how to remove adware virus from macbook air?

Question

Level 1

8 points

how to remove adware virus from macbook air?

Hi everyone! I know this question may be asked and answered hundred times in this community, however I tried every single solution I can find in this community and this annoying adware virus is still in my computer. I checked all the program I installed and uninstalled all the programs I don't know and don't usually use. I reset all the Chrome and Safari setting, use Malwarebytes to scan adware and it shows clean and restart my computer. But the ads still keep popping out when I'm browsing the websites. It always directs to some n121adserve.com and then ads just pop out. Super frustrating. Does anyone have solution for this?

MacBook Air, OS X Yosemite (10.10.4)

Posted on Jul 7, 2016 1:08 AM

Reply

Answer 1

Eric Root

Level 10

685,245 points

Jul 7, 2016 8:50 AM in response to iluvcc

Safari/Browsers - Eliminating browser redirects and advertisements

Safari/Browsers - Eliminating browser redirects and advertisements (2)

Safari – Popup takes over

Safari – Popup takes over (2)

Popup remover – Scam Zapper

Reply

Answer 2

iluvcc Author

Level 1

8 points

Jul 7, 2016 9:48 AM in response to JimmyCMPIT

EtreCheck version: 2.9.13 (267)

Report generated 2016-07-08 00:29:33

Download EtreCheck from https://etrecheck.com

Runtime 1:54

Performance: Excellent

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Remove] links to remove adware.

Click the [Check files] link for help with unknown files.

Problem: Other problem

Description:

adware

Hardware Information: ⓘ

MacBook Air (13-inch, Mid 2013)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Air - model: MacBookAir6,2

1 1.3 GHz Intel Core i5 CPU: 2-core

4 GB RAM Not upgradeable

BANK 0/DIMM0

2 GB DDR3 1600 MHz ok

BANK 1/DIMM0

2 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 772

Video Information: ⓘ

Intel HD Graphics 5000

Color LCD 1440 x 900

System Software: ⓘ

OS X Yosemite 10.10.4 (14E46) - Time since boot: about 8 hours

Disk Information: ⓘ

APPLE SSD SD0128F disk0 : (121.33 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / : 120.12 GB (66.01 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 120.47 GB Online

USB Information: ⓘ

Apple Internal Memory Card Reader

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller

Thunderbolt Information: ⓘ

Apple Inc. thunderbolt_bus

Configuration files: ⓘ

/etc/hosts - Count: 4

Gatekeeper: ⓘ

Anywhere

Adware: ⓘ

~/Library/Caches/com.apple.Safari/Extens...safariextension

~/Library/Caches/com.apple.Safari/Extensions/Omnibar.safariextension

~/Library/Caches/com.apple.Safari/Extensions/Searchme-2.safariextension

~/Library/LaunchAgents/InstallMac.AppVemoral.plist

~/Library/LaunchAgents/InstallMac.btvlit.plist

~/Library/LaunchAgents/InstallMac.dolnwoad.plist

~/Library/LaunchAgents/InstallMac.uadpte.plist

~/Library/LaunchAgents/com.LiveShoppers.agent.plist

8 adware files found. [Remove]

Unknown Files: ⓘ

/Library/LaunchAgents/.svn/all-wcprops

/Library/LaunchAgents/.svn/entries

~/Library/LaunchAgents/mg.update.plist

~/Library/Application Support/mg/MG.app/Contents/MacOS/MG

3 unknown files found. [Check files]

Kernel Extensions: ⓘ

/Applications/IPVanish.app

[not loaded] foo.tap (20111101 - 2014-10-22) [Support]

[not loaded] foo.tun (20111101 - 2014-10-22) [Support]

System Launch Agents: ⓘ

[not loaded] 5 Apple tasks

[loaded] 139 Apple tasks

[running] 67 Apple tasks

System Launch Daemons: ⓘ

[not loaded] 47 Apple tasks

[loaded] 136 Apple tasks

[running] 80 Apple tasks

Launch Agents: ⓘ

[not loaded] all-wcprops (2013-09-23) [Support]

