MacBook Pro suddently slow, please see EtreCheck report

Question

Level 1

9 points

MacBook Pro suddently slow, please see EtreCheck report

Hi,

My GF has a Macbook Pro late 2011 model, that suddently got slow.

I Found out with ClamXav that she had 3 viruses/malwares. I did'nt have time to check it but i do have a EtreCheck report saying that performance is below average.

She got 360 GB of 500GB left of HDD.

So could anyone check the etrecheck report from after removing malwares?

Here it is:

EtreCheck version: 3.0.3 (307)

Report generated 2016-09-16 19:32:38

Download EtreCheck fromhttps://etrecheck.com

Runtime 7:42

Performance: Below Average

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Problem: Computer is too slow

Hardware Information: ⓘ

MacBook Pro (13-inch, Late 2011)

[Technical Specifications] - [User Guide]- [Warranty & Service]

MacBook Pro - model: MacBookPro8,1

1 2,4 GHz Intel Core i5 CPU: 2-core

4 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

2 GB DDR3 1333 MHz ok

BANK 1/DIMM0

2 GB DDR3 1333 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 981

Video Information: ⓘ

Intel HD Graphics 3000

Color LCD 1280 x 800

System Software: ⓘ

OS X El Capitan 10.11.5 (15F34) - Time since boot: less than an hour

Disk Information: ⓘ

ST9500325ASG disk0 : (500,11 GB) (Rotational)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / : 498.88 GB (373.34 GB free)

Core Storage: disk0s2 499.25 GB Online

OPTIARC DVD RW AD-5970H ()

USB Information: ⓘ

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Western Digital My Book 1110 999,5 GB

My Book (disk2s1) <not mounted> : 999.50 GB

Apple Inc. BRCM2070 Hub

Apple Inc. Bluetooth USB Host Controller

Apple Computer, Inc. IR Receiver

Thunderbolt Information: ⓘ

Apple Inc. thunderbolt_bus

Configuration files: ⓘ

/etc/launchd.conf - File exists but not expected

Gatekeeper: ⓘ

Mac App Store and identified developers

Unknown Files: ⓘ

~/Library/LaunchAgents/File.plist

/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/java -jar /Users/christinasmiley/Library/.File.jar

~/Library/LaunchAgents/Test.plist

/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/java -jar /Users/christinasmiley/Downloads/Test-1.jar

~/Library/LaunchAgents/Yosemite.plist

/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/java -jar /Users/christinasmiley/Library/.Yosemite.jar

~/Library/LaunchAgents/com.apple.CSConfigDotMacCert-[redacted]@me.com-SharedServices.Agent.plist

/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices.framewo rk/Versions/A/Support/CSConfigDotMacCert -l /Users/christinasmiley/Library/Logs/CSConfigDotMacCert.log -u xxx@me.com -t SharedServices -s

~/Library/LaunchAgents/mg.update.plist

~/Library/Application Support/mg/MG.app/Contents/MacOS/MG

5 unknown files found. [Check files]

System Launch Agents: ⓘ

[not loaded] 8 Apple tasks

[loaded] 171 Apple tasks

[running] 59 Apple tasks

System Launch Daemons: ⓘ

[failed] com.apple.ucupdate.plist (2015-08-23)

[failed] com.apple.watchdogd.plist (2015-09-20)

[not loaded] 48 Apple tasks

[loaded] 160 Apple tasks

[running] 80 Apple tasks

Launch Daemons: ⓘ

[not loaded] com.adobe.fpsaud.plist (2015-12-24) [Support]

[not loaded] com.cloudpath.maccmd.plist (2015-04-20)[Support]

[not loaded] com.ea.origin.ESHelper.plist (2016-06-16) [Support]

[not loaded] com.microsoft.office.licensing.helper.plist (2011-03-10) [Support]

[running] uk.co.canimaansoftware.ClamXavHelper.plist (2016-09-16) [Support]

[loaded] uk.co.canimaansoftware.ClamXavHelperUpdater.plist (2016-09-16) [Support]

User Launch Agents: ⓘ

[not loaded] File.plist (2015-11-03)[Support]

[not loaded] Test.plist (2015-10-30)[Support]

[not loaded] Yosemite.plist (2015-11-03)[Support]

[not loaded] com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist (2012-04-30) [Support]

[not loaded] com.facebook.videochat.[redacted].plist (2014-08-10)

[not loaded] com.google.keystone.agent.plist (2016-07-12)[Support]

