emerich_TO

Q: Strange popup window in OS 10.11.5

HI

I'm wondering if anyone could shed some light on this one?

I get this strange pop-up appearing randomly every few days or weeks - see below. It's happened a couple of times now and I'm wondering if my laptop is being compromised in any way. I have both Firewall and Firevault turned on in the System Preferences. The window appear kin Finder and disappears after whichever button is hit and nothing else seems to happen after that. It seems to be the same text every time.

Screen Shot 2016-06-10 at 9.01.48 AM.png

MacBook Pro (Retina, 15-inch, Mid 2015), OS X El Capitan (10.11.5)

Posted on Jun 10, 2016 6:09 AM

Close

Q: Strange popup window in OS 10.11.5

  • All replies
  • Helpful answers

  • by Eric Root,

    Eric Root Eric Root Jun 10, 2016 6:17 AM in response to emerich_TO
    Level 9 (72,544 points)
    iTunes
    Jun 10, 2016 6:17 AM in response to emerich_TO

    Try running this program and then copy and paste the output in a reply. The program was created by Etresoft, a frequent contributor.  Please use copy and paste as screen shots can be hard to read. This will show what is running on your computer. No personal information is shown.
      

    Etrecheck – System Information

  • by emerich_TO,

    emerich_TO emerich_TO Jun 10, 2016 6:26 AM in response to Eric Root
    Level 1 (4 points)
    Mac OS X
    Jun 10, 2016 6:26 AM in response to Eric Root

    Hi Eric, I ran EntreCheck and here is its output. Thanks for your help.

     

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-06-10 09:21:41

    Download EtreCheck from https://etrecheck.com

    Runtime 1:29

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Remove] links to remove adware.

     

    Problem: Other problem

     

    Hardware Information:

        MacBook Pro (Retina, 15-inch, Mid 2015)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Pro - model: MacBookPro11,5

        1 2.8 GHz Intel Core i7 CPU: 4-core

        16 GB RAM Not upgradeable

            BANK 0/DIMM0

                8 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                8 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless: Unknown    Battery: Health = Normal - Cycle count = 47

     

    Video Information:

        AMD Radeon R9 M370X - VRAM: 2048 MB

            DELL U2715H 2560 x 1440 @ 59 Hz

            DELL U2715H 2560 x 1440 @ 59 Hz

        Intel Iris Pro

     

    System Software:

        OS X El Capitan 10.11.5 (15F34) - Time since boot: about 11 days

     

    Disk Information:

        APPLE SSD SM1024G disk1 : (1 TB) (Solid State - TRIM: Yes)

            NO NAME (disk1s1) <not mounted> : 210 MB

            Recovery HD (disk1s3) <not mounted>  [Recovery]: 650 MB

            OSXRESERVED (disk1s4) /Volumes/OSXRESERVED : 7.87 GB (7.83 GB free)

            disk1s5 (disk1s5) <not mounted> : 472 MB

            NO NAME (disk1s6) <not mounted> : 105 MB

            BASIC DATA (disk1s7) /Volumes/BASIC DATA : 17 MB (16 MB free)

            disk1s8 (disk1s8) <not mounted> : 472 MB

            NO NAME (disk1s9) <not mounted> : 105 MB

            disk1s10 (disk1s10) <not mounted> : 17 MB

            disk1s11 (disk1s11) <not mounted> : 100.15 GB

            Macintosh HD (disk2) / : 890.00 GB (369.33 GB free)

                Encrypted AES-XTS Unlocked

                Core Storage: disk1s2 890.36 GB Online

     

    USB Information:

        Apple Inc. Apple Internal Keyboard / Trackpad

        Broadcom Corp. Bluetooth USB Host Controller

        WIBU-SYSTEMS AG  CodeMeter-Stick 

        Seagate Backup+  Desk 8 TB

            disk0s1 (disk0s1) <not mounted> : 134 MB

            Seagate Backup Plus Drive (disk0s2) /Volumes/Seagate Backup Plus Drive : 8.00 TB (3.84 TB free)

        Logitech USB Receiver

        Apple, Inc. Keyboard Hub

            Apple Inc. Apple Keyboard

        Apple Inc. iPhone

        Burr-Brown from TI USB audio CODEC

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

            Other World Computing, Inc. Thunderbolt 2 Dock

     

    Configuration files:

        /etc/sudoers, File size 2616 but expected 2299

        /etc/hosts - Count: 6

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Adware:

        ~/Library/LaunchAgents/com.jdibackup.JustCloud.autostart.plist

        ~/Library/LaunchAgents/com.jdibackup.JustCloud.notify.plist

        ~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

        ~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist

        ~/Library/LaunchAgents/com.onlineapplicationstatus.AppStatus.plist

        5 adware files found. [Remove]

