Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

TuneUp Malware Help

I was trying to update an application and it installed something called "TuneUp" along with a bunch of Malware that is affecting all Internet browsers. I tried to delete the Contents folder in trash but it says "in use" Of course it's in use running the malware. I'm running ClamXAV but I don't know if it will find it. What can I do to remove all the malware?

MacBook Pro (13-inch Late 2011), Mac OS X (10.7.5)

Posted on Jul 2, 2015 5:37 PM

Reply
5 replies

Jul 2, 2015 6:04 PM in response to Allan Eckert

EtreCheck version: 2.2 (132)

Report generated 7/2/15 9:03 PM

Download EtreCheck from http://etresoft.com/etrecheck


Click the [Click for support] links for help with non-Apple products.

Click the [Click for details] links for more information about that line.


Hardware Information: ℹ️

MacBook Pro (13-inch, Late 2011) (Verified)

MacBook Pro - model: MacBookPro8,1

1 2.4 GHz Intel Core i5 CPU: 2-core

4 GB RAM

BANK 0/DIMM0

2 GB DDR3 1333 MHz ok

BANK 1/DIMM0

2 GB DDR3 1333 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 325 - SN = 9G1460BDVD3MA


Video Information: ℹ️

Intel HD Graphics 3000 - VRAM: 384 MB

Color LCD 1280 x 800


System Software: ℹ️

Mac OS X 10.7.5 (11G63) - Time since boot: 4:24:39


Disk Information: ℹ️

APPLE HDD HTS547550A9E384 disk0 : (500.11 GB)

disk0s1 (disk0s1) <not mounted> : 210 MB

Macintosh HD (disk0s2) / : 499.25 GB (350.44 GB free)

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB


MATSHITADVD-R UJ-8A8


USB Information: ℹ️

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM2070 Hub

Apple Inc. Bluetooth USB Host Controller

Apple Computer, Inc. IR Receiver


Thunderbolt Information: ℹ️

Apple, Inc. MacBook Pro


Kernel Extensions: ℹ️

/Applications/TunnelBear.app

[not loaded] net.tunnelblick.tap (1.0) [Click for support]

[not loaded] net.tunnelblick.tun (1.0) [Click for support]


Startup Items: ℹ️

FanControlDaemon: Path: /Library/StartupItems/FanControlDaemon

Startup items are obsolete in OS X Yosemite


Launch Agents: ℹ️

[running] com.broadsoft.joinerAgent.plist [Click for support]

[loaded] com.citrix.AuthManager_Mac.plist [Click for support]

[running] com.citrix.ReceiverHelper.plist [Click for support]

[running] com.citrix.ServiceRecords.plist [Click for support]

[loaded] com.google.keystone.agent.plist [Click for support]

[loaded] com.oracle.java.Java-Updater.plist [Click for support]


Launch Daemons: ℹ️

[loaded] com.adobe.fpsaud.plist [Click for support]

[running] com.backblaze.bzserv.plist [Click for support]

[running] com.broadsoft.joinerDaemon.plist [Click for support]

[loaded] com.google.keystone.daemon.plist [Click for support]

[loaded] com.microsoft.office.licensing.helper.plist [Click for support]

[loaded] com.oracle.java.Helper-Tool.plist [Click for support]

[loaded] com.oracle.java.JavaUpdateHelper.plist [Click for support]


User Launch Agents: ℹ️

[loaded] com.adobe.ARM.[...].plist [Click for support]

[failed] com.amazon.cloud-player.plist [Click for support] [Click for details]

[running] com.amazon.music.plist [Click for support]

[failed] com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist [Click for details]

[running] com.backblaze.bzbmenu.plist [Click for support]

[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist [Click for support]

[not loaded] com.jdibackup.JustCloud.autostart.plist [Click for support]

[failed] com.jdibackup.JustCloud.notify.plist [Click for support] [Click for details]

[running] com.pando.PMB.plist [Click for support]

[running] com.plexapp.helper.plist [Click for support]

[running] com.spigot.ApplicationManager.plist [Click for support]

[running] com.spotify.webhelper.plist [Click for support]

[loaded] com.valvesoftware.steamclean.plist [Click for support]