[not loaded] com.spotify.webhelper.plist (2016-09-16) [Support]

[not loaded] com.valvesoftware.steamclean.plist (2016-09-13) [Support]

[not loaded] mg.update.plist (2016-07-05) [Support]

[loaded] uk.co.canimaansoftware.clamxav.UninstallWatcher.plist (2016-09-16)

Internet Plug-ins: ⓘ

FlashPlayer-10.6: 20.0.0.267 - SDK 10.6 (2016-01-08) [Support]

QuickTime Plugin: 7.7.3 (2016-06-03)

Flash Player: 20.0.0.267 - SDK 10.6 (2016-01-08) Outdated! Update

Default Browser: 601 - SDK 10.11 (2016-06-03)

SharePointBrowserPlugin: 14.2.3 - SDK 10.6 (2012-09-20) [Support]

Silverlight: 5.1.50709.0 - SDK 10.6 (2016-09-16) [Support]

JavaAppletPlugin: 15.0.1 - SDK 10.11 (2012-04-30) Check version

User internet Plug-ins: ⓘ

Picasa: 1.0 - SDK 10.4 (2012-06-27) [Support]

3rd Party Preference Panes: ⓘ

Flash Player (2015-12-24) [Support]

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

91% kernel_task

83% RunFreshclam

39% ClamXav

31% sigtool

21% WindowServer

Top Processes by Memory: ⓘ

376 MB kernel_task

156 MB com.apple.WebKit.WebContent

119 MB QuickLookSatellite(2)

119 MB ClamXav

102 MB Safari

Virtual Memory Information: ⓘ

25 MB Free RAM

3.97 GB Used RAM (879 MB Cached)

768 KB Swap Used

Diagnostics Information: ⓘ

Sep 16, 2016, 07:11:17 PM Self test - passed

Sep 16, 2016, 07:04:38 PM ~/Library/Logs/DiagnosticReports/suggestd_2016-09-16-190438_[redacted].crash

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/ suggestd

Sep 16, 2016, 06:16:07 PM /Library/Logs/DiagnosticReports/MemeodHelper_2016-09-16-181607_[redacted].crash

/Users/USER/Library/Application Support/Memeo/MemeodHelper

Sep 16, 2016, 06:12:12 PM /Library/Logs/DiagnosticReports/MemeodHelper_2016-09-16-181212_[redacted].crash

Sep 15, 2016, 07:01:11 PM ~/Library/Logs/DiagnosticReports/AppTS_2016-09-15-190111_[redacted].crash

/Users/USER/Library/Application Support/Olivernetko/Olivernetko.app/Contents/MacOS/AppTS

Sep 15, 2016, 06:37:11 PM /Library/Logs/DiagnosticReports/iTunes_2016-09-15-183711_[redacted].hang

/Applications/iTunes.app/Contents/MacOS/iTunes

Aug 19, 2016, 10:14:22 AM /Library/Logs/DiagnosticReports/Kernel_2016-08-19-101422_[redacted].panic [Details]

I Took the etrecheck while running ClamXav, so do not bother the high CPU.

Sorry for my bad english.

Alot of thanks in advance!

Mac mini, OS X Mountain Lion (10.8.5), null

Posted on Sep 16, 2016 11:00 AM

Reply

Answer 1

JimmyCMPIT

Level 7

29,306 points

Sep 16, 2016 11:06 AM in response to sikiduck

ClamXav

get rid of that crap, you don't need it.

91% kernel_task

83% RunFreshclam

39% ClamXav

all that CPU mugging can be traced back to Clam

How do I uninstall ClamXav completely?

First thing to do is quit ClamXav Sentry (if you use it) and make sure it's not set to launch at log in. Then simply drag ClamXav.app to the trash; after a few seconds you'll see a message asking if you would also like to uninstall the scanning engine. The uninstaller will remove the scanning engine and any schedules you've got set up.

Reply

Answer 2

MadMacs0

Level 5

5,233 points

Sep 17, 2016 12:40 AM in response to sikiduck

You need to run EtreCheck at a time when you are not scanning with ClamXav, otherwise you won't see what's actually slowing it down. There is no need to remove it as it only runs when you tell it to and once a day to update definitions. Something else is responsible for the kernel_task using so much CPU and RAM and that's always difficult to nail down.

Several System related processes are crashing, which is never a good sign.

Flash Player is very old and has been disable by Apple as a security risk. Version 23.0.0.162 is current. Update from System Preferences->Flash Player->Updates tab or https://get.adobe.com/flashplayeronly.

