User profile for user: Merkaba22
Merkaba22 Author
User level: Level 2
201 points

MacBook Air actingly like malware is installed

I am a prior member of the Apple Solutions Experts and on-ste specialist for many years and am puzzled.

This MacBook Air using 10.11.1, etc. has some issues -- there has been malware and I followed the tips I could find to remove, have wiped the drive and re-installed the OS and used TimeMachine to repopulate data -- the issue repeats with a few hours ...

Curosr and return keys become inoperative -- booting in safe mode does not fix -- in booting in Recovery Mode the list of four options is only highlightable by using the arrow keys to navigate -- in several instance the the cursor and return keys were inoperative to proceed, restarting repeatedly provided an operative screen ...


I ran the hardware diagnostics and it has a clean bill of health -- I am looking for options

MacBook Air, OS X El Capitan (10.11.1), 4 gigs RAM

Posted on Nov 28, 2015 9:50 AM

Reply
21 replies
User profile for user: Merkaba22
Merkaba22 Author
User level: Level 2
201 points

Dec 2, 2015 9:30 AM in response to Merkaba22

I ran EtreCheck since MAc Mail was acting oddly -- not displaying correctly, "forward" "reply" buttons are inoperable half the time,etc. and something is eating up all my ram:


EtreCheck version: 2.6.6 (226)

Report generated 12/2/15, 9:28 AM

Runtime 2:01

Download EtreCheck from http://etrecheck.com


Click the [Click for support] links for help with non-Apple products.

Click the [Click for details] links for more information about that line.


Hardware Information: (What does this mean?)

MacBook Air (13-inch, Mid 2013)

[Click for Technical Specifications]

[Click for User Guide]

MacBook Air - model: MacBookAir6,2

1 1.3 GHz Intel Core i5 CPU: 2-core

4 GB RAM Not upgradeable

BANK 0/DIMM0

2 GB DDR3 1600 MHz ok

BANK 1/DIMM0

2 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 223 - SN = D863414128CF90JAY


Video Information: (What does this mean?)

Intel HD Graphics 5000

Color LCD 1440 x 900


System Software: (What does this mean?)

OS X El Capitan 10.11.1 (15B42) - Time since boot: about 2 days


Disk Information: (What does this mean?)

APPLE SSD SD0256F disk0 : (251 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Audio (disk0s4) /Volumes/Audio : 100.11 GB (99.89 GB free)

MacBook Air (disk1) / : 149.53 GB (41.78 GB free)

Core Storage: disk0s2 149.90 GB Online


USB Information: (What does this mean?)

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller


Thunderbolt Information: (What does this mean?)

Apple Inc. thunderbolt_bus


Gatekeeper: (What does this mean?)

Mac App Store and identified developers


Kernel Extensions: (What does this mean?)

/Applications/Boom 2.app

[not loaded] com.globaldelight.driver.Boom2Device (1.1 - SDK 10.10) [Click for support]


/Applications/Rowmote Helper.app

[not loaded] com.regularrateandrhythm.driver.RowmoteIREmu (1.0 - SDK 10.8) [Click for support]


/System/Library/Extensions

[not loaded] com.FTDI.driver.FTDIUSBSerialDriver (2.2.18 - SDK 10.6) [Click for support]

[not loaded] com.m-audio.usb.midisupport.driver (1.1) [Click for support]


System Launch Agents: (What does this mean?)

[killed] com.apple.AssetCacheLocatorService.plist

[killed] com.apple.CallHistoryPluginHelper.plist

[killed] com.apple.CallHistorySyncHelper.plist

[killed] com.apple.EscrowSecurityAlert.plist

[killed] com.apple.FolderActionsDispatcher.plist

[killed] com.apple.SafariCloudHistoryPushAgent.plist

[killed] com.apple.SafariNotificationAgent.plist

[killed] com.apple.cdpd.plist

[killed] com.apple.cloudphotosd.plist

[killed] com.apple.cmfsyncagent.plist

[killed] com.apple.followupd.plist

[killed] com.apple.gamed.plist

[killed] com.apple.icloud.fmfd.plist

[killed] com.apple.photolibraryd.plist

[killed] com.apple.printtool.agent.plist

[killed] com.apple.scopedbookmarkagent.xpc.plist

[killed] com.apple.spindump_agent.plist

[killed] com.apple.telephonyutilities.callservicesd.plist

18 processes killed due to insufficient RAM


System Launch Daemons: (What does this mean?)

