Q: Web Page Tried to Reset My User Account

I had already run "Malwarebytes Anti-Malware" software but ran your suggested solution and got the following result;

/////////////////////////////////////

EtreCheck version: 3.0.2 (306)

Report generated 2016-08-26 19:55:34

Download EtreCheck from https://etrecheck.com

Runtime 2:27

Performance: Excellent

Problem: No problem - just checking

Hardware Information: ⓘ

    MacBook Air

    [Technical Specifications] - [User Guide] - [Warranty & Service]

    MacBook Air - model: MacBookAir6,1

    1 1.3 GHz Intel Core i5 CPU: 2-core

    8 GB RAM Not upgradeable

        BANK 0/DIMM0

            4 GB DDR3 1600 MHz ok

        BANK 1/DIMM0

            4 GB DDR3 1600 MHz ok

    Bluetooth: Good - Handoff/Airdrop2 supported

    Wireless:  en0: 802.11 a/b/g/n/ac

    Battery: Health = Normal - Cycle count = 409

Video Information: ⓘ

    Intel HD Graphics 5000

        Color LCD 1366 x 768

System Software: ⓘ

    OS X El Capitan 10.11.6 (15G31) - Time since boot: about 29 days

Disk Information: ⓘ

    APPLE SSD TS0128F disk0 : (121.33 GB) (Solid State - TRIM: Yes)

        EFI (disk0s1) <not mounted> : 210 MB

        MBASSD (disk0s2) / : 120.47 GB (36.43 GB free)

        Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

USB Information: ⓘ

    Apple Inc. BRCM20702 Hub

        Apple Inc. Bluetooth USB Host Controller

Thunderbolt Information: ⓘ

    Apple Inc. thunderbolt_bus

Gatekeeper: ⓘ

    Mac App Store and identified developers

Kernel Extensions: ⓘ

        /Applications/TechTool Protogo 4 [Deprecated; see TTP8]/Protogo Applications/TechTool Pro 7.app

    [not loaded]    com.micromat.driver.spdKernel (1.0 - SDK 10.8 - 2015-03-10) [Support]

    [not loaded]    com.micromat.driver.spdKernel-10-8 (1.0 - SDK 10.8 - 2015-03-10) [Support]

        /Applications/Utilities/Disk Sensei.app

    [not loaded]    org.cindori.TrimEnabler (1.0 - SDK 10.10 - 2016-08-10) [Support]

        ~/Library/Application Support/Transmit/Transmit Disk.app

    [not loaded]    com.panic.TransmitDisk.transmitdiskfs (4.0.0 - SDK 10.6 - 2014-10-01) [Support]

System Launch Agents: ⓘ

    [not loaded]    7 Apple tasks

    [loaded]    142 Apple tasks

    [running]    86 Apple tasks

    [killed]    3 Apple tasks

    3 processes killed due to insufficient RAM

System Launch Daemons: ⓘ

    [not loaded]    45 Apple tasks

    [loaded]    144 Apple tasks

    [running]    95 Apple tasks

    [killed]    6 Apple tasks

    6 processes killed due to insufficient RAM

Launch Agents: ⓘ

    [not loaded]    com.oracle.java.Java-Updater.plist [Support]

    [not loaded]    com.teamviewer.teamviewer.plist (2015-10-25) [Support]

    [not loaded]    com.teamviewer.teamviewer_desktop.plist (2015-10-25) [Support]

Launch Daemons: ⓘ

    [failed]    com.adobe.fpsaud.plist (2016-04-16) [Support]

    [loaded]    com.bombich.ccchelper.plist (2015-02-26) [Support]

    [loaded]    com.malwarebytes.HelperTool.plist (2016-08-04) [Support]

    [loaded]    com.microsoft.office.licensing.helper.plist (2010-08-25) [Support]

    [not loaded]    com.oracle.java.Helper-Tool.plist [Support]

    [loaded]    com.teamviewer.Helper.plist (2015-01-15) [Support]

    [not loaded]    com.teamviewer.teamviewer_service.plist (2015-10-25) [Support]

    [loaded]    com.transcend.TSRecoverHandlerHelp.plist (2016-02-11) [Support]

    [running]    com.transcend.TSSleepHandlerHelp.plist (2016-02-11) [Support]

    [loaded]    com.transcend.TSTRIMHandlerHelp.plist (2016-02-11) [Support]

    [loaded]    org.cindori.CCAuth.plist (2015-03-14) [Support]

    [loaded]    org.cindori.SenseiTool.plist (2016-08-26) [Support]

    [loaded]    org.cindori.TEAuth.plist (2015-02-26) [Support]

User Launch Agents: ⓘ

    [running]    com.amazon.music.plist (2016-08-09) [Support]