Attempting to run OS 10.11.x with only 4GB or RAM only works if you don't run any applications. That's way too little for modern versions of OS X. RAM is cheap and easily installed. Apple has only tested for 8GB, but it will actually work just fine with 16GB. I recommend OWC or Crucial RAM.

She also needs to upgrade to 10.11.6 from the App Store->Updates tab which patches several security issues and fixes several bugs. She'll need to do that in order to get future Security Updates, the first of which will likely be available next Tuesday.

Reply

Answer 3

sikiduck Author

Level 1

9 points

Sep 18, 2016 10:38 AM in response to MadMacs0

Thanks guys.

Here is a new report I just took:

EtreCheck version: 3.0.3 (307)

Report generated 2016-09-18 19:31:47

Download EtreCheck fromhttps://etrecheck.com

Runtime 7:01

Performance: Below Average

Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Problem: Computer is too slow

Hardware Information: ⓘ

MacBook Pro Intel Core i5, Intel Core i7, 13" (Early 2011)

[Technical Specifications] - [User Guide]- [Warranty & Service]

MacBook Pro - model: MacBookPro8,1

1 2,4 GHz Intel Core i5 CPU: 2-core

4 GB RAM Upgradeable - [Instructions]

BANK 0/DIMM0

2 GB DDR3 1333 MHz ok

BANK 1/DIMM0

2 GB DDR3 1333 MHz ok

Bluetooth: Old - Handoff/Airdrop2 not supported

Wireless: en1: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 981

Video Information: ⓘ

Intel HD Graphics 3000

Color LCD 1280 x 800

System Software: ⓘ

OS X El Capitan 10.11.5 (15F34) - Time since boot: about 2 days

Disk Information: ⓘ

ST9500325ASG disk0 : (500,11 GB) (Rotational)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / : 498.88 GB (374.89 GB free)

Core Storage: disk0s2 499.25 GB Online

OPTIARC DVD RW AD-5970H ()

USB Information: ⓘ

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM2070 Hub

Apple Inc. Bluetooth USB Host Controller

Apple Computer, Inc. IR Receiver

Thunderbolt Information: ⓘ

Apple Inc. thunderbolt_bus

Gatekeeper: ⓘ

Mac App Store and identified developers

Unknown Files: ⓘ

~/Library/LaunchAgents/File.plist

/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/java -jar /Users/christinasmiley/Library/.File.jar

~/Library/LaunchAgents/Test.plist

/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/java -jar /Users/christinasmiley/Downloads/Test-1.jar

~/Library/LaunchAgents/Yosemite.plist

/System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/java -jar /Users/christinasmiley/Library/.Yosemite.jar

~/Library/LaunchAgents/com.apple.CSConfigDotMacCert-[redacted]@me.com-SharedServices.Agent.plist

/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices.framewo rk/Versions/A/Support/CSConfigDotMacCert -l /Users/christinasmiley/Library/Logs/CSConfigDotMacCert.log -u christinasmiley@me.com -t SharedServices -s

~/Library/LaunchAgents/mg.update.plist

~/Library/Application Support/mg/MG.app/Contents/MacOS/MG

5 unknown files found. [Check files]

System Launch Agents: ⓘ

[not loaded] 8 Apple tasks

[loaded] 164 Apple tasks

[running] 66 Apple tasks

System Launch Daemons: ⓘ

[not loaded] 48 Apple tasks

[loaded] 153 Apple tasks

[running] 89 Apple tasks

Launch Daemons: ⓘ

[loaded] com.adobe.fpsaud.plist (2015-12-24) [Support]

[not loaded] com.cloudpath.maccmd.plist (2015-04-20)[Support]

[loaded] com.ea.origin.ESHelper.plist (2016-06-16) [Support]

[loaded] com.microsoft.office.licensing.helper.plist (2011-03-10) [Support]

[loaded] uk.co.canimaansoftware.ClamXavHelper.plist (2016-09-16) [Support]

[loaded] uk.co.canimaansoftware.ClamXavHelperUpdater.plist (2016-09-16) [Support]

User Launch Agents: ⓘ

[failed] File.plist (2015-11-03) [Support]

[failed] Test.plist (2015-10-30) [Support]

[failed] Yosemite.plist (2015-11-03)[Support]

[failed] com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist (2012-04-30) [Support]

[failed] com.facebook.videochat.[redacted].plist (2014-08-10)

[loaded] com.google.keystone.agent.plist (2016-07-12) [Support]

