Q: OSX.Malcol

It's very unclear what that was. Even Symantec doesn't seem to understand what OSX.Malcol is, and they're the ones who created that name! (According to Symantec's site, this is a "generic detection for many individual but varied OS X Trojans for which specific definitions have not been created.")

First and foremost, Norton is awful on the Mac. It is well-known for causing sometimes severe performance and stability problems, and its detection of Mac malware is only so-so. You should uninstall Norton. Do not simply drag the Norton app to the trash. The Norton installer will also help you uninstall it properly. You may need to re-download that installer if you no longer have it.

Second, any true malware that Norton would detect is already blocked by the anti-malware features in Mac OS X. So it's very unlikely that this file, whatever it was, was real malware.

What I would guess this was is a detection of some part of some adware. Adware is not quite malware, but not really legit either, and coverage of adware by anti-virus software is extremely spotty. If you still have information about what the file was named and where it was located, that would be helpful for identifying what it was.

If it was part of some adware, you can bet that most of the adware is still installed. See my Adware Removal Guide for help finding and removing any remaining components.

In addition, once you have removed Norton and any adware that is installed, it wouldn't be a bad idea to download ClamXav and scan for any malware that it can detect. It detects far more than Norton, and won't cause any performance or stability problems. Also, for the future, note that if anti-virus software like Norton or ClamXav finds "malware" on your computer, do not allow that software to delete it! Instead, follow the procedures outlined here:

How to remove infected files

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.)

Yes: Uninstall Norton Internet Security for Mac

Removing Symantec programs for Macintosh by using the RemoveSymantecMacFiles removal utility

RemoveSymantecMacFiles

Any comments?

Other than properly removing Norton thereby allowing your Mac to operate as it should, no.

Do not attempt to remove anything from a Time Machine backup, nor should you allow Norton to do anything with it. Doing so may result in the entire backup becoming corrupted.

If the Genieo product was installed at one time, you may have inadvertently caused that to happen. To learn how to avoid doing that again read How to install adware.

Juanjo99 wrote:

 

/Volumes/backups/Backups.backupdb/John’s iMac/2015-01-06-091715/Macintosh HD/Users/john****/Library/Application Support/com.genieoinnovation.Installer/Completer.app/Contents/MacOS/InstallerS

This is a component of the Genieo adware. Unfortunately, there are two issues with what Norton has done.

First, it has removed a file from your Time Machine backups. This is very, very bad, and could result in corruption of your backups. Files should never be removed from Time Machine backups except through the Time Machine interface, and anti-virus software should never be allowed to scan a Time Machine backup volume. At this point, you should repair your Time Machine backup drive:

http://pondini.org/TM/A5.html

It is possible that, despite doing this, problems may crop up in your backups at some later date. Be sure that you have a secondary backup on another drive in case this happens. (This is good practice anyway.)

Second, Norton has only removed a tiny fraction of the Genieo files, and only from the backup. Genieo was installed on your computer as of the 6th (Tuesday). Unless you have removed Genieo from your Mac since then, Genieo is still installed, and Norton didn't detect or remove any of it. See my Adware Removal Guide for help getting rid of Genieo.

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.)

There is no need to download anything to solve this problem.

If Safari crashes on launch and you don't have another web browser, you should be able to launch Safari by starting up in safe mode.

You may have installed the "Genieo" or "InstallMac" ad-injection malware. Follow the instructions on this Apple Support page to remove it.

Back up all data before making any changes.

Besides the files listed in the linked support article, you may also need to remove this file in the same way:

~/Library/LaunchAgents/com.genieo.completer.ltvbit.plist

If there are other items with a name that includes "Genieo" or "genieo" alongside any of those you find, remove them as well.

One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

After removing the malware, remember to reset your home page in all the web browsers affected, if it was changed.

If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.

Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.

In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.

Still in System Preferences, open the App Store or Software Update pane and check the box marked

          Install system data files and security updates (OS X 10.10 or later)

or

          Download updates automatically (OS X 10.9 or earlier)

if it's not already checked.