I visited a site that popped up and automatically downloaded a fake flash player and I accidentally clicked on it. It came up with an installer but I did not install, i deleted the file and moved to trash, turned off all extenions on my browsers and am updating to El Capitan, am I still at risk of a virus? It seems to be running very slowly since. If so how can I resolve this?
iMac (21.5-inch Mid 2010)
Mac are not vulnerable for Windows viruses. Fake applications or apps downloaded from untrusted resources or unknown developers may install adware on your Mac. If your Mac runs slow run this test and post its results here.
Thanks for the prompt reply, here is the generated report. Thanks in advance for your help!
EtreCheck version: 2.9.11 (264)
Report generated 2016-04-29 12:52:59
Download EtreCheck from https://etrecheck.com
Runtime 3:30
Performance: Good
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Problem: Computer is too slow
Description:
Generally running slow
Hardware Information: ⓘ
iMac (21.5-inch, Mid 2010)
[Technical Specifications] - [User Guide] - [Warranty & Service]
iMac - model: iMac11,2
1 3.06 GHz Intel Core i3 CPU: 2-core
4 GB RAM Upgradeable - [Instructions]
BANK 0/DIMM0
Empty
BANK 1/DIMM0
Empty
BANK 0/DIMM1
2 GB DDR3 1333 MHz ok
BANK 1/DIMM1
2 GB DDR3 1333 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported
Wireless: en1: 802.11 a/b/g/n
Video Information: ⓘ
ATI Radeon HD 4670 - VRAM: 256 MB
iMac 1920 x 1080
System Software: ⓘ
OS X Yosemite 10.10.5 (14F1713) - Time since boot: about one hour
Disk Information: ⓘ
WDC WD5000AAKS-40V6A0 disk0 : (500.11 GB) (Rotational)
EFI (disk0s1) <not mounted> : 210 MB
Macintosh HD (disk0s2) / : 499.25 GB (395.46 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
OPTIARC DVD RW AD-5680H ()
USB Information: ⓘ
Logitech USB Keyboard
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Internal Memory Card Reader
Apple Inc. Built-in iSight
Apple Computer, Inc. IR Receiver
Gatekeeper: ⓘ
Mac App Store and identified developers
Kernel Extensions: ⓘ
/System/Library/Extensions
[not loaded] com.kodak.printer.XXXX.kext (4.2.3 - 2016-04-29) [Support]
[loaded] com.rogueamoeba.HermesAudio (3.0.1 - 2016-04-29) [Support]
System Launch Agents: ⓘ
[not loaded] 4 Apple tasks
[loaded] 143 Apple tasks
[running] 65 Apple tasks
System Launch Daemons: ⓘ
[not loaded] 48 Apple tasks
[loaded] 138 Apple tasks
[running] 77 Apple tasks
Launch Agents: ⓘ
[not loaded] KodakAiOBonjourAgent (2009-07-24) [Support]
[failed] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a...plist (2015-10-14) [Support]
[running] com.kodak.BonjourAgent.plist (2009-07-24) [Support]
[loaded] com.oracle.java.Java-Updater.plist (2015-05-24) [Support]
Launch Daemons: ⓘ
[loaded] com.adobe.ARMDC.Communicator.plist (2015-10-14) [Support]
[loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (2015-10-14) [Support]
[loaded] com.microsoft.autoupdate.helpertool.plist (2016-01-04) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2015-04-23) [Support]
[loaded] com.microsoft.office.licensingV2.helper.plist (2015-12-06) [Support]
[running] com.nalpeiron.netpro.plist (2014-12-04) [Support]
[loaded] com.oracle.java.Helper-Tool.plist (2015-05-24) [Support]
[loaded] com.rogueamoeba.hermes.plist (2011-02-08) [Support]
User Launch Agents: ⓘ
[loaded] com.google.keystone.agent.plist (2016-03-02) [Support]
User Login Items: ⓘ
CrossOver CD Helper Application (~/.Trash/CrossOver.app/Contents/Resources/CrossOver CD Helper.app)
Other Apps: ⓘ
[running] com.codeweavers.CrossOverCDHelper.86652
[loaded] com.google.Chrome.90912
[running] com.hp.devicemonitor
[loaded] 388 Apple tasks
[running] 164 Apple tasks
Internet Plug-ins: ⓘ
OVSHelper: 1.1 (2011-07-08) [Support]
Default Browser: 600 - SDK 10.10 (2015-09-22)
AdobePDFViewerNPAPI: 15.010.20060 - SDK 10.8 (2016-03-10) [Support]
FlashPlayer-10.6: 21.0.0.226 - SDK 10.6 (2016-04-22) [Support]
DivXBrowserPlugin: 2.1 (2011-07-08) [Support]
Silverlight: 5.1.10411.0 - SDK 10.6 (2012-12-11) [Support]
QuickTime Plugin: 7.7.3 (2016-04-29)
Flash Player: 21.0.0.226 - SDK 10.6 (2016-04-22) [Support]
iPhotoPhotocast: 7.0 (2010-05-06)
SharePointBrowserPlugin: 14.5.0 - SDK 10.6 (2015-05-18) [Support]
AdobePDFViewer: 15.010.20060 - SDK 10.8 (2016-03-10) [Support]
JavaAppletPlugin: Java 8 Update 73 build 02 (2016-02-16) Check version
3rd Party Preference Panes: ⓘ
DivX (2011-07-08) [Support]
Flash Player (2016-04-16) [Support]
Java (2016-02-16) [Support]
Perian (2011-07-23) [Support]
Time Machine: ⓘ
Time Machine not configured!