[running] com.spotify.webhelper.plist (2016-09-16) [Support]

[loaded] com.valvesoftware.steamclean.plist (2016-09-13) [Support]

[loaded] mg.update.plist (2016-07-05)[Support]

[loaded] uk.co.canimaansoftware.clamxav.UninstallWatcher.plist (2016-09-16)

Internet Plug-ins: ⓘ

FlashPlayer-10.6: 20.0.0.267 - SDK 10.6 (2016-01-08) [Support]

QuickTime Plugin: 7.7.3 (2016-06-03)

Flash Player: 20.0.0.267 - SDK 10.6 (2016-01-08) Cannot contact Adobe

Default Browser: 601 - SDK 10.11 (2016-06-03)

SharePointBrowserPlugin: 14.2.3 - SDK 10.6 (2012-09-20) [Support]

Silverlight: 5.1.50709.0 - SDK 10.6 (2016-09-16) [Support]

JavaAppletPlugin: 15.0.1 - SDK 10.11 (2012-04-30) Check version

User internet Plug-ins: ⓘ

Picasa: 1.0 - SDK 10.4 (2012-06-27) [Support]

3rd Party Preference Panes: ⓘ

Flash Player (2015-12-24) [Support]

Time Machine: ⓘ

Time Machine not configured!

Top Processes by CPU: ⓘ

15% helpd

7% WindowServer

5% kernel_task

5% genatsdb

4% hidd

Top Processes by Memory: ⓘ

378 MB kernel_task

94 MB UserEventAgent(2)

94 MB mdworker(3)

86 MB WindowServer

78 MB Finder

Virtual Memory Information: ⓘ

127 MB Free RAM

3.87 GB Used RAM (445 MB Cached)

0 B Swap Used

Diagnostics Information: ⓘ

Sep 16, 2016, 07:42:38 PM Self test - passed

Sep 16, 2016, 07:04:38 PM ~/Library/Logs/DiagnosticReports/suggestd_2016-09-16-190438_[redacted].crash

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/ suggestd

Sep 16, 2016, 06:16:07 PM /Library/Logs/DiagnosticReports/MemeodHelper_2016-09-16-181607_[redacted].crash

/Users/USER/Library/Application Support/Memeo/MemeodHelper

Sep 16, 2016, 06:12:12 PM /Library/Logs/DiagnosticReports/MemeodHelper_2016-09-16-181212_[redacted].crash

I See there is several launch agents that fails.

Reply

Answer 4

MadMacs0

Level 5

5,233 points

Sep 18, 2016 3:54 PM in response to sikiduck

Looks like three of the failed LaunchAgents are associated with Java SE 6 which in my experience is removed by the El Capitan installer, so not sure why they are still there:

Unknown Files: ⓘ

~/Library/LaunchAgents/File.plist

~/Library/LaunchAgents/Test.plist

~/Library/LaunchAgents/Yosemite.plist

User Launch Agents: ⓘ

[failed] File.plist (2015-11-03) [Support]

[failed] Test.plist (2015-10-30) [Support]

[failed] Yosemite.plist (2015-11-03)[Support]

This one dates back to the old MobileMe days and is no longer needed. Must have been migrated from an old (2012) installation:

Unknown File:

~/Library/LaunchAgents/com.apple.CSConfigDotMacCert-[redacted]@me.com-SharedServ ices.Agent.plist

I don't know enough about the Facebook.videochat agent, but I suspect it will only function when active. Either that or some other piece of software has been removed.

Not at all familiar with ~/Library/LaunchAgents/mg.update.plist or /Applications/MG application.

For a second opinion from EtreSoft, click the [Check Files] link.

It doesn't appear that any of the updates I previously recommended have been accomplished.

I might be able to tell you more if you still have a record of what ClamXav found. You can also get help from support[at]clamxav[dot]com for the paid versions, which it appears she has.

Reply

Answer 5

sikiduck Author

Level 1

9 points

Sep 18, 2016 5:10 PM in response to MadMacs0

Thank you for answer.

WHere do I find the clamxav log? I've looked in the scan log but theres nothing. I can't find anything.

I Have to mention I ran clamxav in safety mode. And when I opened clamxav the malwares where there, without scanning. I remember obe was "Advanced Mac Cleaner" tho.

Reply

Answer 6

MadMacs0

Level 5

5,233 points

Sep 18, 2016 9:04 PM in response to sikiduck

sikiduck wrote:

WHere do I find the clamxav log? I've looked in the scan log but theres nothing. I can't find anything.

