User profile for user: gkoussa1
gkoussa1 Author
User level: Level 1
8 points

Do I have any Malware?

I recently installed a few chrome extensions, one of them that I suspect is from webpreserver.com. It's a digital evidence gathering extension. Once installed some weird behavior started happening. I cannot launch certain apps. CleanMyMac will not complete a malware scan and freezes, EtreCheckPro will only run in Safe Mode.


The most annoying thing is I cannot shutdown. Shutdown process closes the desktop, all apps and then a spinning wheel is present and sits there forever.

EtreCheck Pro


MacBook Pro with Touch Bar

Posted on Jun 17, 2021 12:26 PM

Reply
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
56,978 points

Posted on Jun 17, 2021 2:52 PM

gkoussa wrote:

Interesting, because CleanMyMac is from the App Store.

The CleanMyMac installation shown on the above EtreCheck report is from "SetApp". Some parts are signed by MacPaw and some parts are not signed at all. Some parts are running under administrator privileges in a launch daemon. All Mac App Store apps are signed by Apple and show up in an EtreCheck report as "App Store". Apps using administrator privileges and/or launch daemons are not allowed in the Mac App Store.


If your computer is so jacked up that it won't run apps except in safe mode, you should erase the hard drive and reinstall the operating system. You haven't backed up in months. The first thing to do is make a Time Machine backup. Then erase the hard drive and reinstall the operating system. When you restore from backup, only restore user accounts and user documents. Do not restore apps or "other files". That will just restore your system to its broken configuration. You don't want that. You will need to manually reinstall any apps that you really need.


I strongly suggest that you avoid installing anything that is listed on your EtreCheck report for the time being. Once your computer is up and running again, you can slowly start to reinstall optional apps and system modifications. If one of these starts to cause problems, you can then more easily restore from a Time Machine local snapshot in a couple of minutes and just avoid that problematic software entirely.

View in context

Similar questions

6 replies
Question marked as Top-ranking reply
User profile for user: etresoft
etresoft
User level: Level 9
56,978 points

Jun 17, 2021 2:52 PM in response to gkoussa

gkoussa wrote:

Interesting, because CleanMyMac is from the App Store.

The CleanMyMac installation shown on the above EtreCheck report is from "SetApp". Some parts are signed by MacPaw and some parts are not signed at all. Some parts are running under administrator privileges in a launch daemon. All Mac App Store apps are signed by Apple and show up in an EtreCheck report as "App Store". Apps using administrator privileges and/or launch daemons are not allowed in the Mac App Store.


If your computer is so jacked up that it won't run apps except in safe mode, you should erase the hard drive and reinstall the operating system. You haven't backed up in months. The first thing to do is make a Time Machine backup. Then erase the hard drive and reinstall the operating system. When you restore from backup, only restore user accounts and user documents. Do not restore apps or "other files". That will just restore your system to its broken configuration. You don't want that. You will need to manually reinstall any apps that you really need.


I strongly suggest that you avoid installing anything that is listed on your EtreCheck report for the time being. Once your computer is up and running again, you can slowly start to reinstall optional apps and system modifications. If one of these starts to cause problems, you can then more easily restore from a Time Machine local snapshot in a couple of minutes and just avoid that problematic software entirely.

Reply
User profile for user: Owl-53
Owl-53
User level: Level 10
103,981 points

Jun 17, 2021 1:56 PM in response to gkoussa1

Strongly suggest removing CleanMyMac as per Developers Instructions ASAP. It is known on these Forums as dangerous and very harmful to the OS. Any Third Party Applications that will interfere with the normal operation of the OS, alter, modify, remove or delete or attempt to do so is an invitation for disaster and may require a Reinstallation of the OS.


Suggest downloading from a Trusted Developer and Respected ASC Contributor the application Malwarebytes for Mac. It is free or paid for added features. Run the Application and it should remove the malware / adware. Once done, restart computer and test.


There are no known Viruses in the wild that self replicate and affect macOS. There are Malware and Adware that does affect macOS and are often times downloaded as part of an Application from Third Party UnTrusted Site and get installed along with the Application.


Reply
User profile for user: Owl-53
Owl-53
User level: Level 10
103,981 points

Jun 17, 2021 1:59 PM in response to gkoussa1

From the Supplied Report Issue at need immediate attention

Gatekeeper disabled - Gatekeeper security protection is disabled. This computer is at risk of malware infection.

Heavy CPU usage - Some processes are using an unusually high amount of CPU.

Apple security disabled - Apple security software is disabled. This computer is at risk of malware infection.

Antivirus software: CleanMyMac and One Periodic REMOVE as Per Developers Instruction

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Do I have any Malware?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up