iluvcc
Level 1 (4 points)
Notebooks

Q: how to remove adware virus from macbook air?

Hi everyone! I know this question may be asked and answered hundred times in this community, however I tried every single solution I can find in this community and this annoying adware virus is still in my computer. I checked all the program I installed and uninstalled all the programs I don't know and don't usually use. I reset all the Chrome and Safari setting, use Malwarebytes to scan adware and it shows clean and restart my computer. But the ads still keep popping out when I'm browsing the websites. It always directs to some n121adserve.com and then ads just pop out. Super frustrating. Does anyone have solution for this?

MacBook Air, OS X Yosemite (10.10.4)

Posted on Jul 7, 2016 1:08 AM

Close
iluvcc

Q: how to remove adware virus from macbook air?

  • All replies
  • Helpful answers

  • by JimmyCMPIT,

    JimmyCMPIT JimmyCMPIT Jul 7, 2016 5:37 AM in response to iluvcc
    Level 5 (7,102 points)
    Mac OS X
    Jul 7, 2016 5:37 AM in response to iluvcc

    please post an etrecheck report in this thread for further analysis

    www.etrecheck.com

  • by iluvcc,

    iluvcc iluvcc Jul 7, 2016 9:48 AM in response to JimmyCMPIT
    Level 1 (4 points)
    Notebooks
    Jul 7, 2016 9:48 AM in response to JimmyCMPIT

    EtreCheck version: 2.9.13 (267)

    Report generated 2016-07-08 00:29:33

    Download EtreCheck from https://etrecheck.com

    Runtime 1:54

    Performance: Excellent

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

    Click the [Remove] links to remove adware.

    Click the [Check files] link for help with unknown files.

     

    Problem: Other problem

    Description:

    adware

     

    Hardware Information:

        MacBook Air (13-inch, Mid 2013)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        MacBook Air - model: MacBookAir6,2

        1 1.3 GHz Intel Core i5 CPU: 2-core

        4 GB RAM Not upgradeable

            BANK 0/DIMM0

                2 GB DDR3 1600 MHz ok

            BANK 1/DIMM0

                2 GB DDR3 1600 MHz ok

        Bluetooth: Good - Handoff/Airdrop2 supported

        Wireless:  en0: 802.11 a/b/g/n/ac

        Battery: Health = Normal - Cycle count = 772

     

    Video Information:

        Intel HD Graphics 5000

            Color LCD 1440 x 900

     

    System Software:

        OS X Yosemite 10.10.4 (14E46) - Time since boot: about 8 hours

     

    Disk Information:

        APPLE SSD SD0128F disk0 : (121.33 GB) (Solid State - TRIM: Yes)

            EFI (disk0s1) <not mounted> : 210 MB

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

            Macintosh HD (disk1) / : 120.12 GB (66.01 GB free)

                Encrypted AES-XTS Unlocked

                Core Storage: disk0s2 120.47 GB Online

     

    USB Information:

        Apple Internal Memory Card Reader

        Apple Inc. BRCM20702 Hub

            Apple Inc. Bluetooth USB Host Controller

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Configuration files:

        /etc/hosts - Count: 4

     

    Gatekeeper:

        Anywhere

     

    Adware:

        ~/Library/Caches/com.apple.Safari/Extens...safariextension

        ~/Library/Caches/com.apple.Safari/Extensions/Omnibar.safariextension

        ~/Library/Caches/com.apple.Safari/Extensions/Searchme-2.safariextension

        ~/Library/LaunchAgents/InstallMac.AppVemoral.plist

        ~/Library/LaunchAgents/InstallMac.btvlit.plist

        ~/Library/LaunchAgents/InstallMac.dolnwoad.plist

        ~/Library/LaunchAgents/InstallMac.uadpte.plist

        ~/Library/LaunchAgents/com.LiveShoppers.agent.plist

        8 adware files found. [Remove]

     

    Unknown Files:

        /Library/LaunchAgents/.svn/all-wcprops

        /Library/LaunchAgents/.svn/entries

        ~/Library/LaunchAgents/mg.update.plist

            ~/Library/Application Support/mg/MG.app/Contents/MacOS/MG

        3 unknown files found. [Check files]

     

    Kernel Extensions:

            /Applications/IPVanish.app

        [not loaded]    foo.tap (20111101 - 2014-10-22) [Support]

        [not loaded]    foo.tun (20111101 - 2014-10-22) [Support]

     

    System Launch Agents:

        [not loaded]    5 Apple tasks

        [loaded]    139 Apple tasks

        [running]    67 Apple tasks

     

    System Launch Daemons:

        [not loaded]    47 Apple tasks

        [loaded]    136 Apple tasks

        [running]    80 Apple tasks

     

    Launch Agents:

        [not loaded]    all-wcprops (2013-09-23) [Support]

        [not loaded]    entries (2013-09-27) [Support]

        [failed]    com.qvod.agent.plist.svn-base (2013-09-23) [Support]

        [failed]    com.qvod.agent.plist (2013-09-23) [Support]

        [loaded]    org.gpgtools.Libmacgpg.xpc.plist (2015-09-24) [Support]

        [loaded]    org.gpgtools.gpgmail.enable-bundles.plist (2015-03-08) [Support]

        [loaded]    org.gpgtools.gpgmail.patch-uuid-user.plist (2015-03-08) [Support]

        [loaded]    org.gpgtools.gpgmail.updater.plist (2015-09-24) [Support]

        [loaded]    org.gpgtools.macgpg2.fix.plist (2015-03-08) [Support]

        [running]    org.gpgtools.macgpg2.shutdown-gpg-agent.plist (2015-03-08) [Support]

        [loaded]    org.gpgtools.macgpg2.updater.plist (2015-03-08) [Support]

     

    Launch Daemons:

        [failed]    com.adobe.fpsaud.plist (2016-06-14) [Support]

        [running]    com.alipay.DispatcherService.plist (2016-01-01) [Support]

        [running]    com.ipvanish.helper.openvpn.plist (2016-02-10) [Support]

        [running]    com.ipvanish.helper.pppd.plist (2016-02-10) [Support]

        [loaded]    com.malwarebytes.HelperTool.plist (2016-07-06) [Support]

        [loaded]    org.gpgtools.gpgmail.patch-uuid.plist (2015-03-08) [Support]

     

    User Launch Agents:

        [loaded]    InstallMac.AppVemoral.plist (2016-07-03) Adware!  [Remove]

            ~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

        [loaded]    InstallMac.btvlit.plist (2016-07-03) Adware!  [Remove]

            ~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

        [loaded]    InstallMac.dolnwoad.plist (2016-07-03) Adware!  [Remove]

            ~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

        [loaded]    InstallMac.uadpte.plist (2016-07-03) Adware!  [Remove]

            ~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

        [running]    com.LiveShoppers.agent.plist (2016-06-30) Adware!  [Remove]

            /Applications/LiveShoppers/LiveShoppers

        [running]    com.alipay.adaptor.plist (2016-01-01) [Support]

        [running]    com.alipay.refresher.plist (2016-01-01) [Support]

        [loaded]    com.google.keystone.agent.plist (2016-03-03) [Support]

        [running]    com.spotify.webhelper.plist (2016-07-07) [Support]

        [loaded]    mg.update.plist (2016-07-05) [Support]

     

    User Login Items:

        iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

        Spotify    Application Hidden (/Applications/Spotify.app)

        Adium    Application  (/Applications/Adium.app)

        UPEdit    Application  (/Applications/UPEdit.app)

     

    Other Apps:

        [running]    FN2V63AD2J.com.tencent.ScreenCapture2.39508

        [running]    FN2V63AD2J.com.tencent.localserver2.16788

        [running]    cn.microdone.UPEdit.96876

        [running]    com.adiumX.adiumX.74440

        [running]    com.etresoft.EtreCheck.98580

        [running]    com.google.Chrome.43200

        [running]    com.ipvanish.IPVanish.97444

        [running]    com.tencent.qq.13096

        [running]    org.mozilla.tor browser.98012

        [loaded]    366 Apple tasks

        [running]    183 Apple tasks

     

    Internet Plug-ins:

        FlashPlayer-10.6: 22.0.0.192 - SDK 10.9 (2016-07-06) [Support]

        QuickTime Plugin: 7.7.3 (2015-08-06)

        Flash Player: 22.0.0.192 - SDK 10.9 (2016-07-06) [Support]

        npCFCAPlugin: 1.1.1.0 - SDK 10.7 (2014-10-06) [Support]

        QvodBrowserPlugin: 1.0 - SDK 10.8 (2013-09-28) [Support]

        Default Browser: 600 - SDK 10.10 (2015-08-06)

        QvodPlayerPlugin: 1.1 - SDK 10.8 (2013-09-28) [Support]

        JavaAppletPlugin: 15.0.1 - SDK 10.7 (2014-10-22) Check version

     

    User internet Plug-ins:

        npalicdo: 1.0 - SDK 10.6 (2015-02-05) [Support]

        aliedit: 2.4.0.0 - SDK 10.7 (2015-02-05) [Support]

        aThunderPlugIn: Unknown - SDK 10.8 (2014-06-10) [Support]

     

    Safari Extensions:

        Omnibar (cache only) (2014-05-12) Adware!  [Remove]

        Thunder Extension - xunlei.com - http://mac.xunlei.com (2014-06-10)

        Searchme (cache only) (2015-07-31) Adware!  [Remove]

        Ebay Shopping Assistant (cache only) (2014-12-12) Adware!  [Remove]

     

    3rd Party Preference Panes:

        Flash Player (2016-06-14) [Support]

        FUSE for OS X (OSXFUSE) (2015-10-26) [Support]

        GPGPreferences (2016-01-24) [Support]

     

    Time Machine:

        Time Machine not configured!