Let me start by encouraging you and anybody who has a paid version of ClamXav to use Canimaan Software's support helpdeskfor all issues and questions, as they alone can use the built-in diagnostics for troubleshooting and more detailed answers than we can do here.

The Scan Logs should be able to tell you everything that was found during a scan and are both located in ~/Library/Logs/ as clamXav-scan.log and ClamXavSentry-scan.log until they exceed 5MB (I believe) and then are rolled over, leaving up to four additional compressed logs. If and when you use the Sentry Log you will have to search for "FOUND" in all caps. To access your home library folder you will probably need to hold the <Option/Alt>-key down and select "Library" from the Finder's Go menu.

I wrote an AppleScript to help with finding infections which I can post here if you really need it.

when I opened clamxav the malwares where there, without scanning. I remember obe was "Advanced Mac Cleaner" tho.

Then there should have been an entry similar to:

Starting system scan…

/Users/user/Library/hlpramc: PUA.OSX.AdvancedMacCleaner FOUND

Live Infections Found: 1

Live scanning is a new feature that takes place when you first open ClamXav without the need to start a scan. It looks for some of the more serious infections and was probably highlighted in Red or Orange. From what you said earlier, you were able to delete all the infections found so probably no longer an issue.

Recently, a colleague of mine wrote me about a new sneaky feature of Advanced Mac Cleaner which installs an app called "Mac File Opener" that he found tucked away where the average user won't see it. I have a sample and it caused me no end of problems with opening apps and many files. Unfortunately I didn't bother to ask where this spot was and I don't know for certain whether ClamXav has been updated to detect it. He has since written this article about it, but still doesn't mention how to find it. Too late to ask him tonight, but I'll try to get you a better answer. Spotlight might be able to locate it, but you might need a more capable searcher like EasyFind or Find Any File.

Reply

Answer 7

sikiduck Author

Level 1

9 points

Sep 19, 2016 4:03 AM in response to MadMacs0

Awesome, thanks for reply. I do not have paid version of ClamXav :/

Okay, so clamxav-scan log did only say no infections. And this is what I have from console log:

Sep 16 19:26:07 Christinas-MBP newsyslog[514]: logfile first created

2016-09-16 19:26:08.243 ClamXav[512:7082] Transitioning preferences

2016-09-16 19:26:23.646 ClamXav[512:7082] INFO -- Moving myself to the Applications folder

2016-09-16 19:26:49.457 ClamXav[525:7501] Privileged helpers installed.

2016-09-16 19:26:51.833 ClamXav[525:7675] 19:26:51.831 ERROR: 312: error -66680

2016-09-16 19:26:51.834 ClamXav[525:7675] 19:26:51.834 ERROR: 312: error -66680

2016-09-16 19:26:51.835 ClamXav[525:7675] 19:26:51.835 ERROR: 312: error -66680

2016-09-16 19:26:56.407 ClamXav[525:7501] engine not found

2016-09-16 19:27:01.554 ClamXav[525:7688] -[MAEngineChecker doInstallScanEngine]

2016-09-16 19:27:22.114 ClamXav[525:7688] -[MAEngineChecker doInstallScanEngine]

2016-09-16 19:27:22.383 ClamXav[525:7501] Engine installed successfully. Check to make sure...

2016-09-16 19:27:23.061 ClamXav[525:7688] Installed Engine: 0.99.2

2016-09-16 19:27:23.080 ClamXav[525:7688] Bundled Engine: 0.99.2

2016-09-16 19:27:23.080 ClamXav[525:7688] Bundled Engine Update: 0.99.2_update_8

2016-09-16 19:27:23.084 ClamXav[525:7688] Permissions look good on the scanning engine

2016-09-16 19:28:22.971 ClamXav[525:7688] Installed Engine: 0.99.2

2016-09-16 19:28:22.998 ClamXav[525:7688] Bundled Engine: 0.99.2

2016-09-16 19:28:23.001 ClamXav[525:7688] Bundled Engine Update: 0.99.2_update_8

2016-09-16 19:28:23.004 ClamXav[525:7688] Permissions look good on the scanning engine

