Q: Deleted items in LaunchAgents and LaunchDaemons?

You can reinstall the current OS X.

You need to avoid deleting items that you don't know what they do.

Those files were responsible for starting background tasks - now those tasks will not run, but the other pieces of th software may still be installed. Some things might no longer work as expected, so you will need to uninstall & reinstall any apps that fail to work. Simply deleting the 'launchd' jobs will not remove a 'virus' or any other malware, adware, trojans etc. Many applications have background jobs (for handling hardware when it connects or for keeping apps up to date). It's possible these jobs were normal.

If you know what the virus is you may be able to find tools to remove it. However there don't appear to be any known Mac viruses!

It is possible you had something else that looks like a virus, but wasn't. Mac's get problems from malicious software that users install by mistake (trojans) or with junk packaged with other applications (malware, adware, scamware). Have you been installing apps from random websites?

If you have a virus you should shutdown the Mac & isolate it from the network. There are tools to scan the hard disk for known viruses, ClamXAV is a free Mac example.

https://itunes.apple.com/gb/app/clamxav/id430207028

Frankly it is safer to erase the Mac & restore from a backup from before the virus appeared.

I don't think reinstalling OS X will actually help with any non-Apple applications that you broke by deleting the background jobs, they will remain broken.

It's doubtful that you had any infection at all as OS X malware is rarely found in-the-wild and it should be the last thing us suspect if your Mac is acting up.  If you received a pop-up notice that your Mac was infected and to call an 800 number to have it fixed, be advise this is a total fraud to take your money and perhaps even talk you into giving them access to your computer where they could steal whatever they want or compromise it. There is no way to scan a Mac by visiting a web site, so ignore anything like that you see in the future.

After you have replaced your OS X, if you are having issues, be sure to return and start a new discussion describing what you experience in as much detail as possible so the appropriate troubleshooters will be able to give you a hand.

Yes you do need to be careful about what data you backup & restore if the Mac has malware or trojans etc.

Personally I would make a full backup before allowing IT to touch the machine. I'd keep the backup to myself too - they can make another if they need to do so . I do wonder how they can correctly reinstall your OS & apps without your Apple ID password (for the app store)? I wouldn't be happy giving anyone that password and would probably reinstall the OS myself instead.

We haven't worked out if the items you deleted were a part of normal software or were from something else so it's impossible to say whether they will come back. I would suggest you avoid installing any software from unknown sources - that includes 'aggregator' sites like cnet.downloads.com, macupdate.com. They have been known to bundle other junk in with valid software installers - it is one way people get this malware (along with using 'cracked apps', or using torrents to download movies & audio etc).

Get the apps straight from the source, ideally from a https:// URL where available (https cannot be intercepted or modified).

To remain secure after a clean install you should avoid restoring anything unless you know how you got the trojan, however I suspect you will want your music & personal files back. See if the IT dept can help, since it's complex to work out what you need. Make a note of any online accounts you use & reset the passwords.

P.S.

adwaremedic.com may find 'adware' on your Mac. I don't know if it will see your trojan (we are not clear on what it is), but you may want to run it after restoring to be sure nothing has come back. It is made by the guy who runs this site http://www.thesafemac.com, he also posts a lot in these forums. Also run ClamXAV after restoring any files.

Good luck

MariLee22 wrote:

 

The reason I know this is because I had my access rights revoked for the campus wifi, and when I called the University's Information Technology Services they told me it was because I have a trojan on my computer. They also informed me that in order to get my access rights back, I have to take in my laptop so they can "wipe the disk" and "reformat" the computer.

That's an extremely sketchy explanation on their part!

First, do not allow them to do anything with your computer. It's most likely that they are seeing some kind of false positive, which often happens when inexperienced IT folks, or junk network scanning tools, don't know enough to know what normal network traffic is generated by a Mac. However, there are dishonest IT folks out there, and the fact that they're telling you the only solution is to bring your computer in to let them do something to it could mean they have malicious intentions.

There is some Mac malware out there, but not much, and most of it doesn't actually require erasing the hard drive to get rid of. It's unlikely that you're infected with anything, but without more information, we cannot say definitively that you're not. If you decide to wipe your hard drive - which I think would be total overkill - you should do so yourself. Back up your data, then restart the computer and hold down command-R (starting when you hear the chime and letting go when the Apple logo appears). Use Disk Utility to erase the hard drive, then quit Disk Utility and reinstall the system.

I'd also ask the IT folks more questions about exactly what they saw that led them to draw this conclusion. You may not understand what they say, but take careful note of exactly what they say and relay it back to us here and we can tell you more about that.

Regarding the removal of your LaunchAgents and LaunchDaemons... as others have said, never delete something from your computer if you aren't sure what it is! If you actually had malware - which I'll stress is very unlikely - deleting these things could make a diagnosis more difficult. And most or all of them would have been legit, meaning that their removal will have an adverse effect on the software they are associated with.

MariLee22 wrote:

 

From what I understand, letting them wipe my disk and reformat is some kind of university policy and it is the only way they will grant me access to the campus wifi again after being blocked.

Sheesh. That's a pretty stupid policy. All the more reason not to let them get their hands on your Mac... they clearly know nothing at all about them. Unfortunately, this isn't surprising. There are a lot of college IT departments with rules set by administrators who probably have to be shown how to use a mouse!

Another reason why I believe there is something wrong with my computer is that it has been going to sleep spontaneously (while I am using it) and Safari quit unexpectedly once, too.

That's not the symptom of any kind of malware. The spontaneous sleep thing could be a hardware problem, or could be fixable by resetting the SMC:

Intel-based Macs: Resetting the System Management Controller (SMC)

Ironically, one possible fix for these problems is to reinstall the system... though for very different reasons than being infected. If you choose this route to solve the problem, I'd still recommend doing it yourself, rather than putting it in the hands of IT folks who don't know anything about the Mac. See:

How to reinstall Mac OS X from scratch

(Fair disclosure: I may receive compensation from links to my site and software, in the form of buttons allowing for donations. Donations are not required to use my site or software.)