User profile for user: naveary
naveary Author
User level: Level 1
11 points

Is this an adware?

Hi, so I just bought my MacBook yesterday. This's the very first time I use Apple product so I'm still unfamiliar with it.

Somehow I got adware that always opens a new tab to ps4ux.com when I open Safari and when it has opened the ps4ux.com to the new tab, I can't click anything on the page that I was open. I had tried using Malwarebytes Anti-malware and erase the files. But it seems to always coming back with different names and detected with Malwarebytes as I tried to scan it a few more times after that.


I found someone on the forum suggesting to restart in Safe Mode then open LaunchDaemon folder to look for random names of .plist while sorted then in Date Added

As I write this post, I restart my Mac in Safe Mode and open the LaunchDaemon folder to see if there's still adware lurking around.


So this's what I found on the LaunchDaemon folder (with date added):


com.adobe.adobeupdatedaemon.plist yesterday

com.adobe.SwitchBoard.plist yesterday

com.malwarebytes.HelperTool.plist yesterday

com.adobe.agsservice.plist previous 7 days



On the LauchAgents folder:


com.adobe.AdobeCreativeCloud.plist yesterday

com.adobe.AAM.Updater-1.0.plist previous 7 days


On Logs folder:

Adobe folder

CrashReporter folder

CreativeCloud folder

DiagnosticReports folder

LKDC-setup.log


I don't know what LKDC-setup.log is and when I open it, it contains bunch of command things that refer to Heimdal.framework


On Frameworks folder:


AEProfilling.framework

AERegistration.framework

AudioMixEngine.framework

iTunesLibrary.framework

NyxAudioAnalysis.framework

PluginManager.framework


NyxAudioAnalysis.framework sounds like it doesn't belong there, so is it supposed to be there or not? If it is, what does it for?


On Caches folder:


com.apple.AutoTimeZone.plist

com.apple.Components2.LocalCache.AudioComponents

com.apple.Components2.LocalCache.Components

com.apple.Components2.LocalCache.QuickTimeComponents

com.apple.desktop.admin.png (this's a picture file)

com.apple.iconservices.store (this one a folder)

com.apple.ImageCaptureExtension2.ICADeviceDatabase.501


On Application Support folder (this's all folders):


Adobe

AdobeAdobe PCD

AdobeSLCache

App Store

Apple

ApplePushService

com.apple.TCC

CrashReporter

GarageBand

iLifeMediaBrowser

Logic

Macromedia

ProApps

Script Editor


This's all that I've checked

Is there's still some adware in these folders or has it cleaned up?


Anyway, I'm also a bit unfamiliar with Adware as well. So I wanted to ask is Adware dangerous, I mean as dangerous as it can "hacked" your hard drive and erased things and stuff inside (I mean like even when you're not online, it still can destroy your data), or just an annoying advertisement popping up whenever you're online (and only when you're online)?


Thank you in advance.

MacBook Pro (Retina, 13-inch,Early 2015), OS X El Capitan ver. 10.11.6

Posted on Aug 21, 2016 5:57 PM

Reply
10 replies
User profile for user: Rysz
Rysz
User level: Level 8
44,449 points

Aug 21, 2016 10:13 PM in response to naveary

Adware is not dangerous. It's just an annoyance.


Usually, it's sufficient to just relaunch Safari with the Shift key pressed. You could also Remove All Website Data in Safari > Preferences > Privacy tab. In terms of software, AdwareMedic is the preferred choice around here. http://www.adwaremedic.com/index.php


Reading this might also be helpful.

Mac Malware Guide: How do I protect myself? http://www.thesafemac.com/mmg-defense/

Reply
User profile for user: Eric Root
Eric Root
User level: Level 10
685,251 points

Aug 22, 2016 6:19 AM in response to naveary

Try running this program and then copy and paste the output in a reply. The program was created by Etresoft, a frequent contributor. Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown.

Etrecheck – System Information

Reply
User profile for user: naveary
naveary Author
User level: Level 1
11 points

Aug 27, 2016 12:34 AM in response to Eric Root

Sorry for the late reply, there you go

I don't know what to choose on the problem so I just choose "no problem - just checking"

Please let me know if I need to run it on different mode


EtreCheck version: 3.0.2 (306)

Report generated 2016-08-27 14:31:48

Download EtreCheck from https://etrecheck.com

Runtime 1:27

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Remove] links to remove adware.