2016-09-16 19:28:37.826 ClamXav[525:7501] Delete 2 via privileged helper

2016-09-16 19:28:40.104 ClamXav[525:7501] Delete 15 via privileged helper

2016-09-16 19:28:42.588 ClamXav[525:7501] Delete 20 via privileged helper

2016-09-16 19:28:46.345 ClamXav[525:7501] Cancelled restart, do nothing

2016-09-16 19:29:00.238 ClamXav[525:7501] No infections found

2016-09-16 19:32:10.949 ClamXav[525:9185] skipping /dev

2016-09-16 19:33:17.384 ClamXav[525:9185] skipping /net

2016-09-18 21:38:28.569 ClamXav[1254:19230] Installed Helper Tool Version: 520

2016-09-18 21:38:28.619 ClamXav[1254:19230] Bundled Helper Tool Version: 520

2016-09-18 21:38:33.485 ClamXav[1254:19230] Trial Days Remaining 28

2016-09-18 21:38:38.889 ClamXav[1254:19543] Installed Engine: 0.99.2

2016-09-18 21:38:38.908 ClamXav[1254:19543] Bundled Engine: 0.99.2

2016-09-18 21:38:38.910 ClamXav[1254:19543] Bundled Engine Update: 0.99.2_update_8

2016-09-18 21:38:38.915 ClamXav[1254:19543] Permissions look good on the scanning engine

2016-09-18 21:38:44.095 ClamXav[1254:19230] No infections found

2016-09-18 21:38:58.830 ClamXav[1254:19230] No infections found

2016-09-18 21:42:19.245 ClamXav[1254:19693] skipping /dev

2016-09-18 21:43:46.242 ClamXav[1254:19693] skipping /net

2016-09-18 21:47:01.550 ClamXav[1254:19693] skipping Users/christinasmiley/.Trash

2016-09-18 21:49:03.157 ClamXav[1254:19693] skipping Users/christinasmiley/Library/Mail

2016-09-18 23:20:10.591 ClamXav[1254:19693] skipping /Volumes

2016-09-19 01:55:59.914 ClamXav[1168:18799] Installed Helper Tool Version: 520

2016-09-19 01:55:59.938 ClamXav[1168:18799] Bundled Helper Tool Version: 520

2016-09-19 01:56:00.956 ClamXav[1168:18799] Trial Days Remaining 28

2016-09-19 01:56:04.425 ClamXav[1168:18964] Installed Engine: 0.99.2

2016-09-19 01:56:04.439 ClamXav[1168:18964] Bundled Engine: 0.99.2

2016-09-19 01:56:04.441 ClamXav[1168:18964] Bundled Engine Update: 0.99.2_update_8

2016-09-19 01:56:04.447 ClamXav[1168:18964] Permissions look good on the scanning engine

2016-09-19 01:56:05.619 ClamXav[1168:18799] No infections found

Very little I got to say. Maybe it has something to do with that I ran the scan in safety mode or that when I opened Clamxav for the first time, the infections was showing immediately, without scanning. So maybe the feature called Live scanning kicked in.

Anyways, I did take a Etrecheck that I used to find the malwares/viruses, so I have the Etrecheck log and now I know what viruses I got:

/Library/LaunchAgents/Manroling.update.plist

~/Library/LaunchAgents/Olivernetko.AppVemoral.plist

~/Library/LaunchAgents/Olivernetko.btvlit.plist

~/Library/LaunchAgents/Olivernetko.dolnwoad.plist

~/Library/LaunchAgents/Olivernetko.uadpte.plist

~/Library/LaunchAgents/Smokyashan.update.plist

Reply

Answer 8

JimmyCMPIT

Level 7

29,306 points

Sep 19, 2016 7:56 AM in response to sikiduck

There are no mac virus at this time, and any windows virus the AV finds is innocuous to your mac. Not a single mac OS X virus has ever been found in the wild by anyone, not even the securities labs whos primary function is to search for threats before they start infecting systems. Should a mac "virus" ever be developed that is released on the web no Mac AV to date has any track record of knowing what to do. Mac AV solutions are developed will fewer skilled programmers, lacks the decades of Windows AV development that the Windows platform has and has no integration with Apple from Apple Computer. If you are using your Mac to defend against Windows virus it will cause OS X give up CPU and other resources to protect another OS that has far superior 3rd party protection options in every way.

What is known on these forums is when someone says "slow" and "anti-virus" in all cases that slowness is in part or entity the fault of the anti-virus (Your first report shows both cores of your CPU as being nearly devoted in entirety to the Clam software for normal use leaving nothing for the remainder of your system. ) Many of these forum posts have shown Mac AV behavior as worse than any malware and adware combined that claims protect you against. A mac "virus" is something that has yet to be developed by anyone to intntonally damage OS X at this time, and at this time any software documented as causing damage to OS X will likey ask you to pay for it, Clean my Mac, Mac Keeper, Sophos, Kaspersky, McAffee, Clam, are a short list of a handful of these apps. If problems persist remove the AV and test your system without the product installed in any way, shape or form. If response returns to the system the problem was the security software which the activity on the report made very clear.