[killed] com.apple.AssetCacheLocatorService.plist

[killed] com.apple.GSSCred.plist

[killed] com.apple.awdd.plist

[killed] com.apple.icloud.findmydeviced.plist

[killed] com.apple.ifdreader.plist

[killed] com.apple.periodic-daily.plist

[killed] com.apple.periodic-weekly.plist

[killed] com.apple.tccd.system.plist

[killed] com.apple.wdhelper.plist

[killed] com.apple.xpc.smd.plist

10 processes killed due to insufficient RAM


Launch Agents: (What does this mean?)

[loaded] com.adobe.AAM.Updater-1.0.plist [Click for support]

[failed] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a...plist [Click for support]

[loaded] com.oracle.java.Java-Updater.plist [Click for support]


Launch Daemons: (What does this mean?)

[loaded] com.adobe.fpsaud.plist [Click for support]

[loaded] com.malwarebytes.MBAMHelperTool.plist [Click for support]

[loaded] com.oracle.java.Helper-Tool.plist [Click for support]


User Launch Agents: (What does this mean?)

[loaded] com.adobe.ARM.[...].plist [Click for support]

[failed] com.google.keystone.agent.plist [Click for support]

[failed] com.spotify.webhelper.plist [Click for support]


User Login Items: (What does this mean?)

iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

iTunesHelper UNKNOWN Hidden (missing value)

Mail Application (/Applications/Mail.app)

Safari Application (/Applications/Safari.app)

AdobeResourceSynchronizer Application Hidden (/Applications/Adobe Acrobat Reader DC.app/Contents/Helpers/AdobeResourceSynchronizer.app)


Other Apps: (What does this mean?)

[running] com.SolidWorks.EDrawings.60832

[running] com.apple.xpc.launchd.oneshot.0x10000011.EtreCheck


Internet Plug-ins: (What does this mean?)

AdobeAAMDetect: Version: AdobeAAMDetect 1.0.0.0 - SDK 10.6 [Click for support]

FlashPlayer-10.6: Version: 19.0.0.245 - SDK 10.6 [Click for support]

QuickTime Plugin: Version: 7.7.3

AdobePDFViewerNPAPI: Version: 15.009.20069 - SDK 10.8 [Click for support]

AdobePDFViewer: Version: 15.009.20069 - SDK 10.8 [Click for support]

Flash Player: Version: 19.0.0.245 - SDK 10.6 [Click for support]

Default Browser: Version: 601 - SDK 10.11

Flip4Mac WMV Plugin: Version: 3.2.0.16 - SDK 10.8 [Click for support]

Silverlight: Version: 5.1.40728.0 - SDK 10.6 [Click for support]

JavaAppletPlugin: Version: Java 8 Update 66 build 17 Check version


User internet Plug-ins: (What does this mean?)

CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 [Click for support]

Move_Media_Player: Version: npmnqmp 071505000006 [Click for support]

Google Earth Web Plug-in: Version: 7.1 [Click for support]


Safari Extensions: (What does this mean?)

AdBlock

Ghostery


3rd Party Preference Panes: (What does this mean?)

Flash Player [Click for support]

Flip4Mac WMV [Click for support]

Java [Click for support]

Perian [Click for support]


Time Machine: (What does this mean?)

Skip System Files: NO

Mobile backups: ON

Auto backup: YES

Volumes being backed up:

MacBook Air: Disk size: 149.53 GB Disk used: 107.75 GB

Destinations:

Studio 500 [Local]

Total size: 500.10 GB

Total number of backups: 45

Oldest backup: 2/14/14, 2:24 PM

Last backup: 11/21/15, 12:16 PM

Size of backup disk: Excellent

Backup size 500.10 GB > (Disk size 149.53 GB X 3)


MPB 500 [Local]

Total size: 499.62 GB

Total number of backups: 13

Oldest backup: 11/8/15, 2:51 PM

Last backup: 11/29/15, 1:26 PM

Size of backup disk: Excellent

Backup size 499.62 GB > (Disk size 149.53 GB X 3)


Top Processes by CPU: (What does this mean?)

