Jim48
Level 1 (4 points)
Apple Music

Q: Virus or computer hacking of my iMac

I believe that virus or other type of hack into my iMac has occurred as I have had to cancel three credit cards because of illegal charges in the past

six months.  I downloaded a copy of the free version of Avast, ran the system scan, found two reported viruses ( /Applications/Codec-M.app?Contents/Info.plist   and /Users/Jim/Library/Safari/Extensions/Codec-M.safariextz  ).  I deleted both of them, but during the scan, 60 files were reported as "not scanable."  Have there been any reports of viruses or other hacks occurring due to unscanable files? Are there any additional fixes for this problem?   I have had my iMac for over 8 years, have always upgraded to the latest software versions developed by Apple, and have never had a problem until now.

iMac, OS X Yosemite (10.10.5)

Posted on Jun 15, 2016 7:58 AM

by macjack,Solvedanswer
macjack macjack
Level 9 (55,709 points)
Mac OS X
A:

Remove the adware using EtreCheck. Then use MalwareBytes which I see you have. (Malwarebytes does not actively prevent adware, it only searches for it when you run it.)

To Uninstall Avast completely. Use their uninstaller.

https://www.avast.com/uninstall-utility

Then run a new EtreCheck report.

Posted on Jun 15, 2016 9:32 AM

Close
Jim48

Q: Virus or computer hacking of my iMac

  • All replies
  • Helpful answers

  • by macjack,Helpful

    macjack macjack Jun 15, 2016 9:01 AM in response to Jim48
    Level 9 (55,709 points)
    Mac OS X
    Jun 15, 2016 9:01 AM in response to Jim48

    It's not a virus or hack, you probably gave your credit card info out online to some dishonest site.

    Uninstall Avast, it is practically malware itself.It has been known to bork many Mac systems.

    Please download and run EtreCheck, created by one of own helpers here in ASC. It is a diagnostic tool that's very useful to us in finding problems. Also it will give us further specs on your Mac. After it runs post the log file here. It will contain no personal information.

  • by Jim48,

    Jim48 Jim48 Jun 15, 2016 8:32 AM in response to macjack
    Level 1 (4 points)
    Apple Music
    Jun 15, 2016 8:32 AM in response to macjack

    Macjack, thanks for the fine response.  I wasn't able to find the uninstall option for Avast but moved it to the trash can and deleted the file there.  Also,

    here is the report from EtreCheck.  

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-06-15 11:27:06

    Download EtreCheck from https://etrecheck.com

    Runtime 3:02

    Performance: Good

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Remove] links to remove adware.

     

    Check Apple signatures: Enabled

    Ignore known Apple failures: Disabled

     

    Problem: Other problem

    Description:

    I have had a virus or malware, leading to a hack of three credit card accounts in the last six months.  I believe it began with a hack into a federal government computer system that identified my email address and my bank account, the one I use to pay credit card bills online.  I tried another free scanning software, Avast, and other than two supposed viruses, it could not scan 60 of my files. 

     

    Hardware Information:

        iMac (24-inch, Mid 2007)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        iMac - model: iMac7,1

        1 2.8 GHz Intel Core 2 Duo CPU: 2-core

        4 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                2 GB DDR2 SDRAM 667 MHz ok

            BANK 1/DIMM1

                2 GB DDR2 SDRAM 667 MHz ok

        Bluetooth: Old - Handoff/Airdrop2 not supported

        Wireless:  en1: 802.11 a/b/g/n

     

    Video Information:

        ATI,RadeonHD2600 - VRAM: 256 MB

            iMac 1920 x 1200

     

    System Software:

        OS X Yosemite 10.10.5 (14F1808) - Time since boot: about one hour

     

    Disk Information:

        ST3750640AS Q disk0 : (750.16 GB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Macintosh HD (disk0s2) / : 749.30 GB (707.67 GB free)

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

     

    USB Information:

        Apple, Inc. Keyboard Hub

            Apple, Inc Apple Keyboard

        Hewlett-Packard HP LaserJet Pro MFP M225dn

        Apple Inc. Built-in iSight

        Apple Inc. Bluetooth USB Host Controller

        Apple Computer, Inc. IR Receiver

     

    Firewire Information:

        LaCie d2 Quadra (button) 800mbit - 800mbit max

            disk1s1 (disk1s1) <not mounted> : 32 KB

            Backup Drive (disk1s3) /Volumes/Backup Drive : 499.97 GB (282.49 GB free)

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Adware:

        ~/Library/LaunchAgents/com.codecm.uploader.plist

        One adware file found. [Remove]

     

    System Launch Agents:

        [running]    com.apple.Spotlight.plist (2014-09-24) - Invalid signature!