Reply

Answer 9

MadMacs0

Level 5

5,233 points

Sep 19, 2016 4:09 PM in response to JimmyCMPIT

As you well know the OP when the OP refers to a Virus he is doing so in the currently accepted manner referring to Malware in general. Similarly, current A-V software is capable of finding and removing thousands of files associated with all types of OS X malware (primarily Adware these days).

Although you are generally correct when you say a user should not necessarily equate slowness with Malware and that many A-V software packages are responsible for high RAM and CPU use, most Adware infection will result in slowing down the user's browsing experience.

The OP has apparently located at least one Potentially Unwanted Application (Advanced Mac Cleaner) which is know to cause a number of issues, so using ClamXav seems to be a useful tool in this specific case.

Reply

Answer 10

MadMacs0

Level 5

5,233 points

Sep 19, 2016 7:53 PM in response to sikiduck

sikiduck wrote:

I do not have paid version of ClamXav

I see that you are still within the trial period, so you are eligible to use Canimaan Software's support helpdesk. Just mention that you are on the 30-day trial if you choose to use it. If it turns out to be useful to you, I hope you will consider purchasing it when your trial is over.

The Console's All Message entries are all normal for someone first installing ClamXav, so I don't see any issues there.

Those aren't infections that I'm familiar with so I can't tell you exactly what they were (probably Adware). The file names are literally changing on a daily basis. The official ClamAV database today has over 8,000 OS X related definitions and the supplemental ClamXav database over 157,000 definitions.

I was able to determine that the "Mac File Opener" application that I mentioned earlier would have been located in ~/Library/Applications Support/Mac File Opener/. Use the technique I outlined earlier to access your User Library to check for that. If you find it drag the entire folder to the Trash.

The reason I'm so late in responding is that I spent a good deal of time trying to determine whether or not The contents of that folder are being detected as malware by ClamXav and I believe I've confirmed that if it was there it should have been identified as

Filename	Infection Name	Status
~/Library/Application Support/Mac File Opener/Mac File Opener.app	Osx.Malware.Agent-1694484

Reply

Answer 11

sikiduck Author

Level 1

9 points

Sep 20, 2016 9:00 AM in response to MadMacs0

JimmyCMPIT, really? Pointing out that in huge text, when a computer virus is a type of malicious software program ("malware"), and what I had on my computer was malwares, its actually the same. So yes, Mac have viruses.

Anyway, MadMacs.

I did not found that folder in Application Support. I think I deleted it couple of days ago.

However, yesterday I ran a Clamxav scan again.

This is what I found:

19. sep. 2016, 13.13.35

Starting system scan…

Live Infections Found: 0

Live Infections Found: 0

Scanning selected files…

/Applications/mg/mguninstaller.app/Contents/MacOS/MGUninstaller: Osx.Malware.Agent-1687142 FOUND

/Incompatible Software/Genieo.app/Contents/MacOS/Genieo: Osx.Malware.Agent-1410084 FOUND

/Incompatible Software/Genieo.app/Contents/Resources/Java/NotificationsMacNative.app/Contents /MacOS/NotificationsMac: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Library/SystemMigration/History/Migration-40B791F4-E854-4E33-8449-189D029DE246/ QuarantineRoot/usr/lib/libgenkit.dylib: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Library/SystemMigration/History/Migration-40B791F4-E854-4E33-8449-189D029DE246/ QuarantineRoot/usr/lib/libgenkitsa.dylib: Adware.OSX.Genieo.UNOFFICIAL FOUND

LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes

LibClamAV Warning: cli_scanxar: 2 checksum errors and 0 extraction errors, use --debug for more info.

