"ApplicationEvents," "StructuredServices," and "ResultsValue" installing themselves after being moved to trash

I have been following another thread on here on this same topic and posting to it as well.

https://discussions.apple.com/thread/250650858?page=1

The Malware Bytes program I ran found some interesting malware and adware and PUPs (?).

Among these was" Mac Mechanic".... I am now thinking this may have been something I clicked on in the past year thinking it was legit and subsequently thought I had removed. Looks like it stayed around even tho I thought I had uninstalled it....

Note there is at least one thread on here on Mac Mechanic.

https://discussions.apple.com/thread/8491390

Also something called "Mac Cleaner" that is linked to something else that the Malware Bytes scan found called PUP.PCVARK

https://blog.malwarebytes.com/threat-analysis/2016/08/pcvark-plays-dirty/

Somewhere along the line, you installed adware. Download and run MalwareBytes for Mac. It's free to use and can be uninstalled after you're done with it.

Reinstall Malwarebytes. To uninstall properly, it look in its Help menu.

Kurt Lang wrote:

But ransomware is extremely rare, and to get the latest definitions, all you need to do is download and install MalwareBytes when you want to run it again. The download direct from the vendor will always be the latest.

That's the way I've been using it for years (Sorry Thomas!).

I always trustingly went along with the 'nothing can ever affect an apple' premise

Some folks take the Apple protection belief a bit too far. There is no computer in the world that can't be compromised. There's always a way to do it, no matter what OS you're talking about.

With the Mac OS, the main bragging right is viruses don't exist. That is largely due to Unix under the pretty GUI. Unix from the very beginning was written to be a secure OS. Permissions are required to write to areas of the drive that belong to the OS. Since viruses are designed to spread with no user interaction, Unix makes that extremely difficult to do.

Not that it's literally impossible. There have been a few Mac viruses developed in security labs. They report how it was done to Apple so the OS can be patched before the scum of the earth find the vulnerability. But there has yet to be a Mac virus found in the wild. Well, there were a handful in OS 9 and earlier, but not one since OS X was introduced.

Where the Mac OS is being attacked are Trojans and social engineering.

1. Trojans - Any unwanted software the user must install in order for it to get on your system. Legal downloads from places like softonic.com and downloads.com are loaded with Trojans. Not the really ugly kind like a keylogger or back door, but adware up the wazoo. Why do they include this stuff? Because the adware makers pay them for each download that includes their crap. Why doesn't the OS block the installation of said adware? Because the sites you download it from make sure to let you know (usually not very transparently) that you accept anything you download from them. By making it a blanket statement, users don't pay attention that this also includes the junk you don't want. Since you've legally accepted it (unaware or not), Apple cannot block or remove it without getting into legal trouble for overriding your decision to install it. That leaves all work to removing adware up to the person who installed it. You.
2. Social engineering - If you look around these forums, there are at least a dozen posts per day (likely a lot more than I see myself) asking if a message or phone call was really from Apple. Or a web site pops up screaming you have xxx viruses on your computer and permanent damage will occur in xxx minutes if you don't call some scammers number RIGHT NOW! These are, without exception, all fake. But they are designed to make the user panic with scary sounding wording so they'll react rather than think. If you ever get any such phone call, hang up. For messages and emails, some of the biggest giveaways are things you will never, ever see in a communication from Apple. These include bad spelling and grammar. Attachments. Links to cancel a purchase or verify your account. Return addresses that obviously do not go back to Apple.

since I am not using any anti virus software

Good thing, too, since all typical AV software is 100% useless. MalwareBytes is different in that its main job is to find and remove junk the user has already installed.

As IdrisSeabright noted, you don't have to purchase MalwareBytes. The full version adds a few things. The main one is that it watches the system full time for, more than anything else, signs of ransomware trying to encrypt your files. It will then try and shut that malware down as quickly as possible. The other is it automatically updates itself and pulls down new definitions files so it recognizes new threats.

But ransomware is extremely rare, and to get the latest definitions, all you need to do is download and install MalwareBytes when you want to run it again. The download direct from the vendor will always be the latest.

To properly uninstall MalwareBytes, launch the app and use the Uninstall option in the top menu bar.

I just want to add, while the other's people's solutions on this panel worked and are helpful, did anyone else notice they had this issue, after safari updated to 13.0? I noticed it when I updated it to 13.0 and again to 13.01.

The setting to allow Apps only from Apple doesn't stop the user from installing whatever they want. It's more of an automatic or not thing. Such as, items from the App Store will simply install when you purchase something. The OS will not ask for your admin password to allow its installation. The same with the second setting. As long as it's a properly signed app, it should install without the need for an admin password.

You can bypass this at any time for software not in the App Store. MalwareBytes was still allowed to install because the vendor has a certificate from Apple. Which means they can code-sign their app, even though it doesn't come from the App Store. The OS sees it is properly signed and allows it. The reason this particular app isn't in the App Store is because it installs a kernel extension. That's one of the things items in the App Store are not allowed to do. So the only way to distribute the app, even though code-signed, is from outside the App Store.

Then you get past that to apps that are perfectly safe to use, but aren't in the App Store, or even code-signed. If it's something you want use, you right click on the app or its installer, and choose Open. The OS will ask if you really want to run this item from an unknown source. Say yes, and that's it. The OS won't ask you again for that app.

As far as the Dock, it all depends on what the author of the app feels like doing. Most apps don't automatically add their links to the Dock, but some do. Others ask if you want it to add those icons for you.

Ditto! I got hit yesterday with the StructuredServices one and today the ResultsValue one. I clicked on it and moved it to the trash from my apps folder both times and thought that would do it. I also deleted all website data in safari preferences both times.

I was just checking my mail and got a message that mail could not identify the server, that the certificate was invalid, and was asking if I trust it and warning it could be pretending to be my server an attempt to get my confidential information....

Thank you Kurt!!!!!

I loaded the free software and it found 30 suspicious items including malware. All are gone now and my email is now working. That was definitely it.

Might have to spring for the subscription now since I am not using any anti virus software, obviously. :)

Thank you!!!!!!

I had the same issue, I did all that, I just did it a few minutes ago so waiting to see and make sure it has solved the issue. I did delete the app from my downloads and such, when I search for it on my computer I get nothing however there is the malware icon on my top menu bar, soooo, now what????

Any and all cleaning or optimization apps are useless junk. Almost without exception, they will do things like removing system files (or at least try to). Otherwise, they do simple cleaning tasks you can do yourself without paying for such garbage. Like clearing the browser cache, cleaning out cookies and removing user cache data.

PUP means Potentially Unwanted Program. Like Mac Mechanic and many similar pieces of junk (MacKeeper, CleanMyMac, MacCleanse, etc.), they aren't really malware, but they don't do anything useful, either.

If you to peruse some 100% junk, just look in the App Store for anti-virus apps. As mentioned earlier, there are no Mac viruses, so just what are they looking for to begin with? That and any and all software in the App Store must follow very strict guidelines to be allowed there at all. One being they cannot in any way touch the OS or any of its associated areas. They can only look within themselves and the contents of your user account. That leaves a very large part of your drive they not only can't remove any malware from (if there were any), but aren't even allowed to look there.

In iOS, AV software from the App Store is even more useless. Being a locked down system with no user accounts (each device only has one user), the only place such software can look for infection is itself. Not even other apps. Why are they allowed in the App Store at all? They are truly useless.