     

    Top Processes by CPU:

            24%    WindowServer

             5%    Adium

             5%    Google Chrome

             4%    mdworker(9)

             4%    kernel_task

     

    Top Processes by Memory:

        505 MB    kernel_task

        406 MB    com.apple.WebKit.WebContent(2)

        356 MB    firefox

        193 MB    Google Chrome Helper(3)

        119 MB    mdworker(9)

     

    Virtual Memory Information:

        162 MB    Free RAM

        3.84 GB    Used RAM (834 MB Cached)

        51 MB    Swap Used

     

    Diagnostics Information:

        Jul 7, 2016, 03:39:12 PM    /Library/Logs/DiagnosticReports/AlipayDispatcherService_2016-07-07-153912_[reda cted].crash

            /Library/Application Support/Alipay/AlipayDispatcherService

        Jul 7, 2016, 03:38:20 PM    Self test - passed

        Jul 6, 2016, 01:50:08 PM    ~/Library/Logs/DiagnosticReports/AppAS_2016-07-06-135008_[redacted].crash

            /Users/USER/Library/Application Support/Leperdvil/Leperdvil.app/Contents/MacOS/AppAS

        Jul 6, 2016, 01:50:07 PM    ~/Library/Logs/DiagnosticReports/AppRP_2016-07-06-135007_[redacted].crash

            /Users/USER/Library/Application Support/Portsayd/Portsayd.app/Contents/MacOS/AppRP

        Jul 6, 2016, 01:50:07 PM    ~/Library/Logs/DiagnosticReports/AppAS_2016-07-06-135007_[redacted].crash

            /Users/USER/Library/Application Support/Otwexplain/Otwexplain.app/Contents/MacOS/AppAS

        Jul 6, 2016, 12:45:08 PM    /Library/Logs/DiagnosticReports/com.ipvanish.helper.pppd_2016-07-06-124508_[red acted].crash

            /Library/PrivilegedHelperTools/com.ipvanish.helper.pppd

        Jul 6, 2016, 12:44:59 PM    /Library/Logs/DiagnosticReports/com.ipvanish.helper.pppd_2016-07-06-124459_[red acted].crash

        Jul 6, 2016, 12:43:50 PM    /Library/Logs/DiagnosticReports/com.ipvanish.helper.pppd_2016-07-06-124350_[red acted].crash

     

    so I try to click the remove button, however it says "EtreCheck could not find a Time Machine backup. The delete files operation is disabled."

  • by JimmyCMPIT,

    JimmyCMPIT JimmyCMPIT Jul 7, 2016 11:11 AM in response to iluvcc
    Level 5 (7,102 points)
    Mac OS X
    Jul 7, 2016 11:11 AM in response to iluvcc

    [edits made after initial post]


    boot into safe mode, then run the etrecheck again and try removal.

    You appear to be running a host of products from get hub and some developmental software that  can't identify. your gatekeeper is set to "anywhere" so you have no protection against software that has not been determined by Apple to be legitimate. If you keep your system configured in this way you may expect further compromises.


    personally I would start with etrecheck to REMOVE these infections and then run https://www.malwarebytes.com/ as a secondary sweep (in safe mode)

    if this is not possible you will need to determine a course of action that involves a full backup and then clean install of OS X.

    removal for some of these infections can be found by various sources on the web and should be pursued at your own risk as to the result.


    While there are also manual removal processes as well, no process or combination of them are 100% guaranteed to work.  Keep in mind both manual and automated processes may not completely remove the compromises made to your system and a clean install will address the shortcomings of this.

  • by Eric Root,

    Eric Root Eric Root Jul 8, 2016 10:46 AM in response to iluvcc
    Level 9 (70,161 points)
    iTunes
    Jul 8, 2016 10:46 AM in response to iluvcc

    Download this program which was written by Thomas Reed, a long time poster. The program will do the work for you which makes it easy.

     

    Malwarebytes Anti-Malware for Mac      10.8 and later

     

    What should I do if Malwarebytes Anti-Malware for Mac didn't solve my problem?