Unknown file in Login Items and PUP's on Malwarebytes scan

1. Select that unnamed icon in Login Items and click the [–] (minus) button. It will no longer appear.
2. If a keylogger is installed, you must remove it according to its instructions, which specifically advise against using "anti-virus" programs to uninstall it. Uninstall "Malwarebytes" and do not reinstall it, or anything like it, ever again.

The following is the relevant excerpt from "Elite Keylogger"

The only correct way to uninstall Elite Keylogger for Mac is from inside the application. Please do not try to use an anti-virus program to remove it, or simply drag the app to the trash. Those steps are unlikely to remove it completely. Please take the following steps to ensure successful removal:

1. If you have an anti-virus / anti-spyware program installed, disable it first.

2. If Elite Keylogger is hidden, type your unhide keyword. If it is not hidden, launch the app if it is not running already.

3. Click on the Keylogger icon on the top toolbar and type in your app password.

4. Click on the Settings (gear) icon on the top of the window, and then click the “Uninstall Keylogger” link at the bottom.

5. When asked if you’re sure, click “Yes, remove it completely!” and then type in your administrator password when requested.

6. You will get a message that says “Keylogger removed successfully!” to confirm deletion.

If for some reason you do not have the unhide keyword or app password, please contact our Support team at support@widestep.com. We have a special utility that we can send you that will help you to uninstall Elite Keylogger for Mac.

If you have no knowledge of having installed a keylogger, and you are the owner and administrator of that Mac, you may be a victim of a crime for which you should seek appropriate counsel.

... I started seeing pop ups that had Cloud Scout on them and other pop ups that would freeze my browser.

I am not familiar with anything by that name but if you encounter a popup that cannot be dismissed please read Phony "tech support" / "ransomware" popups and web pages for the solution.

.

Simple put, Apple provides all the malware detection and removal you need in Mac OS X. Third party malware detectors on Mac OS X have a reputation of causing problems. You are wasting you money on getting anything else.

Discusses Mac OS X operating system wide malware detection and removal

See Linc Davis, thomas_r., and etresoft comprehensive write ups on

https://discussions.apple.com/thread/5728993

The reason is that I don't advocate using any third party product that modifies Apple's operating system, including "malwarebytes", "Sophos AV", or any similar product that delegates a user's fundamental responsibility for computer security to software. To do so is an irresponsible and ineffective defense against threats that exist today or that are certain to arise in the future.

As you determined, although it implicated a keylogger's presence, it did absolutely nothing to remove it. Removing files in the manner it did often results in unpredictable effects, so having done that I agree your decision to erase that Mac and reconfigure it is the most prudent course of action.

Those are general reasons I do not permit such programs to be used or installed on any Macs I own or control. The following are some more specific reasons regarding "malwarebytes":

• It encourages reliance on a magical cure-all to defend and protect the user:

  • such magical cure-alls are aggressively marketed and are often the sole cause of user-inflicted damage and misery

  • they encourage irresponsible behavior when no such product can adequately protect a Mac from all extant threats, or threats yet to be discovered

• It modifies a Mac's file system at a privileged level:

  • That is required to eliminate adware, but knowing explicitly what you're doing to your Mac before doing it is always preferable to delegating that basic responsibility to third party software

  • Apple's support documentation accomplishes exactly that

• It installs a component that modifies OS X for reasons known only to it (see 1 and 2)

  • That is not required to eliminate adware

  • random crashes, instability, and poor performance is almost always the result of installing third party system modifications

• It harvests and uploads information from your Mac to a centralized server, information you may consider personal and which may never be erased

• It directly contradicts sound advice regarding installing things that modify OS X:

  No Mac software overtly advertises damaging effects, but practically every product claiming beneficial effects by modifying OS X is only capable of destruction

• It assumes the user is too feebleminded to comply with simple instructions or follow commonsense principles

• Using such products accomplishes nothing to educate the user about the evolving threat of adware:

  Education regarding adware – its appearance and effects – is the only reliable defense against installing malicious system modifications.

The reason is that I don't advocate using any third party product that modifies Apple's operating system, including "malwarebytes",

You should do some basic research before posting an incorrect answer like this. MBAM for Mac DOES NOT make any system modifications, installs no kexts, nothing of the kind. At present, although it does scan for known, current OSX trojans, it is used primarly in order to scan for adware, and it does that completely safely and effectively. There have been over 3 million downloads, and zero confirmed reports of it doing any harm whatsoever.

