Activitycache pop up issue

Globaljezza66, please follow the instructions below.

First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.

• A backup is a fundamental prerequisite regardless of whatever method you may choose uninstall adware, and would apply even if your Mac were running perfectly well. Do not overlook this fundamental requirement. It's important.

Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: How to use safe mode on your Mac - Apple Support. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".

The following files and / or folders need to be deleted while using your Mac in "Safe Mode":

Second and third screenshots (which as you noted are both parts of /Library/LaunchDaemons):

Drag those selections of files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.

Next: open Safari and select the Safari menu > Preferences (or Settings) > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Then, select the Search pane and confirm your desired Search Engine. Repeat those equivalent actions for any other browser you may use (Brave, Firefox, or Opera for example).

• Specifically for Google Chrome: If you use it, you will also need to reset the Chrome product to its default settings. To learn how to do that read https://support.google.com/chrome/answer/3296214?hl=en

There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.

Next: In an abundance of caution, examine System Preferences (or Settings) > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.

Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:

If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.

Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.

You can then restart your Mac and log in as usual. Evaluate its operation and ensure everything is working as you expect it should.

Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:

~/Library/Application Support

It is normal for that folder to contain many items, but anything associated with the above adware may contain identical names. If you find a folder or folders bearing those names, drag those folders to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.

Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.

Etrecheck

To avoid the question / answer and question answer scenario

Download the Application Etrecheck directly from the Developer.

The Application is Not a " Silver Bullet " but only a tool to examine the Hardware / Software used on this computer

This is a Diagnostic Tool that makes no changes to the computer.

It makes a coherent and readable inventory of both the Hardware and Software used on the computer

The application is free or paid for added features. 

The Report will Not Reveal Any Personal Information. 

Post back the Full Report - copy and paste - >>>> using the Additional Text Icon <<<<

Please read Removing "Search Marquis" / "Search Baron" / etc on your own - Apple Community, and post the three screenshots it describes in a reply to this Discussion.

Remove "CleanMyMac" forthwith, before it causes additional misery. Follow its uninstallation instructions.

Normally, malware will be blocked by the Builtin Security in the Operating System.

Which seems to what is reported in your image above

The The Built in Security  is all that is required.

Mac app security enhancements

Security. Built right in

That is unless the User ( you ) purposefully granted permission to Bypass the Operating System Security features.

This is further compounded by using " Cleanmymac " disk Cleaner

This application is sometimes referred to by its' other name " BrickMyMac "

Specific to CleanMyMac aka “ BrickMyMac “

To put the CleanMyMac aka BrickMyMac in context and the damages it may have or has already done.

This application can or will Muck Up your User Account ( Home Folder ) of this machine.

It does not touch the Operating System itself unless you consider your User Account ( Home Folder ) as part of the Operating System

Then in that specific context - it has Mucked Up the Operating  System 

Any of the below should be removed as per Developers Instructions 

This will include CleanMyMac , aka “ BrickMyMac “

Please follow my earlier recommendations:

Please read Removing "Search Marquis" / "Search Baron" / etc on your own - Apple Community, and post the three screenshots it describes in a reply to this Discussion.

EtreCheck is ok too. It's up to you; I can work with either one.

P. Phillips wrote:

It this just a newer presentation of the same Search Baron and Search Marquis

Yes, in that the causes remain the same, but the consequences have evolved to result in the "<...> will damage your computer" dialog.

XProtect is now capturing those causes, which have been inactivated and have been dormant for months. The only thing left to address is the annoying dialog.

The solution remains unchanged, so the User Tip is still applicable. Its title ought to be renamed to more accurately describe that evolution, but I'm not sure if it is possible to edit a User Tip title. It's on my list of things to do.

If you John

This malware naming.

It this just a newer presentation of the same Search Baron and Search Marquis

Need to understand correctly for futures encounters with this type of issue

Thanks in advance for any insights

John Galt wrote:

The solution remains unchanged, so the User Tip is still applicable. Its title ought to be renamed to more accurately describe that evolution, but I'm not sure if it is possible to edit a User Tip title.

It seems that it is not possible to edit a User Tip title. I am leaning in favor of creating a brand new User Tip with a more appropriate title for this particular annoyance. Its content will borrow heavily from the existing one.

Hopefully, with the passage of time, people will become wise to the "Search Baron / Search Marquis" scourge and / or learn how to get rid of it on their own, and that User Tip will cease to be relevant.

https://etrecheck.com/

Really appreciate both the information above and the work you have done on this hideous Malware

👍