d_dante7

Q: I got a JS/Redirector .dg Trojan through firefox developer edition and Mcafee says it has been cleaned. What is it, and is it really completely gone?

Hi,

 

Could someone please help me with my query? It's a bit lengthy

 

I've got a MacBook Pro, my McAfee anti-virus recently discovered a JS/Redirector.dg Trojan which came through my Firefox Developer Edition. It says that it has been cleaned. I'm pretty sure it came through a series website that I use called Couchtuner2. I was opening a video player which forced popup windows to appear, which normally happens, so I closed them down as per usual, then about 40 seconds later I was alerted by my McAfee that it had found a threat in one of the Firefox folders and had cleaned it.

 

I ran a full system scan with McAfee, which found that everything was clean.

I ran another scan with Malwarebytes several times, which also found nothing.

 

This is my first macbook so I'm not really familiar with... well, anything mac related

 

Questions:

What is JS/Redirector.dg Trojan, and how dangerous is it?

I have found no information on the ".dg" variant of the JS/Redirector, have you heard about it?

Did McAfee really completely get rid of the JS/Redirector.dg Trojan threat?

If there was a threat would Malwarebytes discover it?

Could a threat be hidden somewhere?

Is my mac truly clean of this particular threat?

Should I uninstall my Firefox Developer Edition and reinstall it?

how do you do a complete application uninstall?

 

Thank you very much

MacBook Pro with Retina display, OS X El Capitan (10.11.6), null

Posted on Aug 30, 2016 3:12 AM

Close

Q: I got a JS/Redirector .dg Trojan through firefox developer edition and Mcafee says it has been cleaned. What is it, and is it real ... more

  • All replies
  • Helpful answers

Page 1 of 3 last Next
  • by OGELTHORPE,

    OGELTHORPE OGELTHORPE Aug 30, 2016 3:14 AM in response to d_dante7
    Level 9 (52,101 points)
    Mac OS X
    Aug 30, 2016 3:14 AM in response to d_dante7

    You still have a problem, McAfee.  Delete it before it corrupts you MBP (if it has not already done so).

     

    Prior to the 'warning', was the MBP operating in an unusual manner or normally?

     

    Download and post an Etrecheck report:

     

    http://www.etresoft.com/etrecheck

     

    Ciao.

  • by d_dante7,

    d_dante7 d_dante7 Aug 30, 2016 9:18 AM in response to OGELTHORPE
    Level 1 (12 points)
    Notebooks
    Aug 30, 2016 9:18 AM in response to OGELTHORPE

    Hi,

    Yes, the mac was acting just fine.

    Could you please explain why McAfee is so dangerous to the mac and what is Etrecheck?

    And what about the Trojan that I mentioned?

     

    Thank you

  • by OGELTHORPE,

    OGELTHORPE OGELTHORPE Aug 30, 2016 10:12 AM in response to d_dante7
    Level 9 (52,101 points)
    Mac OS X
    Aug 30, 2016 10:12 AM in response to d_dante7

    This link is probably the best explanation why AV software of any type and from  any source is unnecessary;

     

    https://discussions.apple.com/docs/DOC-8841

     

    What the AV may or may not have detected is questionable.  It would not be surprising if that 'trojan' does not exist on your MBP.  Please read this link regarding this 'trojan':

     

    https://discussions.apple.com/thread/5775582?tstart=0

     

    Etrecheck is an application that will compile much hardware and software information about your Mac.  It is a first rate analytical tool that often aids in problem identification and resolution.  It does not contain any personal user data.  Why don't you download it, review it and if it meets your approval, post it.  You are under no obligation to to post it.

     

    Ciao.

  • by etresoft,

    etresoft etresoft Aug 30, 2016 10:23 AM in response to d_dante7
    Level 7 (29,051 points)
    Aug 30, 2016 10:23 AM in response to d_dante7

    Hello d_dante7,

    Most traditional antivirus programs ported from Windows do not work well on a Mac. They are particularly bad at detecting and removing adware. When they do find a "threat", it is often a false positive and their efforts to "clean" can corrupt internal files and databases.

     

    EtreCheck is a program I wrote to show what background tasks are running on your Mac and to provide some information to help diagnose problems. With the recent explosion in Mac adware and malware, EtreCheck is turning into a anti-malware tool as well. But primarily, it just reports what it finds. Often, EtreCheck reports will list numerous known adware programs along with well-known antivirus tools.

