User profile for user: taylorfromia
taylorfromia Author
User level: Level 1
4 points

interpreting etrecheck

I was getting a pop-up window that said "your computer is low on memory," even though I checked activity monitor and it said ~97% was idle. It seemed one possible cause was malware, etc., and some forum users suggested getting an etrecheck report. I did that but am unsure how to interpret it. There were some unsigned files that were reported as possible malware, but when I tried to remove them, a window says "file not found" appeared. could someone possibly help me figure out whether I need to pursue this further to assure I have no malware? I couldn't see how to attach to full report, so I just took a screenshot of one part of it, but I can provide more of it as needed.


I'm using MacOS 10.15.3






Posted on Mar 14, 2020 1:06 PM

Reply

Similar questions

7 replies
User profile for user: Old Toad
Old Toad
User level: Level 10
215,906 points

Mar 14, 2020 2:52 PM in response to taylorfromia

Time since boot: About 15 days

It's quite beneficial to boot more frequently as it clears out temporary system cache and swap files. This time try a Safe Mode (Use Safe Mode to isolate issues with your Mac and Playing Safe: what does Safe Mode do?) boot. Then reboot normally.

NOTE: Safe Mode boot can take up to 10 minutes as it's doing some system cache cleaning, volume verifying and directory repairing. 

There are none of the usual suspects in the report. Full disk access is still not engaged. Did you also check this checkbox in Etrecheck?



If you're concerned about adware or malware download and run the free version of Malwarebytes. It was developed by a long time contributor to these forums and a highly respected member of the computer security community. 


Reply
User profile for user: Kurt Lang
Kurt Lang
User level: Level 9
68,880 points

Mar 14, 2020 1:41 PM in response to taylorfromia

Please post the entire report. All personal information is automatically redacted. Make sure to give EtreCheck full disk access in the System Preferences.



Then run EtreCheck. When it's done, copy the report to the clipboard and paste it here.



Since the reports are rather long, you must put that text under the Additional text option, or you'll get an error message you can't post that much text.

Reply
User profile for user: taylorfromia
taylorfromia Author
User level: Level 1
4 points

Mar 14, 2020 3:48 PM in response to Old Toad

Thanks for the info. I did boot in safe mode, then returned to normal mode and ran the malwarebytes software you recommended, and it removed the files that etrecheck listed as a potential major problem. Just a few questions:


How often would it be ideal to reboot frequency?


The new etrecheck report (text added bellow) showed that there are still unsigned files, including "instanton" from an unknown developer. I searched for files with that name but didn't find anything. Is there a way to locate and remove that file? And the report says there are 11 32-bit apps that won't work on macOS 10.15 "Catalina." Can those be removed?


Lastly, there is a paid version of the malware software you recommended which automatically checks for malware. Is this better in any way than just checking manually once in a while for free? Is malware more benign that viruses, which apple automatically checks for? I may just buy it to support the developer, but I don't know about running more applications at baseline if it isn't necessary.


thanks so much for your help.

new etrecheck report


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

interpreting etrecheck

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up