[not loaded] entries (2013-09-27) [Support]

[failed] com.qvod.agent.plist.svn-base (2013-09-23) [Support]

[failed] com.qvod.agent.plist (2013-09-23) [Support]

[loaded] org.gpgtools.Libmacgpg.xpc.plist (2015-09-24) [Support]

[loaded] org.gpgtools.gpgmail.enable-bundles.plist (2015-03-08) [Support]

[loaded] org.gpgtools.gpgmail.patch-uuid-user.plist (2015-03-08) [Support]

[loaded] org.gpgtools.gpgmail.updater.plist (2015-09-24) [Support]

[loaded] org.gpgtools.macgpg2.fix.plist (2015-03-08) [Support]

[running] org.gpgtools.macgpg2.shutdown-gpg-agent.plist (2015-03-08) [Support]

[loaded] org.gpgtools.macgpg2.updater.plist (2015-03-08) [Support]

Launch Daemons: ⓘ

[failed] com.adobe.fpsaud.plist (2016-06-14) [Support]

[running] com.alipay.DispatcherService.plist (2016-01-01) [Support]

[running] com.ipvanish.helper.openvpn.plist (2016-02-10) [Support]

[running] com.ipvanish.helper.pppd.plist (2016-02-10) [Support]

[loaded] com.malwarebytes.HelperTool.plist (2016-07-06) [Support]

[loaded] org.gpgtools.gpgmail.patch-uuid.plist (2015-03-08) [Support]

User Launch Agents: ⓘ

[loaded] InstallMac.AppVemoral.plist (2016-07-03) Adware! [Remove]

~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

[loaded] InstallMac.btvlit.plist (2016-07-03) Adware! [Remove]

~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

[loaded] InstallMac.dolnwoad.plist (2016-07-03) Adware! [Remove]

~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

[loaded] InstallMac.uadpte.plist (2016-07-03) Adware! [Remove]

~/Library/Application Support/InstallMac/InstallMac.app/Contents/MacOS/Installer

[running] com.LiveShoppers.agent.plist (2016-06-30) Adware! [Remove]

/Applications/LiveShoppers/LiveShoppers

[running] com.alipay.adaptor.plist (2016-01-01) [Support]

[running] com.alipay.refresher.plist (2016-01-01) [Support]

[loaded] com.google.keystone.agent.plist (2016-03-03) [Support]

[running] com.spotify.webhelper.plist (2016-07-07) [Support]

[loaded] mg.update.plist (2016-07-05) [Support]

User Login Items: ⓘ

iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Spotify Application Hidden (/Applications/Spotify.app)

Adium Application (/Applications/Adium.app)

UPEdit Application (/Applications/UPEdit.app)

Other Apps: ⓘ

[running] FN2V63AD2J.com.tencent.ScreenCapture2.39508

[running] FN2V63AD2J.com.tencent.localserver2.16788

[running] cn.microdone.UPEdit.96876

[running] com.adiumX.adiumX.74440

[running] com.etresoft.EtreCheck.98580

[running] com.google.Chrome.43200

[running] com.ipvanish.IPVanish.97444

[running] com.tencent.qq.13096

[running] org.mozilla.tor browser.98012

[loaded] 366 Apple tasks

[running] 183 Apple tasks

Internet Plug-ins: ⓘ

FlashPlayer-10.6: 22.0.0.192 - SDK 10.9 (2016-07-06) [Support]

QuickTime Plugin: 7.7.3 (2015-08-06)

Flash Player: 22.0.0.192 - SDK 10.9 (2016-07-06) [Support]

npCFCAPlugin: 1.1.1.0 - SDK 10.7 (2014-10-06) [Support]

QvodBrowserPlugin: 1.0 - SDK 10.8 (2013-09-28) [Support]

Default Browser: 600 - SDK 10.10 (2015-08-06)

QvodPlayerPlugin: 1.1 - SDK 10.8 (2013-09-28) [Support]

