ProphetFool
Level 1 (8 points)
Desktops

Q: Help getting rid of unwanted software and changes.

Recently someone in my house accessed a website called clipconverter.cc and saved some videos to our computer. I logged on today to find an INSANE number of flash files saying "INSTALL ME" all over my desktop, my safari changed to "Safe Finder" redirect, and 3 or 4 new apps which I didn't want.

 

I set about deleting them, and fixing safari, but I only have limited knowledge and I need help making sure all is banished off my computer. The apps and changes that I found were:

 

MegaBackup

Advanced Mac Cleaner

A hidden app called "Mac File Opener"

Search Genius (internet extension)

Safe Finder (I assume part of Search Genius)

and some start up changes, one for Advanced Mac cleaner and one I don't recognize.

 

I quit all the processes I could think of, Deleted the apps, went into library and got rid of the App assistance files that were connected to them, took the files out of the logs that were connected with them. Deleted the internet extension, cleared the settings, and history, and set my login activities to just the ones I knew and wanted. I could use some help understanding if there is anything else I need to look into, and get rid of. any help would be much appreciated.

 

I have an EtreCheck Report, which I'm having a bit of a hard time understanding...especially the "failed" or "not loaded" sections...my suspicion is that it's the third party bits still floating out there. But i'm not sure. I also noticed quite a few processes I am unfamiliar with, but that's not saying much (I'm not familiar with a lot of them).

 

all the best!

-C

 

Hardware Information:

  iMac - model: iMac16,2

  1 2.8 GHz Intel Core i5 CPU: 4 cores

  16 GB RAM

 

Video Information:

  Intel Iris Pro Graphics 6200 - VRAM: (null)

 

System Software:

  OS X 10.11.6 (15G1004) - Uptime: 0 days 0:0

 

Disk Information:

  APPLE SSD SM0128G disk0 : (121.33 GB)

  EFI (disk0s1) <not mounted>: 209.7 MB

  disk0s2 (disk0s2) <not mounted>: 120.99 GB

  Boot OS X (disk0s3) <not mounted>: 134.2 MB

 

  APPLE HDD ST2000LM003 disk1 : (2 TB)

  EFI (disk1s1) <not mounted>: 209.7 MB

  disk1s2 (disk1s2) <not mounted>: 2 TB

  Recovery HD (disk1s3) <not mounted>: 650 MB

 

 

USB Information:

 

FireWire Information:

 

Kernel Extensions:

 

Problem System Launch Daemons:

        [failed] com.apple.logd.plist

        [loaded] org.postfix.newaliases.plist

 

Problem System Launch Agents:

 

Launch Daemons:

 

Launch Agents:

        [loaded] com.mentmac.service.update.plist

 

User Launch Agents:

    [not loaded] .DS_Store

        [failed] com.pcv.hlpramcn.plist

        [loaded] com.valvesoftware.steamclean.plist

 

User Login Items:

  iTunesHelper

 

3rd Party Preference Panes:

  None

 

Internet Plug-ins:

  Default Browser.plugin

  QuickTime Plugin.plugin

 

User Internet Plug-ins:

 

Bad Fonts:

  None

 

Top Processes by CPU:

    1.9% syncdefaultsd

    1.8% EtreCheck

    1.5% secd

    0.8% WindowServer

    0.6% fontd

    0.3% com.apple.iCloudHelper

    0.3% accountsd

    0.2% com.apple.sbd

    0.2% syslogd

    0.1% hidd

 

 

Top Processes by Memory:

    98.3 MB mds_stores

    81.9 MB ocspd

    65.5 MB Finder

    65.5 MB WindowServer

    49.2 MB softwareupdated

    49.2 MB syncdefaultsd

    49.2 MB CalendarAgent

    49.2 MB Dock

    32.8 MB AppleIDAuthAgent

    32.8 MB mds

Mac OS X (10.6.7)

Posted on Sep 6, 2016 9:34 PM

Close
ProphetFool

Q: Help getting rid of unwanted software and changes.

  • All replies
  • Helpful answers

  • by CrashBurner,Helpful

    CrashBurner CrashBurner Sep 7, 2016 5:06 AM in response to ProphetFool
    Level 1 (80 points)
    Sep 7, 2016 5:06 AM in response to ProphetFool

    Most of those programs, especially Advanced Mac Cleaner and Mac Filer Opener are what's referred to as known-bad-software.

     

    Download Malwarebytes (it's free) from their website at: https://www.malwarebytes.com/products/.

     

    Let it run a full scan - it should only take a few seconds - and trash the files it finds. You may also need to clear your cache in Safari, as well as clear your history in your web browsers.

     

    Let me know if that solves your issue!


    Good luck!

  • by ProphetFool,

    ProphetFool ProphetFool Sep 7, 2016 5:10 AM in response to CrashBurner
    Level 1 (8 points)
    Desktops
    Sep 7, 2016 5:10 AM in response to CrashBurner

    Thanks for the advice, I'm always shifty eyed about installing software, is it easy to remove later if I want to?

     

    Any ideas on what the com.apple.logd.plist or org.postfix.newaliases.plist might be...my thought is 3rd party support.

    I'll give the malware removal a go after work today. Thanks for the tip!

  • by thomas_r.,

    thomas_r. thomas_r. Sep 7, 2016 7:05 AM in response to ProphetFool
    Level 7 (30,889 points)
    Mac OS X
    Sep 7, 2016 7:05 AM in response to ProphetFool

    Malwarebytes Anti-Malware for Mac is easy to uninstall if you want to... just choose the Uninstall option from the Help menu within the app. The only thing that really needs uninstalling is a helper tool, used to do the tasks that need root-level permissions (like removal of threats from folders that can't be modified without root permissions). There's no component that sits in the background scanning at all times.

     

    Note that we consider the Mac File Opener app to be malware, called OSX.FakeFileOpener, as its purpose is to hijack and imitate some legit OS X functionality to trick the user into going to a scam website.

     

    Thomas Reed

    Director of Mac Offerings, Malwarebytes