Top Processes by CPU: ⓘ
60% mds
38% mdworker(7)
4% WindowServer
2% kernel_task
2% fontd
Top Processes by Memory: ⓘ
444 MB kernel_task
360 MB softwareupdated
360 MB Safari
225 MB Finder
209 MB com.apple.WebKit.WebContent(2)
Virtual Memory Information: ⓘ
210 MB Free RAM
3.79 GB Used RAM (1.09 GB Cached)
0 B Swap Used
Diagnostics Information: ⓘ
Apr 29, 2016, 11:13:30 AM Self test - passed
am I still at risk of a virus?
Not if you did what you say you did.
It seems to be running very slowly since.
When you see a beachball cursor or the slowness is especially bad, note the exact time: hour, minute, second.
These instructions must be carried out as an administrator. If you have only one user account, you are the administrator.
Launch the Console application in any one of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad and start typing the name.
The title of the Console window should be All Messages. If it isn't, select
SYSTEM LOG QUERIES ▹ All Messages
from the log list on the left. If you don't see that list, select
View ▹ Show Log List
from the menu bar at the top of the screen.
Each message in the log begins with the date and time when it was entered. Scroll back to the time you noted above.
Select the messages entered from then until the end of the episode, or until they start to repeat, whichever comes first.
Copy the messages to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
The log contains a vast amount of information, almost all of it useless for solving any particular problem. When posting a log extract, be selective. A few dozen lines are almost always more than enough.
Please don't indiscriminately dump thousands of lines from the log into this discussion.
Please don't post screenshots of log messages—post the text.
Some private information, such as your name, may appear in the log. Anonymize before posting.
When you post the log extract, you might see an error message on the web page: "You have included content in your post that is not permitted," or "The message contains invalid characters." That's a bug in the forum software. Please post the text on Pastebin, then post a link here to the page you created.
If you have an account on Pastebin, please don't select Private from the Paste Exposure menu on the page, because then no one but you will be able to see it.
Some, possibly all, of the 'slowness' will be the Spotlight re-indexing that occurs after you upgrade the OS. You can see the indexing processes 'mds' and 'mdworker' were using a lot of CPU at the time you ran EtreCheck.
I don't like the look of the 'com.codeweavers.CrossOverCDHelper' "Other Apps" process that is running. CrossOver is a windows compatibility layer that allows Windows applications to run on Macs. Is this something you deliberately installed yourself at some point or could it be something that you unintentionally installed by running your fake Flash installer. Remember, just because you don't think that installed anything doesn't mean it didn't.
You certainly need to go to
System Preferences > Users & Groups > Login Items
and delete the "CrossOver CD Helper" item. Then restart your Mac, login again, and use Activity monitor to see in there is any evidence that CrossOver is still running.
C.
Thanks, it seems to have stopped the slowness for now, but I will follow above instructions if it starts again..
I had installed crossover a while back to run a windows application. I thought I had deleted it after the free trial had run out but I guess removing from finder does not remove the whole trace of it! I have now removed it, thank you for your advice.
I may have just been paranoid about the download as it seems to be running quite normally again!.
Accidentally downloaded fake flash player