     

    There is no way to know exactly what McAfee found or actually did. The "trojan" in question may not have even existed. "JS/Redirector" is a catch-all for a Javascript redirector. However, those typically run on the server, not your Mac. You would have to download and install the trojan for it to affect your Mac. Did you do anything like that?

     

    I can tell you that EtreCheck is focused on Apple software, such as Safari, not Firefox. If you download and install some internet plug-in, then it would show up in an EtreCheck report. But Firefox specific extensions would not be listed. EtreCheck would list any background tasks including trojans that are installed. I think it is better than other tools because instead of just saying "found nothing", it prints everything it does find and leaves it up to people here on ASC to decide if that is "nothing" or not. It will also identify any problems that you don't know about. One of those that is very popular these days is actually disabling the major security system provided by Apple. Why people do that, I don't know, but they sure like to.

  • by John Galt,

    John Galt John Galt Aug 30, 2016 10:53 AM in response to d_dante7
    Level 8 (48,595 points)
    Mac OS X
    Aug 30, 2016 10:53 AM in response to d_dante7
    1. Back up your Mac if you have not done so already. To learn how to use Time Machine read Use Time Machine to back up or restore your Mac.
    2. To uninstall "McAfee" follow its instructions. One of the following should be applicable:
  • by d_dante7,

    d_dante7 d_dante7 Aug 30, 2016 5:29 PM in response to OGELTHORPE
    Level 1 (12 points)
    Notebooks
    Aug 30, 2016 5:29 PM in response to OGELTHORPE

    Thank you very much for all the useful information, I'll download the Etrecheck and run it, then get back to you.

  • by d_dante7,

    d_dante7 d_dante7 Aug 30, 2016 5:36 PM in response to etresoft
    Level 1 (12 points)
    Notebooks
    Aug 30, 2016 5:36 PM in response to etresoft

    Thank you very much for explaining Etrecheck to me.

     

    No, I didn't install anything, and I set my mac to to ask me before any program changes are allowed.

     

    I will download and run Etrecheck.

     

    Still used to the windows lifestyle, but I have to say i'm enjoy my mac, especially when it comes to coding and web development.

  • by d_dante7,

    d_dante7 d_dante7 Aug 30, 2016 6:06 PM in response to John Galt
    Level 1 (12 points)
    Notebooks
    Aug 30, 2016 6:06 PM in response to John Galt

    No, I haven't backed up my mac yet, will get on that right away. Thank you so much

     

    Is malwarebytes acceptable, then? or do you have any recommendations?

  • by John Galt,

    John Galt John Galt Aug 30, 2016 7:58 PM in response to d_dante7
    Level 8 (48,595 points)
    Mac OS X
    Aug 30, 2016 7:58 PM in response to d_dante7

    I recommend no more what I wrote, other than to point out that "McAfee" and similarly categorized products are not capable of providing any benefit to a properly updated Mac. Altering OS X by installing them will increase its potential exposure to threats of various descriptions.

     

    Selling computer security — as a product "in a box" so to speak — is a fraud perpetrated on unsophisticated Mac users. Don't be one of them.

     

    More importantly, allowing "McAfee" or anything else to eliminate or "quarantine" a file it identifies as a threat is likely to result in corruption that might cause your Mac to run poorly or render it unusable. This support site is littered with those reports. That is the reason for recommending a backup strategy, so that you can recover to a usable system if that were to occur. Time Machine is the most convenient option, and it's already included with OS X.

  • by ChitlinsCC,

    ChitlinsCC ChitlinsCC Aug 30, 2016 8:09 PM in response to d_dante7
    Level 5 (7,558 points)
    Notebooks
    Aug 30, 2016 8:09 PM in response to d_dante7

    MalwareBytes Anti-Malware for Mac was created by and is maintained by  our fellow member thomas_r who now holds the title of Director of Mac Offerings at that company - it used to be called AdwareMedic.

    Thomas' site The Safe Mac http://www.thesafemac.com/ is a great resource for info and action.