Problem: No problem - just checking


Hardware Information:

MacBook Pro (Retina, 13-inch, Early 2015)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro12,1

1 2.7 GHz Intel Core i5 CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1867 MHz ok

BANK 1/DIMM0

4 GB DDR3 1867 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 4


Video Information:

Intel Iris Graphics 6100

Color LCD 2560 x 1600


System Software:

OS X El Capitan 10.11.6 (15G31) - Time since boot: about 2 hours


Disk Information:

APPLE SSD SM0128G disk0 : (121.33 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / : 120.11 GB (77.25 GB free)

Core Storage: disk0s2 120.47 GB Online


USB Information:

Broadcom Corp. Bluetooth USB Host Controller


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Adware:

~/Library/LaunchAgents/com.spigot.ApplicationManager.plist

One adware file found. [Remove]


Kernel Extensions:

/System/Library/Extensions

[not loaded] com.wacom.kext.pentablet (Pen Tablet 5.3.6-6 - SDK 10.9 - 2016-08-25) [Support]


System Launch Agents:

[not loaded] 7 Apple tasks

[loaded] 156 Apple tasks

[running] 75 Apple tasks


System Launch Daemons:

[not loaded] 47 Apple tasks

[loaded] 156 Apple tasks

[running] 87 Apple tasks


Launch Agents:

[not loaded] com.adobe.AAM.Updater-1.0.plist (2016-08-21) [Support]

[loaded] com.adobe.AdobeCreativeCloud.plist (2016-08-20) [Support]

[running] com.wacom.pentablet.plist (2014-12-24) [Support]


Launch Daemons:

[loaded] com.adobe.SwitchBoard.plist (2016-08-21) [Support]

[running] com.adobe.adobeupdatedaemon.plist (2016-08-21) [Support]

[running] com.adobe.agsservice.plist (2016-08-20) [Support]

[loaded] com.microsoft.office.licensingV2.helper.plist (2015-08-15) [Support]


User Launch Agents:

[loaded] com.adobe.AAM.Updater-1.0.plist (2016-08-20) [Support]

[loaded] com.bittorrent.uTorrent.plist (2016-08-25)

[running] com.spigot.ApplicationManager.plist (2016-08-25) Adware! [Remove]

~/Library/Application Support/Spigot/ApplicationManager


Internet Plug-ins:

Default Browser: 601 - SDK 10.11 (2016-08-20)

AdobeAAMDetect: 3.0.0.0 - SDK 10.9 (2016-08-21) [Support]

QuickTime Plugin: 7.7.3 (2016-08-20)


Safari Extensions:

Adblock Plus - Eyeo GmbH - https://adblockplus.org/ (2016-08-25)


3rd Party Preference Panes:

PenTablet (2016-08-25) [Support]


Time Machine:

Time Machine not configured!


Top Processes by CPU:

20% kernel_task

10% WindowServer

7% com.apple.WebKit.WebContent(2)

6% mdworker(9)

5% Safari


Top Processes by Memory:

836 MB com.apple.WebKit.WebContent(2)

826 MB kernel_task

254 MB Safari

156 MB mdworker(9)

106 MB WindowServer


Virtual Memory Information:

2.53 GB Free RAM

5.47 GB Used RAM (1.17 GB Cached)

0 B Swap Used


Diagnostics Information:

Aug 27, 2016, 12:18:46 PM /Library/Logs/DiagnosticReports/PenTabletDriver_2016-08-27-121846_[redacted].cr ash

com.wacom.PenTabletDriver - /Library/Application Support/Tablet/PenTabletDriver.app/Contents/MacOS/PenTabletDriver

Aug 27, 2016, 12:18:36 PM Self test - passed

Aug 26, 2016, 06:48:22 PM /Library/Logs/DiagnosticReports/PenTabletDriver_2016-08-26-184822_[redacted].cr ash

Aug 26, 2016, 10:15:30 AM /Library/Logs/DiagnosticReports/PenTabletDriver_2016-08-26-101530_[redacted].cr ash

Aug 25, 2016, 06:04:45 PM ~/Library/Logs/DiagnosticReports/com.apple.preferences.icloud.remoteservice_201 6-08-25-180445_[redacted].crash

/System/Library/PreferencePanes/iCloudPref.prefPane/Contents/XPCServices/com.ap ple.preferences.icloud.remoteservice.xpc/Contents/MacOS/com.apple.preferences.ic loud.remoteservice

Aug 25, 2016, 09:48:31 AM /Library/Logs/DiagnosticReports/Adobe Photoshop CC 2015.5_2016-08-25-094831_[redacted].cpu_resource.diag [Details]

/Applications/Adobe Photoshop CC 2015.5/Adobe Photoshop CC 2015.5.app/Contents/MacOS/Adobe Photoshop CC 2015.5

Reply
User profile for user: stevejobsfan0123
stevejobsfan0123
User level: Level 9
55,204 points

Aug 27, 2016 12:39 AM in response to naveary

It looks like you have the "Spigot" adware. Malwarebytes should be able to detect that, and I have not heard of Spigot being able to regenerate itself. I would suggest that you try running Malwarebytes one more time and letting it remove what it finds. Also, sometimes it will display a screen telling you if you need to take additional steps yourself. If you see such a screen, please take great care to follow that procedure exactly.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Is this an adware?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up