Hi -- I have Trovi adware on my MacBook Pro OS X Version 10.9.5 (2.5 GHz Intel Core i 5 / 4 GB 1600 MHz DDR3). I've tried to locate it using the folders recommended by Apple, without any luck. It's affecting both Safari and Chrome. Anyone know how to get rid of this?
MacBook Pro (13-inch Mid 2012), OS X Mavericks (10.9.5)
Hi greff, download and run MalwareBytes. Malwarebytes was developed by one of our own colleagues here in ASC. It gets rave reviews and is about the most proven anti-malware software for Mac. Also, see this...
Hi greff, download and run MalwareBytes. Malwarebytes was developed by one of our own colleagues here in ASC. It gets rave reviews and is about the most proven anti-malware software for Mac. Also, see this...
I was recently looking for a movie online and I got into a website that supposedly stream it. Since I have my adblocker on, there was a message that says the video wont play without disabling it first. Being the dummy that I am, I disabled my adblocker for that site and the chaos started. Suddenly my screen went all white and the esc button wasn't functioning. I used my 3 fingers to swipe over the screen and luckily it worked. However, whenever I open my safari, the all white background returns again. I pressed the shift button when trying to open the safari (to avoid automatically reopening prior task), and somehow the "virus" seemed to be gone now. I tried looking for any malware using the procedures on the other discussions and removed those that ends with .helper.plst under the LaunchAgent file.
tl;dr
I dont know if there are still something left, so could anyone please check it for me? Here's the result of my etrecheck. Thank you so much!!!
EtreCheck version: 2.9.11 (264)
Report generated 2016-04-25 00:02:30
Download EtreCheck from https://etrecheck.com
Runtime 3:13
Performance: Good
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Problem: No problem - just checking
MacBook Pro (13-inch, Mid 2012)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro9,2
1 2.5 GHz Intel Core i5 CPU: 2-core
4 GB RAM Upgradeable - [Instructions]
BANK 0/DIMM0
2 GB DDR3 1600 MHz ok
BANK 1/DIMM0
2 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n
Battery: Health = Normal - Cycle count = 548
Intel HD Graphics 4000
Color LCD 1280 x 800
OS X Yosemite 10.10 (14A389) - Time since boot: less than an hour
APPLE HDD HTS547550A9E384 disk0 : (500.11 GB) (Rotational)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Media (disk0s4) /Volumes/Media : 160.00 GB (152.46 GB free)
Macintosh HD 2 (disk0s5) /Volumes/Macintosh HD 2 : 114.62 GB (114.40 GB free)
Macintosh HD 3 (disk0s6) /Volumes/Macintosh HD 3 : 114.22 GB (16.80 GB free)
Macintosh HD (disk1) / : 109.63 GB (34.57 GB free)
Core Storage: disk0s2 110.00 GB Online
MATSHITADVD-R UJ-8A8 disk2 : (196.8 MB) ()
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Computer, Inc. IR Receiver
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. thunderbolt_bus
Mac App Store
/System/Library/Extensions
[not loaded] com.devguru.driver.SamsungComposite (1.4.18 - SDK 10.6 - 2016-03-22) [Support]
/System/Library/Extensions/ssuddrv.kext/Contents/PlugIns
[not loaded] com.devguru.driver.SamsungACMControl (1.4.18 - SDK 10.6 - 2014-01-27) [Support]
[not loaded] com.devguru.driver.SamsungACMData (1.4.18 - SDK 10.6 - 2014-01-27) [Support]
[not loaded] com.devguru.driver.SamsungMTP (1.4.18 - SDK 10.5 - 2014-01-27) [Support]
[not loaded] com.devguru.driver.SamsungSerial (1.4.18 - SDK 10.6 - 2014-01-27) [Support]
[not loaded] 5 Apple tasks
[loaded] 142 Apple tasks
[running] 56 Apple tasks
[not loaded] 45 Apple tasks
[loaded] 137 Apple tasks
[running] 80 Apple tasks
[loaded] com.adobe.SwitchBoard.plist (2012-08-11) [Support]
[loaded] com.adobe.fpsaud.plist (2016-04-05) [Support]
[loaded] com.malwarebytes.MBAMHelperTool.plist (2016-04-11) [Support]
[loaded] com.oracle.java.Helper-Tool.plist (2014-09-20) [Support]
[failed] com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist
[failed] com.facebook.videochat.[redacted].plist (2014-08-13) [Support]
[loaded] com.google.keystone.agent.plist (2016-03-02) [Support]
[running] com.spotify.webhelper.plist (2016-04-24) [Support]