/Users/christinasmiley/Downloads/InstallGenieo-1.dmg: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Downloads/InstallGenieo-2.dmg: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Downloads/SoftonicDownloader_for_steam.exe: Win.Adware.Agent-1373179 FOUND

/Users/christinasmiley/Downloads/uTorrent-2.dmg: Adware.OSX.XLoader.UNOFFICIAL FOUND

/Users/christinasmiley/Downloads/uTorrent.dmg: Adware.OSX.XLoader.UNOFFICIAL FOUND

/Users/christinasmiley/Downloads/XvidSetup-1.exe: Win.Adware.Adinstall-1 FOUND

/Users/christinasmiley/Downloads/XvidSetup.exe: Win.Adware.Adinstall-1 FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/031AE97E-F559- 4B38-8043-FC45FFC4163D: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/162271D6-A88D- 4AC9-AFF5-98648D3D4D2F: Osx.Malware.Agent-1687114 FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/1AC0EC64-5610- 4829-B153-DC9A7DE9EE82: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/322060E9-B0C0- 4B59-9A1A-EAFD094B1944: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/66D0ABE9-AFE8- 4948-8B10-129A213C83FA: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/76F02B81-82B3- 4BBA-8777-96EBA5BAB00F: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/B4C65B92-A648- 4585-AE11-8C127BBEF0F4: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/B5718FD1-357C- 4890-B675-5D7BC7DC8CD8: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/CC2BB506-28E7- 4725-8A5D-F8108B9C6040: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/D6C8BC62-B9EA- 483C-AFDC-EA13D454F4E9: Osx.Malware.Agent-1687145 FOUND

/Users/christinasmiley/Library/Caches/com.nos.AppNOS/fsCachedData/EF53AD76-1E68- 4006-A579-287D34372372: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.tzavs.AppTS/fsCachedData/68680581-B171 -4B0C-8B8B-51ED9DED8065: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.tzavs.AppTS/fsCachedData/889CB7DF-0342 -408E-A5E2-4163012F871D: Osx.Malware.Agent-1687145 FOUND

/Users/christinasmiley/Library/Caches/com.tzavs.AppTS/fsCachedData/ACD9DC5A-03F1 -449F-AE65-F5DDA151DE3F: Adware.OSX.Genieo.UNOFFICIAL FOUND

/Users/christinasmiley/Library/Caches/com.tzavs.AppTS/fsCachedData/BA032FB3-D06F -4623-BCBE-B24074CD8B4B: Adware.OSX.Genieo.UNOFFICIAL FOUND

----------- SCAN SUMMARY -----------

Known viruses: 4978813

Engine version: 0.99.2

Scanned directories: 148958

Scanned files: 622452

Infected files: 27

Total errors: 333

Data scanned: 87189.59 MB

Data read: 121927.41 MB (ratio 0.72:1)

Time: 16042.947 sec (267 m 22 s)

Thanks for good reply. I understand your time you put into this. I appreciate it alot.

Reply

Answer 12

JimmyCMPIT

Level 7

29,306 points

Sep 20, 2016 9:17 AM in response to sikiduck

Use a malware cleaner to remove your adware

www.malwarebytes.com

this product is free and developed by a frequent and knowledgeable contributor to the forums.

this product will specifically address the Malware that was detected and will not function like a stay resident anti-virus.

While both adware and a virus can be constituted as malware a handgun can be used to turn off a TV, or your cat can give birth to kittens in an oven, this does not make it a remote, or make them biscuits respectively.

the huge text is cut/paste directly from the clam website as to their directions of how to remove their software, its their way of pointing this out to you.

Reply

Answer 13

sikiduck Author

Level 1

9 points

Sep 20, 2016 9:35 AM in response to JimmyCMPIT

I ran Malwarebytes.

It found this:

I removed them and restarted the Mac.

Now theres nothing when I scan.

Reply

Answer 14

etresoft

Level 9

56,590 points

Sep 20, 2016 9:51 AM in response to sikiduck

Hello sikiduck,

Your current EtreCheck report does show some evidence of past malicious activity. But none of it is currently active. Still, I think it would be a good idea to go ahead and click on the "[Check files]" link in EtreCheck and remove the files listed under "Unknown files".

You will have to download a new version of EtreCheck as I updated it last night for Sierra. The files under "Unknown files" will change a little bit. You can safely remove them all.

Unfortunately, Macs are about 20 years behind Windows when it comes with dealing with malicious software. EtreCheck reports what is running on your machine. You may have all kinds of harmless, leftover files from past malware infections. You can try to use tools like Clam or MalwareBytes to remove them. It won't make any difference in the performance of your machine though. Just don't try any other anti-malware tools. They are more likely to do harm than help.

Reply

Answer 15

etresoft

Level 9

56,590 points

Sep 20, 2016 9:55 AM in response to sikiduck

Hello again sikiduck,

I still think you should download the latest version of EtreCheck and remove any remaining "Unknown files".

You have some suspicious files that are currently not running because they have failed. I'm not sure why they have failed. It is possible they could be reactivated at some point in the future.

Reply