    [running]    com.c-command.SpamSieve.LaunchAgent.plist (2016-08-26) [Support]

    [loaded]    com.google.keystone.agent.plist (2016-07-12) [Support]

User Login Items: ⓘ

    Flux    Application  (/Applications/Utilities/Flux.app)

    iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

    Dropbox    Application  (/Applications/Dropbox.app)

    TransmitMenu    Application  (/Applications/Transmit.app/Contents/MacOS/TransmitMenu.app)

    OpenDNS Updater    Application Hidden (/Applications/Utilities/OpenDNS Updater.app)

    TomTomHOMERunner    Application Hidden (~/Library/Application Support/TomTom HOME/TomTomHOMERunner.app)

    1Password Helper URL    SMLoginItem  (/Applications/1Password.app/Contents/Library/LoginItems/2BUA8C4S2C.com.agilebi ts.onepassword-osx-helper.app)

Internet Plug-ins: ⓘ

    SharePointBrowserPlugin: 14.6.7 - SDK 10.6 (2016-08-24) [Support]

    FlashPlayer-10.6: 21.0.0.226 - SDK 10.6 (2016-04-22) [Support]

    QuickTime Plugin: 7.7.3 (2016-07-28)

    Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-22) Outdated! Update

    Default Browser: 601 - SDK 10.11 (2016-07-28)

Safari Extensions: ⓘ

    1Password - AgileBits - https://agilebits.com/onepassword (2016-01-21)

    ClickToPlugin - Marc Hoyois - http://hoyois.github.com/safariextensions/clicktoplugin/ (2016-03-01)

    Ghostery - GHOSTERY, Inc. - https://www.ghostery.com/ (2016-03-13)

3rd Party Preference Panes: ⓘ

    Flash Player (2016-04-16) [Support]

Time Machine: ⓘ

    Skip System Files: NO

    Mobile backups: ON

    Auto backup: YES

    Volumes being backed up:

        MBASSD: Disk size: 120.47 GB Disk used: 84.04 GB

    Destinations:

        Time Capsule [Local]

        Total size: 999.86 GB

        Total number of backups: 26

        Oldest backup: 16/11/2015, 15:25

        Last backup: 19/07/2016, 11:21

        Size of backup disk: Excellent

            Backup size 999.86 GB > (Disk size 120.47 GB X 3)

Top Processes by CPU: ⓘ

         6%    WindowServer

         4%    com.apple.WebKit.Networking(2)

         4%    com.apple.WebKit.WebContent(20)

         3%    SpotlightNetHelper

         3%    kernel_task

Top Processes by Memory: ⓘ

    1.66 GB    com.apple.WebKit.WebContent(20)

    1.05 GB    kernel_task

    156 MB    Safari

    131 MB    mds_stores

    123 MB    Mail

Virtual Memory Information: ⓘ

    1.18 GB    Free RAM

    6.82 GB    Used RAM (2.06 GB Cached)

    387 MB    Swap Used

Diagnostics Information: ⓘ

    Aug 24, 2016, 03:37:55 PM    ~/Library/Logs/DiagnosticReports/suggestd_2016-08-24-153755_[redacted].crash

        /System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/ suggestd

    Aug 24, 2016, 08:52:36 AM    /Library/Logs/DiagnosticReports/WindowServer_2016-08-24-085236_[redacted].crash

        /System/Library/Frameworks/CoreGraphics.framework/Versions/A/Resources/WindowSe rver

/////////////////////////////////////////////////////////////////////

With thanks, Jules

It looks like Apple has patched this issue with both El Capitan/Yosemite updates on 1st September 2016 => https://support.apple.com/en-gb/HT201222

The issue is also described here => http://www.telegraph.co.uk/technology/2016/09/02/apple-issues-urgent-security-up date-after-hack-turns-mac-compute/

Please note iOS users should also ensure they're upgraded to v9.3.5 as well.

With thanks to all.

I suggest you uninstall your 3rd-party remote access software and ensure that Apple's remote access features are disabled.

I'm not entirely sure I know what either of these is; do I have "3rd-party remote access software" active (I have Teamviewer but it's not running) and I don't, to the best of my knowledge, have a Remote Access client either. Did you see or know something different?

It would be interesting to know why you have Teamviewer installed in the first place.

I bought a software I couldn't download nor understand the arcane instructions, so I installed TV and allowed their tech-support to configure Java. They needed a one-time revocable access code.

Bet let's go back to me hitting a web-link, getting a blank screen followed by a "Your Account Has Been Setup" dialogue screen, whilst I was logged in to my account. I'm certain this was a crafted malware attack.

Though now I'm fascinated by how one removes both applications, and their cruft, from a system ... or whether rebuild is a better option (right up to replacing the hardware).