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Android File Transfer Agent Application (~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)
Spotify Application Hidden (/Applications/Spotify.app)
[running] com.google.Chrome.5996
[running] com.google.android.mtpagent.98864
[running] com.spotify.client.49448
[loaded] 357 Apple tasks
[running] 163 Apple tasks
FlashPlayer-10.6: 21.0.0.213 - SDK 10.6 (2016-04-08) [Support]
QuickTime Plugin: 7.7.3 (2014-11-06)
Flash Player: 21.0.0.213 - SDK 10.6 (2016-04-08) Outdated! Update
EPPEX Plugin: 4.1.0.0 (2011-07-26) [Support]
Default Browser: 600 - SDK 10.10 (2014-11-06)
SharePointBrowserPlugin: 14.3.4 - SDK 10.6 (2013-05-19) [Support]
Silverlight: 5.1.30317.0 - SDK 10.6 (2014-05-20) [Support]
JavaAppletPlugin: Java 8 Update 65 build 17 (2015-11-09) Check version
Flash Player (2016-04-05) [Support]
Java (2015-11-09) [Support]
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 109.63 GB Disk used: 75.06 GB
Destinations:
Macintosh HD 3 [Local]
Total size: 114.22 GB
Total number of backups: 60
Oldest backup: 7/1/15, 4:44 PM
Last backup: 4/24/16, 6:40 PM
Size of backup disk: Too small
Backup size 114.22 GB < (Disk used 75.06 GB X 3)
5% mdworker(9)
3% kernel_task
3% Google Chrome
2% Google Chrome Helper(6)
2% fontd
766 MB Google Chrome Helper(6)
447 MB kernel_task
209 MB Google Chrome
147 MB mdworker(9)
119 MB imagent
320 MB Free RAM
3.69 GB Used RAM (1.02 GB Cached)
0 B Swap Used
Apr 24, 2016, 11:19:51 PM Self test - passed
Apr 24, 2016, 07:05:27 PM /Library/Logs/DiagnosticReports/storedownloadd_2016-04-24-190527_[redacted].cpu _resource.diag [Details]
/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Resources/st oredownloadd
Apr 23, 2016, 11:14:57 PM ~/Library/Logs/DiagnosticReports/VTDecoderXPCService_2016-04-23-231457_[redacte d].crash
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDeco derXPCService.xpc/Contents/MacOS/VTDecoderXPCService
Allan Eckert wrote:
Please note that AdwareMedic (as listed on the Malware Tips blog) is now Malwarebytes Anti-Malware for Mac.
The software you mentioned works. In addition to that I had to do the following.
- Remove some weird looking programs in /Library directory (they have names like tasard)
- Stop the processes corresponding to these programs in Activity Monitor
Until you remove these programs manually, (and you will need to be root to do that). You can sudo t root, you will not be able to fix the problems. I had to go into the browser a couple of times and reset them, and delete all the caches as well as remove the search engine for Trovi.
Here is a snippet of what cr*p I see in the watch.log file in /Library that really alerted me about a bunch of daemons that were constantly running. I have changed the User to xxxxx for purpose of discreteness. Notice how it hits a website and tries to download and unzip a gz file. This is definitely a virus. On some sites they have said this is not a virus. This website should be shut down (trovi.com) and the people need to be arrested and put in jail. I spent an upwards of 6 hours fixing this problem.
debug(): Safari new version url error
debug(): Safari's homepage not found. Reinstall.
Name tasard User xxxxx Browsers Trovi__Chrome-Succeed __Firefox-Succeed __Safari-Failed-http://www.trovi.com/?n=PP55de9d4bd4464c22-0-OM-US&searchsource=55&UM=8&gd=SY100 0250 is not registered
Log-"http://t.trkitok.com/track/slog?mid=C27924BC-A736-5ECF-9D81-8F7542464F28&log=Dat a replaced_Name tasard User xxxxx Browsers Trovi__Chrome-Succeed __Firefox-Succeed __Safari-Failed-http://www.trovi.com/?n=PP55de9d4bd4464c22-0-OM-US&searchsource=55&UM=8&gd=SY100 0250 is not registered"
Watcher - Reinstalling...
Watcher - cd /Library/; tar xfz Trovi.tar.gz; rm -f Trovi.tar.gz;
Watcher - cd /Library/Trovi; ./setup.sh "http://www.trovi.com/?n=PP55de9d4bd4464c22-0-OM-US&searchsource=55&UM=8&gd=SY100 0250" "http://www.trovi.com/?n=PP55de9d4bd4464c22-0-OM-US&searchsource=69&UM=8&gd=SY100 0250" "http://www.trovi.com/Results.aspx?n=PP55de9d4bd4464c22-0-OM-US&searchsource=58&U M=8&gd=SY1000250" Trovi PP55de9d4bd4464c22-0-OM-US--C27924BC-A736-5ECF-9D81-8F7542464F28 noinit;
Checking for competitors... done.
Getting rid of Trovi adware