     

    Kernel Extensions:

            /Applications/Tunnelblick.app

        [not loaded]    net.tunnelblick.tap (20141104 (Tunnelblick build 4270.4461) Unsigned - 2015-12-04) [Support]

        [not loaded]    net.tunnelblick.tun (20141104 (Tunnelblick build 4270.4461) Unsigned - 2015-12-04) [Support]

     

            /Library/Application Support/Transmit/Transmit Disk.app

        [not loaded]    com.panic.transmitdisk.filesystems.osxfuse (4.4.10 - SDK 10.9 - 2016-02-19) [Support]

     

            /Library/Extensions

        [loaded]    com.Logitech.Control Center.HID Driver (3.9.1 - SDK 10.8 - 2016-05-19) [Support]

        [loaded]    com.Logitech.Unifying.HID Driver (1.3.1 - SDK 10.8 - 2016-05-19) [Support]

        [loaded]    com.seagate.driver.PowSecDriverCore (5.2.7 (26997) - SDK 10.4 - 2016-05-19) [Support]

        [not loaded]    com.wibu.codemeter.CmUSBMassStorage (1.0.7 - 2016-05-19) [Support]

     

            /Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns

        [not loaded]    com.seagate.driver.PowSecLeafDriver_10_4 (5.2.7 (26997) - SDK 10.4 - 2016-05-19) [Support]

        [loaded]    com.seagate.driver.PowSecLeafDriver_10_5 (5.2.7 (26997) - SDK 10.5 - 2016-05-19) [Support]

        [not loaded]    com.seagate.driver.SeagateDriveIcons (5.2.7 (26997) - SDK 10.4 - 2016-05-19) [Support]

     

            /System/Library/Extensions

        [not loaded]    com.nike.sportwatch (1.0.0 - 2016-05-19) [Support]

     

    Startup Items:

        WkSvMacX: Path: /Library/StartupItems/WkSvMacX

        Startup items are obsolete in OS X Yosemite

     

    System Launch Agents:

        [not loaded]    6 Apple tasks

        [loaded]    145 Apple tasks

        [running]    87 Apple tasks

     

    System Launch Daemons:

        [not loaded]    45 Apple tasks

        [loaded]    141 Apple tasks

        [running]    104 Apple tasks

     

    Launch Agents:

        [running]    com.Logitech.Control Center.Daemon.plist (2015-09-18) [Support]

        [not loaded]    com.adobe.AAM.Updater-1.0.plist (2016-03-09) [Support]

        [running]    com.brother.LOGINserver.plist (2015-10-13) [Support]

        [loaded]    com.divx.dms.agent.plist (2016-03-10) [Support]

        [loaded]    com.divx.update.agent.plist (2016-03-01) [Support]

        [loaded]    com.google.keystone.agent.plist (2016-03-01) [Support]

        [running]    com.nike.nikeplusconnect.plist (2015-10-09) [Support]

        [loaded]    com.oracle.java.Java-Updater.plist (2015-11-25) [Support]

        [loaded]    com.paragon.updater.plist (2015-11-18) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.versioncueCS3.plist (2015-12-19) [Support]

        [loaded]    com.google.keystone.daemon.plist (2016-03-01) [Support]

        [loaded]    com.oracle.java.Helper-Tool.plist (2015-11-25) [Support]

        [running]    com.seagate.TBDecorator.plist (2013-10-11) [Support]

        [loaded]    com.tunnelbear.mac.tbeard.plist (2015-12-03) [Support]

        [running]    com.wibu.CodeMeter.Server.plist (2015-01-21) [Support]

        [running]    net.privatetunnel.ptcore.plist (2014-02-04) [Support]

        [loaded]    net.tunnelblick.tunnelblick.tunnelblickd.plist (2015-12-15) [Support]

     

    User Launch Agents:

        [failed]    com.jdibackup.JustCloud.autostart.plist (2015-12-10) Adware!  [Remove]

        [failed]    com.jdibackup.JustCloud.notify.plist (2015-12-10) Adware!  [Remove]

        [failed]    com.jdibackup.ZipCloud.autostart.plist (2016-04-12) Adware!  [Remove]

        [failed]    com.jdibackup.ZipCloud.notify.plist (2016-04-12) Adware!  [Remove]

        [running]    com.onlineapplicationstatus.AppStatus.plist (2016-04-26) Adware!  [Remove]

            ~/Library/Application Support/AppCommon/AppStatus

        [loaded]    com.seagate.dashboard.plist (2015-12-19) [Support]

        [loaded]    net.tunnelblick.tunnelblick.LaunchAtLogin.plist (2015-12-04) [Support]

     

    User Login Items:

        iTunesHelper    Application Hidden (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        Messages    Application Hidden (/Applications/Messages.app)