User Login Items: ℹ️

Flux Application (/Applications/Flux.app)

iTunesHelper Application Hidden (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

AdobeResourceSynchronizer Application Hidden (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)

Google Drive UNKNOWN (missing value)

iCal Application (/Applications/iCal.app)

Octoshape Application (/Users/[redacted]/Library/Octoshape/Octoshape.app)

Popup Application Hidden (/Library/Application Support/Pharos/Popup.app)


Internet Plug-ins: ℹ️

o1dbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]

Unity Web Player: Version: UnityPlayer version 4.2.0f4 - SDK 10.6 [Click for support]

Flip4Mac WMV Plugin: Version: 3.2.0.16 - SDK 10.8 [Click for support]

AdobePDFViewerNPAPI: Version: 11.0.04 - SDK 10.6 [Click for support]

FlashPlayer-10.6: Version: 18.0.0.194 - SDK 10.6 [Click for support]

Silverlight: Version: 5.1.30514.0 - SDK 10.6 [Click for support]

WidevineMediaOptimizer: Version: 6.0.0.12757 - SDK 10.7 [Click for support]

Flash Player: Version: 18.0.0.194 - SDK 10.6 [Click for support]

iPhotoPhotocast: Version: 7.0 - SDK 10.8

CitrixICAClientPlugIn: Version: 11.9.15 - SDK 10.9 [Click for support]

googletalkbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]

AdobePDFViewer: Version: 11.0.04 - SDK 10.6 [Click for support]

PandoWebPlugin: Version: PandoWebPlugin 2.3.3.8 [Click for support]

QuickTime Plugin: Version: 7.7.1

SharePointBrowserPlugin: Version: 14.0.0 [Click for support]

JavaAppletPlugin: Version: Java 8 Update 45 Check version


User internet Plug-ins: ℹ️

CitrixOnlineWebDeploymentPlugin: Version: 1.0.104 [Click for support]

OctoshapeWeb: Version: 1.0 - SDK 10.8 [Click for support]

WebEx64: Version: 1.0 - SDK 10.6 [Click for support]


3rd Party Preference Panes: ℹ️

Backblaze Backup [Click for support]

Fan Control [Click for support]

Flash Player [Click for support]

Flip4Mac WMV [Click for support]

Java [Click for support]

Media Booster [Click for support]


Time Machine: ℹ️

Time Machine not configured!


Top Processes by CPU: ℹ️

37% clamscan

25% ClamXav

2% WindowServer

0% firefox

0% fontd


Top Processes by Memory: ℹ️

528 MB firefox

246 MB clamscan

135 MB Google Chrome Helper

123 MB ClamXav

106 MB Finder


Virtual Memory Information: ℹ️

379 MB Free RAM

3.63 GB Used RAM

22 MB Swap Used


Diagnostics Information: ℹ️

Jul 2, 2015, 08:15:08 PM /Users/[redacted]/Library/Logs/DiagnosticReports/ApplicationManager_2015-07-02- 201508_[redacted].crash

Jul 2, 2015, 08:15:07 PM /Users/[redacted]/Library/Logs/DiagnosticReports/ApplicationManager_2015-07-02- 201507_[redacted].crash

Jul 2, 2015, 04:36:30 PM Self test - passed

Jul 3, 2015 2:11 AM in response to Aruuugha

Aruuugha wrote:


User Launch Agents: ℹ️

[running] com.spigot.ApplicationManager.plist [Click for support]

Diagnostics Information: ℹ️

Jul 2, 2015, 08:15:08 PM /Users/[redacted]/Library/Logs/DiagnosticReports/ApplicationManager_2015-07-02- 201508_[redacted].crash

Jul 2, 2015, 08:15:07 PM /Users/[redacted]/Library/Logs/DiagnosticReports/ApplicationManager_2015-07-02- 201507_[redacted].crash

You have accidentally installed Spigot Adware. For fastest, most efficient identification and optional removal of all currently know adware you should use AdwareMedic, developed by one of this forums formats Malware guru's and a colleague of mine. He also provides manual instructions for it's removal on TheSafeMac's Adware Removal Guide : Spigot.

TuneUp Malware Help

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.