        [loaded]    com.apple.systemprofiler.plist (2014-09-25) - Invalid signature!

        [not loaded]    5 Apple tasks

        [loaded]    148 Apple tasks

        [running]    59 Apple tasks

     

    System Launch Daemons:

        [not loaded]    com.apple.FileSyncAgent.sshd.plist (2014-09-09) - No signature!

        [loaded]    com.apple.ManagedClient.enroll.plist (2014-09-09) - Invalid signature!

        [loaded]    com.apple.ManagedClient.plist (2014-09-09) - Invalid signature!

        [not loaded]    com.apple.ManagedClient.startup.plist (2014-09-09) - Invalid signature!

        [not loaded]    com.apple.configureLocalKDC.plist (2014-09-09) - No signature!

        [not loaded]    com.apple.efax.plist (2014-09-09) - No signature!

        [not loaded]    com.apple.emlog.plist (2014-09-09) - No signature!

        [loaded]    com.apple.gkreport.plist (2014-10-09) - No signature!

        [not loaded]    com.apple.locate.plist (2014-09-09) - No signature!

        [not loaded]    com.apple.postgres.plist (2014-09-09) - /Applications/Server.app/Contents/ServerRoot/usr/bin/xpostgres: Executable not found!

        [not loaded]    org.apache.httpd.plist (2015-04-24) - No signature!

        [running]    org.cups.cupsd.plist (2014-09-09) - Invalid signature!

        [not loaded]    org.net-snmp.snmpd.plist (2015-07-14) - No signature!

        [running]    org.ntp.ntpd.plist (2014-12-21) - No signature!

        [not loaded]    ssh.plist (2014-09-09) - No signature!

        [not loaded]    46 Apple tasks

        [loaded]    139 Apple tasks

        [running]    77 Apple tasks

     

    Launch Agents:

        [failed]    com.adobe.ARMDCHelper.cc24aef4a1b90ed56a...plist (2016-05-11) [Support]

        [loaded]    com.oracle.java.Java-Updater.plist (2013-06-25) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.ARMDC.Communicator.plist (2016-05-11) [Support]

        [loaded]    com.adobe.ARMDC.SMJobBlessHelper.plist (2016-05-11) [Support]

        [failed]    com.adobe.fpsaud.plist (2016-05-09) [Support]

        [loaded]    com.malwarebytes.MBAMHelperTool.plist (2016-02-03) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2015-06-04) [Support]

        [loaded]    com.oracle.java.Helper-Tool.plist (2013-06-25) [Support]

     

    User Launch Agents:

        [failed]    com.adobe.ARM.[...].plist (2014-01-31) [Support]

        [loaded]    com.apple.AddressBook.ScheduledSync.PHXC...plist

        [loaded]    com.apple.FolderActions.folders.plist

        [failed]    com.codecm.uploader.plist (2012-03-29) Adware!  [Remove]

     

    User Login Items:

        Garmin Express Service    Application  (/Applications/Garmin Express.app/Contents/Library/LoginItems/Garmin Express Service.app)

        HP Scheduler    Application Hidden (/Library/Application Support/Hewlett-Packard/Software Update/HP Scheduler.app)

     

    Other Apps:

        [loaded]    com.avast.home.userinit

        [running]    com.garmin.renu.service.63364

        [running]    com.hp.devicemonitor

        [running]    com.hp.scanModule3.87220.2C9CE610-98B7-4298-AF53-6D919E1FD3A8

        [running]    jp.co.canon.cijscannerregister.62796

        [loaded]    378 Apple tasks

        [running]    159 Apple tasks

     

    Internet Plug-ins:

        DirectorShockwave: 11.6.1r629 (2011-09-10) [Support]

        Unity Web Player: UnityPlayer version 5.3.4f1 - SDK 10.6 (2016-04-13) [Support]

        Default Browser: 600 - SDK 10.10 (2015-08-21)

        Flip4Mac WMV Plugin: 2.3.4.1 (2010-06-15) [Support]

