allowed some adware to get interwoven with safari application
download and ran norton antivirus, and it blocks the popup ads, but the windows still appear and the navigation is still infected.
figured i could just uninstall/reinstall safari and se if that works... but i do not know how to do that. please help.
... also, would be great to save all the keychain passwords as well!
thank you.
MacBook Air 11", macOS 10.12
See if you can get rid of the adware by using Malwarebytes. Try downloading this program which was written by Thomas R, a long time poster. The program will search for malware/adware The program will do the work for you which makes it easy. It may be necessary to run more than one scan.
Malwarebytes Anti-Malware for Mac 10.10 and later
To reinstall Safari, you would need to reinstall the OS. Since that doesn't affect your data, it may not help. Do a backup, preferable 2 separate ones on 2 drives. Boot to the Recovery Volume (command - R on a restart). Run Disk Utility and select First Aid. Then re-install the OS.
See if you can get rid of the adware by using Malwarebytes. Try downloading this program which was written by Thomas R, a long time poster. The program will search for malware/adware The program will do the work for you which makes it easy. It may be necessary to run more than one scan.
Malwarebytes Anti-Malware for Mac 10.10 and later
To reinstall Safari, you would need to reinstall the OS. Since that doesn't affect your data, it may not help. Do a backup, preferable 2 separate ones on 2 drives. Boot to the Recovery Volume (command - R on a restart). Run Disk Utility and select First Aid. Then re-install the OS.
1. Remove unknown profiles.
System Preferences > Profiles
Open System Preferences, click the “Profiles” icon ( a checkmark on a gear) .
When Profiles pane opens, select the unknown profile and click the minus button at the bottom.
2. Remove unknown Login item.
System Preferences > Users & Groups > Login items
Authenticate and unlock the lock.
Highlight the unknown login item and click the “-“ button at the bottom left to remove it.
Download EtreCheck, https://etrecheck.com/maspro and post the report here.
Click “Click to download” button,
Open Downloads folder, click on it to open, and then select ”Open”.
“Choose a problem” from the popup menu box, and then “Start EtreCheck” in the dialog.
Click “Share Report” button in the toolbar, select “Copy report” .
Paste the report when you reply.
Note
This is a diagnostic test.
If 5000 words limit applies:
Split the report into two parts and post as two separate posts.
If necessary, follow the manual instructions. Do not download any other programs.
weknow by Thomas R https://forums.malwarebytes.com/topic/236261-how-to-remove-weknow-malware-and-others/
https://support.symantec.com/en_US/article.HOWTO81114.html
2 You have unsigned files installed on your Mac.
Run EtreCheck again, scroll up the sidebar, click Security and Unsigned files buttons.
Click the "Remove" button.
3. Either you or an application installed edited the /etc/host file.
Restore the default.
About etc/host/file: https://discussions.apple.com/docs/DOC-8091
Click on the link in the last line of my post, then follow the steps to go to Finder, remove extensions, and other items. Do not download any programs. Start where the screen shot appears in the article.
EtreCheck version: 5.2 (5029)
Report generated: 2019-03-24 17:41:43
Download EtreCheck from https://etrecheck.com
Runtime: 4:07
Performance: Good
Sandbox: Enabled
Full drive access: Disabled
Problem: Other problem
Description:
weknow adware popups virus
Major Issues:
Anything that appears on this list needs immediate attention.
Unsigned files - There are unsigned software files installed that could be adware and should be reviewed.
More than one antivirus app - This machine has multiple antivirus apps installed.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
Vintage hardware - This machine may be considered vintage.
32-bit Apps - This machine has 32-bits apps will not work after macOS 10.14 “Mojave”.
Limited drive access - More information may be available with Full Drive Access.
Hardware Information:
MacBook Air (11-inch, Mid 2011) - Vintage!
