Hi!
There's this root process on my Macbook Air 13" (early 2015 running on MacOS 10.14) that's taking up a huge chunk of my CPU usage and also has high energy impact - which maybe results to fast battery drainage?
The process is named "LlflpxmH" and it's really bothering me that I cant use my laptop for more than two hours without the need of plugging it in.
Any thoughts on how to fix this? Thanks!
MacBook Air 13", 10.14
Thanks.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step is optional, but will preclude any related inability to use your Mac due to the adware's excessive demands imposed upon it. Restart in "Safe Mode", and log in: Use safe mode to isolate issues with your Mac. Starting in Safe Mode takes longer than usual so let it finish.
In the first screenshot (~/Library/LaunchAgents) select the files shown below:
Drag that selection of files to the Trash. You will be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Repeat for these files in your second screenshot (/Library/LaunchDaemons):
Repeat for these files in your third screenshot (/Library/LaunchAgents):
Next: open Safari and select the Safari menu > Preferences... > Extensions. If you see any Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Repeat those equivalent actions for any other browser you may use.
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences > Extensions. Determine if there are any Extensions that may have been installed without your knowledge. Ask if you're uncertain. While you're there, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example).
You can then restart your Mac and use it normally.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware will bear identical names ("molariform" etc). Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Next: You also installed a scam "cleaning" product. To uninstall "CleanMyMac" follow its uninstallation instructions exactly. They require using "CleanMyMac" to uninstall itself. As far as I have been able to determine they are sufficient to deactivate it, but are somewhat incomplete in that some of its components will remain. Please review each of the folders you posted in your screenshots, and manually drag any of remaining "CleanMyMac" components to the Trash.
Next, and perhaps most importantly: your Mac appears to be running a torrent client. Presumably, you are familiar with the risks that entails. There are legitimate reasons for hosting torrents, and it's up to you to be mindful of those risks. Torrents are an open invitation to installing malware, and there is no software product that can adequately protect your Mac from them. The fact you were apparently deceived into installing adware is reason to suspect you may have underestimated those risks. Read Effective defenses against malware and other threats for additional suggestions regarding that subject.
Thanks.
First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.
Next: This step is optional, but will preclude any related inability to use your Mac due to the adware's excessive demands imposed upon it. Restart in "Safe Mode", and log in: Use safe mode to isolate issues with your Mac. Starting in Safe Mode takes longer than usual so let it finish.
In the first screenshot (~/Library/LaunchAgents) select the files shown below:
Drag that selection of files to the Trash. You will be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.
Repeat for these files in your second screenshot (/Library/LaunchDaemons):
Repeat for these files in your third screenshot (/Library/LaunchAgents):
Next: open Safari and select the Safari menu > Preferences... > Extensions. If you see any Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Repeat those equivalent actions for any other browser you may use.
There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.
Next: In an abundance of caution, examine System Preferences > Extensions. Determine if there are any Extensions that may have been installed without your knowledge. Ask if you're uncertain. While you're there, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example).
You can then restart your Mac and use it normally.
Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:
~/Library/Application Support
It is normal for that folder to contain many items, but anything associated with the above adware will bear identical names ("molariform" etc). Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.
Next: You also installed a scam "cleaning" product. To uninstall "CleanMyMac" follow its uninstallation instructions exactly. They require using "CleanMyMac" to uninstall itself. As far as I have been able to determine they are sufficient to deactivate it, but are somewhat incomplete in that some of its components will remain. Please review each of the folders you posted in your screenshots, and manually drag any of remaining "CleanMyMac" components to the Trash.
Next, and perhaps most importantly: your Mac appears to be running a torrent client. Presumably, you are familiar with the risks that entails. There are legitimate reasons for hosting torrents, and it's up to you to be mindful of those risks. Torrents are an open invitation to installing malware, and there is no software product that can adequately protect your Mac from them. The fact you were apparently deceived into installing adware is reason to suspect you may have underestimated those risks. Read Effective defenses against malware and other threats for additional suggestions regarding that subject.
You inadvertently installed adware. You do not need to download or install anything to fix it.
Navigate to the following folder, and post its contents in a screenshot.
~/Library/LaunchAgents
To open that folder, copy the entire line above and paste it in the Finder's Go menu > Go to Folder... field. Make it look like this:
Take a screenshot showing all that folder's contents, and post it in a reply. To take a screenshot read the Appendix in the following User Tip: Writing an effective Apple Support Communities question.
There will be additional instructions to follow. Usually, there is nothing in that folder so don't be surprised to find it empty. The reason for starting with that folder is to eliminate other potential causes before proceeding with steps that will identify and eradicate whatever is affecting that Mac.
For a description of how this may have occurred, how to avoid it in the future, and for Apple's recommended actions read How to install adware.
Review your Gatekeeper settings: OS X : About Gatekeeper - Apple Support. Gatekeeper is designed to help prevent you from inadvertently installing garbage software
Thanks. In the same manner as the above, open the following folder:
/Library/LaunchDaemons
To open that folder, copy and paste it in the Finder's Go menu > Go to Folder... field. It should look like this:
Once again ensure all its files and their names are readable, take a screenshot, and post it.
You can drag the CleanMyMac, MacKeeper, and Spigot folders to the Trash. The presence of those folders does no harm, but they don't provide any benefit either, so you might as well get rid of them.
You might find some associated log files, but removing them may be more trouble than it's worth. If you are motivated to do that, start with ~/Library/Logs
Hi John!
Here's a schreenshot of the folder.
Hi John!
Here's the screenshot.
Hi John!
Here it is.
Hi John!
Did all the steps you mentioned and it worked perfectly! Here's also the screenshot of the Application Support folder that you mentioned.
Repeat the above with one more folder please:
/Library/LaunchAgents
Once you post its contents, I'll have enough information to provide instructions for eradicating the adware.
"root" process has high energy impact which drains my battery fast