        AdobePDFViewerNPAPI: 15.016.20045 - SDK 10.11 (2016-06-03) [Support]

        FlashPlayer-10.6: 21.0.0.242 - SDK 10.6 (2016-05-17) [Support]

        Silverlight: 4.0.50401.0 (2010-08-23) [Support]

        QuickTime Plugin: 7.7.3 (2016-06-11)

        Flash Player: 21.0.0.242 - SDK 10.6 (2016-05-17) [Support]

        npViewpoint: 1.0 (2009-04-26)

        iPhotoPhotocast: 7.0 (2008-12-17)

        AdobePDFViewer: 15.016.20045 - SDK 10.11 (2016-06-03) [Support]

        GarminGpsControl: 4.0.2.6 Beta - SDK 10.6 (2012-08-15) [Support]

        SharePointBrowserPlugin: 14.6.2 - SDK 10.6 (2016-03-29) [Support]

        JavaAppletPlugin: Java 8 Update 91 build 14 (2016-04-28) Check version

     

    User internet Plug-ins:

        WebEx64: 1.0 - SDK 10.6 (2014-01-16) [Support]

        WebEx: 1.0 (2010-10-06) [Support]

     

    3rd Party Preference Panes:

        Flash Player (2016-05-09) [Support]

        Flip4Mac WMV (2010-06-15) [Support]

        Java (2016-04-28) [Support]

     

    Time Machine:

        Skip System Files: NO

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 749.30 GB Disk used: 41.62 GB

        Destinations:

            Backup Drive [Local]

            Total size: 499.97 GB

            Total number of backups: 411

            Oldest backup: 2/14/08, 4:30 PM

            Last backup: 6/15/16, 10:56 AM

            Size of backup disk: Adequate

                Backup size 499.97 GB > (Disk used 41.62 GB X 3)

     

    Top Processes by CPU:

             2%    WindowServer

             1%    fontd

             0%    kernel_task

             0%    askpermissiond

     

    Top Processes by Memory:

        445 MB    kernel_task

        168 MB    imagent

        90 MB    mdworker(6)

        86 MB    Finder

        82 MB    Mail

     

    Virtual Memory Information:

        906 MB    Free RAM

        3.11 GB    Used RAM (1.37 GB Cached)

        0 B    Swap Used

     

    Diagnostics Information:

        Jun 15, 2016, 10:20:09 AM    Self test - passed

  • by macjack,Solvedanswer

    macjack macjack Jun 15, 2016 9:32 AM in response to Jim48
    Level 9 (55,709 points)
    Mac OS X
    Jun 15, 2016 9:32 AM in response to Jim48

    Remove the adware using EtreCheck. Then use MalwareBytes which I see you have. (Malwarebytes does not actively prevent adware, it only searches for it when you run it.)

    To Uninstall Avast completely. Use their uninstaller.

    https://www.avast.com/uninstall-utility

    Then run a new EtreCheck report.

  • by Jim48,

    Jim48 Jim48 Jun 15, 2016 9:33 AM in response to macjack
    Level 1 (4 points)
    Apple Music
    Jun 15, 2016 9:33 AM in response to macjack

    Macjack,

     

    Many thanks for your kind and astute assistance.  I followed your instructions to the letter.

     

    Jim48

  • by macjack,

    macjack macjack Jun 15, 2016 9:35 AM in response to Jim48
    Level 9 (55,709 points)
    Mac OS X
    Jun 15, 2016 9:35 AM in response to Jim48

    Please run EtreCheck again and post a new report.

  • by Jim48,

    Jim48 Jim48 Jun 15, 2016 9:45 AM in response to macjack
    Level 1 (4 points)
    Apple Music
    Jun 15, 2016 9:45 AM in response to macjack

    Here's the rerun of EntreCheck:

     

    EtreCheck version: 2.9.12 (265)

    Report generated 2016-06-15 12:42:44

    Download EtreCheck from https://etrecheck.com

    Runtime 2:47

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Check files] link for help with unknown files.