MacBook Air Model: MacBookAir4,1
1 1.8 GHz Intel Core i7 (i7-2677M) CPU: 2-core
4 GB RAM - Not upgradeable
BANK 0/DIMM0 - 2 GB DDR3 1333 ok
BANK 1/DIMM0 - 2 GB DDR3 1333 ok
Battery: Health = Normal - Cycle count = 611
Video Information:
Intel HD Graphics 3000 - VRAM: 384 MB
Color LCD 1366 x 768
Drives:
disk0 - APPLE SSD SM256C 251.00 GB (Solid State - TRIM: Yes)
Internal SATA 3 Gigabit Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 - Macintosh HD (Journaled HFS+) 250.14 GB (39.29 GB used)
disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB
Mounted Volumes:
disk0s2 - Macintosh HD 250.14 GB (210.59 GB free)
Journaled HFS+
Mount point: /
Network:
Interface en0: Wi-Fi
802.11 a/b/g/n
Interface en2: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
System Software:
macOS Sierra 10.12.6 (16G1815)
Time since boot: About a day
Configuration Files:
File /etc/sudoers size: Found 1761 B but expected 1563 B
yes, restarting is the first action i perform after every proposed solution. report in parts below...
EtreCheck version: 5.2 (5029)
Report generated: 2019-03-25 11:59:45
Download EtreCheck from https://etrecheck.com
Runtime: 3:27
Performance: Good
Sandbox: Enabled
Full drive access: Disabled
Problem: Other problem
Description:
weknow adware popup virus
Major Issues: None
Minor Issues:
These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
Vintage hardware - This machine may be considered vintage.
32-bit Apps - This machine has 32-bits apps will not work after macOS 10.14 “Mojave”.
Limited drive access - More information may be available with Full Drive Access.
Hardware Information:
MacBook Air (11-inch, Mid 2011) - Vintage!
MacBook Air Model: MacBookAir4,1
1 1.8 GHz Intel Core i7 (i7-2677M) CPU: 2-core
4 GB RAM - Not upgradeable
BANK 0/DIMM0 - 2 GB DDR3 1333 ok
BANK 1/DIMM0 - 2 GB DDR3 1333 ok
Battery: Health = Normal - Cycle count = 612
Video Information:
Intel HD Graphics 3000 - VRAM: 384 MB
Color LCD 1366 x 768
Drives:
disk0 - APPLE SSD SM256C 251.00 GB (Solid State - TRIM: Yes)
Internal SATA 3 Gigabit Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 - Macintosh HD (Journaled HFS+) 250.14 GB (39.14 GB used)
disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB
Mounted Volumes:
disk0s2 - Macintosh HD 250.14 GB (210.74 GB free)
Journaled HFS+
Mount point: /
Network:
Interface en0: Wi-Fi
802.11 a/b/g/n
Interface en2: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
System Software:
macOS Sierra 10.12.6 (16G1815)
Time since boot: About 2 hours
Configuration Files:
File /etc/sudoers size: Found 1761 B but expected 1563 B
Notifications:
Notifications not available without Full Drive Access.
Security:
Gatekeeper: Enabled
System Integrity Protection: Enabled
Antivirus apps: MalwareBytes
32-bit Applications:
One 32-bit app
Kernel Extensions:
/Library/Application Support/Malwarebytes/MBAM/Kext
MB_MBAM_Protection.kext (Malwarebytes Corporation, 3.7 - SDK 10.14)
System Launch Agents:
[Not Loaded] 15 Apple tasks
[Loaded] 182 Apple tasks
[Running] 89 Apple tasks
System Launch Daemons:
[Not Loaded] 43 Apple tasks
[Loaded] 177 Apple tasks
[Running] 97 Apple tasks
[Other] 2 Apple tasks
Launch Agents:
[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2019-02-26)
[Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2019-03-15)
Launch Daemons:
[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2019-03-22)
[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2019-02-26)
[Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2019-03-07)
[Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2019-03-15)
[Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2018-08-04)
Notifications:
Notifications not available without Full Drive Access.