    If MalwareBytes does NOT find something, report it and it will next time! (see "Next Steps" on the interface)

  • by OGELTHORPE,

    OGELTHORPE OGELTHORPE Aug 31, 2016 3:09 AM in response to d_dante7
    Level 9 (52,101 points)
    Mac OS X
    Aug 31, 2016 3:09 AM in response to d_dante7

    d_dante7 wrote:

     

    Is malwarebytes acceptable, then? or do you have any recommendations?

    Malwarebytes Anti-Malware for Mac is very acceptable.  It probably is the best adware/malware detection application available today.  As is the case with any such application, it cannot guarantee 100% success but be advised, it is in constant development to reflect new malware that may come along.

     

    Ciao.

  • by d_dante7,

    d_dante7 d_dante7 Sep 1, 2016 2:03 PM in response to OGELTHORPE
    Level 1 (12 points)
    Notebooks
    Sep 1, 2016 2:03 PM in response to OGELTHORPE

    EtreCheck version: 3.0.3 (307)

    Report generated 2016-09-01 21:04:22

    Download EtreCheck from https://etrecheck.com

    Runtime 1:32

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

     

    Problem: No problem - just checking

     

    Hardware Information:

        MacBook Pro (Retina, 15-inch, Mid 2015)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Pro - model: MacBookPro11,4

        1 2.2 GHz Intel Core i7 CPU: 4-core

        16 GB RAM Not upgradeable

            BANK 0/DIMM0

                8 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                8 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en0: 802.11 a/b/g/n/ac

        Battery: Health = Normal - Cycle count = 22

     

    Video Information:

        Intel Iris Pro

            Color LCD 2880 x 1800

            BenQ GL2460 1920 x 1080

     

    System Software:

        OS X El Capitan 10.11.6 (15G1004) - Time since boot: less than an hour

     

    Disk Information:

        APPLE SSD SM0256G disk0 : (251 GB) (Solid State - TRIM: Yes)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

            Macintosh HD (disk1) / : 249.78 GB (204.11 GB free)

                Encrypted AES-XTS Unlocked

                Core Storage: disk0s2 250.14 GB Online

     

    USB Information:

        Apple Inc. Apple Internal Keyboard / Trackpad

        Broadcom Corp. Bluetooth USB Host Controller

        Logitech USB Receiver

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Gatekeeper:

        Mac App Store and identified developers

     

    System Launch Agents:

        [not loaded]    6 Apple tasks

        [loaded]    158 Apple tasks

        [running]    74 Apple tasks

     

    System Launch Daemons:

        [not loaded]    47 Apple tasks

        [loaded]    157 Apple tasks

        [running]    87 Apple tasks

     

    Launch Agents:

        [running]    com.mcafee.menulet.plist (2016-04-26) [Support]

        [running]    com.mcafee.reporter.plist (2016-04-26) [Support]

        [loaded]    com.oracle.java.Java-Updater.plist (2016-06-11) [Support]

        [not loaded]    com.teamviewer.teamviewer.plist (2016-02-01) [Support]

        [not loaded]    com.teamviewer.teamviewer_desktop.plist (2016-02-01) [Support]

     

    Launch Daemons:

        [running]    com.edb.launchd.postgresql-9.5.plist (2016-05-22) [Support]

        [loaded]    com.malwarebytes.HelperTool.plist (2016-06-16) [Support]

        [running]    com.mcafee.cspd.plist (2015-05-08) [Support]

        [not loaded]    com.mcafee.ssm.ScanFactory.plist (2016-07-26) [Support]

        [not loaded]    com.mcafee.ssm.ScanManager.plist (2016-07-26) [Support]

        [running]    com.mcafee.virusscan.fmpd.plist (2016-03-29) [Support]

        [loaded]    com.microsoft.autoupdate.helpertool.plist (2016-07-03) [Support]

        [loaded]    com.microsoft.office.licensingV2.helper.plist (2016-04-11) [Support]

        [loaded]    com.oracle.java.Helper-Tool.plist (2016-06-11) [Support]

        [loaded]    com.teamviewer.Helper.plist (2016-02-01) [Support]

        [not loaded]    com.teamviewer.teamviewer_service.plist (2016-02-01) [Support]

     

    User Launch Agents:

        [loaded]    com.google.keystone.agent.plist (2016-07-12) [Support]

     

    Internet Plug-ins:

        SiteAdvisor: 2.0 - SDK 10.1 (2014-12-05) [Support]