JavaAppletPlugin: 15.0.1 - SDK 10.7 (2014-10-22) Check version

User internet Plug-ins: ⓘ

npalicdo: 1.0 - SDK 10.6 (2015-02-05) [Support]

aliedit: 2.4.0.0 - SDK 10.7 (2015-02-05) [Support]

aThunderPlugIn: Unknown - SDK 10.8 (2014-06-10) [Support]

Safari Extensions: ⓘ

Omnibar (cache only) (2014-05-12) Adware! [Remove]

Thunder Extension - xunlei.com - http://mac.xunlei.com (2014-06-10)

Searchme (cache only) (2015-07-31) Adware! [Remove]

Ebay Shopping Assistant (cache only) (2014-12-12) Adware! [Remove]

3rd Party Preference Panes: ⓘ

Flash Player (2016-06-14) [Support]

FUSE for OS X (OSXFUSE) (2015-10-26) [Support]

GPGPreferences (2016-01-24) [Support]

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

24% WindowServer

5% Adium

5% Google Chrome

4% mdworker(9)

4% kernel_task

Top Processes by Memory: ⓘ

505 MB kernel_task

406 MB com.apple.WebKit.WebContent(2)

356 MB firefox

193 MB Google Chrome Helper(3)

119 MB mdworker(9)

Virtual Memory Information: ⓘ

162 MB Free RAM

3.84 GB Used RAM (834 MB Cached)

51 MB Swap Used

Diagnostics Information: ⓘ

Jul 7, 2016, 03:39:12 PM /Library/Logs/DiagnosticReports/AlipayDispatcherService_2016-07-07-153912_[reda cted].crash

/Library/Application Support/Alipay/AlipayDispatcherService

Jul 7, 2016, 03:38:20 PM Self test - passed

Jul 6, 2016, 01:50:08 PM ~/Library/Logs/DiagnosticReports/AppAS_2016-07-06-135008_[redacted].crash

/Users/USER/Library/Application Support/Leperdvil/Leperdvil.app/Contents/MacOS/AppAS

Jul 6, 2016, 01:50:07 PM ~/Library/Logs/DiagnosticReports/AppRP_2016-07-06-135007_[redacted].crash

/Users/USER/Library/Application Support/Portsayd/Portsayd.app/Contents/MacOS/AppRP

Jul 6, 2016, 01:50:07 PM ~/Library/Logs/DiagnosticReports/AppAS_2016-07-06-135007_[redacted].crash

/Users/USER/Library/Application Support/Otwexplain/Otwexplain.app/Contents/MacOS/AppAS

Jul 6, 2016, 12:45:08 PM /Library/Logs/DiagnosticReports/com.ipvanish.helper.pppd_2016-07-06-124508_[red acted].crash

/Library/PrivilegedHelperTools/com.ipvanish.helper.pppd

Jul 6, 2016, 12:44:59 PM /Library/Logs/DiagnosticReports/com.ipvanish.helper.pppd_2016-07-06-124459_[red acted].crash

Jul 6, 2016, 12:43:50 PM /Library/Logs/DiagnosticReports/com.ipvanish.helper.pppd_2016-07-06-124350_[red acted].crash

so I try to click the remove button, however it says "EtreCheck could not find a Time Machine backup. The delete files operation is disabled."

Reply

Answer 3

JimmyCMPIT

Level 7

29,306 points

Jul 7, 2016 11:11 AM in response to iluvcc

[edits made after initial post]

boot into safe mode, then run the etrecheck again and try removal.

You appear to be running a host of products from get hub and some developmental software that can't identify. your gatekeeper is set to "anywhere" so you have no protection against software that has not been determined by Apple to be legitimate. If you keep your system configured in this way you may expect further compromises.

personally I would start with etrecheck to REMOVE these infections and then run https://www.malwarebytes.com/ as a secondary sweep (in safe mode)

if this is not possible you will need to determine a course of action that involves a full backup and then clean install of OS X.

removal for some of these infections can be found by various sources on the web and should be pursued at your own risk as to the result.

While there are also manual removal processes as well, no process or combination of them are 100% guaranteed to work. Keep in mind both manual and automated processes may not completely remove the compromises made to your system and a clean install will address the shortcomings of this.

Reply