Security:
Gatekeeper: Enabled
System Integrity Protection: Enabled
Antivirus apps: Symantec and MalwareBytes
Unsigned Files:
Launchd: /Library/LaunchDaemons/com.symantec.sharedsettings2.NFM.plist
Executable: /Library/Application Support/Symantec/Silo/NFM/DomainSettings/SymSharedSettingsd
Details: Restrictive app permissions - possibly adware
32-bit Applications:
One 32-bit app
Kernel Extensions:
/Library/Application Support/Malwarebytes/MBAM/Kext
MB_MBAM_Protection.kext (Malwarebytes Corporation, 3.7 - SDK 10.14)
/Library/Extensions
SymXIPS.kext (Symantec, 9.0 - SDK 10.10)
SymInternetSecurity.kext (Symantec, 8.2.1 - SDK 10.11)
SymIPS.kext (Symantec, 8.2.1 - SDK 10.11)
NortonForMac.kext (Symantec, 8.2.1 - SDK 10.11)
System Launch Agents:
[Not Loaded] 15 Apple tasks
[Loaded] 169 Apple tasks
[Running] 102 Apple tasks
System Launch Daemons:
[Not Loaded] 43 Apple tasks
[Loaded] 176 Apple tasks
[Running] 98 Apple tasks
[Other] 2 Apple tasks
Launch Agents:
[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2019-02-26)
[Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2019-03-15)
[Running] com.symantec.uiagent.application.NFM.plist (Symantec - installed 2019-02-14)
Launch Daemons:
[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2019-03-22)
[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2019-02-26)
[Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2019-03-07)
[Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2019-03-15)
[Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2018-08-04)
[Loaded] com.symantec.SymLUHelper.NFM.plist (Symantec - installed 2019-02-14)
[Loaded] com.symantec.UninstallerToolHelper.NFM.plist (Symantec - installed 2019-02-14)
[Loaded] com.symantec.dsp.nortonaggregatord.plist (Symantec - installed 2019-02-14)
[Loaded] com.symantec.liveupdate.daemon.NFM.plist (Symantec - installed 2019-02-14)
[Loaded] com.symantec.nortonutilities.daemon.plist (Symantec - installed 2019-02-14)
[Running] com.symantec.sharedsettings2.NFM.plist (? 7786c96 - installed 2019-02-14)
[Running] com.symantec.symdaemon.NFM.plist (Symantec - installed 2019-02-14)
[Loaded] com.symantec.symqual.detail.NFM.plist (Symantec - installed 2019-02-14)
[Loaded] com.symantec.symqual.panicreporter.NFM.plist (Symantec - installed 2019-02-14)
[Loaded] com.symantec.symqual.submit.NFM.plist (Symantec - installed 2019-02-14)
Audio Plug-ins:
BluetoothAudioPlugIn: 5.0.5 (Apple - installed 2019-02-08)
iSightAudio: 7.7.3 (Apple - installed 2019-02-08)
AirPlay: 2.0 (Apple - installed 2019-02-08)
AppleAVBAudio: 506.1 (Apple - installed 2019-02-08)
AppleTimeSyncAudioClock: 1.0 (Apple - installed 2019-02-08)
Time Machine:
Time Machine information not available without Full Drive Access.
Performance:
System Load: 1.83 (1 min ago) 2.29 (5 min ago) 2.73 (15 min ago)
Nominal I/O speed: 0.48 MB/s
File system: 120.01 seconds (timed out)
Write speed: 247 MB/s
Read speed: 263 MB/s
It may be necessary to run more than one scan using Malwarebytes..
Please use the manual method and do not download any programs but Malwarebytes.
Have you restarted the computer since doing both of the above? Try running/posting Etrecheck again.
well, the malwarebytes is effective neutralizing threats, however, the random web ads keep appearring both in safari and chrome. i think the are coming from "MacKeeper." how do i get rid of this mess?
the only program that appears "suspiciously" is FLASH and thats when started having this problem. send the flash manager to the trash and emptied it, but flash still appears in "system preferences." how to totally uninstall?
have completed all these steps, including those of dominic23, and this MACKEEPER adware continues to popup on pc and hijack "new webpage" tab to reroute to search engine called "weknow"
any ideas please?
Uninstall/reinstall safari