Those are general reasons I do not permit such programs to be used or installed on any Macs I own or control. The following are some more specific reasons regarding "malwarebytes":

• It encourages reliance on a magical cure-all to defend and protect the user:
• such magical cure-alls are aggressively marketed and are often the sole cause of user-inflicted damage and misery
• they encourage irresponsible behavior when no such product can adequately protect a Mac from all extant threats, or threats yet to be discovered
• It modifies a Mac's file system at a privileged level:
• That is required to eliminate adware, but knowing explicitly what you're doing to your Mac before doing it is always preferable to delegating that basic responsibility to third party software
• Apple's support documentation accomplishes exactly that
• It installs a component that modifies OS X for reasons known only to it (see 1 and 2)
• That is not required to eliminate adware
• random crashes, instability, and poor performance is almost always the result of installing third party system modifications
• It harvests and uploads information from your Mac to a centralized server, information you may consider personal and which may never be erased
• It directly contradicts sound advice regarding installing things that modify OS X:

No Mac software overtly advertises damaging effects, but practically every product claiming beneficial effects by modifying OS X is only capable of destruction

• It assumes the user is too feebleminded to comply with simple instructions or follow commonsense principles
• Using such products accomplishes nothing to educate the user about the evolving threat of adware:

Education regarding adware – its appearance and effects – is the only reliable defense against installing malicious system modifications.

All this is perfect nonsense. You obviously haven't run the program itself, or you are getting all this second-hand from a very unreliable source.

Hello Sasha0015,

There is an awful lot of misinformation circulating regarding Macs and security these days. Apple used to have a reputation for good security due to the lack of any significant Mac malware. PC people always claimed that was because Apple was a "niche market" and the malware authors just didn't want to bother. It turns out that the PC users were absolutely correct on this one. Macs have had a couple of true malware incidents lately. Much more common, however, have been serious Apple software bugs or security failures. Apple neglected to verify web browser security certificates for years. Apple's app stores are currently suffering a significant security issue where apps you download for your iPhone or iPad come pre-installed with malware.

Here in Apple Support Communities, the most common thing people report is adware. What makes the issue worse is people relying on old habits and assumptions that are simply not valid. Then, they take it to the next level and tell people who are affected by adware that:

1) it is their own fault that they became infected,

2) Apple has effective malware protection and effective adware removal services, and

3) the most effective 3rd adware removal solutions are actually malicious.

None of that is true. Personally, I think bad advice like that is more malicious than the adware itself.

I used to have high confidence in Apple's security protections and in the advice provided here in the support forums, but not any more. I recently added a big disclaimer to my EtreCheck software requiring that users agree that I am not responsible for any bad advice they follow here on Apple Support Communities or other internet forums. EtreCheck also has some basic adware detection capabilities. But I rely on Apple's support documentation and that documentation is out-of-date and just plain bad. Consequently, EtreCheck can no longer detect recent adware. It will still list the adware as Launch Agents/Daemons, but it may not be identified as "adware". So I now automatically suggest people download and run MalwareBytes for Mac (https://www.malwarebytes.org/mac-download/) just to be safe, even if EtreCheck doesn't say anything about adware.

You will find many people here on Apple Support Communities trashing various anti-virus and anti-malware products. In many cases, they are correct. There is a lot of software ported from Windows that will bring your Mac to its knees while it scans your hard drive and your backups with every known Windows malware known - all of which is harmless to your Mac. These 3rd party anti-virus and anti-malware products are starting to improve. I have heard more encouraging reports about them lately. Some people have suggested that Sophos is more reliable and other people have reported that BitDefender prevented installation of some adware. Hopefully that trend will continue. But for now, the only anti-adware/anti-malware product I would recommend is MalwareBytes for Mac. It does not prevent installation of adware, but it makes removal quick and easy. Curiously, the most extreme incidents of trashing of 3rd anti-virus and anti-malware products is directed almost exclusively at MalwareBytes for Mac.

You specifically asked about Login Items in MalwareBytes. You should definitely use MalwareBytes to remove these items. What some people don't understand is that the list of "Login Items" in System Preferences is not a complete list. Any application can install its own login items using another method and they will not be listed in System Preferences. That is why you do not see those key loggers that MalwareBytes is reporting. It is because Apple doesn't show them to you. I recently added support in EtreCheck to report these new kinds of login items as well as other kinds of hidden tasks that are running the background. But unfortunately, I just don't have the resources to keep track of all the Mac adware and malware. It is reaching epidemic proportions. Sadly, and for reasons I do not understand, some people are doing everything in their power to make it worse.

Sasha,

You have an odd item in your login items list that appears to have no name. I believe that this may be causing a false positive in Malwarebytes Anti-Malware for Mac. Can you choose Contact Support from the Help menu within Malwarebytes Anti-Malware, and mention in your description of the problem that I said it may be a false positive?

Fortunately, a false positive in the login items alone isn't a danger... removing it will not result in any files being removed from your hard drive.

Thomas R

Director of Mac Offerings, Malwarebytes

I believe that you misunderstood. There was no keylogger. That detection in Malwarebytes Anti-Malware for Mac was a "false positive," meaning that it was detecting something that wasn't really there. It is not a harmful false positive, in that it cannot result in removal of any files erroneously, but it is an annoyance.

Fortunately, we have found the cause and will be fixing that. And erasing your hard drive wasn't entirely wasted, since it sounds like you were having some other issues as well, and that those problems are gone now.

Thomas Reed

Director of Mac Offerings, Malwarebytes