User profile for user: gkuperman12
gkuperman12 Author
User level: Level 1
4 points

PESKY VIRUS PLEASE HELP!

Hello all,


I have had this on my computer for a long time:

“urothl.app” cannot be opened because the developer cannot be verified.

macOS cannot verify that this app is free from malware.

This file was downloaded on an unknown date.


I have tried the following:

  1. cancelling / moving to bin -> does not work. just reappears.
  2. making hidden files visible in my finder by inserting a line of code into the terminal to find the file and manually moving it -> does not work. could not find and cannot search by date.
  3. using malware applications to root it out. -> has not worked. i have used Malwarebytes and Mackeeper.
  4. spotlighting the file name


CONSEQUENCES:

  1. trouble downloading any further third party apps or programs including but not limited to: Bluegriffin, Python, Roblox, Brackets



I have only seen one other user mention this particular virus "urothl.app" and it was a german question on the apple community.


I work for a tech-ed company and have been as thorough as I can be to find this virus. I need ADVANCED SUPPORT.


MacBook Pro 15″, macOS 11.0

Posted on Dec 14, 2020 7:39 AM

Reply
Question marked as Top-ranking reply
User profile for user: leroydouglas
leroydouglas
User level: Level 10
199,416 points

Posted on Dec 14, 2020 7:48 AM

gkuperman12 wrote:

Hello all,

I have had this on my computer for a long time:
“urothl.app” cannot be opened because the developer cannot be verified.1.
macOS cannot verify that this app is free from malware.
This file was downloaded on an unknown date.

I have tried the following:
cancelling / moving to bin -> does not work. just reappears.
2. making hidden files visible in my finder by inserting a line of code into the terminal to find the file and manually moving it -> does not work. could not find and cannot search by date.
3. using malware applications to root it out. -> has not worked. i have used Malwarebytes and Mackeeper.
4. spotlighting the file name
5.
CONSEQUENCES:
trouble downloading any further third party apps or programs including but not limited to: Bluegriffin, Python, Roblox, Brackets


I have only seen one other user mention this particular virus "urothl.app" and it was a german question on the apple community.

I work for a tech-ed company and have been as thorough as I can be to find this virus. I need ADVANCED SUPPORT.



Typically third party Anti-Virus does nothing but add issues and compete directly with Apples own built in Security:

Uninstall all third party apps that are Cleaners/Optimizers/Anti-Virus




If you suspect you have installed adware/malware:


>System Preferences>Profiles click into it and then remove all the suspicious things from the list. (This Preference pane will not be present if no profiles found.)


Adware Removal Guide—Manual removal of : http://www.thesafemac.com/arg-identification/

or

Try running this trusted utility https://www.malwarebytes.com/mac/


also Verify you are not using SOCKS proxy:

>System Preferences>Networks>Advanced>Proxy uncheck the box


Adware/malware launch daemons can set SOCKS proxies without user participation.

(SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server.)



macOS - Security - Apple https://www.apple.com/macos/security/

Apple Platform Security - Apple https://support.apple.com/guide/security/welcome/web


View in context

Similar questions

2 replies
Question marked as Top-ranking reply
User profile for user: leroydouglas
leroydouglas
User level: Level 10
199,416 points

Dec 14, 2020 7:48 AM in response to gkuperman12

gkuperman12 wrote:

Hello all,

I have had this on my computer for a long time:
“urothl.app” cannot be opened because the developer cannot be verified.1.
macOS cannot verify that this app is free from malware.
This file was downloaded on an unknown date.

I have tried the following:
cancelling / moving to bin -> does not work. just reappears.
2. making hidden files visible in my finder by inserting a line of code into the terminal to find the file and manually moving it -> does not work. could not find and cannot search by date.
3. using malware applications to root it out. -> has not worked. i have used Malwarebytes and Mackeeper.
4. spotlighting the file name
5.
CONSEQUENCES:
trouble downloading any further third party apps or programs including but not limited to: Bluegriffin, Python, Roblox, Brackets


I have only seen one other user mention this particular virus "urothl.app" and it was a german question on the apple community.

I work for a tech-ed company and have been as thorough as I can be to find this virus. I need ADVANCED SUPPORT.



Typically third party Anti-Virus does nothing but add issues and compete directly with Apples own built in Security:

Uninstall all third party apps that are Cleaners/Optimizers/Anti-Virus




If you suspect you have installed adware/malware:


>System Preferences>Profiles click into it and then remove all the suspicious things from the list. (This Preference pane will not be present if no profiles found.)


Adware Removal Guide—Manual removal of : http://www.thesafemac.com/arg-identification/

or

Try running this trusted utility https://www.malwarebytes.com/mac/


also Verify you are not using SOCKS proxy:

>System Preferences>Networks>Advanced>Proxy uncheck the box


Adware/malware launch daemons can set SOCKS proxies without user participation.

(SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server.)



macOS - Security - Apple https://www.apple.com/macos/security/

Apple Platform Security - Apple https://support.apple.com/guide/security/welcome/web


Reply
User profile for user: John Galt
John Galt
User level: Level 10
155,810 points

Dec 14, 2020 8:00 AM in response to gkuperman12

It's unlikely you will find a file by that name anywhere on your Mac. Do not use malware applications; they won't work.


To ascertain the cause so that you can eliminate it, start by inspecting the contents of the following folder:


~/Library/LaunchAgents


To open that folder, copy the entire line above and paste it in the Finder's Go menu > Go to Folder... field. Make it look like this:



... and click the Go button.


A Finder window will open. Make sure all its file names are readable by selecting View > as List or other selection that shows that folder's complete contents. Then, take a screenshot of that Finder window.



Often, there is nothing in that Launch Agents folder so don't be surprised to find it empty.


In the same manner as the above, navigate to this next folder:


/Library/LaunchDaemons


The Finder's Go menu > Go to Folder... field should look like this:



... and click the Go button once again.


Once again ensure all its files and their names are readable and capture a screenshot.


Then, repeat that exercise with the following folder:


/Library/LaunchAgents


Notice its pathname is different than the other two. The Finder's Go menu > Go to Folder... field should look like this:



In the end, you will have captured the contents of the following three separate folders:


~/Library/LaunchAgents

/Library/LaunchDaemons

/Library/LaunchAgents


All three will be saved to your Mac's Desktop with names "Screen Shot... " followed by the date and time they were captured. Please be sure to include or otherwise indicate the name of the folder that corresponds to each screenshot, so that you and I can keep track of which ones they are.


Post the entire contents of all three windows, one at a time, using the "picture" icon that appears below your reply text:


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

PESKY VIRUS PLEASE HELP!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up