37% com.apple.WebKit.WebContent(11)

19% Safari

18% WindowServer

6% kernel_task

4% hidd


Top Processes by Memory: (What does this mean?)

672 MB com.apple.WebKit.WebContent(11)

594 MB kernel_task

225 MB Safari

61 MB Mail

49 MB mdworker(4)


Virtual Memory Information: (What does this mean?)

20 MB Free RAM

3.98 GB Used RAM (332 MB Cached)

1.20 GB Swap Used


Diagnostics Information: (What does this mean?)

Dec 2, 2015, 03:20:56 AM ~/Library/Logs/DiagnosticReports/mapspushd_2015-12-02-032056_[redacted].crash

Nov 29, 2015, 07:55:01 PM Self test - passed

Nov 29, 2015, 03:23:50 PM /Library/Logs/DiagnosticReports/com.apple.WebKit.Networking_2015-11-29-152350_[ redacted].cpu_resource.diag [Click for details]

Nov 29, 2015, 12:19:15 PM /Library/Logs/DiagnosticReports/backupd_2015-11-29-121915_[redacted].cpu_resour ce.diag [Click for details]

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,233 points

Dec 2, 2015 11:14 PM in response to Merkaba22

Not sure what happened to everybody else that asked you for EtreCheck and then left. I'm just the malware guy, so can't offer you much more here.

Merkaba22 wrote:


I ran EtreCheck since MAc Mail was acting oddly -- not displaying correctly, "forward" "reply" buttons are inoperable half the time,etc. and something is eating up all my ram

Most users have found 4GB RAM to be insufficient to run OS X 10.10 and above, but unfortunately that's all you have. But your MBA cannot be upgraded, so you will have to get used to dealing with it.


Since the introduction of Mavericks memory management system, it's normal to have RAM full most of the time in order to cut down on having to read from disk all the time, but as it says, all those killed processes are due to RAM being so full that it cannot run all the applications you have open right now. If I had to guess I'd say you have too many Safari windows/tabs open. I would not have Mail and Safari open at login (I don't even do that with 20 GB RAM). Always quit any app that your are finished using, don't just close all the windows.

Reply
User profile for user: etresoft
etresoft
User level: Level 9
56,674 points

Dec 3, 2015 9:46 AM in response to Merkaba22

Hello Merkaba22,

If your keyboard isn't working in Recovery mode, then that is a hardware failure. Diagnostic tests never produce a "clean bill of health". They can only identify the problem or not. You will have to contact Apple Support (https://www.apple.com/support/contact/) directly or an Apple Authorized Service Provider (https://locate.apple.com/).


You only had one old software package that was not functional on your system and you've removed that. Those "insufficient RAM" messages in EtreCheck do mean that you don't have adequate RAM. But as MadMacs0 says, you can't do anything about that. Since you have an SSD, it shouldn't matter too much. You are essentially using your SSD as RAM, but that is the idea. You could remove some of those items from your Login Items and only run a minimum number of apps simultaneously.

Reply
User profile for user: Merkaba22
Merkaba22 Author
User level: Level 2
201 points

Dec 3, 2015 9:50 AM in response to etresoft

Hey thanks -- for staying up with this ....but now, he keyboard is working since the offending items were removed.


Since I last posted, it seems like a RAM issue but as we agree, there is no solution and no solution should be meeded -- and it mainly affects Mail, as far as I can see: windows blank, forward and reply button inoperable ... after a re-install, etc.


I saw something abuut Mail and memory leaks and I wonder if this is the culprit now?

Reply
User profile for user: etresoft
etresoft
User level: Level 9
56,674 points

Dec 3, 2015 10:19 AM in response to Merkaba22

Hello again Merkaba22,

What exactly did MalwareBytes remove? EtreCheck only lists background software that is running. MalwareBytes may remove files that have only been downloaded or have already been disabled. I don't see anything that would affect the keyboard. If you are seeing problems while running in Recovery mode, then that is a hardware problem.


This site is stuffed to the gills with misinformation. It is always best to focus on your specific problem. There are some downsides to only having 4 GB of RAM, but your SSD should compensate for those. Blank windows or inoperable buttons are something else. You might try rebuilding your mailboxes from within Mail. Go to Mailbox > Rebuild for each mailbox.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

MacBook Air actingly like malware is installed

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up