [Support]

        AdobePDFViewer: 10.1.1 (2013-10-19) [Support]

        Default Browser: 601 - SDK 10.11 (2016-03-12)

        SharePointBrowserPlugin: 14.0.0 (2010-08-25) [Support]

        JavaAppletPlugin: 15.0.1 - SDK 10.7 (2014-11-28) Check version

     

    User internet Plug-ins:

        RealPlayer Plugin: Unknown (2015-08-17) [Support]

     

    Safari Extensions:

        AppaRajah - Aparajita Gillian - http://www.yahoo.com (2015-10-03)

        Omnibar (cache only) (2014-11-07) Adware!  [Remove]

     

    3rd Party Preference Panes:

        Flash Player (2016-04-16) [Support]

     

    Time Machine:

        Time Machine not configured!

     

    Top Processes by CPU:

            15%    Google Chrome Helper(36)

             5%    WindowServer

             3%    kernel_task

             1%    com.apple.WebKit.WebContent(8)

             1%    RealPlayer Downloader Agent

     

    Top Processes by Memory:

        2.51 GB    Google Chrome Helper(36)

        548 MB    kernel_task

        348 MB    com.apple.WebKit.WebContent(8)

        98 MB    Google Chrome

        78 MB    mdworker(5)

     

    Virtual Memory Information:

        27 MB    Free RAM

        3.97 GB    Used RAM (652 MB Cached)

        40 MB    Swap Used

     

    Diagnostics Information:

        May 11, 2016, 11:43:18 PM    /Library/Logs/DiagnosticReports/RealPlayer Downloader_2016-05-11-234318_[redacted].hang

            /Applications/RealPlayer.app/Contents/Resources/RealPlayer Downloader.app/Contents/MacOS/RealPlayer Downloader

        May 11, 2016, 11:19:25 PM    /Library/Logs/DiagnosticReports/Microsoft Excel_2016-05-11-231925_[redacted].hang

            /Applications/Microsoft Office 2011/Microsoft Excel.app/Contents/MacOS/Microsoft Excel

        May 11, 2016, 11:19:24 PM    /Library/Logs/DiagnosticReports/Microsoft Word_2016-05-11-231924_[redacted].hang

            /Applications/Microsoft Office 2011/Microsoft Word.app/Contents/MacOS/Microsoft Word

        May 11, 2016, 11:10:58 PM    Self test - passed

        May 10, 2016, 10:41:20 PM    /Library/Logs/DiagnosticReports/Microsoft Word_2016-05-10-224120_[redacted].cpu_resource.diag [Details]

     

     

    Your system is absolutely loaded with malware.  The top ways a computer gets bogged down with malware are downloading through torrents and using aggregate download sites.  From now on, when you want to or need to download something, get it from either the Mac App Store or the developer's own website.  If it's not available in those two places, then go without it.  To remove the malware from your system, you have three options:

     

    • Download Malwarebytes' Anti-Malware for Mac.  It was developed by a trusted and respected contributor here.  It's a simple, non- intrusive program that deletes known malware/adware from your hard drive.  That's all it does.  It doesn't add anything and it doesn't take away anything else.
    • Use EtreCheck itself to remove it
    • Follow the directions in this Apple support article to remove it manually --> http://support.apple.com/en-us/HT203987
  • by Linc Davis,Helpful

    Linc Davis Linc Davis May 11, 2016 4:44 PM in response to Mohy El Din
    Level 10 (207,926 points)
    Applications
    May 11, 2016 4:44 PM in response to Mohy El Din

    Please back up all data, then delete the files with "ZipCloud" in the name from the folder in the first screenshot. Log out or restart the computer. That's all you need to do, contrary to what others may tell you. There is no other active malware.

     

    There is also no reason to let any kind of software remove files automatically, and you should not do that.