        Mail    Application Hidden (/Applications/Mail.app)

        Safari    Application Hidden (/Applications/Safari.app)

        AdobeResourceSynchronizer    Application  (/Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app)

        TransmitMenu    Application  (/Applications/Transmit.app/Contents/MacOS/TransmitMenu.app)

     

    Other Apps:

        [running]    com.brother.utility.NETserver.79712

        [running]    com.brother.utility.USBserver.79392

        [running]    com.panic.Transmit.TransmitMenu.202272

        [running]    net.tunnelblick.tunnelblick.104032

        [loaded]    397 Apple tasks

        [running]    241 Apple tasks

     

    Internet Plug-ins:

        SurveillanceClient: 3.5.4 - SDK 10.6 (2012-04-06) [Support]

        Google Earth Web Plug-in: 7.1 (2015-12-07) [Support]

        Default Browser: 601 - SDK 10.11 (2016-05-19)

        OVSHelper: 1.1 (2016-04-05) [Support]

        AdobeAAMDetect: AdobeAAMDetect 1.0.0.0 - SDK 10.6 (2016-03-09) [Support]

        FlashPlayer-10.6: 21.0.0.242 - SDK 10.6 (2016-05-19) [Support]

        DivX Web Player: 3.5.5.3 - SDK 10.10 (2016-03-29) [Support]

        Flash Player: 21.0.0.242 - SDK 10.6 (2016-05-19) [Support]

        QuickTime Plugin: 7.7.3 (2016-05-19)

        AdobePDFViewer: 8.0.0 (2015-12-19) [Support]

        EPPEX Plugin: 10.0 (2015-11-25) [Support]

        JavaAppletPlugin: Java 8 Update 66 build 17 (2015-12-19) Check version

     

    User internet Plug-ins:

        CitrixOnlineWebDeploymentPlugin: 1.0.105 (2013-04-25) [Support]

     

    Safari Extensions:

        DuckDuckGo - DuckDuckGo - http://duckduckgo.com (2015-12-20)

        Adblock Plus - Eyeo GmbH - https://adblockplus.org/ (2016-03-27)

        HoverSee - SideTree.com - Apps for Mac - http://SideTree.com/extensions.html#HoverSee (2015-12-20)

        Evernote Web Clipper - Evernote Corp. - http://evernote.com (2016-05-21)

        Pin It Button - Pinterest, Inc. - http://www.pinterest.com/ (2015-12-20)

     

    3rd Party Preference Panes:

        CodeMeter (2015-11-30) [Support]

        Flash Player (2016-05-09) [Support]

        Java (2015-12-19) [Support]

        Logitech Control Center (2016-01-28) [Support]

        Paragon NTFS for Mac ® OS X (2016-01-28) [Support]

        Seagate Dashboard for Mac OSX (2016-05-19) [Support]

     

    Time Machine:

        Skip System Files: NO

        Mobile backups: ON

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 890.00 GB Disk used: 520.67 GB

        Destinations:

            eh backup [Network]

            Total size: 3.00 TB

            Total number of backups: 34

            Oldest backup: 2016-01-06, 11:14 PM

            Last backup: 2016-06-02, 6:21 AM

            Size of backup disk: Excellent

                Backup size 3.00 TB > (Disk size 890.00 GB X 3)

     

    Top Processes by CPU:

             2%    WindowServer

             2%    fontd

             0%    SystemUIServer

             0%    kernel_task

             0%    symptomsd

     

    Top Processes by Memory:

        4.51 GB    com.apple.WebKit.WebContent(19)

        1.51 GB    kernel_task

        639 MB    Mail

        475 MB    softwareupdated

        426 MB    Safari

     

    Virtual Memory Information:

        848 MB    Free RAM

        15.00 GB    Used RAM (2.22 GB Cached)

        885 MB    Swap Used

  • by pinkstones,Helpful

    pinkstones pinkstones Jun 10, 2016 9:20 AM in response to emerich_TO
    Level 5 (4,209 points)
    Safari
    Jun 10, 2016 9:20 AM in response to emerich_TO

    Your hard drive is lousy with adware.  You have several options at your disposal to remove it:

     

    • Download Malwarebytes' Anti-Malware for Mac.  It was developed by a trusted and respected contributor here.  It's a simple, non-intrusive program that deletes known malware/adware from your hard drive.  That's all it does.  It doesn't add anything and it doesn't take away anything else.  Unlike anti-virus programs, it doesn't run in the background of your computer, using up resources, and also unlike anti-virus programs (which are unnecessary on Macs), it doesn't actively prevent malware or adware infections.  Its sole purpose is removing them.
    • Use EtreCheck to remove it
    • Restart your computer.  As of April 26, 2016, changes made to the support article here --> https://support.apple.com/en-us/HT203987 state that El Capitan removes adware at login, but only at login.  So, if you don't want to use Malwarebytes, this is another option for you.