        QuickTime Plugin: 7.7.3 (2016-07-19)

        JavaAppletPlugin: Java 8 Update 92 build 14 (2016-06-11) Check version

        Default Browser: 601 - SDK 10.11 (2016-07-19)

     

    Safari Extensions:

        AdBlock - BetaFish, Inc. - https://getadblock.com (2016-05-28)

        SiteAdvisor - McAfee - http://www.siteadvisor.com (2016-08-26)

     

    3rd Party Preference Panes:

        FUSE for OS X (OSXFUSE) (2015-10-25) [Support]

        Java (2016-04-01) [Support]

        Paragon NTFS for Mac ® OS X (2016-07-03) [Support]

     

    Time Machine:

        Time Machine not configured!

     

    Top Processes by CPU:

            18%    kernel_task

             4%    WindowServer

             3%    fontd

             0%    Google Chrome Helper(15)

             0%    cloudpaird

     

    Top Processes by Memory:

        2.40 GB    Google Chrome Helper(15)

        1.11 GB    kernel_task

        475 MB    softwareupdated

        262 MB    Sketch

        262 MB    Google Chrome

     

    Virtual Memory Information:

        7.57 GB    Free RAM

        8.43 GB    Used RAM (1.98 GB Cached)

        0 B    Swap Used

     

    Diagnostics Information:

        Sep 1, 2016, 08:58:59 PM    Self test - passed

     

     

  • by OGELTHORPE,

    OGELTHORPE OGELTHORPE Sep 1, 2016 4:04 PM in response to d_dante7
    Level 9 (52,101 points)
    Mac OS X
    Sep 1, 2016 4:04 PM in response to d_dante7

    The McAfee AV which I disapprove of is the only blemish I see in the Etrecheck report.  Regardless of my opinions, the final decision is always that of the given user.  It is not my place to impose my views on others.

     

    Ciao.

  • by d_dante7,

    d_dante7 d_dante7 Sep 7, 2016 3:03 PM in response to OGELTHORPE
    Level 1 (12 points)
    Notebooks
    Sep 7, 2016 3:03 PM in response to OGELTHORPE

    Hi I think you are right about uninstalling the McAfee, I just ran another Etrecheck and the CPU process for 'fmpd' is at 100%, did some research and it would appear that this is caused my McAfee. The Mac is also starting to heat up like a firecracker and it sounds like an F15 jet is trying to land in it. This all started after I recently updated all the packages within my Homebrew package manager e.g python, node, git etc. I'll start to uninstall the McAfee.

     

    EtreCheck version: 3.0.3 (307)
    Report generated 2016-09-07 22:24:26
    Download EtreCheck from
    https://etrecheck.com

    Runtime 1:29
    Performance: Excellent


    Click the
    [Support] links for help with non-Apple products.
    Click the
    [Details] links for more information about that line.

    Problem: No problem - just checking

    Hardware Information:
        MacBook Pro (Retina, 15-inch, Mid 2015)
        [Technical Specifications] - [User Guide] - [Warranty & Service]
        MacBook Pro - model: MacBookPro11,4
        1 2.2 GHz Intel Core i7 CPU: 4-core
        16 GB RAM Not upgradeable
            BANK 0/DIMM0
                8 GB DDR3 1600 MHz ok
            BANK 1/DIMM0
                8 GB DDR3 1600 MHz ok
        Bluetooth: Good - Handoff/Airdrop2 supported
        Wireless:  en0: 802.11 a/b/g/n/ac
        Battery: Health = Normal - Cycle count = 23

    Video Information:

        Intel Iris Pro
            Color LCD 2880 x 1800
            BenQ GL2460 1920 x 1080

    System Software:

        OS X El Capitan 10.11.6 (15G1004) - Time since boot: less than an hour

    Disk Information:

        APPLE SSD SM0256G disk0 : (251 GB) (Solid State - TRIM: Yes)
            EFI (disk0s1) <not mounted> : 210 MB
            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB
            Macintosh HD (disk1) / : 249.78 GB (204.00 GB free)
                Encrypted AES-XTS Unlocked

                Core Storage: disk0s2 250.14 GB Online

    USB Information:

        Apple Inc. Apple Internal Keyboard / Trackpad
        Broadcom Corp. Bluetooth USB Host Controller
        Logitech USB Receiver

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

    Gatekeeper:

        Mac App Store and identified developers

    System Launch Agents:

        [not loaded]   7 Apple tasks
        [loaded]   162 Apple tasks
        [running]   69 Apple tasks

    System Launch Daemons:

        [not loaded]   47 Apple tasks
        [loaded]   155 Apple tasks
        [running]   89 Apple tasks

    Launch Agents:

        [loaded]   com.mcafee.menulet.plist (2016-04-26) [Support]
        [running]   com.mcafee.reporter.plist (2016-04-26) [Support]
        [loaded]   com.oracle.java.Java-Updater.plist (2016-06-11) [Support]
        [not loaded]   com.teamviewer.teamviewer.plist (2016-02-01) [Support]
        [not loaded]   com.teamviewer.teamviewer_desktop.plist (2016-02-01) [Support]

    Launch Daemons:

        [running]   com.edb.launchd.postgresql-9.5.plist (2016-05-22) [Support]
        [loaded]   com.malwarebytes.HelperTool.plist (2016-06-16) [Support]
        [running]   com.mcafee.cspd.plist (2015-05-08) [Support]
        [not loaded]   com.mcafee.ssm.ScanFactory.plist (2016-07-26) [Support]
        [not loaded]   com.mcafee.ssm.ScanManager.plist (2016-07-26) [Support]
        [running]   com.mcafee.virusscan.fmpd.plist (2016-03-29) [Support]
        [loaded]   com.microsoft.autoupdate.helpertool.plist (2016-07-03) [Support]
        [loaded]   com.microsoft.office.licensingV2.helper.plist (2016-04-11) [Support]
        [loaded]   com.oracle.java.Helper-Tool.plist (2016-06-11) [Support]
        [loaded]   com.teamviewer.Helper.plist (2016-02-01) [Support]
        [not loaded]   com.teamviewer.teamviewer_service.plist (2016-02-01) [Support]

    User Launch Agents:

        [loaded]   com.google.keystone.agent.plist (2016-07-12) [Support]

    Internet Plug-ins:

        SiteAdvisor: 2.0 - SDK 10.1 (2014-12-05) [Support]
        QuickTime Plugin: 7.7.3 (2016-07-19)
        JavaAppletPlugin: Java 8 Update 92 build 14 (2016-06-11) Check version
        Default Browser: 601 - SDK 10.11 (2016-07-19)

    Safari Extensions:
        AdBlock - BetaFish, Inc. - https://getadblock.com (2016-05-28)
        SiteAdvisor - McAfee - http://www.siteadvisor.com (2016-08-26)

    3rd Party Preference Panes:

        FUSE for OS X (OSXFUSE) (2015-10-25) [Support]
        Java (2016-04-01) [Support]
        Paragon NTFS for Mac ® OS X (2016-07-03) [Support]

    Time Machine:

        Time Machine not configured!

    Top Processes by CPU:

           100%    fmpd
            16%    mds
             3%    mds_stores
             3%    McAfee Reporter
             3%    fontd

    Top Processes by Memory:

        1.08 GB    kernel_task
        672 MB    Google Chrome Helper(4)
        492 MB    firefox
        295 MB    plugin-container
        246 MB    Google Chrome

    Virtual Memory Information:

        9.61 GB    Free RAM
        6.39 GB    Used RAM (2.29 GB Cached)
        0 B    Swap Used

    Diagnostics Information:

        Sep 7, 2016, 10:23:05 PM    /Library/Logs/DiagnosticReports/fmpd_2016-09-07-222305_[redacted].cpu_resource. diag [Details]
            /usr/local/McAfee/fmp/bin/fmpd
        Sep 7, 2016, 10:21:16 PM    Self test - passed
        Sep 7, 2016, 09:57:29 PM    /Library/Logs/DiagnosticReports/VShieldScanManager_2016-09-07-215729_[redacted] .crash
            /usr/local/McAfee/AntiMalware/VShieldScanManager
        Sep 7, 2016, 09:25:21 PM    /Library/Logs/DiagnosticReports/VShieldScanManager_2016-09-07-212521_[redacted] .crash
        Sep 7, 2016, 09:14:34 PM    /Library/Logs/DiagnosticReports/fmpd_2016-09-07-211434_[redacted].cpu_resource. diag [Details]

Page 1 of 3 last Next