User profile for user: voltgram
voltgram Author
User level: Level 1
8 points

Does someone know what the Programm GReen-TOugh is for?

Because of some strange behavior of my iMac I found out there is a Programm wants to contact to

updates.ijnewhb.com and to stats.macapproducts.com and madmax.macapproducts.com

The Programm is located in /private/var/root/Library/Application Support/DAnZOzit/GReen-TOugh

This directory is normally only accessable by root. There is no match for GReen-TOugh or DAnZOzit in google. The program is executed with root privileges.


Thanks for any help

Th


Posted on Jan 19, 2019 5:43 AM

Reply
Question marked as Top-ranking reply
User profile for user: BDAqua
BDAqua
User level: Level 10
250,259 points

Posted on Jan 19, 2019 7:17 AM

It's a variant of this...


https://forums.malwarebytes.com/topic/206261-chill-tab-malware/


2 things that'll help get rid of it...


Post a report from this please...


EtreCheck is a simple little app to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac.


http://www.etresoft.com/etrecheck


There is also Malwarebytes…


https://www.malwarebytes.com/mac/

View in context

Similar questions

6 replies
Question marked as Top-ranking reply
User profile for user: BDAqua
BDAqua
User level: Level 10
250,259 points

Jan 19, 2019 7:17 AM in response to voltgram

It's a variant of this...


https://forums.malwarebytes.com/topic/206261-chill-tab-malware/


2 things that'll help get rid of it...


Post a report from this please...


EtreCheck is a simple little app to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac.


http://www.etresoft.com/etrecheck


There is also Malwarebytes…


https://www.malwarebytes.com/mac/

Reply
User profile for user: voltgram
voltgram Author
User level: Level 1
8 points

Jan 19, 2019 7:44 AM in response to BDAqua

Thanks for your answer.

I changed the attributes to

-rw-rw-rw-  1 root  wheel  240784 17 Jan 23:04 GReen-TOugh an make a reboot.

and with little snitch I blocked and recorded all traffic and I can see that the last activity is hours ago before the attribute changing.

So maybe this program is disarmed for the moment. Did you know if it is more than one program?

And I'am wondering how they make it to safe this program in that location. Normally you must be root to do so. And root was disabled. I only enabled it to solve this problem.


But I will try EtreCheck.


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Does someone know what the Programm GReen-TOugh is for?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up