     

    Next, go to Safari Preferences --> Extensions and delete any you don't remember installing or that you don't need.  Then, go to Safari Preferences --> Search and change your preferred search engine back to Google.  Lastly, go to Safari Preferences --> General and make sure your homepage has not been changed, and if it has, change it back to what it was before.  In the future, only download applications/plugins/extensions/drivers from either the Mac App Store/Safari Extensions Gallery or the developer's own website.

  • by greg sahli,

    greg sahli greg sahli Jun 10, 2016 7:25 AM in response to emerich_TO
    Level 7 (25,395 points)
    Jun 10, 2016 7:25 AM in response to emerich_TO

    You have VPN tunneling software installed. Have you given someone remote access to your Mac? (your Mac can be used as a remote proxy for bad things using this software - but not always - that's why I ask.)

  • by Linc Davis,

    Linc Davis Linc Davis Jun 10, 2016 7:45 AM in response to emerich_TO
    Level 10 (208,000 points)
    Applications
    Jun 10, 2016 7:45 AM in response to emerich_TO

    You may have installed ad-injection malware ("adware").

    Don't use any kind of "anti-virus" or "anti-malware" product on a Mac. There is never a need for it, and relying on it for protection makes you more vulnerable to attack, not less.

    Back up all data first.

    If you're not already running the latest version of OS X, updating or upgrading in the App Store may cause the adware to be removed automatically. If you are already running the latest version, please log out or restart the computer. Again, some kinds of malware will be removed—not all. There is no such thing as automatic removal of all possible malware, either by OS X or by third-party software. That's why you can't rely on software to protect you.

    If the malware is removed in your case, you'll still need to make changes to the way you use the computer to protect yourself from further attacks. Ask if you need guidance.

    If the malware is not removed automatically, see below.

    This easy procedure will detect any kind of adware that I know of. Deactivating it is a separate, and even easier, procedure.

    Some legitimate software is ad-supported and may display ads in its own windows or in a web browser while it's running. That's not malware and it may not show up. Also, some websites carry intrusive popup ads that may be mistaken for adware.

    If none of your web browsers is working well enough to carry out these instructions, restart the computer in safe mode. The malware will be disabled temporarily.

    Step 1

    Please triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. Press return. Either a folder named "LaunchAgents" will open, or you'll get a notice that the folder can't be found. If the folder isn't found, go to the next step.

    If the folder does open, press the key combination command-2 to select list view, if it's not already selected. Please don't skip this step.

    There should be a column in the Finder window headed Date Modified. Click that heading twice to sort the contents by date with the newest at the top. If necessary, enlarge the window so that all of the contents are showing.

    Follow the instructions in this support article under the heading "Take a screenshot of a window." An image file with a name beginning in "Screen Shot" should be saved to the Desktop. Open the screenshot and make sure it's readable. If not, capture a smaller part of the screen showing only what needs to be shown.

    Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.

    Leave the folder open for now.

    Step 2

    Do as in Step 1 with this line:

    /Library/LaunchAgents

    The folder that may open will have the same name, but is not the same, as the one in Step 1. As in that step, the folder may not exist.

    Step 3

    Repeat with this line:

    /Library/LaunchDaemons

    This time the folder will be named "LaunchDaemons."

    Step 4

    Open the Safari preferences window and select the Extensions tab. If any extensions are listed, post a screenshot. If there are no extensions, or if you can't launch Safari, skip this step.

    Step 5

    If you use the Firefox or Chrome browser, open its extension list and do as in Step 4.

  • by emerich_TO,Helpful

    emerich_TO emerich_TO Jun 10, 2016 9:26 AM in response to greg sahli
    Level 1 (4 points)
    Mac OS X
    Jun 10, 2016 9:26 AM in response to greg sahli

    Hey Greg

    I have not handed out any VPN access to my CPU. But I do use it often to connect to several other networks. Does that increase my Mac's vulnerability at all?

  • by emerich_TO,

    emerich_TO emerich_TO Jun 10, 2016 9:30 AM in response to Linc Davis
    Level 1 (4 points)
    Mac OS X
    Jun 10, 2016 9:30 AM in response to Linc Davis

    Thanks Linc.

    I will try this shortly and let you if I have any further questions.

    Much appreciated

    Emerich

  • by greg sahli,

    greg sahli greg sahli Jun 10, 2016 9:50 AM in response to emerich_TO
    Level 7 (25,395 points)
    Jun 10, 2016 9:50 AM in response to emerich_TO

    I'm guessing you use Teamviewer?

    I don't think VPN software makes you vulnerable - unless you give the access to unscrupulous "online help" scammers.