I have a notification that pops up for a site that I don't trust. It shows up in notifications. I found it listed briefly in the activity monitor. Evidently it reaches out to gcaptain.com several times a day. I want to remove it from notification lists.
iMac 27″, macOS 11.6
Please run Etrecheck and post its full report here. Use the "additional text" button and paste the report into the text box.
This will let us see if there are any launch agents associated with this - which there probably are - and then we should be able to get rid of them.
Please run Etrecheck and post its full report here. Use the "additional text" button and paste the report into the text box.
This will let us see if there are any launch agents associated with this - which there probably are - and then we should be able to get rid of them.
dwavo wrote:
thanks! i am learning. this is a fresh OS install. I used only safari (so far). safari->preferences shows no extensions.
so it seems that shutting off notifications works to stop notifications. but the gcaptaib program is still in the notifications panel,l: there may be a program still installed (can't tell); and it may be running from launchd (can't tell).
Did you erase the drive before reinstalling macOS? If not, then you just reinstalled macOS over top of itself leaving all the software, settings, data intact.
If so, then did you migrate or restore from a backup? If you did, then you just brought back the problem. You would need to restore from a backup made before you ever encountered this problem.
FYI, if you provided the requested EtreCheck report perhaps a contributor would notice something that would help especially if that is indeed an app tied to the system. You can also check Activity Monitor to look for a running process that is associated with the app (you may need to click "View" and select "All Processes").
First, download and install the free Malwarebytes for Mac, run it to see if it detects and cleans any malware, then you can remove it via its Help menu.
In the Terminal, run the following command to list everything not belonging to the operating system (com.apple) that was started by launchd:
launchctl list | egrep -iv 'com.apple' | more
and for more info:
man launchctl
You can control the behavior of a notification from the System Preferences > Notifications panel by selecting the specific notification name and changing its settings, or you can select it and press the delete key to remove that notification.
The gcaptain.com site is a maritime news platform, that on first visit, provides a drop-down panel offering to let it send notifications to you. Did you agree to that, or install any software from their site?
There are many apps that are launched using launchd config scripts. However, those are usually run in the background. This "gcaptaib" app looks more like a traditional app. It may not have any kind of config script. However, where notifications are concerned, none of that matters. It's rare, but there are some apps that will generate notification spam. They can schedule an unlimited number of notifications to be triggered at any time in the future.
But at this time, there is no way to tell which of these kinds of apps you have installed. Even though you have this "gcaptaib" app, that doesn't mean that some or all of these notifications aren't coming from Safari or some other web browser. You can disable all of these notifications using either System Preferences or Safari preferences. If you use some other web browser, it should have some way to manage notification preferences too.
Launchd is part of the operating system and launches all processes.
What you want to do is disable the ability of the website to send you notifications. In Safari, go to Preferences > Notifications and change the permissions on that site to “Deny”.
If you use some other web browser, then you’re on your own.
There is no program associated with the notifications. If you turn off notifications for that site, then you won't get those notifications anymore.
thanks - that will stop notifications, but the program could still be running in the background. I ran launchctrl and can't find the program. It is evidently run from safari. I was hoping to remove the plist file or whatever so it no longer started.
The site name shows up as the name of a file: /System/Volumes/Data/Users/myself/Library/Safari/Databases/___IndexedDB/v1/https_gcaptain.com_0
if I turn off notifications, it can still run in background, correct?
Thanks. I just assumed that launchd ran like crontab and called a script of some sort. What happened is that I got a politically laced message from someone that had Gcaptain reference. Looked at that site and maybe clicked on notifications button, though I sure didn't want that. I just don't want some script reaching out to this site periodically in the background.
I assumed that luanchctrl would list all active instances, but evidently it doesn't.
What is bothersome, is that right in between mail and calendar, etc is the Gcaptain notification. And so it appears to still have some configuration on my machine. I want to disappear that - or some other notification in the future. And not have little gremlins running around the OS!
I have no clue what's going on with your computer. That's "gcaptaib" not "gcaptain". It does have an icon for the current gcaptain.com website. It looks like they did use to have an iOS app years ago, but it had a different icon.
But regardless, that app, whatever it is, is completely different from Safari notifications. It looks like you have notifications turned off for it, so that should stop them. But the software may still be running.
well - i feel pretty helpless. I just re-installed the OS and had hoped I could keep this system clean.
I was directed to the site for some political commentary and so don't particularly trust Gcaptain.com. It's probably innocuous, but there is no way to remove it.
is there some sort of a log that I should watch. (I have console open) or do I have to setup setup something like mitdump to do that, which is silly.
I would think that if launchd spawns this process there should be a config file and the option to turn on logging.
I should just be able to remove the program.
many thanks Etre team.
[Edited by Moderator]
thanks! i am learning. this is a fresh OS install. I used only safari (so far). safari->preferences shows no extensions.
so it seems that shutting off notifications works to stop notifications. but the gcaptaib program is still in the notifications panel,l: there may be a program still installed (can't tell); and it may be running from launchd (can't tell).
frustrating lack of control for un*x types. but probably safe and probably no little gremlins.
thank you Etre !
Re: how to find a program that has started from launchd.
Hi and thanks again! In answer to your question, I had a Mac shop replace the hard drive with solid state drive. The only thing that remained (oddly) that I noticed were the network passwords. Maybe those are stored off the drive?
issue: I visited the Gcaptain.com website once and it installed this notification. I don't remember asking. I turned off notifications but the icon in notifications with Gcaptain remains. My concern is that there may be little gremlins or such and it can still spawn from launchd even with notifications turned off. Really, I should be able to remove it from the notifications panel.
I suspect that this is pretty benign, but it's just as un*x person I am used to having a bit more control.
I have re-run the ETRE report, attached.
Thanks.
Except for having ESET anti-virus installed I don't see any problems. Anti-virus apps, cleaning apps, and third party security software are not needed on a Mac. These types of apps interfere with the normal operation of macOS and usually cause more problems than they solve plus they impact system performance.
I'm wondering whether you are just seeing the Notification setting which still retains the information for that app which was brought back after restoring from a backup (or maybe those settings are being synced from the cloud?), but the app itself is not really installed on your system (at least not at a system level or as a Login item). I see no signs of any rogue software as a Login item or at the system level. If the app still exists at all, it would likely be in the Applications folder. However, I am not a macOS software expert, so would welcome another more knowledgeable contributor from providing their assessment.
how to find a program that has started from launchd