     

    Problem: No problem - just checking

     

    Hardware Information:

        iMac (24-inch, Mid 2007)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        iMac - model: iMac7,1

        1 2.8 GHz Intel Core 2 Duo CPU: 2-core

        4 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                2 GB DDR2 SDRAM 667 MHz ok

            BANK 1/DIMM1

                2 GB DDR2 SDRAM 667 MHz ok

        Bluetooth: Old - Handoff/Airdrop2 not supported

        Wireless:  en1: 802.11 a/b/g/n

     

    Video Information:

        ATI,RadeonHD2600 - VRAM: 256 MB

            iMac 1920 x 1200

     

    System Software:

        OS X Yosemite 10.10.5 (14F1808) - Time since boot: less than an hour

     

    Disk Information:

        ST3750640AS Q disk0 : (750.16 GB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Macintosh HD (disk0s2) / : 749.30 GB (707.60 GB free)

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

     

    USB Information:

        Apple Inc. Built-in iSight

        Hewlett-Packard HP LaserJet Pro MFP M225dn

        Apple, Inc. Keyboard Hub

            Apple, Inc Apple Keyboard

        Apple Computer, Inc. IR Receiver

        Apple Inc. Bluetooth USB Host Controller

     

    Firewire Information:

        LaCie d2 Quadra (button) 800mbit - 800mbit max

            disk1s1 (disk1s1) <not mounted> : 32 KB

            Backup Drive (disk1s3) /Volumes/Backup Drive : 499.97 GB (282.43 GB free)

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Unknown Files:

        /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist

            /Library/PrivilegedHelperTools/com.malwarebytes.HelperTool /Library/PrivilegedHelperTools/com.malwarebytes.HelperTool

        One unknown file found. [Check files]

     

    System Launch Agents:

        [not loaded]    5 Apple tasks

        [loaded]    150 Apple tasks

        [running]    57 Apple tasks

     

    System Launch Daemons:

        [not loaded]    46 Apple tasks

        [loaded]    140 Apple tasks

        [running]    76 Apple tasks

     

    Launch Agents:

        [failed]    com.adobe.ARMDCHelper.cc24aef4a1b90ed56a...plist (2016-05-11) [Support]

        [loaded]    com.oracle.java.Java-Updater.plist (2013-06-25) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.ARMDC.Communicator.plist (2016-05-11) [Support]

        [loaded]    com.adobe.ARMDC.SMJobBlessHelper.plist (2016-05-11) [Support]

        [loaded]    com.adobe.fpsaud.plist (2016-05-09) [Support]

        [loaded]    com.malwarebytes.HelperTool.plist (2016-06-15) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2015-06-04) [Support]

        [loaded]    com.oracle.java.Helper-Tool.plist (2013-06-25) [Support]

     

    User Launch Agents:

        [failed]    com.adobe.ARM.[...].plist (2014-01-31) [Support]

        [loaded]    com.apple.AddressBook.ScheduledSync.PHXC...plist

        [loaded]    com.apple.FolderActions.folders.plist

     

    User Login Items:

        Garmin Express Service    Application  (/Applications/Garmin Express.app/Contents/Library/LoginItems/Garmin Express Service.app)

        HP Scheduler    Application Hidden (/Library/Application Support/Hewlett-Packard/Software Update/HP Scheduler.app)

     

    Other Apps:

        [running]    com.etresoft.EtreCheck.92616

        [running]    com.garmin.renu.service.85800

        [running]    com.hp.devicemonitor

        [running]    com.hp.scanModule3.87220.1466FD7E-815A-479B-84A3-7E666C52AFDC

        [running]    jp.co.canon.cijscannerregister.62796

        [loaded]    371 Apple tasks

        [running]    156 Apple tasks

     

    Internet Plug-ins:

        DirectorShockwave: 11.6.1r629 (2011-09-10) [Support]

        Unity Web Player: UnityPlayer version 5.3.4f1 - SDK 10.6 (2016-04-13) [Support]

        Default Browser: 600 - SDK 10.10 (2015-08-21)

        Flip4Mac WMV Plugin: 2.3.4.1 (2010-06-15) [Support]

        AdobePDFViewerNPAPI: 15.016.20045 - SDK 10.11 (2016-06-03) [Support]

        FlashPlayer-10.6: 21.0.0.242 - SDK 10.6 (2016-05-17) [Support]

        Silverlight: 4.0.50401.0 (2010-08-23) [Support]

        QuickTime Plugin: 7.7.3 (2016-06-11)

        Flash Player: 21.0.0.242 - SDK 10.6 (2016-05-17) [Support]

        npViewpoint: 1.0 (2009-04-26)

        iPhotoPhotocast: 7.0 (2008-12-17)

        AdobePDFViewer: 15.016.20045 - SDK 10.11 (2016-06-03) [Support]

        GarminGpsControl: 4.0.2.6 Beta - SDK 10.6 (2012-08-15) [Support]

        SharePointBrowserPlugin: 14.6.2 - SDK 10.6 (2016-03-29) [Support]

        JavaAppletPlugin: Java 8 Update 91 build 14 (2016-04-28) Check version

     

    User internet Plug-ins:

        WebEx64: 1.0 - SDK 10.6 (2014-01-16) [Support]

        WebEx: 1.0 (2010-10-06) [Support]

     

    3rd Party Preference Panes:

        Flash Player (2016-05-09) [Support]

        Flip4Mac WMV (2010-06-15) [Support]

        Java (2016-04-28) [Support]

     

    Time Machine:

        Skip System Files: NO

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 749.30 GB Disk used: 41.70 GB

        Destinations:

            Backup Drive [Local]

            Total size: 499.97 GB

            Total number of backups: 412

            Oldest backup: 2/14/08, 4:30 PM

            Last backup: 6/15/16, 12:24 PM

            Size of backup disk: Adequate

                Backup size 499.97 GB > (Disk used 41.70 GB X 3)

     

    Top Processes by CPU:

            17%    mdworker(7)

             3%    WindowServer

             3%    com.hp.devicemonitor

             1%    mds_stores

             1%    kernel_task

     

    Top Processes by Memory:

        437 MB    kernel_task

        184 MB    imagent

        94 MB    identityservicesd

        82 MB    Mail

        82 MB    mdworker(7)

     

    Virtual Memory Information:

        1.67 GB    Free RAM

        2.33 GB    Used RAM (1.12 GB Cached)

        0 B    Swap Used

     

    Diagnostics Information:

        Jun 15, 2016, 12:37:32 PM    Self test - passed

  • by macjack,

    macjack macjack Jun 15, 2016 10:03 AM in response to Jim48
    Level 9 (55,709 points)
    Mac OS X
    Jun 15, 2016 10:03 AM in response to Jim48

    It looks pretty clean now. You improved your runtime. How is it running?

    Looks like Avast was the root of your problems, flagging all sorts of false positives.

    For the future:

     

    There are no viruses that can attack Mac.OS X. So, anti-virus programs are selling a cure for a disease that doesn't exist. And they are renowned for borking Mac systems.

     

    A Mac can pick up malware but not if you just use common sense. You really have to actively invite some malware in for it to happen. That means downloading and knowingly giving your password for it to download. Mac provides all the protection you need with SIP (System Integrity Protection).I About System Integrity Protection on your Mac - Apple Support

     

    If you do happen to download adware you can use MalwareBytes to get rid of it. Malwarebytes was developed by one of our own colleagues here in ASC. It gets rave reviews and is about the most proven anti-malware software for Mac.

     

    Safari pop-ups are different and easier to deal with. In Safari 9.1 and later just close the window. For earlier versions force quit and hold the shift key while restarting Safari.

    https://support.apple.com/en-us/HT203987

     

    Finally, stay away from programs that purport to "clean your Mac". They can do damage to your system. Your Mac needs no cleaning in the first place. All the cleaning that is necessary is taken care routinely by OS X.

  • by Jim48,

    Jim48 Jim48 Jun 15, 2016 12:54 PM in response to macjack
    Level 1 (4 points)
    Apple Music
    Jun 15, 2016 12:54 PM in response to macjack

    Thanks once again for your insightful tips.  My iMac, is running a bit faster now.  Could it have been from my iPhone?  I tether my iMac to get internet service.  About a month ago I had a phone call from Shanghai China, which I didn't answer.  I was also subject to a hack into my files with the federal government last year - the Chinese government supposedly hacked into the Office of Personnel Management computer, and I was given credit monitoring for a year.  In any case, I am going to be quite careful with conducting any online transactions in the future.

  • by macjack,

    macjack macjack Jun 15, 2016 1:04 PM in response to Jim48
    Level 9 (55,709 points)
    Mac OS X
    Jun 15, 2016 1:04 PM in response to Jim48

    I don't think it was your iPhone, especially if you did not answer it. I wouldn't worry about the hack either, since no wrongdoing with your financials have been found. It's one thing to hack a pc, it's quite a different matter to hack a Mac. You practically have to invite the intruder in.